ssh server compatible-ssh1x enable
Function
The ssh server compatible-ssh1x enable command enables an SSH server to be compatible with earlier versions.
The undo ssh server compatible-ssh1x enable command disables an SSH server from being compatible with earlier versions.
By default, this function is disabled on unconfigured devices. After a device is upgraded, whether an SSH server is allowed to be compatible with earlier versions is determined by the configuration in the configuration file.
Usage Guidelines
Usage Scenario
The ssh server compatible-ssh1x enable command applies to scenarios where a client and a server negotiate with each other on a working version. After a TCP connection is set up between a client and a server, the client negotiates with the server on a version that both the client and server support.
The server compares its own version with that sent by the client and determines whether it can work with the client.
- If the protocol version on the client is earlier than 1.3 or later than 2.0, version negotiation fails and the server disconnects from the client.
- If the protocol version on the client is later than or equal to 1.3 and earlier than 1.99, the SSH1.5 server module is invoked, and the SSH1.X process is performed when the SSH1.X-compatible mode is configured. When the SSH1.X-incompatible mode is configured, version negotiation fails, and the server disconnects from the client.
- If the protocol version on the client is 1.99 or 2.0, the SSH2.0 server module is invoked, and the SSH2.0 process is performed.
Precautions
- If the SSH server is enabled to be compatible with earlier SSH versions, a device prompts a security risk.
The device can only function as the SSH client of v2.0. When the device functions as the SSH server, it allows SSH clients of v1.x and v2.0 to log in.
The configuration takes effect upon the next login.
SSH2.0 has an extended structure and supports more authentication modes and key exchange methods than SSH1.X. SSH 2.0 can eliminate the security risks that SSH 1.X has. SSH 2.0 is more secure and therefore is recommended.
If a device has empty configuration, the device delivers the undo ssh server compatible-ssh1x enable command to disable the SSH server's compatibility with earlier versions. If a device is upgraded, the SSH server's compatibility with earlier versions is the same as that in the configuration file.
- STelnet: The device supports SSH v1.99. That is SSH1 (SSH1.x) and SSH2 (SSH2.0) are supported. By default, SSH2 (SSH2.0) is supported.
- SFTP: Only SSH2 (SSH2.0) is supported.
- SCP: Only SSH2 (SSH2.0) is supported.