cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4792
Views
0
Helpful
3
Replies

Disabeling SSH Version 1 on a cisco switch

chris43290
Level 1
Level 1

I am currently running a Cisco 3560 48 TS Switch with 12.2(25)SEE3. I am trying to disable version 1 of the protocol, but unable to. I have used no ip ssh version 1 and I still see SSHv1/2 Servers running with the show ssh command. Is there a command or set of commands to shut down ssh version 1 ?

a show ip version says version 1.99.

How do I get it to select 2.0 so it does not use version 1?

3 Replies 3

Configuring 'ip ssh version 2' should disable support for version 1.

Here's an excerpt from the link below.

Note SSH Version 1 is a protocol that has never been defined in a standard. If you do not want your router to fall back to the undefined protocol (Version 1), you should use the ip ssh version command and specify Version 2.

http://cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00802045dc.html

HTH

Sundar

In addition to sundar's post, when you enable SSH version 2, it always shows as 1.99 in the IOS the reason for which is not known :-)

Narayan

StevenCAnderson
Level 1
Level 1

SSH Version 1.99 is Version 2 with backwards compatibility turned on. From what I have seen in order to avoid SSH Ver 1.99 you have to set the SSH Version to 2 before you generate the RSA Key.  Otherwise when the key is created there is a flag of some sort that identifies it as Version 1 compatible key and during the boot process the switch turns on support for Version 1, forcing SSH Version 1.99.  I have not seen any other fixes for this but I know this is a method that has worked for me.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: