Tectia provides limited support for SSH-1, mostly by running programs from some older implementation whenever the SSH-1 protocol is required. Some of the Tectia programs do have built-in support for SSH-1, however.
The Tectia server has no built-in support for SSH-1, but it can be configured to run a separate SSH-1 server for SSH-1 clients. See "Compatibility Between SSH-1 and SSH-2 Servers" in Chapter 5.
The following keywords in the /etc/ssh2/sshd2_config file control SSH-1 compatibility mode:
Ssh1CompatibilityRun the SSH-1 server when SSH-1 clients connect (if
yes).
Sshd1PathThe pathname for the SSH-1 server.
Sshd1ConfigFileAn alternate configuration file for the SSH-1 server, replacing the one specified for the Tectia server by the -f command-line option.
The ssh -1t option runs an SSH-1 client program, and ssh -1i uses built-in SSH-1 emulation. See "Choosing a protocol version" in Chapter 7.
The following keywords in the /etc/ssh2/ssh2_config file control SSH-1 compatibility mode:
Ssh1CompatibilityUse SSH-1 if the server supports only supports the older
protocol (if yes), or
otherwise fail (if no).
Ssh1InternalEmulationUse the Tectia client's built-in SSH-1 functionality (if
yes), or otherwise run an
external SSH-1 program (if no).
Ssh1PathThe pathname for the external SSH-1 program.
Ssh1MaskPasswordLengthSend SSH_MSG_IGNORE packets with SSH-1 sessions to obscure the length of the password (if yes, the default). Otherwise, the unencrypted length fields used by SSH-1 can be easily intercepted.
Ssh1AgentCompatibilitySpecifies whether and how to do agent forwarding. The value is one of:
noneDon't forward SSH-1 agent connections (the default).
traditionalForward SSH-1 agent connections with no information about the forwarding path.
ssh2Forward SSH-1 agent connections, and add information about the forwarding path as for SSH-2. This requires using the Tectia agent in SSH-1 compatibility mode.
scp can run a program
scp1 for file transfers using SSH-1. No mechanism
is provided to specify an alternate name for the compatibility mode
program (or a complete pathname: the scp1 program
is always found by searching the PATH).
If the scp -1 option [7.5.9] is specified as the first option on the command line, then scp1 is run for SSH-1 compatibility, with the rest of the arguments passed verbatim.
scp1 is also run if the -t or -f command-line options are used. These options were used for old implementations of the remote scp server.
The ssh-keygen -1 option converts a key (in a file specified as an argument for the option) from an older format used by some SSH-1 implementations to the new format used by Tectia.
The ssh-agent -1 option causes the agent to handle requests from SSH-1 clients.
Keys added with the ssh-add -1 option are an exception: they are not allowed to be used for SSH-1 operations.
The ssh client uses the keyword Ssh1AgentCompatibility to control agent
forwarding, as described previously.