How to Disable SSHV1 at IPS:
By default in IPS-IOS7, SSHV1 and SSHV2 is on, to disable SSHV1 we need root level access to make changes to IPS IOS config files, not in configuration. To do this We need service account. Service account is for support purpose and have access to IOS files for making changes. Only one service account can be resides on IPS.
Method:
1. Create Service account if you don't have
username xxxx privilege service password xxxxx
2. Login with this account
3. Gain root level access
su -
(supply password of service account, it work in my scenario)
4. fire these commands.
cd /etc/ssh
cp sshd_config sshd_config.old (it will copy current ssh_config to sshd_config.old)
sed -r '/^#?Protocol /cProtocol 2' sshd_config.old > sshd_config (this command will make required changes)
/etc/init.d/cids reboot (this command will restart the process)
Now connection with SSHV1 will drop by IPS.
Snapshot:
No comments:
Post a Comment