HP ProCurve Disable SSH1

By Jason S.
in Smart Home, Network & Security

 Share

Recommended Posts

Grand Master

Jason S. Global Moderator

Posted
  • Global Moderator
Posted

In our most recent security scan, one of our HP ProCurve switches was shown to have SSH1 enabled. We have a A5830AF-48G.

 

From what I've read, SSH1 is enabled by default. I have not found a way to disable it while still keeping SSH enabled. I've checked the GUI and command references. There's a command to enable SSH1, which is already enabled by default.

 

Enable the SSH server to support SSH1 clients.

 

'ssh server compatible-ssh1x enable'
 

Optional. By default, the SSH server supports SSH1 clients.

 

So does anyone know how to disable SSH1?

Link to comment
https://www.neowin.net/forum/topic/1259090-hp-procurve-disable-ssh1/
Share on other sites
Grand Master

Jason S. Global Moderator

Posted
  • Author
  • Global Moderator
Posted

don't have an hp but look through the different commands

 

start with

 

ssh server ?

yeah i did all that. there's nothing that shows 'disable' anything. even the manual doesnt show it, which is why i started the topic.

 

ambroos - you really think i didnt search online for this before posting? :huh:

 

also, that command doesnt work.

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

Ok the command is

no ssh server compatible-ssh1x enable

 

 

the description of compatible-ssh1x enable command is:

Use the ssh server compatible-ssh1x command to enable the SSH server to support SSH1 clients.

Use the undo ssh server compatible-ssh1x command to disable the SSH server from supporting SSH1 clients.

By default, the SSH server supports SSH1 clients.

This configuration takes effect only for users logging in after the configuration.

Related commands: display ssh server.

 

if you don't have ssh1x clients, then you would be fine...however if you do have ssh1 clients it will break and the ssh1 clients will not be able do connect.  this command enables backwards compatibility. 

 

This doc may help you:

 

http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/WLAN/Access_Point/H3C_WA2200_Series_WLAN_Access_Points/Command/Command/H3C_WA_WLAN_Access_CR-6W100/09/201009/691923_1285_0.htm#_Toc271618296

 

Budman:

the enable mode is accessed by typing in

system

Grand Master

Jason S. Global Moderator

Posted
  • Author
  • Global Moderator
Posted

Ok the command is

no ssh server compatible-ssh1x enable

 

 

the description of compatible-ssh1x enable command is:

Use the ssh server compatible-ssh1x command to enable the SSH server to support SSH1 clients.

Use the undo ssh server compatible-ssh1x command to disable the SSH server from supporting SSH1 clients.

By default, the SSH server supports SSH1 clients.

This configuration takes effect only for users logging in after the configuration.

Related commands: display ssh server.

 

if you don't have ssh1x clients, then you would be fine...however if you do have ssh1 clients it will break and the ssh1 clients will not be able do connect.  this command enables backwards compatibility. 

 

This doc may help you:

 

http://www.h3c.com/portal/Technical_Support___Documents/Technical_Documents/WLAN/Access_Point/H3C_WA2200_Series_WLAN_Access_Points/Command/Command/H3C_WA_WLAN_Access_CR-6W100/09/201009/691923_1285_0.htm#_Toc271618296

 

Budman:

the enable mode is accessed by typing in

system

well im baffled. the "undo" command worked. i copy/pasted that same command yesterday, and it didnt work. i just tried again, and it worked. im stumped.

 

thank you everyone for your help. much appreciated!

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Microsoft confirms Windows 11 26H2 to finally get one of the most requested features

      By sphbecker · Posted

      If you don't care to read what I said, then you prove my point. Maybe written media is beyond your attention span. Titles are not summaries my friend.
    • Politically funny images of the World

      By +Nik Louch · Posted

      Nobody asked... in fact, I said "I don't care about political leanings"  
    • Microsoft confirms Windows 11 26H2 to finally get one of the most requested features

      By Elliot B. · Posted

      TLDR. Here is a far better title (just a basic example): Windows 11 26H2 to allow disabling Web search results
    • Politically funny images of the World

      By Dan~ · Posted

      Restore will get my vote, only if to see if things are any different, doubt it though but Labour and Conservatives too out of touch and same thing over and over and over…, Lib Dem who?
    • Microsoft confirms Windows 11 26H2 to finally get one of the most requested features

      By sphbecker · Posted

      There is nothing wrong with this title. You have completely missed the plot when it comes to "clickbait." The issue was never that a title tries to entice you to click, that is how titles have worked for over 100 years. The issue is when the title subverts expectations, getting you to click expecting something that isn't there. The classic clickbait example is "Boyfriend caught cheating, what happens next will shock you," then what happened next is the girlfriend was upset...which is probably the least shocking outcome imaginable. If sounds like what you want is for the titles to be a collection of 10-word summaries that you can skim, get the just of the story, and only click if you want more details. That is not, never has been, and never will be what titles are. You can go all the way back to print newspapers during the great depression and see the same thing. The newspaper was locked in a vending machine, all you can see is the headline, you choose to put in 5¢ to buy the paper and read the rest if you want. Those headlines were written in a way to sell the paper, not just to provide a summery. Here are two actual headlines from that time, "Wall Street Lays an Egg," or "Stocks Hit Bottom?" Maybe you'd say something like "it was wrong then and it's still wrong now." Okay, fine opinion to have, but it isn't like Neowin is doing something unjurnalistic, they are just following the age-old standards for written media.

  • Recent Achievements

    • Dedicated
      tuben earned a badge
      Dedicated
    • Week One Done
      mnsgroup earned a badge
      Week One Done
    • Conversation Starter
      sumytbe earned a badge
      Conversation Starter
    • One Year In
      B4dM1k3 earned a badge
      One Year In
    • One Year In
      DarkWun earned a badge
      One Year In

  • Popular Contributors

    1. 1
      +primortal
      525
    2. 2
      +Edouard
      199
    3. 3
      PsYcHoKiLLa
      94
    4. 4
      Michael Scrip
      82
    5. 5
      neufuse
      67
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!