Disable SSH V1 in AIP-SSM10

ydcnetwork · ‎03-11-2010

Hi ,

we have AIP-SSM 10 and having lower version of 6.0(5)E2 engine.

To update to the new version we had tried to copy the current config to the remote server using scp. During the process we faced the below error

AIP-IPS# copy scp://vpsadmin@192.168.2.1//configuration/cfg current-config
Password: ********
Warning: Copying over the current configuration may leave the box in an unstable state.
Would you like to copy current-config to backup-config before proceeding? [yes]: yes
Protocol major versions differ: 1 vs. 2

My remote server is running on Solaris OS having only SSHv2 supported. More over i could able to find AIP-SSM is running on both SSHv1 & SSHv2.

Could any one help us to solve the problem.

Thanks in advance.

Panos Kampanakis · ‎03-11-2010

Disabling sshv1 on the sensor is tracked with bug CSCsk84977.

The workaround to disable it is

Create a service account (if one does not already exist) using the CLI, then log in using that account and enter the following commands:

su -
cd /etc/ssh
cp sshd_config sshd_config.old
sed -r '/^#?Protocol /cProtocol 2' sshd_config.old > sshd_config

## to apply the changes do:
/etc/init.d/cids reboot

.

I hope it helps.

PK

r.bender · ‎10-14-2010

I have the same issue but using V7.0(4)E4 on a SSM-10 unit. Are the commands you specficied the same for this version?

Thanks.

begomez · ‎10-14-2010

Its the same workaround for all IPS software versions and hardware types.

Cheers.

daphilli · ‎09-20-2011

Thanks for the help. However I was able to get it fixed without restarting the entire IPS.

I used VI to edit /etc/ssh/sshd_config Removed the ,1 from the Protocol line

Then I used the ps -aux | grep ssh to find the process ID of the sshd

Issue kill -HUP

That way only the sshd got restarted.