VanDyke Software Forums

Go Back   VanDyke Software Forums > General
User Name
Password
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 02-13-2017, 01:09 AM
jjx jjx is offline
Registered User
 
Join Date: Sep 2008
Posts: 32
SSH1 option doesnt exist

Hello,

I would like to connect to some legacy Cisco boxes that doesn't support SSH2.

SSH1 doesn't appear in the options when I create a new session.



Any idea why it was disabled?

I am using SecureCRT 8.1.01294 (x64)

Thank you
Attached Images
File Type: png Snap1.png (6.3 KB, 63 views)

Last edited by jdev; 02-14-2017 at 07:57 AM. Reason: Inlining image
Reply With Quote
  #2  
Old 02-13-2017, 08:52 AM
ekoranyi ekoranyi is offline
VanDyke Technical Support
 
Join Date: Jan 2017
Posts: 66
Hi JJX,

A default installation of SecureCRT will include support for the SSH1 protocol.

If SSH1 does not appear in your available protocols it is likely your installation did not provide SSH1.

Did you install this yourself or was it installed by someone else?

Was the installation customized to remove support for the SSH1 protocol?

If needed you can run through the installation again and ensure that the SSH1 protocol is enabled. This can be done over top or "in place" without loosing saved session data.

Does this help?
__________________
Thanks,
--Eric

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 02-13-2017, 12:19 PM
jjx jjx is offline
Registered User
 
Join Date: Sep 2008
Posts: 32
I tried to reinstall on top. Still no ssh1.
I reinstalled to a clean path, still no ssh1

No option for enabling/disabling SSH1 like previous versions appeared
Reply With Quote
  #4  
Old 02-13-2017, 01:02 PM
ekoranyi ekoranyi is offline
VanDyke Technical Support
 
Join Date: Jan 2017
Posts: 66
Hi JJX,

I'm having some trouble recreating the issue.

What installer are you using (exact name)?

Where did you get the installer?

What Operating System are you using?
__________________
Thanks,
--Eric

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #5  
Old 02-14-2017, 12:00 AM
jjx jjx is offline
Registered User
 
Join Date: Sep 2008
Posts: 32
Here are the options selected during installation





SSH1 is selected
Attached Images
File Type: png Snap1.png (52.1 KB, 54 views)
File Type: png Snap2.png (40.5 KB, 52 views)

Last edited by jdev; 02-14-2017 at 07:57 AM. Reason: Images inline for easier viewing
Reply With Quote
  #6  
Old 02-14-2017, 07:13 AM
ekoranyi ekoranyi is offline
VanDyke Technical Support
 
Join Date: Jan 2017
Posts: 66
In these scenarios its almost impossible to detect what's
happening behind the scenes without some behind the scenes
information. Microsoft Technet provides a Sysinternals tool
named Procmon (Process Monitor) that is useful for debugging
and troubleshooting running processes. I've attached a
document that shows how to use Procmon to acquire additional
behind-the-scenes information that will help in
troubleshooting further.

Would you be willing to use procmon as described in the PDF
attached, and send me a .zip'd version of the PML log you
generate with procmon?

As logs may contain private information please send the log to
Support@Vandyke.com with ATTN: Eric Forum Post 12612 in
the subject line.
Attached Files
File Type: pdf ProcMon Usage - Gather debug info about a process.pdf (389.9 KB, 18 views)
__________________
Thanks,
--Eric

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #7  
Old 02-14-2017, 01:29 PM
ekoranyi ekoranyi is offline
VanDyke Technical Support
 
Join Date: Jan 2017
Posts: 66
Hi jjx,

It just occurred to me that there may be another issue. SecureCRT may be in FIPS Mode.

Both SSH1 and Telnet over TLS are disabled when in FIPS Mode as they require the use of algorithms forbidden by FIPS.

You can confirm being in FIPS Mode by selecting About SecureCRT from the main Help menu. If you are in FIPS Mode it will be indicated by showing FIPS Mode On in the lower left corner of the window.

Typically enabling FIPS Mode is done administratively by a System Administrator. If you currently have FIPS Mode enabled you may need to speak with the Administration/Security group that sets group policy for your machine.
__________________
Thanks,
--Eric

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #8  
Old 02-15-2017, 03:19 AM
jjx jjx is offline
Registered User
 
Join Date: Sep 2008
Posts: 32
Yes, SecureCRT was in FIPS mode.

Its not related to System but to SecureCRT itself.
To disable it:

Quote:
FIPS mode is enabled by a registry key at the location of HKEY_LOCAL_MACHINE\SOFTWARE\Policies\VanDyke.

Change value of the "DWORD" named 'Enable FIPS Mode' found at this location to "0"
Restart SecureCRT & problem solved

Reference: https://forums.vandyke.com/archive/i...hp/t-3743.html

Thank you
Reply With Quote
  #9  
Old 02-15-2017, 07:30 AM
ekoranyi ekoranyi is offline
VanDyke Technical Support
 
Join Date: Jan 2017
Posts: 66
Hi jjx,

As your reference post indicated:

FIPS mode is not intended to be end-user configurable. It is designed to address compliance issues for organizations needing to comply with FIPS.

Typically the contact within these organizations has been in touch with the sales department or technical support in advance to be certain the product is FIPS compliant. The contact is then made aware of how to enable/disable FIPS mode.

I'm glad you found a solution for your issue but may still suggest speaking with your admin team about the change, unless you were the one that originally put the FIPS policy in place (it's not there by default).

Have a great day.
__________________
Thanks,
--Eric

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730

Last edited by jdev; 02-15-2017 at 07:38 AM. Reason: Minor edit
Reply With Quote
  #10  
Old 02-15-2017, 09:33 AM
jjx jjx is offline
Registered User
 
Join Date: Sep 2008
Posts: 32
I am part of the admin team; we never enabled that option.

Could FIPS be enabled when I was evaluating VShell?
Are they using the same registry keys or if I enable FIPS on VShell it's activated on other Vandyke products?

I am happy it was solved
Thank you
Reply With Quote
  #11  
Old 02-15-2017, 09:51 AM
ekoranyi ekoranyi is offline
VanDyke Technical Support
 
Join Date: Jan 2017
Posts: 66
Hi jjx,

Yes the settings for FIPS mode are global across all Vandyke products. If FIPS mode was selected during installation of VShell it would also impact SecureCRT.
__________________
Thanks,
--Eric

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #12  
Old 02-16-2017, 02:44 PM
jjx jjx is offline
Registered User
 
Join Date: Sep 2008
Posts: 32
Quote:
Originally Posted by ekoranyi View Post
Hi jjx,

Yes the settings for FIPS mode are global across all Vandyke products. If FIPS mode was selected during installation of VShell it would also impact SecureCRT.
That solves the mystery
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 06:05 PM.


copyright 1995-2015 VanDyke Software, Inc.