Cisco Pix 515e - Disabling SSH-1

Hi all,
We recently had an external audit and it was recogmended that we disable SSH-1 on our Cicso Pix 515e.  It is currently enabled by default.  The current firewall version is 6.3(4) and we currently VPN into this device using Cisco VPN client 5.0.03.  We use Transport IPSec over UDP to connect to the Pix via the VPN client.  Everything is working well in our network setup and is stable.  
My question is if I disable SSH-1 would it effect anything negitivily.  How do I know if there is any SSH-1 traffic on the Pix device.  I'd like to just disable SSH-1, and not have to upgrade the firewall version.  What would be the commands to disable SSH-1?
SightShopAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

simsjrgCommented:
Do they want you to disable it all together or only on the outside interface?
0
simsjrgCommented:
Depending on your config it would be:

no ssh 0.0.0.0 0.0.0.0 outside

SSH is used for management so if you have console access to the PIX and SSH allowed from the inside you are fine.
0
SightShopAuthor Commented:
They were concerned with Man in the Middle attacks.  I would imagine the disabling it on the outside interface would be sufice.
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

SightShopAuthor Commented:
I typically use PDM 3.0 and telnet to manage the device.  I assume disabling the SSH-1 on the outside interface would not stop me from using these management tools???  Correct??

Thanks
0
simsjrgCommented:
>> They were concerned with Man in the Middle attacks.  I would imagine the disabling it on the outside interface would be sufice.

Okay then just locate the ssh lines in your running config (for the outside interface), copy it, drop in to config mode and type no then paste the command you copied. Once done do a wr wem and you are all set.
0
simsjrgCommented:
>> I typically use PDM 3.0 and telnet to manage the device.  I assume disabling the SSH-1 on the outside interface would not stop me from using these management tools???  Correct??

I would stay far away from telnet. It transmits usernames and password in clear text and can ripped out of the air or off the wire VERY easily. I haven't used the PDM in forever but i believe that the http server command so you should be fine in that regard.
0
SightShopAuthor Commented:
So would the command that I would enter in config mode be:

no ssh 0 0 outside



Then do a wr mem
0
simsjrgCommented:
You go it!
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
simsjrgCommented:
Ha... I can't type today...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.