This tip won’t be useful for everybody, but for anybody with a dedicated server you’ll probably be familiar with this error message that gets sent weekly from the security scanner on your server.

The error email I get from “watchdog” once a week looks like this:

Security scanning generated the following warnings (the full scanning log
is available at /var/log/rkhunter.log):

[01:01:51] ————————- Security advisories ————————-
[01:01:52] Warning: SSH version 1 possible allowed!

To fix this problem, we’ll need to edit the sshd_config file, which is the main configuration file for the sshd service. The location will sometimes be different, but it’s usually in /etc/ssh/. Open the file up while logged on as root.

note: Be careful, if you screw this up you won’t be able to ssh to your server anymore…

vi /etc/ssh/sshd_config

Find this section in the file, containing the line with “Protocol” in it. Here’s where the problem is… we need to explicitly tell the sshd service to only use version 2.

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

If the line is commented out or has both 2,1 in it, you’ll need to make it look like this (leave the other lines alone)

Protocol 2

Now you’ll need to restart the sshd service:

/etc/init.d/sshd restart

You shouldn’t get those error emails anymore.