AnsweredAssumed Answered

SSH Session Security

Question asked by jhciotti on Aug 23, 2017
Latest reply on Aug 28, 2017 by pscully

Our security team recently brought to our attention that anyone can generate an SSH session to our OME6500s. It appears to just be a simple TL1 session and we are not experienced enough to know if this could create a problem. From a security standpoint, the ACLs are implemented so that only our management systems can get to the OMEs at all, but when you ask for an SSH session through say puTTY, it does not require credentials to generate a successful session. It asks for a username, but if you simply hit enter, it still grants you access. In Site Manager you cannot input a blank username as the Login button is greyed out. Looking for some help on determining what this is granting access to and how to prevent blank logons. I attached an console image for clarification. Thanks.

Attachments

Outcomes