Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1507
  • Last Modified:

How to change SSH v1 to v2 or 3 on IPS SSM-10 on ASA5510

Hi,

I have IPS SSM-10 on ASA5510. I need to change SSH version. No we use version 1 which should be chanaged to 2 or 3.

Thanks for help !

Maxim.
0
Maxim33
Asked:
Maxim33
1 Solution
 
VespaMaruCommented:
I don't think you can do it.  The Cisco IPS module supports SSH 1.5 with a 1024 bit RSA key.

From an NMAP
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 3.7.1p2 (protocol 1.99)
|_sshv1: Server supports SSHv1
| ssh-hostkey: 1024 c4:xx:xx:xx:b9 (RSA1)
|_1024 5a:xx:xx:xx:ae (DSA)

Open in new window


Also from their web site:
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_setup.html#wp1035869

The ASA server however will support SSH version 2 with a key size of 2048
PORT   STATE SERVICE VERSION
22/tcp open  ssh     Cisco SSH 1.25 (protocol 2.0)
|_ssh-hostkey: 2048 2f:xx:xx:xx:3b (RSA)

Open in new window


I would suspect that the reason they differ is because the IPS sensor is an embedded Linux image and theredore runs a different SSH server.
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now