Applies to:
- Variphy administrators.
- IT professionals managing Variphy OVA appliances.
- Security or infrastructure teams responsible for Linux appliance maintenance.
Issue:
- A vulnerability related to OpenSSH was published on March 12, 2026.
- The vulnerability is classified as medium to high severity depending on the Linux distribution implementation.
- Variphy appliances run Ubuntu, which classifies the vulnerability as medium severity.
- Administrators may need to determine whether their appliance is patched or apply a temporary workaround.
Determining if your Variphy appliance is affected
Log into the command line interface for the appliance, and run “sshd -V”. If the version is one of the following, the patch has been applied:
- 24.04 LTS (noble) SSH 9.6p1
- 22.04 LTS (jammy) SSH 8.9p1
- 20.04 LTS (focal) SSH 8.2p1 (only available with Ubuntu Pro; Variphy strongly recommends upgrading Ubuntu to 22 or 24 as soon as possible)
As a temporary compensating control, you can edit the sshd configuration file to disable the vulnerable function using the below steps:
- At the CLI prompt, run “sudo cat /etc/ssh/sshd_config” and look for the line “GSSAPIAuthentication” and ensure it’s set to “no” AND that it is NOT commented out
- i.e. “#GSSAPIAuthentication no” means that it is still enabled; remove the # to implement the workaround and ensure GSSAPIAuthentication is disabled
- Restart the sshd service by running “sudo systemctl restart sshd”
Still Need Help?
Email our support team at support@variphy.com or click the button below to access our ticket portal.
Please provide details about your question or issue, including any applicable screenshots, reports, or Variphy application log files.
