Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1265
Views
2
Helpful
11
Replies

"ip ssh version 2" now default on switches with IOS XE 17.12.3 ?

mwalsleben
Level 1
Level 1

‎08-20-2024 04:00 AM

We have 2 switches that are replacements from cisco that came with IOS XE 17.12.3 and we found out that the line "ip ssh version 2" is missing from the running-config (and startup-config too).

But with "show running-config all" the line shown, so this line seems to be default now.

Can anyone point me to some release notes or anything else about this?

Labels:
0 Helpful
11 Replies 11

MHM Cisco World
VIP
VIP

‎08-20-2024 04:10 AM

Show ssh 

This give you ver. Ssh use

MHM

0 Helpful

mwalsleben
Level 1
Level 1
In response to MHM Cisco World

‎08-20-2024 04:13 AM

I know, but this was not the question.

I want to know since when this is default and where to read this change in behaviour.

0 Helpful

MHM Cisco World
VIP
VIP
In response to mwalsleben

‎08-20-2024 04:28 AM

I check until 17.15.x the ver. 1 support and command available to config which ver. you want to run 
MHM

0 Helpful

mwalsleben
Level 1
Level 1

‎08-20-2024 04:32 AM

Only ver 2 is needed. But we have a change management and with all switches with the new firmware it says "config error" when the line "ip ssh version 2 is not in the running config visible.

amikat
Spotlight
Spotlight

‎08-20-2024 04:49 AM

Hi,

You have not mentioned what your platform is but if you check the Release Notes for Cisco Catalyst 9600/9500/9400/9300/9200 Series Switches, Cisco IOS XE Dublin 17.12.x then int the Limitations and Restrictions section it reads:

"Use SSH Version 2. SSH Version 1 is not supported."

Best regards,

Antonin

mwalsleben
Level 1
Level 1
In response to amikat

‎08-20-2024 04:52 AM

Oh thanks! I just had a look at the section "What's new with..." and there was nothing to read regarding SSH.

0 Helpful

MHM Cisco World
VIP
VIP
In response to mwalsleben

‎08-20-2024 04:57 AM

I already check the Ver1 is support in 9200 and I think for other C9000 series 
MHM

Screenshot (165).png

0 Helpful

mwalsleben
Level 1
Level 1
In response to amikat

‎08-20-2024 05:03 AM

That seemed to be the solution but it's not. In the "Limitations and Restrictions" of IOS XE 17.9.x the same sentence is included but in 17.9.5 the line is shown in the running-config. So this was not default in 17.9.5.

0 Helpful

mwalsleben
Level 1
Level 1
In response to mwalsleben

‎08-22-2024 01:57 AM

Does noone know when this behaviour was set to be default?

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to mwalsleben

‎08-22-2024 02:29 AM

Hello @mwalsleben ,

I have found an indirect reference in 17.13 Command reference

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/17-13/command_reference/b_1713_9200_cr/system_management_commands.html?dtid=osscdc000283#wp2487570104

under the command

ip ssh bulk-mode

the notes report the following:

Beginning from Cisco IOS XE Dublin 17.10.1, SSH bulk mode is enabled by default with the default window size of 128KB.

GiuseppeLarosa_0-1724318826483.gif

 

Note

  • Bulk data transfer mode does not support the time or volume-based SSH rekey functionality.

  • >>> Bulk data transfer mode is not supported with SSH Version 1

 

so if in 17.10 the bulk mode is enabled by default but this feature works only with SSH v2 this means that in 17.10 the default SSH version should be version 2.

Hope to help

Giuseppe

 

0 Helpful

mwalsleben
Level 1
Level 1
In response to Giuseppe Larosa

‎08-22-2024 02:40 AM

Hello @Giuseppe Larosa ,

that seems to be a very indirect reference but the closest so far. Thank you!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card