Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Disable SSH version 1 on IPS

We want disable SSH version 1 from our ips, we have checked document but we couldn't find any solution please say your inputs thanks

9 REPLIES
New Member

Re: Disable SSH version 1 on IPS

This is just simple openssh changes needed.

in service mode change /etc/ssh/sshd_config

Where is

#Protocol 2,1

must be

Protocol 2

Make shure that you in super user mode, than save file and reboot ips

New Member

Re: Disable SSH version 1 on IPS

thanks for reply can you guide me step by step commands for this

New Member

Re: Disable SSH version 1 on IPS

#configure term

(conf t)#username serviceAdmin priviledge service password XxxXX

#exit

....

login: serviceAdmin

password: ...

...

bash$su

password:...

bash# vi /etc/ssh/sshd_config

Than delete '#' and ',1' in

#Protocol 2,1

To make changes you need press 'Shift+I'

result:

Protocol 2

type 'esc' and ':wq'

bash# /etc/init.d/S60ssh restart

may be sshd or other ssh

New Member

Re: Disable SSH version 1 on IPS

i try to do this config but it saying that

"/etc/ssh/sshd_config" File is read only

New Member

Re: Disable SSH version 1 on IPS

This is because you not in super user mode. Type 'su' first then type your password, then you will see '#'

New Member

Re: Disable SSH version 1 on IPS

thanks Sergey

first i have edited protocol 2 even after ssh version 1 was working, after that i have deleted version key file then it stopped, thanks for your help

New Member

Disable SSH version 1 on IPS

So this works for incoming SSH but not for outgoing. I couldn't find another file in /etc/ssh that applied to outgoing so my thought was I could do "ssh -2" from the command line in the service acct to be able to do the scp to send a copy of the config to our server that has the backups on it.

1.anyone know what subdir the configs are in?

2. any help on getting the IPS to do ONLY v2 going out? (on a copy current-config scp://xxxxxxxxxx

New Member

Disable SSH version 1 on IPS

1. /usr/cids/ids/Root/etc

New Member

Re: Disable SSH version 1 on IPS

Thanks, that allowed the scp from the service acct.

syntax error, though. Correct sp. is /usr/cids/idsRoot/etc

Still would like to get SSH 2 working though..

833
Views
0
Helpful
9
Replies