06-20-2007 02:03 PM - edited 03-05-2019 04:52 PM
I am currently running a Cisco 3560 48 TS Switch with 12.2(25)SEE3. I am trying to disable version 1 of the protocol, but unable to. I have used no ip ssh version 1 and I still see SSHv1/2 Servers running with the show ssh command. Is there a command or set of commands to shut down ssh version 1 ?
a show ip version says version 1.99.
How do I get it to select 2.0 so it does not use version 1?
06-20-2007 02:27 PM
Configuring 'ip ssh version 2' should disable support for version 1.
Here's an excerpt from the link below.
Note SSH Version 1 is a protocol that has never been defined in a standard. If you do not want your router to fall back to the undefined protocol (Version 1), you should use the ip ssh version command and specify Version 2.
http://cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a00802045dc.html
HTH
Sundar
06-20-2007 11:20 PM
In addition to sundar's post, when you enable SSH version 2, it always shows as 1.99 in the IOS the reason for which is not known :-)
Narayan
01-09-2023 03:25 PM
SSH Version 1.99 is Version 2 with backwards compatibility turned on. From what I have seen in order to avoid SSH Ver 1.99 you have to set the SSH Version to 2 before you generate the RSA Key. Otherwise when the key is created there is a flag of some sort that identifies it as Version 1 compatible key and during the boot process the switch turns on support for Version 1, forcing SSH Version 1.99. I have not seen any other fixes for this but I know this is a method that has worked for me.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide