How to view the SSH cipher suites supported on the Firewall using non-Palo Alto Networks tools

How to view the SSH cipher suites supported on the Firewall using non-Palo Alto Networks tools

11008
Created On 01/26/24 23:10 PM - Last Modified 05/14/24 20:29 PM


Objective


To view the SSH cipher suites supported on firewall management interface using Nmap (Linux) Zenmap (Windows) and Putty

Environment


  • Palo Alto Firewalls
  • Supported PAN-OS
  • SSH Cipher Suites

Procedure


  1. Using Nmap in Linux
Run the command below:
 Nmap --script ssh2-enum-algos -sV -p 22 <your_firewall_ip>
nmap-Linux.png
  1. Zenmap on Windows
  • Zenmap can be downloaded here
  • Add the command "nmap --script ssh2-enum-algos -sV -p 22" in the command field and the target IP address in the target field. Zenmap will automatically add the target IP address in the command field. If you manually add the target IP address in the command line, the scan may not work
Screenshot 2024-01-26 at 3.08.15 PM.png
  1. Putty
  • Putty can be downloaded here
  • Follow these 4 steps
    1. Under session > logging, select SSH packets and raw data
    2. Add the log name under Log file name (the default name is putty.log)
Screenshot 2024-01-26 at 3.30.30 PM.png
​​​​​
  1. Connect to the Firewall management interface via ssh using putty under Session 
Screenshot 2024-01-26 at 3.28.41 PM.png
 
  1. Open the logs downloaded in the client.
  • The logs should have the SSH packets, and review the Incoming raw data.
Screenshot 2024-01-26 at 3.39.27 PM.png

Additional Information


Note: This article is written for informational purposes only. Palo Alto Networks does not support any third-party operating systems or tools.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008WoTCAU&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail