Configure OpenSSH for SSH1 & RSA1 (Not Suitable For Production!)


Today we had need of a very specific SSH Configuration: SSH1 with an RSA1 key. After looking online and at books (APress's OpenSSH, specifically) I was able to get a server configured.

This server is used for a very specific, limited & intermittent use. I definitely DO NOT advocate the use of SSH1 / RSA1 for public facing or secure infrastructures.

How to configure OpenSSH for Low security (RSA1 / SSH1) Operation:

  1. Open sshd_config and change the Protocol value to:

         Protocol 1

         (by default this is set to Protocol 2)

  2. Rename or remove the RSA and DSA keys associated listed in the sshd_config file
    (This ensures that the server is only serving RSA1)

  3. If you don't have an RSA1 keypair setup, you can use the guidance from this previous article to create a keypair

  4. Run sshd in debug mode to see if it will load the RSA1 key:

    /usr/sbin/sshd -ddd -f /opt/ssh/etc/sshd_config2 -p 99

         -ddd turns on debug mode (highest debug) which outputs messages to the console
          -f will force sshd to use a custom config file
          -p 99 ensures that sshd doesn't bind on the regular port. Instead it binds to port 99 (Desirable for testing a config before deploying)


    Note:
    The above command assumes sshd lives in /usr/sbin and that there is a second sshd config file found in /opt/ssh/etc

    Note 2:
    You can find out where your sshd is located by running this command:

         which sshd


If you don't see any errors and can connect to the server over the custom port specfied, you have achieved success.

This configuration is not suitable for production. We had a very specific and limited use for this config, which is why we set it up.