PCI Audit - SSH version 3 & above

Similar Messages

• Obscure SSH Version

  On a recent security audit we we hit because our Cisco devices revealed their SSH version.
  Is there any way to fix that?

  I don't believe so. We've had auditors complain about the version (v1 vs v2), but never about it showing the version.

• Authentication failed on device 3 times. Failed to detect SSH version running on the device. PRIMARY-STARTUP config Fetch Operation failed for TFTP

  I have devices loaded but new devices keep getting this error "Authentication failed on device 3 times. Failed to detect SSH version running on the device. PRIMARY-STARTUP config Fetch Operation failed for TFTP" - which trying to get configurations. I am using LMS 3.0.1
  I tried to TELNET on devices via Putty port 22 no good. Please help?
  Name Version License Status Size CiscoWorks  Common Services 3.1.1 Licensed Not applicable  Campus  Manager 5.0.3 Purchased 1500  CiscoView 6.1.7 Licensed Not applicable  CiscoWorks  Assistant 1.0.1 Licensed Not applicable  Device  Fault Manager 3.0.3 Purchased 1500  Internetwork  Performance Monitor 4.0.1 Purchased 1500  Integration  Utility 1.7.1 Licensed Not applicable  LMS  Portal 1.0.1 Licensed Not applicable  Resource  Manager Essentials 4.1.1 Purchased 1500

  Showing 1-1 of 1 records
  Go to page:
  of 1 pages
  Device Name
  SysObjectID
  Model
  Device Status
  Inventory Status
  Inventory Last Updated Time
  Config Status
  Config Last Updated Time
  1.
  R2020012_01
  .1.3.6.1.4.1.9.1.576
  Cisco 2811 Integrated Services Router
  Normal
  Success
  Jan 13 2011 10:43:49 EST
  Failed
  Jan 13 2011 10:37:24 EST
    Rows per page:
  20 50 100 500
  Go to page:
  of 1 pages

• Ssh version

  I get the following output when I type in ssh -V on the console...I am using Solaris 9.
  SSH Version Sun_SSH_1.0, protocol versions 1.5/2.0.
  Does this mean tht the ssh version is ssh protocol v 2.

  It means that your SSH version is "Suns SSH 1.0". However Suns SSH is just a certain version of OpenSSH (can't remember which one) with a new name.
  The SSH in question supports the SSH protocols 1.5 and 2.0.
  Currently there are three SSH protocols that i know of, the first one was 1 (highly insecure), followed by 1.5 (not to secure either) and lastly 2.0 (fairly secure unless you got one with a security bug in :-)
  //Magnus

• Is ActiveX plugin supported for Firefox 3.x version and above?

  We want few active x control to be used.So is the activex control plugin available in firefox 3.x version and above
  == User Agent ==
  Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)

  No.
  [https://support.mozilla.com/en-US/kb/ActiveX]

• Where can I find a Driver for my PCI Adapter WMP54G Version 4.1?

  My operating system is Windows XP 32 bit.  I had to reinstall XP and fouind that I have no idea where in my home I stored the install disc that came with the PCI adapter.  Checked online at the linksys site and they no longer support my PCI adapter and they wanted to sell me their latgest adapter - which I don't want.  Where can I find a reliable drive download site that won't come with a lot of junk or viruses?   Thanks for your help..! 

  I downloaded a driver from  "driverguide.com"  as suggested by one responder.  It came along with a Trojan virus that fortunately my antivirus program (Panda) found.  
  Next I tried the suggestion about downloading Version 2..0 driver.  I did, but my Windows XP could not open the file.  (Not sure why Version 2.0 was suggested, since my PCI card is Version 4.1).  So this suggestion went nowhere.
  I did find that there are MANY Linksys items for sale on Ebay and may pursue one of those.
  In closing - I want to thank all those who responded and tried to help.  I also want to mention that I am not happy that Linksys basically "threw us under the bus" by no longer providing a simple driver download for WMP54G owners.  There are thousands of us out there and it is certainly easy to forget where you filed away your installation disc.....especially if you're older and have trouble remembering things anyway.  (I'm 78).   

• CiscoWorks2k RME3.5 IDU 9.0 ssh version 2 ???

  Does anyone know when ssh v2 will be supported or I missed something?
  It seems like I can manage my devices with telnet or ssh v1. Having been able to do much with all of my ssh v2 devices.

