NET1647 - The network element must not use SSH Version 1 for administrative access.

Information

SSH Version 1 is a protocol that has never been defined in a standard. Since SSH-1 has inherent design flaws which make it vulnerable to, e.g., man-in-the-middle attacks, it is now generally considered obsolete and should be avoided by explicitly disabling fallback to SSH-1.

Solution

Configure the network device to use SSH version 2.

See Also

https://iasecontent.disa.mil/stigs/zip/U_Network_Infrastructure_Router_L3_Switch_V8R27_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7, CAT|II, Rule-ID|SV-15461r2_rule, STIG-ID|NET1647, Vuln-ID|V-14717

Plugin: Juniper

Control ID: e38f80e3ce75de36e240eb3c3282d1d21a5d1f2b6bc79836ae0dfe18e97c4df7