How to change SSH v1 to v2 or 3 on IPS SSM-10 on ASA5510

Hi,

I have IPS SSM-10 on ASA5510. I need to change SSH version. No we use version 1 which should be chanaged to 2 or 3.

Thanks for help !

Maxim.
Maxim33Asked:
Who is Participating?
 
VespaMaruConnect With a Mentor Commented:
I don't think you can do it.  The Cisco IPS module supports SSH 1.5 with a 1024 bit RSA key.

From an NMAP
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 3.7.1p2 (protocol 1.99)
|_sshv1: Server supports SSHv1
| ssh-hostkey: 1024 c4:xx:xx:xx:b9 (RSA1)
|_1024 5a:xx:xx:xx:ae (DSA)

Open in new window


Also from their web site:
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/cli/cli_setup.html#wp1035869

The ASA server however will support SSH version 2 with a key size of 2048
PORT   STATE SERVICE VERSION
22/tcp open  ssh     Cisco SSH 1.25 (protocol 2.0)
|_ssh-hostkey: 2048 2f:xx:xx:xx:3b (RSA)

Open in new window


I would suspect that the reason they differ is because the IPS sensor is an embedded Linux image and theredore runs a different SSH server.
0
All Courses

From novice to tech pro — start learning today.