Disable SSHv1 (OpenBSD)

JF1980 · 07-11-2007, 05:42 AM

Hello chaps, I've been trying to disable SSHv1 on my OpenBSD firewall. I edited the /etc/ssh/sshd.config file to show:

Port 22
Protocol 2

So what happens? It's all very strange. I now keep seeing:

Jul 11 10:20:44 hal-5 sshd[22430]: fatal: buffer_get: trying to get more bytes 129 than in buffer 34
Jul 11 10:23:10 hal-5 sshd[2928]: fatal: buffer_get: trying to get more bytes 129 than in buffer 34

In /var/log/authlog.

If I try to connect with SSHv1 that host is instantly added to hosts.deny and any further attempts to connect (even with SSHv2) are blocked with the authlog showing: sshd [] Did not receive identification string from x.x.x.x which I'm guessing is due to hosts.deny blocking the connection. Is this 'normal' behavior or is it being caused by my OSSEC HIDS?

I'm tasked with disabling SSHv1 on all external IP's but I don't want to end up locking myself out of a remote gateway! Is the above all normal and have I disabled SSHv1 correctly?

Many Thanks.

leosgb · 07-11-2007, 11:37 PM

To disable it you just need to stop the service. And then remove it from your initialization script. For Gentoo I would:

/etc/init.d/sshd stop
rc-update del sshd default

Hope this helps.

JF1980 · 07-12-2007, 03:43 AM

Thanks but actually I had already disabled it as noted above. I only wanted to disable Protocol version 1 not SSH altogether.

leosgb · 07-12-2007, 10:06 AM

Sorry, misunderstood your question

JF1980 · 07-12-2007, 12:48 PM

No problem, thanks for the reply

FYI I found out that it's the OSSEC HIDS that blocks clients who have tried to connect with SSHv1. A nice feature actually, it was just a little worrying the first time I checked to see if v1 was disabled properly!

Code:

# ssh mybox.com -1
Protocol miss match 1 against 2.
# ssh mybox.com -2


...nothing; whoops!