Disabeling SSH Version 1 on a cisco switch

chris43290 · ‎06-20-2007

I am currently running a Cisco 3560 48 TS Switch with 12.2(25)SEE3. I am trying to disable version 1 of the protocol, but unable to. I have used no ip ssh version 1 and I still see SSHv1/2 Servers running with the show ssh command. Is there a command or set of commands to shut down ssh version 1 ?

a show ip version says version 1.99.

How do I get it to select 2.0 so it does not use version 1?

sundar.palaniappan · ‎06-20-2007

Configuring 'ip ssh version 2' should disable support for version 1.

Here's an excerpt from the link below.

Note SSH Version 1 is a protocol that has never been defined in a standard. If you do not want your router to fall back to the undefined protocol (Version 1), you should use the ip ssh version command and specify Version 2.

http://cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00802045dc.html

HTH

Sundar

royalblues · ‎06-20-2007

In addition to sundar's post, when you enable SSH version 2, it always shows as 1.99 in the IOS the reason for which is not known :-)

Narayan

StevenCAnderson · ‎01-09-2023

SSH Version 1.99 is Version 2 with backwards compatibility turned on. From what I have seen in order to avoid SSH Ver 1.99 you have to set the SSH Version to 2 before you generate the RSA Key. Otherwise when the key is created there is a flag of some sort that identifies it as Version 1 compatible key and during the boot process the switch turns on support for Version 1, forcing SSH Version 1.99. I have not seen any other fixes for this but I know this is a method that has worked for me.