Note: SSH Communications Security considers the Secure Shell version 1 protocol deprecated and does not recommend its use.
The Secure Shell version 1 (SSH1) and version 2 (SSH2) protocols are not compatible with each other. This inconvenience is necessary, since the SSH2 protocol includes remarkable security and performance enhancements that would not have been possible if protocol-level compatibility with SSH1 had been retained.
However, the current implementations of SSH2 and SSH1 software from SSH Communications Security are designed so that both can be run on the same computer. This makes the transition from the old SSH1 protocol to the more secure and more flexible SSH2 protocol much easier. The SSH Tectia SSH2 server daemon includes a fallback function that automatically invokes the SSH1 server when required.
Furthermore, SSH Tectia Client contains an internal SSH1 emulation, allowing it to communicate with SSH1 servers without using an external SSH1 program. This can be set with the
Ssh1InternalEmulation option in
ssh2_config. The argument must be
sshd1 is executed when the client supports only the Secure Shell v1 protocol. The argument must be
no. The default is
no, which means that you have to manually set
ssh2 to use
ssh1 even if
ssh1 is installed.
Sshd1Path specifies the path to the
sshd1 executable to be executed in Secure Shell v1 compatibility mode. The arguments for
sshd2 are passed on to
Sshd1ConfigFile specifies the alternate configuration file for
sshd2 runs in compatibility mode. It is only used if
sshd2 is executed with the
-f command-line option, otherwise the default
sshd1 configuration file is used.
sshd2_config man page for more information.
To set up both
ssh2 servers on the same Unix system, do the following:
- Install the latest available version of SSH Secure Shell 1.x, available on the SSH Communications Security FTP site (ftp://ftp.ssh.com/pub/ssh). As of publication of this document, the latest version is
ssh1 compatibility fallback requires version 1.2.26 or later.
- If you previously had Secure Shell 1.x installed, please make sure that the old
sshd is no longer run at boot. Only
sshd2 should be run. If you have version 1.x of
sshd running, you should kill the master daemon. You can find its process ID in
/var/run/sshd.pid or if the directory
/var/run does not exist, in
- Make sure that
/usr/local/sbin/sshd2 is run automatically at boot. On most systems, you should add the command to start it to
/etc/rc.local or under
- When you run
ssh1 daemon should not be running. When using
ssh1 compatibility, you should only run
sshd2. It will then automatically start the
ssh1 daemon as needed.
- If you do not want to reboot, you should now manually run