How to check OpenSSH version of PAN-OS

Printer Friendly Page



To check which version of OpenSSH the Palo Alto Networks firewall PAN-OS is running, make a telnet session to the firewall’s management interface on port 22, which will simulate a SSH session. The firewall will close the session and will reply with a connection status message that includes OpenSSH version used.

Here is an example:


dragoslav@dragoslav:~$ telnet 22
Connected to
Escape character is '^]'.
Connection closed by foreign host.


In this example, the Palo Alto Networks firewall is using OpenSSH version 11.1.




You may want to update the post to state "How to check OpenSSH version of PAN OS", as that is what this is checking. Is the openssl version actually customer viewable?

There is an indirect way to find out what version of OpenSSL (or other open-source packages) your particular version of PANOS is running, though it is a bit indirect:


So for example, if you're running PANOS 6.1.x, you will find that you're running openssl v0.9.8p:

openssl  -  Shared library linkage  -  0.9.8p  -  OpenSSL  -  A general purpose cryptography library with TLS implementation




Hope that helps,