The version of OpenSSH on vmware esxi 6.0 seems to be open to the MaxAuthTries vulnerability which is currently being picked up by our security scanners
"The remote SSH server is affected by a security bypass vulnerability due to a flaw in the keyboard-interactive authentication mechanisms.
The kbdint_next_device() function in auth2-chall.c improperly restricts the processing of keyboard-interactive devices within a single connection. A remote attacher can exploit this, via a crafted keyboard-interactive 'devices' string, to bypass the normal restriction of 6 login attempts (MaxAuthTries), resulting in the ability to conduct a brute-force attack or cause a denial of service condition.
Other than switching off sshd which I would prefer not to do as it is very useful are there any plans to upgrade to OpenSSH 7( the proposed solution for this issue)?
Thanks
Paul
We have noticed same security hole in 5.5 Update3a as well. I am thinking to open a support ticket with VMWARE.
Thats a vulnerability in 5.5 U3b as well. From what I had read openssh v7.0 was supposed to be the package that was installed in v6.0 but alas it is not. Is there a command to list which version of openssh is installed?
Thanks
Telnet to the host on port 22. That's a quick and easy way.
On my ESXi 5.0 hosts, I modified my sshd_config (in /etc/ssh) with the following lines:
ChallengeResponseAuthentication no
PasswordAuthentication yes
and this vulnerability is gone. The "PasswordAuthentication" directive was already there but was set to "no".
I haven't seen any issues with doing this so far. Hopefully this helps.