  I heard that support for SSH version 2 will be added in the next release of CiscoWorks, may be in 1st quarter of 2005.

• Difference ssh version 1and version 2

  Hi,Can anyone say what is the difference ssh version 1and version 2

  SSH protocol, version 2
  SSH protocol, version 1
  Separate transport, authentication, and connection protocols
  One monolithic protocol
  Strong cryptographic integrity check
  Weak CRC-32 integrity check; admits an insertion attack in conjunction with some bulk ciphers.
  Supports password changing
  N/A
  Any number of session channels per connection (including none)
  Exactly one session channel per connection (requires issuing a remote command even when you don't want one)
  Full negotiation of modular cryptographic and compression algorithms, including bulk encryption, MAC, and public-key
  Negotiates only the bulk cipher; all others are fixed
  Encryption, MAC, and compression are negotiated separately for each direction, with independent keys
  The same algorithms and keys are used in both directions (although RC4 uses separate keys, since the algorithm's design demands that keys not be reused)
  Extensible algorithm/protocol naming scheme allows local extensions while preserving interoperability
  Fixed encoding precludes interoperable additions
  User authentication methods:
  publickey (DSA, RSA*, OpenPGP)
  hostbased
  password
  (Rhosts dropped due to insecurity)
  Supports a wider variety:
  public-key (RSA only)
  RhostsRSA
  password
  Rhosts (rsh-style)
  TIS
  Kerberos
  Use of Diffie-Hellman key agreement removes the need for a server key
  Server key used for forward secrecy on the session key
  Supports public-key certificates
  N/A
  User authentication exchange is more flexible, and allows requiring multiple forms of authentication for access.
  Allows for exactly one form of authentication per session.
  hostbased authentication is in principle independent of client network address, and so can work with proxying, mobile clients, etc. (though this is not currently implemented).
  RhostsRSA authentication is effectively tied to the client host address, limiting its usefulness.
  periodic replacement of session keys
  N/A

• SSH version in the CUCM

  Hi,
  I have an issue between my Iomega/EMC NAS and the DRS of my CUCMs.
  It's OK with a 8.6 CUCM and NOK with 7.1.3 and 8.0.3.
  I would like to know the SSH version in SFTP protocol used by the DRS service for the three version.
  Thank you for your help.
  BR

  Michael,
  I had the same question, so this is very helpful and I appreciate it.
  Emmanuel,
  I have a current issue with SFTP to a NAS and am curious if you were able to resolve. My storage engineers were also concerned about SSH version compatibility.

• SSH Version Supported by Access Points

  Hi,
  I'm hoping this is an easy question...so apologies if it appears facile, but I can't find a definitive answer in any Cisco docs I've looked through.
  When access points are used with a WLC, its possible to allow the access points to accept SSH connections (Under the advanced tab of the AP config).
  My question is this: which version of SSH will be used when SSH sessions are created to the AP? (SSH v2?)
  All of the data sheets etc. talk about SSH support, but give now version details.
  Thanks in advance.
  Nigel.

  Hi Nigel,
  Scott is right (as usual )
  Just to confirm, I accessed a CAPWAP AP and looked at the #sh derived-config and this was the only SSH output shown, with SSH enabled on the AP:
  ip ssh version 2
  So, it looks like only SSH2 is allowed. Just to let you know the code ver was 7.0.116.0
  Rocky

• Need a Script to Audit Firmware version of HP components​.

  Hi Team,
  I am new to this portal, I am not sure if i have selected the correct board for this issue. If not please redirect thie thread to the correct team or guide me the link to the HP Blade system portal.
  My issue:
  We have 285 HP Servers, Where almost 275 are HP Proliant BL460 G7 & G8 Blades and the rest are HP DL380P and DL380 Standalone servers.
  We recently did a HP SPP Update on all these machines and now for a reason we want to Audit if the component updates were correctly done by our engineers or not.
  How ever for HP OS Components i have a script to Scan the registry and pull the Product version and match it to see if it has the Latest version or not.
  But how do i do an Audit for the ILO'S of these machines and the Onboard Administrators and the HP Virtual connect if the firmware versions are correct or not ?
  Is there any script or any Method to achieve this ? 
  We also have HP SIM tool as well, Can we do it form that? If yes then how ? Can any one please help in this ?

