https://community.cisco.com/t5/network-security/disable-ssh-v1-in-aip-ssm10/m-p/1388435#M67888 <P>Hi ,</P><P></P><P>we have AIP-SSM 10 and having lower version of 6.0(5)E2 engine.</P><P></P><P>To update to the new version we had tried to copy the current config to the remote server using scp. During the process we faced the below error&nbsp; </P><P></P><P>AIP-IPS# copy scp://vpsadmin@192.168.2.1//configuration/cfg current-config<BR />Password: ********<BR />Warning: Copying over the current configuration may leave the box in an unstable state.<BR />Would you like to copy current-config to backup-config before proceeding? [yes]: yes<BR /><SPAN style="color: #ff0000;"><STRONG>Protocol major versions differ: 1 vs. 2</STRONG></SPAN></P><P></P><P><SPAN style="color: #000000; ">My remote server is running on Solaris OS having only SSHv2 supported. More over i could able to find AIP-SSM is running on both SSHv1 &amp; SSHv2.</SPAN></P><P></P><P><SPAN style="color: #000000; ">Could any one help us to solve the problem.</SPAN></P><P></P><P><SPAN style="color: #ff0000;"><SPAN style="color: #000000;">Thanks in advance.</SPAN></SPAN></P><P></P><P></P> Sun, 10 Mar 2019 11:55:13 GMT ydcnetwork 2019-03-10T11:55:13Z https://community.cisco.com/t5/network-security/disable-ssh-v1-in-aip-ssm10/m-p/1388435#M67888 <P>Hi ,</P><P></P><P>we have AIP-SSM 10 and having lower version of 6.0(5)E2 engine.</P><P></P><P>To update to the new version we had tried to copy the current config to the remote server using scp. During the process we faced the below error&nbsp; </P><P></P><P>AIP-IPS# copy scp://vpsadmin@192.168.2.1//configuration/cfg current-config<BR />Password: ********<BR />Warning: Copying over the current configuration may leave the box in an unstable state.<BR />Would you like to copy current-config to backup-config before proceeding? [yes]: yes<BR /><SPAN style="color: #ff0000;"><STRONG>Protocol major versions differ: 1 vs. 2</STRONG></SPAN></P><P></P><P><SPAN style="color: #000000; ">My remote server is running on Solaris OS having only SSHv2 supported. More over i could able to find AIP-SSM is running on both SSHv1 &amp; SSHv2.</SPAN></P><P></P><P><SPAN style="color: #000000; ">Could any one help us to solve the problem.</SPAN></P><P></P><P><SPAN style="color: #ff0000;"><SPAN style="color: #000000;">Thanks in advance.</SPAN></SPAN></P><P></P><P></P> Sun, 10 Mar 2019 11:55:13 GMT https://community.cisco.com/t5/network-security/disable-ssh-v1-in-aip-ssm10/m-p/1388435#M67888 ydcnetwork 2019-03-10T11:55:13Z https://community.cisco.com/t5/network-security/disable-ssh-v1-in-aip-ssm10/m-p/1388436#M67889 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 10pt;">Disabling sshv1 on the sensor is tracked with bug </SPAN><SPAN style="font-size: 10pt;"><SPAN>CSCsk84977.</SPAN></SPAN></P><P>The workaround to disable it is</P><P></P><PRE style="font-family: monospace; font-size: 12px; white-space: pre-wrap; word-wrap: break-word;">Create a service account (if one does not already exist) using the CLI, then log in using that account and enter the following commands:<BR /><BR />su -<BR />cd /etc/ssh<BR />cp sshd_config sshd_config.old<BR />sed -r '/^#?Protocol /cProtocol 2' sshd_config.old &gt; sshd_config<BR /><BR />## to apply the changes do:<BR />/etc/init.d/cids reboot<BR /></PRE><P>.</P><P></P><P>I hope it helps.</P><P></P><P>PK</P></BODY></HTML> Thu, 11 Mar 2010 17:42:40 GMT https://community.cisco.com/t5/network-security/disable-ssh-v1-in-aip-ssm10/m-p/1388436#M67889 Panos Kampanakis 2010-03-11T17:42:40Z https://community.cisco.com/t5/network-security/disable-ssh-v1-in-aip-ssm10/m-p/1388437#M67891 <HTML><HEAD></HEAD><BODY><P>I have the same issue but using V7.0(4)E4 on a SSM-10 unit.&nbsp; Are the commands you specficied the same for this version?</P><P>Thanks.</P></BODY></HTML> Thu, 14 Oct 2010 19:52:31 GMT https://community.cisco.com/t5/network-security/disable-ssh-v1-in-aip-ssm10/m-p/1388437#M67891 r.bender 2010-10-14T19:52:31Z https://community.cisco.com/t5/network-security/disable-ssh-v1-in-aip-ssm10/m-p/1388438#M67893 <HTML><HEAD></HEAD><BODY><P>Its the same workaround for all IPS software versions and hardware types.</P><P>Cheers.</P></BODY></HTML> Thu, 14 Oct 2010 23:07:09 GMT https://community.cisco.com/t5/network-security/disable-ssh-v1-in-aip-ssm10/m-p/1388438#M67893 begomez 2010-10-14T23:07:09Z https://community.cisco.com/t5/network-security/disable-ssh-v1-in-aip-ssm10/m-p/1388439#M67896 <HTML><HEAD></HEAD><BODY><P> Thanks for the help.&nbsp; However I was able to get it fixed without restarting the entire IPS.</P><P></P><P>I used VI to edit /etc/ssh/sshd_config&nbsp;&nbsp; Removed the ,1 from the Protocol line</P><P></P><P>Then I used the ps -aux | grep ssh to find the process ID of the sshd</P><P></P><P>Issue kill -HUP <ID></ID></P><P></P><P>That way only the sshd got restarted.</P></BODY></HTML> Tue, 20 Sep 2011 16:56:03 GMT https://community.cisco.com/t5/network-security/disable-ssh-v1-in-aip-ssm10/m-p/1388439#M67896 daphilli 2011-09-20T16:56:03Z