Cisco Bug: CSCvu30830 - NGIPS sensor SSH broken due to bad CiscoSSH keywork in sshd_config file
Jun 18, 2020
- Cisco Firepower Management Center
Known Affected Releases
126.96.36.199 188.8.131.52 184.108.40.206
Symptom: SSH access to NGIPS Sensors may be blocked after upgrading to 6.3.0 or 6.4.0 releases from 220.127.116.11+ or 18.104.22.168+. The NGIPS sensors including types FP7000, FP7100, FP8100, FP8200, FP8300 and NGIPSv. This only happens for customers using AC Policies that have updated the SSH configuration profile. On the console messages similar to the following will be displayed: System is booting up ... Command [/etc/init.d/sshd restart] failed: /etc/ssh/sshd_config: line 23: Bad configuration option: CiscoSSHCommonCriteriaMode /etc/ssh/sshd_config: line 37: Bad configuration option: CiscoSSHFipsMode /etc/ssh/sshd_config: terminating, 2 bad configuration options Conditions: The SSH access is only blocked for NGIPS Sensors that have been upgrading to 6.3.0 or 6.4.0 releases from 22.214.171.124+ or 126.96.36.199+ and use an AC Policy that updates the SSH configuration profile. The NGIPS sensors types include the FP7000, FP7100, FP8100, FP8200, FP8300, and NGIPSv sensors.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases