While Remote Symantec PAM Debugging Services are enabled on the Configuration > Diagnostics > System page, implying that the SSH port 22 is open, Qualys scans report the ssh-rsa server host key as vulnerable and deprecated while scanning the PAM appliance.

Affects PAM releases up to 4.2.0

The ssh-rsa option was in the default host key algorithms list.

The problem will be fixed in 4.2.1 and future releases by explicitly dropping ssh-rsa from the host key algorithms list.

As a workaround in older releases, turn the remote debugging services off while not in use by PAM Support, or restrict access to the SSH port with firewall rules.