https://community.hpe.com/t5/operating-system-hp-ux/disable-ssh1-support/m-p/3871821#M739183 Hi Thomas, <BR /><BR />When you upgrade to latest Secureshell, /opt/ssh/etc/sshd_config will be overwritten. latest version uses Protocol 2 by default. <BR /><BR />-Arun Thu, 28 Sep 2006 14:57:52 GMT Arunvijai_4 2006-09-28T14:57:52Z https://community.hpe.com/t5/operating-system-hp-ux/disable-ssh1-support/m-p/3871819#M739181 another ssh security stuff..<BR /> SSH Protocol Version 1 Supported on HP-UX servers.<BR /><BR />How to Disable SSH1 support?<BR /><BR />Note: Do not enable SSH Version 1 Fallback since systems with upgraded versions of SSH and with Fallback Version 1 enabled are still vulnerable.<BR /><BR />Thanks<BR /><BR />Thomas Thu, 28 Sep 2006 14:21:09 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-ssh1-support/m-p/3871819#M739181 M.Thomas 2006-09-28T14:21:09Z https://community.hpe.com/t5/operating-system-hp-ux/disable-ssh1-support/m-p/3871820#M739182 Use : Protocol 2<BR />in sshd_config <BR /><BR /> Thu, 28 Sep 2006 14:24:48 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-ssh1-support/m-p/3871820#M739182 Ivan Krastev 2006-09-28T14:24:48Z https://community.hpe.com/t5/operating-system-hp-ux/disable-ssh1-support/m-p/3871821#M739183 Hi Thomas, <BR /><BR />When you upgrade to latest Secureshell, /opt/ssh/etc/sshd_config will be overwritten. latest version uses Protocol 2 by default. <BR /><BR />-Arun Thu, 28 Sep 2006 14:57:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-ssh1-support/m-p/3871821#M739183 Arunvijai_4 2006-09-28T14:57:52Z https://community.hpe.com/t5/operating-system-hp-ux/disable-ssh1-support/m-p/3871822#M739184 Shalom Thomas,<BR /><BR />Of course you can fix this forever in the sshd_config file.<BR /><BR />If you do you may generate complaints from users that use older ssh1 protocol. I think thats a good thing because that protocol is not secure. Seems like you agree and should go foward.<BR /><BR />The configuration file is open source and understandable. I would not trust the last upgrade to fix the file, eyeball it.<BR /><BR />SEP Thu, 28 Sep 2006 15:01:08 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-ssh1-support/m-p/3871822#M739184 Steven E. Protter 2006-09-28T15:01:08Z https://community.hpe.com/t5/operating-system-hp-ux/disable-ssh1-support/m-p/3871823#M739185 I am also wondering can this vulnerability be mitigated using tcp-wrappers?<BR /><BR />Very few of my ssh servers have to have v1 enabled.<BR /><BR />regards. Thu, 28 Sep 2006 22:08:54 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-ssh1-support/m-p/3871823#M739185 Haralambos 2006-09-28T22:08:54Z