[Contents] [Index]

About This Document >>     Installing SSH Tectia Server >>     Getting Started >>     Configuration >>         Configuration Files >>         Subconfigurations >>         Enabling FIPS Mode         Ciphers and MACs         Compression         Configuring Root Logins         Restricting User Logins         Subsystems         Configuring ssh2 for ssh1 Compatibility         Auditing >>         Securing SSH Tectia Client and Server >>     Authentication >>     Application Tunneling >>     Troubleshooting >>     Man Pages     Advanced Options >>     Log Messages >>

Configuring ssh2 for ssh1 Compatibility

Note: SSH Communications Security considers the Secure Shell version 1 protocol deprecated and does not recommend its use.

The Secure Shell version 1 (SSH1) and version 2 (SSH2) protocols are not compatible with each other. This inconvenience is necessary, since the SSH2 protocol includes remarkable security and performance enhancements that would not have been possible if protocol-level compatibility with SSH1 had been retained.

However, the current implementations of SSH2 and SSH1 software from SSH Communications Security are designed so that both can be run on the same computer. This makes the transition from the old SSH1 protocol to the more secure and more flexible SSH2 protocol much easier. The SSH Tectia SSH2 server daemon includes a fallback function that automatically invokes the SSH1 server when required.

Furthermore, SSH Tectia Client contains an internal SSH1 emulation, allowing it to communicate with SSH1 servers without using an external SSH1 program. This can be set with the Ssh1InternalEmulation option in ssh2_config. The argument must be yes or no.

With the Ssh1Compatibility option, sshd1 is executed when the client supports only the Secure Shell v1 protocol. The argument must be yes or no. The default is no, which means that you have to manually set ssh2 to use ssh1 even if ssh1 is installed.

Sshd1Path specifies the path to the sshd1 executable to be executed in Secure Shell v1 compatibility mode. The arguments for sshd2 are passed on to sshd1.

Sshd1ConfigFile specifies the alternate configuration file for sshd1 when sshd2 runs in compatibility mode. It is only used if sshd2 is executed with the -f command-line option, otherwise the default sshd1 configuration file is used.

See the sshd2_config man page for more information.

To set up both ssh1 and ssh2 servers on the same Unix system, do the following:

1. Install the latest available version of SSH Secure Shell 1.x, available on the SSH Communications Security FTP site (ftp://ftp.ssh.com/pub/ssh). As of publication of this document, the latest version is ssh-1.2.33. ssh1 compatibility fallback requires version 1.2.26 or later.
2. Install ssh2.
3. If you previously had Secure Shell 1.x installed, please make sure that the old sshd is no longer run at boot. Only sshd2 should be run. If you have version 1.x of sshd running, you should kill the master daemon. You can find its process ID in /var/run/sshd.pid or if the directory /var/run does not exist, in /etc/ssh2/sshd2_22.pid.
4. Make sure that /usr/local/sbin/sshd2 is run automatically at boot. On most systems, you should add the command to start it to /etc/rc.local or under /etc/rc.d.
   • When you run sshd2, the ssh1 daemon should not be running. When using ssh2 with ssh1 compatibility, you should only run sshd2. It will then automatically start the ssh1 daemon as needed.
5. If you do not want to reboot, you should now manually run /usr/local/sbin/sshd2 (or /etc/rc.d/init.d/sshd2 start).