Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
53164
Views
10
Helpful
4
Replies

disabling ssh Version 1

Go to solution
Kevin Melton
Level 2
Level 2

‎03-17-2009 02:36 PM - edited ‎03-06-2019 04:39 AM

We have a Security Vendor that performs scans of our Internet facing equipment.

I have a 3825 Cisco ISR facing the Internet.

I have an SSH compliant IOS version running on the router. I also have enabled Version 2 of SSH by implementing the command "ip ssh ver 2" and the router likes the command.

For whatever reason, when the router is scanned, it shows SSH v.1 still open.

How can i turn off V.1? The documentation i have read indicates that v.1 is supposed to be turned off when v.2 is enabled, but that does not seem to be the Case here.

Thanks in advance.

Kevin

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎03-17-2009 02:50 PM

When running just version 1:

R1(config)#ip ssh ver 1

R1#sh ip ssh

SSH Enabled - version 1.5

Authentication timeout: 120 secs; Authentication retries: 3

When running version 1 and 2 (default)

R1(config)#no ip ssh ver

SSH Enabled - version 1.99

Authentication timeout: 120 secs; Authentication retries: 3

When running version 2:

R1(config)#ip ssh ver 2

R1#sh ip ssh

SSH Enabled - version 2.0

Authentication timeout: 120 secs; Authentication retries: 3

If you get 2.0 in the output, you should be fine and the scanner is giving you false positive.

__

Edison.

View solution in original post

4 Replies 4

Go to solution
glen.grant
VIP Alumni
VIP Alumni

‎03-17-2009 02:48 PM

What does " show ip ssh " show ???

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎03-17-2009 02:50 PM

When running just version 1:

R1(config)#ip ssh ver 1

R1#sh ip ssh

SSH Enabled - version 1.5

Authentication timeout: 120 secs; Authentication retries: 3

When running version 1 and 2 (default)

R1(config)#no ip ssh ver

SSH Enabled - version 1.99

Authentication timeout: 120 secs; Authentication retries: 3

When running version 2:

R1(config)#ip ssh ver 2

R1#sh ip ssh

SSH Enabled - version 2.0

Authentication timeout: 120 secs; Authentication retries: 3

If you get 2.0 in the output, you should be fine and the scanner is giving you false positive.

__

Edison.

Go to solution
lewdavie1
Level 1
Level 1
In response to Edison Ortiz

‎09-29-2014 02:08 AM

What type of connection can this be done from?  If I am using ssh to configure the device is there a chance I will loose connectivity when I enter the "no ip ssh ver" command? 

0 Helpful

Go to solution
a.shwehdi
Level 1
Level 1
In response to Edison Ortiz

‎11-08-2021 09:06 AM

Thanks you its help me alot

 

0 Helpful
Top