08-18-2015 01:34 PM - edited 02-21-2020 05:33 AM
Hi,
I've got a 2960-x running SSHv1.
1) I need to disable SSHv1 and only run V2. Will the line listed below run ONLY SSHv2 and disable V1?
2) I need a cisco document that says SSHv1 can be completely disabled and only V2 runs on a 2960x.
I know that I need to add the following line:
#IP SSH version 2
Cisco IOS Software, C2960X Software (C2960X-UNIVERSALK9-M), Version 15.0(2)EX5, RELEASE
2960x-Switch#sho ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
IOS Keys in SECSH format(ssh-rsa, base64 encoded):
Thanks!
Krista
08-18-2015 01:56 PM
hi when you see 1.99 it's still backward compatabile to 1 so yes use that command and run show ip ssh again you want to see 2 only , your keys are long enough for v2 theyneed to be at least 1024 for v2 to work
08-21-2015 08:59 AM
Hi Mark,
Thanks very much. However, I still need a document that says that SSHv1 is Disabled from running by doing so for that switch model and/or IOS. That I have not been able to find.
Would you know where that might be?
Thank you,
Krista
08-24-2015 01:03 AM
When you fully enable ssh version 2 it disables version 1 by default, as 1 cannot work with 2 as per the wiki doc , if you see 2 only in show ip ssh output 1 is not supported , that's the onloy diocs I have below its just know not to have 1 or 1.99 enabled and to specifically set 2 to disable 1
SSH-2, was adopted as a standard. This version is incompatible with SSH-1. SSH-2 features both security and feature improvements over SSH-1. Better security, for example, comes through Diffie–Hellman key exchange and strong integrity checking via message authentication codes. New features of SSH-2 include the ability to run any number of shell sessions over a single SSH connection.[19] Due to SSH-2's superiority and popularity over SSH-1, some implementations such as Lsh[20] and Dropbear[21] support only the SSH-2 protocol.
ip ssh version 2
CORE#sh ip ssh
SSH Enabled - version 2.0
Authentication timeout: 60 secs; Authentication retries: 2
https://en.wikipedia.org/wiki/Secure_Shell
http://www.cisco-faq.com/178/disable_ssh_v1_ssh_version_2.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide