3

SSH-2 has been out for almost a decade. I know at least that all computers that currently connect to my server use the updated version 2 protocol. With that in mind, is there any benefit (security or otherwise) from disabling or blocking SSH-1?

Can I safely disable any access via the SSH protocol version 1 from the server, still allowing SSH clients using version 2 to access the server, without breaking anything?

(And a bonus question if anyone knows where to find the usage statistics) Even if the server is later used by more people, how likely is it that anyone is actually still using the SSH-1 protocol?

IQAndreas
  • 1,480
  • 2
  • 19
  • 39
  • What kind of ancient stuff have you got? Everything shipped in the last decade or so already has SSH1 disabled by default. – Michael Hampton May 31 '15 at 00:19
  • @MichaelHampton I'm running Ubuntu 15.04 (which uses OpenSSH 6.7p1), and the reason I ask is there is still a section in the configs with options like `ServerKeyBits` which is only used for SSH-1 key exchanges. Is there any way to test if SSH-1 is disabled or not? – IQAndreas May 31 '15 at 02:43

1 Answers1

5

Yes there is. 

Protocol
Specifies the protocol versions 
sshd(8) supports. The possible 
values are ‘1’ and ‘2’. Multiple 
versions must be comma-separated. 
The default is ‘2’. Note that the order 
of the protocol list does not indicate 
preference, because the client selects 
among multiple protocol versions 
offered by the server. Specifying “2,1” 
is identical to “1,2”.

See http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/sshd_config.5?query=sshd%5fconfig&sec=5 for more configuration options.

Using SSH-1 is not recommended so you should force your users to use SSH-2 for your and your users security.

99,9% of all applications use SSH-2 so you won't break anything.