NET1647 - The network element must not allow SSH Version 1.


The network element must not use SSH Version 1 for administrative access.

SSH Version 1 is a protocol that has never been defined in a standard. Since SSH-1 has inherent design flaws which make it vulnerable to, e.g., man-in-the-middle attacks, it is now generally considered obsolete and should be avoided by explicitly disabling fallback to SSH-1.


Configure the network device to use SSH version 2.

See Also

Item Details

References: CAT|II, Rule-ID|SV-15460r2_rule, STIG-ID|NET1647, Vuln-ID|V-14717

Plugin: Cisco

Control ID: 45cd43e25a1a2adde29b10f5b3f4e65b2c6fc3d93f6cf0ebf0681238a291d11c