How to check OpenSSH version of PAN-OS

Printer Friendly Page

Explanation

 

To check which version of OpenSSH the Palo Alto Networks firewall PAN-OS is running, make a telnet session to the firewall’s management interface on port 22, which will simulate a SSH session. The firewall will close the session and will reply with a connection status message that includes OpenSSH version used.

Here is an example:

 

dragoslav@dragoslav:~$ telnet 10.193.80.51 22
Trying 10.193.80.51...
Connected to 10.193.80.51.
Escape character is '^]'.
SSH-2.0-OpenSSH_11.1
Connection closed by foreign host.

 

In this example, the Palo Alto Networks firewall is using OpenSSH version 11.1.

 

 

Comments

You may want to update the post to state "How to check OpenSSH version of PAN OS", as that is what this is checking. Is the openssl version actually customer viewable?

There is an indirect way to find out what version of OpenSSL (or other open-source packages) your particular version of PANOS is running, though it is a bit indirect:

https://www.paloaltonetworks.com/documentation/oss-listings/oss-listings.html

 

So for example, if you're running PANOS 6.1.x, you will find that you're running openssl v0.9.8p:

openssl  -  Shared library linkage  -  0.9.8p  -  OpenSSL  -  A general purpose cryptography library with TLS implementation

 

source: https://www.paloaltonetworks.com/documentation/oss-listings/oss-listings/pan-os-oss-listings/pan-os-...

 

Hope that helps,

Nasir