Common Controls Hub
The SSH daemon must be configured to use only the SSHv2 protocol.
SSH protocol version 1 suffers from design flaws that result in security vulnerabilities and should not be used.
Red Hat Enterprise Linux 6 Security Technical Implementation Guide
Check Text ( C-19475r376997_chk )
To check which SSH protocol version is allowed, run the following command:
# grep Protocol /etc/ssh/sshd_config
If configured properly, output should be
If it is not, this is a finding.
Fix Text (F-19473r376998_fix)
Only SSH protocol version 2 connections should be permitted. The default setting in "/etc/ssh/sshd_config" is correct, and can be verified by ensuring that the following line appears: