Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7978
Views
0
Helpful
3
Replies

Disable SSHv1 2960

Krista Bowman
Level 1
Level 1

‎08-18-2015 01:34 PM - edited ‎02-21-2020 05:33 AM

Hi,

I've got a 2960-x running SSHv1.

1) I need to disable SSHv1 and only run V2. Will the line listed below run ONLY SSHv2 and disable V1?

2) I need a cisco document that says SSHv1 can  be completely disabled and only V2 runs on a 2960x.

I know that I need to add the following line:

#IP SSH version 2

 

Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.0(2)EX5, RELEASE

2960x-Switch#sho ip ssh

SSH Enabled - version 1.99

Authentication timeout: 120 secs; Authentication retries: 3

Minimum expected Diffie Hellman key size : 1024 bits

IOS Keys in SECSH format(ssh-rsa, base64 encoded):

Thanks!

Krista

 

1 person had this problem
0 Helpful
3 Replies 3

Mark Malone
VIP Alumni
VIP Alumni

‎08-18-2015 01:56 PM

hi when you see 1.99 it's still backward compatabile to 1 so yes use that command and run show ip ssh again you want to see 2 only , your keys are long enough for v2 theyneed to be at least 1024 for v2 to work

0 Helpful

Krista Bowman
Level 1
Level 1
In response to Mark Malone

‎08-21-2015 08:59 AM

Hi Mark,

Thanks very much. However, I still need a document that says that SSHv1 is Disabled from running by doing so for that switch model and/or IOS. That I have not been able to find.

Would you know where that might be?

Thank you,

Krista

 

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to Krista Bowman

‎08-24-2015 01:03 AM

When you fully enable ssh version 2 it disables version 1 by default, as 1 cannot work with 2 as per the wiki doc , if you see 2 only in show ip ssh output 1 is not supported , that's the onloy diocs I have below its just know not to have 1 or 1.99 enabled and to specifically set 2 to disable 1

SSH-2, was adopted as a standard. This version is incompatible with SSH-1. SSH-2 features both security and feature improvements over SSH-1. Better security, for example, comes through Diffie–Hellman key exchange and strong integrity checking via message authentication codes. New features of SSH-2 include the ability to run any number of shell sessions over a single SSH connection.[19] Due to SSH-2's superiority and popularity over SSH-1, some implementations such as Lsh[20] and Dropbear[21] support only the SSH-2 protocol.

ip ssh version 2

CORE#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 60 secs; Authentication retries: 2

https://en.wikipedia.org/wiki/Secure_Shell

http://www.cisco-faq.com/178/disable_ssh_v1_ssh_version_2.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card