[Contents] [Index]

About This Document>>     Introduction to SSH Secure Shell >>     Configuring SSH Secure Shell >>         Basic Configuration>>         Subconfigurations >>         Configuring SSH Secure Shell for TCP Wrappers Support>>         Configuring SSH2 for SSH1 Compatibility         Forwarding>>     Authentication >>     Log Messages >>     Using SSH Secure Shell >>     Tool Syntax>>     Technical Specifications >>

Configuring SSH2 for SSH1 Compatibility

Note: SSH Communications Security considers the Secure Shell version 1 protocol deprecated and does not recommend the use of it. For more information, see http://www.ssh.com/company/newsroom/article/210/).

The SSH1 and SSH2 protocols are not compatible with each other. This inconvenience is necessary, since the SSH2 protocol includes remarkable security and performance enhancements that would not have been possible if protocol-level compatibility with SSH1 had been retained.

However, the current implementations of ssh2 and ssh1 software are designed so that both can be run on the same computer. This makes the transition from the old but well-established SSH1 protocol to the more secure and more flexible SSH2 protocol much easier. The ssh2 server daemon includes a fallback function that automatically invokes the ssh1 server when required. Furthermore, the SSH Secure Shell client now contains internal ssh1 emulation, allowing it to communicate with ssh1 servers without using an external ssh1 program.

With the Ssh1Compatibility option, sshd1 is executed when the client supports only SSH 1.x protocols. The argument must be "yes" or "no". The default is "no", which means that you have to manually set ssh2 to use ssh1 even if ssh1 is installed.

Sshd1Path Specifies the path to the sshd1 executable to be executed in SSH1 compatibility mode. The arguments for sshd2 are passed on to sshd1.

Sshd1ConfigFile specifies the alternate configuration file for sshd1 when sshd2 runs in compatibility mode. It is only used if sshd2 is executed with the -f command line option, otherwise the default sshd1 configuration file is used.

See the sshd2_config man page for more information.

To set up both ssh1 and ssh2 servers on the same Unix system, you should do the following:

1. Install the latest available version of ssh1, available on the SSH Communications Security FTP site (ftp://ftp.ssh.com/pub/ssh). As of this publication of this document, the latest version is ssh-1.2.33. SSH1 compatibility fallback requires version 1.2.26 or later.
2. Install ssh2.
3. If you previously had ssh1 installed, please make sure that the old sshd is no longer run at boot. Only sshd2 should be run. If you have the ssh1 version of sshd running, you should kill the master daemon. You can find its process id in /var/run/sshd.pid or if the directory /var/run does not exist, in /etc/ssh2/sshd2_22.pid.
4. Make sure that /usr/local/sbin/sshd2 is run automatically at boot. On most systems, you should add the command to start it to /etc/rc.local or under /etc/rc.d.
   • When you run sshd2, the ssh1 daemon should not be running. When using ssh2 with ssh1 compatibility, you should only run sshd2. It will then automatically start the ssh1 daemon as needed.
5. If you do not want to reboot, you should now manually run /usr/local/sbin/sshd2 (or /etc/rc.d/init.d/sshd2 start).