Update Centos 8 to use sshv2

Simon Leung
Simon Leung used Ask the Experts™
on
After installing the Centos 8 and ssh to the server, it tells me that the server is using v1. How to upgrade my Centos to use v2 ?

Thx
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
nociSoftware Engineer
Distinguished Expert 2018

Commented:
in sshd_config file you need to add:  "Protocol 2"
Maybe there no statement, or Protocol 1 or Protocol 1,2 or Protocol 2,1
That is If the protocol keyword is still supported.

Very recent ssh version (openssh v7.6 +)  only know about protocol v2. And lack of the protocol keyword in any config file doesn't mean sshv1 is enabled.
Your auditing tool may need an update.  (V7.x does allow sshv1 to be used/configured, it will not do so unless explicitely instructed).

Version 6.0+ used the ProtocolV2 as default (2012 onwards).
Fractional CTO
Distinguished Expert 2018
Commented:
First scan your target IP to determine exactly what's running by posting output of the following command, changed to your IP.

imac> nmap -A -T4 -p 22 51.79.113.189
Starting Nmap 7.80 ( https://nmap.org ) at 2020-01-06 06:05 CST
Nmap scan report for ip189.ip-51-79-113.net (51.79.113.189)
Host is up (0.052s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 8.0 (protocol 2.0)
| ssh-hostkey: 
|   3072 db:75:0b:5d:98:26:4e:fe:63:8d:2c:0f:b5:a3:ea:af (RSA)
|   256 77:c4:8d:3e:c8:6d:a4:e4:38:68:6e:d5:64:13:a6:e2 (ECDSA)
|_  256 88:78:b7:cb:8b:98:94:f2:d1:ec:10:76:64:23:b1:57 (ED25519)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.21 seconds

Open in new window


The post the ssh version you're using. The command is...

imac> ssh -V
OpenSSH_8.1p1, OpenSSL 1.1.1d  10 Sep 2019

Open in new window


Might be your client is old + the sshd daemon is downgrading to v1 to allow connections.

Follow noci's instructions to force Protocol to v2, with no downgrading allowed.

Be sure to hard bounce (stop/restart) your sshd after changing any /etc/ssh/sshd_config settings, so new settings take effect. Likely one of these commands...

service sshd restart

service ssh restart

Open in new window

Author

Commented:
here is my scan result...

[root@smtp postfix]# nmap -A -p 22 192.168.2.21
Starting Nmap 7.70 ( https://nmap.org ) at 2020-01-06 21:03 HKT
Nmap scan report for 192.168.2.21
Host is up (0.000070s latency).

PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.8 (protocol 2.0)
| ssh-hostkey:
|   2048 ab:cf:cd:64:f2:20:ef:68:a7:aa:5a:9a:49:06:8f:b7 (RSA)
|   256 1b:aa:dc:7c:7a:e6:87:10:a6:6d:5f:4c:7d:07:29:fd (ECDSA)
|_  256 13:02:4d:1d:77:b2:d5:cf:0c:25:de:82:ae:21:8b:7c (ED25519)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.7 - 3.10
Network Distance: 0 hops

OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 4.02 seconds


[root@smtp postfix]# ssh -V
OpenSSH_7.8p1, OpenSSL 1.1.1 FIPS  11 Sep 2018
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Q is does it still allow V1 protocol or not:...
you can try ssh -vvv1 targetsystem to enforce sshv1 protocol.
(it might still not use it though, so you will need to check the connection log.)

ssh > 8.0 will not support the sshv1 protocol anymore, and refuse to use the -1 option.
David FavorFractional CTO
Distinguished Expert 2018
Commented:
This suggests both client + server are running V2.

Provide the exact command you executed + emitted message which leads you to believe you connection has been downgraded to V1.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial