How to disable SSH protocol version 1 on the Symantec Brightmail Gateway (SBG) Appliance

book

Article ID: 177397

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Whilst performing a vulnerability scan against the Symantec Brightmail Gateway Appliance, an OpenSSH vulnerability is reported by the software scan tool used.


The following vulnerabilities may be reported: SSH Protocol Version 1 Supported

Cause

The Symantec Brightmail Gateway appliance supports both versions 1 and 2 of the SSH protocol by default.

Resolution

SBG 7.x , 8.x :

Use the sshdver command to configure the version of the SSH protocol used by the Brightmail Gateway.

To check the SSH protocol used:

  1. Log in as admin to the Symantec Brightmail Gateway Command Line Interface.
  2. Enter the following command:
    sshdver -v


To force SSH protocol version 2:

  1. Log in as admin to the Symantec Brightmail Gateway Command Line Interface.
  2. Enter the following command to force SSH protocol 2 to be used:
    sshdver 2

 

SMG 9.x and newer up to 10.5:

Use the sshd-config command to configure the version of the SSH protocol used by the Messaging Gateway.

To check the SSH protocol used:

  1. Log in as admin to the Symantec Messaging Gateway Command Line Interface.
  2. Enter the following command:
    sshd-config -v


To force SSH protocol version 2:

  1. Log in as admin to the Symantec Messaging Gateway Command Line Interface.
  2. Enter the following command to force SSH protocol 2 to be used:
    sshd-config -v2

For further information on the sshd-config command, please refer to KB HOWTO92658.