On 9/9/2013 12:16 PM, Harri Makela wrote: > Hi There > > I got following report from after the vulneraboility scanning. Now first we > don`t use IPv6 and secondly how we can check on Juniper that versio is SSH 4? > > > Synopsis: The remote SSH service is prone to an X11 session > hijacking\nvulnerability. > > Description: According to its banner, the version of SSH installed on the > remote host is older than 5.0. Such versions may allow a local user to > hijack X11 sessions because it improperly binds TCP ports on the local IPv6 > interface if the corresponding ports on the IPv4 interface are in use. > > Solution : Upgrade to OpenSSH version 5.0 or later. > > This is what I have searched on ex-8208 switch and came for SSH:- > > > set system services ssh root-login deny > set system services ssh protocol-version v2 -----> it says version 2 > > > Sorry if these are too basic questions as I am new to all this. > > Thanks > HM > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp
"set system services ssh protocol-version v2" That sets the SHH *protocol* version. The most current version is 2. JunOS uses OpenSSH code. As far as what version of OpenSSH is in your version of JunOS: drop to a shell: "start shell" from the JunOS CLI. % ssh -v e.g. EX2200 with JUNOS 11.4R2.14 % ssh -v OpenSSH_5.8, SSH protocols 1.5/2.0, OpenSSL 0.9.8r 8 Feb 2011 SSH release 11.4R2.14 built by builder on 2012-03-17 16:12:45 UTC However I doubt you have anything to fear from an X11 vulnerability on JunOS.. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp