Skip to main content

CRITICAL - Fix for UNIX LSAM SSH Key Vulnerability

What Does This Do?

  1. It is looking at the authorized SSH keys and looking for the vulnerability

  2. If it finds the vulnerability in the authorized keys, then it will remove the vulnerability.

  3. If it doesn't find the vulnerability, it will display that it didn't find the vulnerability

  4. It also cleans up vulnerable keys that are stored in the LSAM directories

It does the following

  1. Checks to see if the vulnerable public key is installed in authorized_keys file.

    a. If it is found, the script will print, "Vulnerability found in SSH public keys file. Removing it..."

    b. Then, removes the key and updates the file and will print "Removed vulnerability in SSH public keys file."

  2. If the vulnerability is not found, it will print, "No vulnerability found in SSH public keys file"

  3. The script will also remove

    a. The vulnerable public and private keys from ~root/.ssh folder.

    b. The vulnerable public and private keys from /usr/local/lsam/bin folder.

    c. The last step is not essential to resolve the security issue but is a better clean up.

To Execute

  1. Download from "" via Windows or Unix (the script is also attached to this article)

  2. Transfer sma_ssh_fix to each target system via FTP using ASCII to directory "/usr/local/"

  3. Login as Root user

  4. Switch to Super User

    a. sudo su

  5. Go to directory

    a. cd /usr/local

  6. Run command to give execute permissions

    a. chmod u+x sma_ssh_fix

  7. Run command to execute the program

    a. ./sma_ssh_fix