This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
JUNXIAZHANG
Beginner
Beginner
‎2018-11-07 09:17 PM

Secure Shell (SSH) remote login protocol used in RSA Authentication manager version 8.2.1

Jump to solution

We have RSA Authentication manager version 8.2.1 installed on three RSA hardware appliances(RSA SecureID AM8 Intel Appliance 250) and enabled SSH RSA Authentication Manager. I would like to know SSH in my RSA SecureID is using libssh or lib2ssh. If libssh is used can I upgrate to libssh2?.

Labels (1)
Labels
0 Likes
Reply
1 Solution

Accepted Solutions
MennaElsharkawy
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2018-11-26 01:18 PM

Jump to solution

Hello Junxia,

Our Authentication Manager doesn't use libssh nor libssh2, because our Authentication Manager implements the SSH Server using openssh (Completely independent on libssh).

This also can be verified using the following :

1- Log into your server with rsaadmin Credentials

2- Type : ssh -v localhost

And you'll see that it uses the OpenSSH Library.

View solution in original post

Reply
8 Replies
JUNXIAZHANG
Beginner
Beginner
‎2018-11-20 04:40 AM

Jump to solution

Any comments for this?

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to JUNXIAZHANG
‎2018-11-26 10:08 AM

Jump to solution

Support would probably have to ask Engineering which library was used, unless there is a way in Linux to determine what library is used by an application, in this case SSH.  Support usually deals in questions about Scan findings and vulnerabilities, so we do not always have a lot of information about builds, and since the RSA SecurID Authentication Manager server is considered an appliance, we do not always publish such details, and modifications to libraries used would be considered unsupported.  It might work, it might not, but if some other problem is reported, Engineering may ask that the appliance be returned to its original state before troubleshooting other bugs

Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to JayGuillette
‎2018-11-26 10:15 AM

Jump to solution

You could open a support case to ask this question, then see if Product Management and Engineering are willing to divulge this information

Reply
EdwardDavis
Employee
Employee
‎2018-11-26 10:19 AM

Jump to solution

If you are asking about CVE 2018-10933 and Suse:

 

A vulnerability was found in libssh's server-side state machine before versions 0.7.6 and 0.8.4. A malicious client could create channels without first performing authentication, resulting in unauthorized access.

 

This issue only affects libssh from www.libssh.org, in server mode operation only, and only on SUSE Linux Enterprise 12 and 15. The libssh2 from www.libssh2.org is not affected, as it only offers client support.

RSA Authentication Manager 8.3.0.4.0 servers uses Suse 11.4

 

 

To answer your question a bit better, specifically we do not support making any changes or updates to the software outside the scope of an RSA update or patch, as these servers are 'black box implementations' and use a specially hardened operating system. Unsupported changes or updates can be problematic and prevent reliable operations or later updates.

 

If you have a specific security concern it is best to open a support case with the details so it can be addressed. Our security guides do specifically note to keep ssh disabled until needed, and then turn it off when not needed.

Reply
MennaElsharkawy
Occasional Contributor Occasional Contributor
Occasional Contributor
‎2018-11-26 01:18 PM

Jump to solution

Hello Junxia,

Our Authentication Manager doesn't use libssh nor libssh2, because our Authentication Manager implements the SSH Server using openssh (Completely independent on libssh).

This also can be verified using the following :

1- Log into your server with rsaadmin Credentials

2- Type : ssh -v localhost

And you'll see that it uses the OpenSSH Library.

Reply
JUNXIAZHANG
Beginner
Beginner
In response to JUNXIAZHANG
‎2018-11-28 08:47 PM

Jump to solution

Thank you everyone for replying.

0 Likes
Reply
JUNXIAZHANG
Beginner
Beginner
In response to EdwardDavis
‎2018-11-28 09:04 PM

Jump to solution

Thank you for your reply

0 Likes
Reply
JUNXIAZHANG
Beginner
Beginner
In response to JayGuillette
‎2018-11-28 09:05 PM

Jump to solution

Thank you for the reply

0 Likes
Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.