SSH, or Secure Shell, is a newer, secure version of the "telnet" program. This program provides an encrypted, secure connection from one machine to another and the ability to log in to other machines and run a command shell, such as "/bin/bash." There are two parts to SSH: the daemon and the client. The daemon, "SSHD," runs on the server and listens from a certain port on the ethernet connection for ssh requests from the clients. This SSH evolution offers a more secure "version" of the protocol. There are two types of protocols that SSH uses, named "1" and "2," with "1" being the older less secure protocol. Disabling SSH version 1 protocol accesses is relatively easy by making a small change in the /etc/ssh/sshd_config file, and restarting the SSHD daemon. The problem arises when SP reboots. This setting does not store in persistent storage (/pstore) and gets lost. The addition of this sub-command to the "sp" command makes this process easier by changing /etc/ssh/sshd_config, creating (or removing) a cookie in the "/pstore/ssh" directory, and restarting SSHD with the new configuration. When rebooting, the SP now looks for this cookie. If it exists (in /pstore/ssh), the SP starts SSHD with version-1 protocol disabled. Without this cookie present, the SP continues to allow both version 1 and 2 protocol accesses. With the cookie present, the setting persists through reboots, and provides an easy command-driven way to change and look at the setting, rather than manually editing /etc/ssh/sshd_config.
This command disables protocol version-1 accesses to the secure shell daemon, sshd.
Protocol version 2 remains enabled.
Command Syntax:
sp disable ssh1
Successful Output:
localhost # sp disable ssh1
SSH protocol version 2 accesses allowed. Version 1 NOT allowed!
Restarting OpenBSD Secure Shell Server: SSHD.
This command enables protocol version-1 accesses to the secure shell daemon,
sshd. Protocol version 2 remains enabled.
Command Syntax:
sp enable ssh1
Successful Output:
localhost # sp enable ssh1
SSH protocol version 1 and version 2 accesses allowed.
Restarting OpenBSD Secure Shell Server: SSHD.
This command retrieves the current state of the protocol level-1 activation,
controlled by the above ‘enable’ and ‘disable’ command.
Command Syntax:
sp get ssh1
Successful Output:
localhost # sp get ssh
SSH protocol version 1 and version 2 accesses allowed
or
SSH prococol version 2 accesses allowed. Version 1 NOT allowed!