1829489 Members
1829 Online
109991 Solutions
New Discussion

Disable SSH1 support

 
M.Thomas
Frequent Advisor

Disable SSH1 support

another ssh security stuff..
SSH Protocol Version 1 Supported on HP-UX servers.

How to Disable SSH1 support?

Note: Do not enable SSH Version 1 Fallback since systems with upgraded versions of SSH and with Fallback Version 1 enabled are still vulnerable.

Thanks

Thomas
4 REPLIES 4
Ivan Krastev
Honored Contributor

Re: Disable SSH1 support

Use : Protocol 2
in sshd_config

Arunvijai_4
Honored Contributor

Re: Disable SSH1 support

Hi Thomas,

When you upgrade to latest Secureshell, /opt/ssh/etc/sshd_config will be overwritten. latest version uses Protocol 2 by default.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Steven E. Protter
Exalted Contributor

Re: Disable SSH1 support

Shalom Thomas,

Of course you can fix this forever in the sshd_config file.

If you do you may generate complaints from users that use older ssh1 protocol. I think thats a good thing because that protocol is not secure. Seems like you agree and should go foward.

The configuration file is open source and understandable. I would not trust the last upgrade to fix the file, eyeball it.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Haralambos
Advisor

Re: Disable SSH1 support

I am also wondering can this vulnerability be mitigated using tcp-wrappers?

Very few of my ssh servers have to have v1 enabled.

regards.