https://live.paloaltonetworks.com/t5/general-topics/openssh-vulnerability-clarification/m-p/323166#M82601 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/105432">@karthikeyanB</a>&nbsp;,&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/105434">@Sethupathi</a>&nbsp;,&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480">@BPry</a>&nbsp;</P> <P>&nbsp;</P> <P>I would agree with BPry.</P> <P>&nbsp;</P> <P>That said, you could just telnet to your device on port 22 and it should spit out the OpenSSH version it is using:</P> <P>&nbsp;</P> <LI-CODE lang="markup">admin$ telnet 10.193.80.80 22 Trying 10.193.80.80... Connected to 10.193.80.80. Escape character is '^]'. SSH-2.0-OpenSSH_12.1</LI-CODE> <P>&nbsp;</P> <P>Hope this helps,</P> <P>-Kiwi.</P> Thu, 16 Apr 2020 14:03:33 GMT kiwi 2020-04-16T14:03:33Z https://live.paloaltonetworks.com/t5/general-topics/openssh-vulnerability-clarification/m-p/323102#M82576 <P>Team,<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Below Advisory mentioned that openssh 7.9 is affected with few vulnerabilities&nbsp; and on upgrade to 8.1.13 will resolve it.<BR /><A href="https://security.paloaltonetworks.com/PAN-SA-2020-0002" target="_blank">https://security.paloaltonetworks.com/PAN-SA-2020-0002</A></P><P>&nbsp;</P><P>but below pan os open source listing mentioned as openssh version is 6.4 is used.&nbsp; So can you please confirm whether update is required and whether update to 8.1.13 will resolve the issue???</P><P>&nbsp;</P><P><A href="https://docs.paloaltonetworks.com/oss-listings/pan-os-oss-listings/pan-os-8-1-open-source-software-oss-listing.html" target="_blank">https://docs.paloaltonetworks.com/oss-listings/pan-os-oss-listings/pan-os-8-1-open-source-software-oss-listing.html</A></P><P>Or whether Openssh version identification method is incorrect??</P><P>&nbsp;</P><P>Warm Regards,</P><P>Karthikeyan Balamurugan</P> Thu, 16 Apr 2020 09:02:01 GMT https://live.paloaltonetworks.com/t5/general-topics/openssh-vulnerability-clarification/m-p/323102#M82576 karthikeyanB 2020-04-16T09:02:01Z https://live.paloaltonetworks.com/t5/general-topics/openssh-vulnerability-clarification/m-p/323152#M82593 Hi Team, Could you please help us here. ! Thu, 16 Apr 2020 12:53:50 GMT https://live.paloaltonetworks.com/t5/general-topics/openssh-vulnerability-clarification/m-p/323152#M82593 Sethupathi 2020-04-16T12:53:50Z https://live.paloaltonetworks.com/t5/general-topics/openssh-vulnerability-clarification/m-p/323160#M82598 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/105432">@karthikeyanB</a>&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/105434">@Sethupathi</a>,</P><P>You'll probably get a better response for something this specific by opening a support case. My first thought would be that they aren't actually updating the OSS listings for each major release outside of initial release; so as the maintenance releases upgrade packages they aren't reflected in the OSS listing.&nbsp;</P> Thu, 16 Apr 2020 13:57:04 GMT https://live.paloaltonetworks.com/t5/general-topics/openssh-vulnerability-clarification/m-p/323160#M82598 BPry 2020-04-16T13:57:04Z https://live.paloaltonetworks.com/t5/general-topics/openssh-vulnerability-clarification/m-p/323166#M82601 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/105432">@karthikeyanB</a>&nbsp;,&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/105434">@Sethupathi</a>&nbsp;,&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/43480">@BPry</a>&nbsp;</P> <P>&nbsp;</P> <P>I would agree with BPry.</P> <P>&nbsp;</P> <P>That said, you could just telnet to your device on port 22 and it should spit out the OpenSSH version it is using:</P> <P>&nbsp;</P> <LI-CODE lang="markup">admin$ telnet 10.193.80.80 22 Trying 10.193.80.80... Connected to 10.193.80.80. Escape character is '^]'. SSH-2.0-OpenSSH_12.1</LI-CODE> <P>&nbsp;</P> <P>Hope this helps,</P> <P>-Kiwi.</P> Thu, 16 Apr 2020 14:03:33 GMT https://live.paloaltonetworks.com/t5/general-topics/openssh-vulnerability-clarification/m-p/323166#M82601 kiwi 2020-04-16T14:03:33Z https://live.paloaltonetworks.com/t5/general-topics/openssh-vulnerability-clarification/m-p/587686#M117237 <P>I ended up having to do some research to find out why a vulnerability was flagging on a newer version of PAN-OS. 10.1 reports a correct version of&nbsp;SSH-2.0-OpenSSH_7.7 but an older PAN-OS of 8.1 reports an OpenSSH version that doesn't exist, the one you posted above,&nbsp;SSH-2.0-OpenSSH_12.1. This is not a valid OpenSSH version. The latest version 4 years later is 9.7. I can't find any resource online indicating why PAN would be misreporting the version.</P> Wed, 22 May 2024 18:06:43 GMT https://live.paloaltonetworks.com/t5/general-topics/openssh-vulnerability-clarification/m-p/587686#M117237 Michael.Gossett 2024-05-22T18:06:43Z