HP ProCurve Disable SSH1

[Jason S. Global Moderator]

In our most recent security scan, one of our HP ProCurve switches was shown to have SSH1 enabled. We have a A5830AF-48G.

 

From what I've read, SSH1 is enabled by default. I have not found a way to disable it while still keeping SSH enabled. I've checked the GUI and command references. There's a command to enable SSH1, which is already enabled by default.

 

Enable the SSH server to support SSH1 clients.

 

'ssh server compatible-ssh1x enable'
 

Optional. By default, the SSH server supports SSH1 clients.

 

So does anyone know how to disable SSH1?

[Ambroos]

undo ssh server compatible-ssh1x

Googling ain't hard.

[sc302 Veteran]

don't have an hp but look through the different commands

 

start with

 

ssh server ?

[Jason S. Global Moderator]

don't have an hp but look through the different commands

 

start with

 

ssh server ?

yeah i did all that. there's nothing that shows 'disable' anything. even the manual doesnt show it, which is why i started the topic.

 

ambroos - you really think i didnt search online for this before posting?

 

also, that command doesnt work.

[+BudMan MVC]

this might be obvious but did you try?

 

ssh server compatible-ssh1x disable

 

I don't have a hp to play with sorry..

[Jason S. Global Moderator]

this might be obvious but did you try?

 

ssh server compatible-ssh1x disable

 

I don't have a hp to play with sorry..

sure did. unfortunately that doesnt work either.

[sc302 Veteran]

Downloaded an emulator. Hopefully it will allow me to help you.

It will take me a bit my plate just got full again.

[+BudMan MVC]

where did you get the emulator - like to give it a look see.

[sc302 Veteran]

still going through setup but here

http://h17007.www1.hp.com/ca/en/networking/products/simulator/index.aspx#.VXCaf0auksQ

 

 

just starting the built in switch to open up the cli

[sc302 Veteran]

Ok the command is

no ssh server compatible-ssh1x enable

 

 

the description of compatible-ssh1x enable command is:

Use the ssh server compatible-ssh1x command to enable the SSH server to support SSH1 clients.

Use the undo ssh server compatible-ssh1x command to disable the SSH server from supporting SSH1 clients.

By default, the SSH server supports SSH1 clients.

This configuration takes effect only for users logging in after the configuration.

Related commands: display ssh server.

 

if you don't have ssh1x clients, then you would be fine...however if you do have ssh1 clients it will break and the ssh1 clients will not be able do connect.  this command enables backwards compatibility. 

 

This doc may help you:

 

http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/WLAN/Access_Point/H3C_WA2200_Series_WLAN_Access_Points/Command/Command/H3C_WA_WLAN_Access_CR-6W100/09/201009/691923_1285_0.htm#_Toc271618296

 

Budman:

the enable mode is accessed by typing in

system

[Jason S. Global Moderator]

Ok the command is

no ssh server compatible-ssh1x enable

 

 

the description of compatible-ssh1x enable command is:

Use the ssh server compatible-ssh1x command to enable the SSH server to support SSH1 clients.

Use the undo ssh server compatible-ssh1x command to disable the SSH server from supporting SSH1 clients.

By default, the SSH server supports SSH1 clients.

This configuration takes effect only for users logging in after the configuration.

Related commands: display ssh server.

 

if you don't have ssh1x clients, then you would be fine...however if you do have ssh1 clients it will break and the ssh1 clients will not be able do connect.  this command enables backwards compatibility. 

 

This doc may help you:

 

http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/WLAN/Access_Point/H3C_WA2200_Series_WLAN_Access_Points/Command/Command/H3C_WA_WLAN_Access_CR-6W100/09/201009/691923_1285_0.htm#_Toc271618296

 

Budman:

the enable mode is accessed by typing in

system

well im baffled. the "undo" command worked. i copy/pasted that same command yesterday, and it didnt work. i just tried again, and it worked. im stumped.

 

thank you everyone for your help. much appreciated!

[sc302 Veteran]

using no vs undo should have the same result...it did in the test/emulated environment.