  Frederik, After some tweaking and testing i was able to get it working, I haven't tested it via GPO as a startup script but standalone it is doing what i was after. I cant thank you enough for helping me on this as i had lost hope after days worth of intense
  searching
  Change that i had to apply ( space in a network path
  was causing a "path not found error", Had to rename the "Office365 update" and update the path in Customconfig.xml  or any other location that was pointing to "office365 update" )
   set DeployServer=\\contoso\c2r\Office365 update\
  REM Set ConfigFile to the configuration file to be used for
  deployment (required)
  set ConfigFile=\\contoso\c2r\Office365 update\Customconfig.xml
  REM Set LogLocation to a central directory to collect script
  log files (install log files are set in XML file).
  set LogLocation=C:\AppData\Local\Temp

• ABAP certification only for people using ECC 5.0 version and above

  Hi all,
  I requested for the ABAP certification to SAP education india
  They said that only if we have experience in ECC 5.0 then only we are allowed
  Is it so..?
  i am applying for certification through our company.
  People working in 4.6 or 4.7 are not allowed to take up the certification..?
  how can i take up the certification?
  Please help....
  Thanks
  ---Patil
  Message was edited by:
          Santhosh Patil

  refer these links
  <b>to get the people of SAP to answer</b>
  https://www.sap.com/contactsap/index.epx
  <b>to know details regarding SAP education</b>
  http://www.sap.com/asia/services/education/index.epx
  <b>to contact SAP in Asia-Pacific region</b>
  http://www.sap.com/asia/services/education/contact/index.epx
  <b>other contact details of SAP education in india</b>
  http://www.sap.com/asia/services/education/centres/partners.epx
  <b>for Course Schedule July - Dec 2007</b>
  http://www.sap.com/asia/services/education/schedule/schedule_IN.htm
  regards,
  srinivas
  <b>*reward for useful answers*</b>

• New IPad2,connected to my upgraded G4 10.5.8 via USB 2.0 PCI card, latest version of iTunes, signed in to mobil me acct and attempted to sync. Altho I waited nothing seemed to happen. Eventually changed to sync via cable and all is well.

  Altho I checked "sync via mobil me", nothing ever happened. Tech support then advised unchecking that and syncing instead via computer/cable and iTunes
  So, why not able to sync wirelessly with mobil me? Has anyone been able to?

  Thanks Mike.
  Actually nothing seemed to be synced, altho I'm not sure whether I looked everywhere. In particular, no iTunes content was sent to the iPad, no Safari bookmarks, no Yahoo or Gmail contacts etc. Shouldn't some of this have been synced, or is it only content in Mobil Me, i.e my Apple Mail contacts etc?

• USB 2.0 via PCI slot version 2.1

  My early G5 PowerMac only came with USB 1.1. So, I installed a Belkin USB 2 PCI card. I confirmed my G5's PCI slot is version 2.1.
  The card successfully seated into Slot 2 and I reconnected. Upon power up finally the grey screen with the Apple appeared then after several seconds a message came on saying "you must
  restart your computer by first holding down the power button. I did so; the machine turned off; and I then restarted with a repeat of the above non start scenario.
  Inside the Belkin package it only referred to Windows directions and included a USB 2 driver disk.
  Absolutely no mention of Apple except on the outside of the package. So I assumed it must be
  "plus and play" and installed the PCI card but the machine would not start with the card installed.
  I am installing the card so that I can sync with an iPod Classic.
  Any suggestions would be appreciated. Thank you.

  Are you connecting the iPod to one of the USB ports on the G5's keyboard? Those ports are USB 1.1, but all three ports on the G5 itself are USB 2.0. Try plugging the iPod into one of those ports, and you should be fine.
  What you're seeing with the "you must restart..." message is a kernel panic, probably caused by the new card (since it sounds like you weren't having this problem previously). Since you shouldn't need the card, I'd return it since it's obviously causing problems.

• What version is my PCI Express x1 slot?

  I have an HP Pavillion m9500t.  What PCI Express x1 version does this PC have?

  Hi:
  According to the chipset specs from Intel, it has a PCI express revision of 1.1.
  http://ark.intel.com/products/31914/Intel-82G33-Graphics-and-Memory-Controller