Operating System - HP-UX
1839143 Members
2918 Online
110136 Solutions
New Discussion

Re: How to check version of Open SSH?

 
faiza
Occasional Contributor

How to check version of Open SSH?

Hi,

I apologize if my question doesn't make any sense because I have little Unix experience. I have been asked if we need to apply patch for following bug.

???All versions of OpenSSH's sshd prior to 3.7.1 contain buffer management errors. It is uncertain whether these errors are potentially exploitable, however, we prefer to see bugs fixed proactively. Other implementations sharing common origin may also have these issues.???

My question is how can I checl that we are using Open SSH? and also how can I check what version has been installed on my machine.

TIA.
Faiza


8 REPLIES 8
H.Merijn Brand (procura
Honored Contributor

Re: How to check version of Open SSH?

If you installed it fron the SD from the HP porting centers, just type

# swlist openssh

and it'll report the installed version.

Enjoy, have FUN! H.Merijn
Enjoy, Have FUN! H.Merijn
benoit Bruckert
Honored Contributor

Re: How to check version of Open SSH?

Hi,
and in all the cases (compiled from sources or installed from depot ):
ssh -V will show the version (for the client)
sshd -v will show the help page but also the version for the server....

regards
Benoit
Une application mal pansée aboutit à une usine à gaze (GHG)
Sorrel G. Jakins
Valued Contributor

Re: How to check version of Open SSH?

I don't know why this particular buffer overflow exploit is generating so much excitement - my own security manager was in a perfect sweat over this. To actually use the exploit requires modification to sshd itself, and then sending 1Mb packets might cause a denial of service.

It is not worth it to panic and rush off and install your own copy of OpenSSH. If you are using HP's OpenSSH then you will lose support from HP.

Do you have reasonable security precautions in place? Do you use tcpwrappers? If so, just pay attention to who is coming in and from where and then watch HP security bulletins. If you are really concerned, then put in a call to HP asking when they will be releasing the 3.7.1 code.

$0.02 - sorrel
Steven E. Protter
Exalted Contributor

Re: How to check version of Open SSH?

swlist -l product | grep -i secure

That will show secure shell, which is based on openssh

This step will work for either.

ssh -tv hostname

This will display lots of stuff, including the version of openssh

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
GK_5
Regular Advisor

Re: How to check version of Open SSH?

"swlist -R | grep -i secure" will show if OpenSSH is installed.

Have fun!
IT is great!
faiza
Occasional Contributor

Re: How to check version of Open SSH?

Thanx everybody. I checked on my system and we are not using Open SSH.

Have a good weekend.
Faiza
Sridhar Bhaskarla
Honored Contributor

Re: How to check version of Open SSH?

A cheap way to verify if you are "using" openssh is

echo |telnet localhost 22

It should blip out the ssh version.

You already got the answer on how to check the installation.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
Jorge Fabregas
Regular Advisor

Re: How to check version of Open SSH?

Hello Sridhar! Thanks for that tip! Pretty cool. I didn't know that one.