Disable SSH Version 1 for Security
SSH version 1 is turned off to improve security for SSH connections.
Plain language
This control means switching off the older version of a tool called SSH that lets people connect securely to computers over the internet. It matters because the older version has security holes that can let attackers in, which could mean someone could steal information or take control of your systems.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Official control statement
The use of SSH version 1 is disabled for SSH connections.
Why it matters
Enabling SSH version 1 exposes systems to man-in-the-middle attacks, risking interception or modification of sensitive data in transit.
Operational notes
Configure SSHD to allow only protocol 2. Regularly audit sshd_config and run automated checks to detect SSH v1 being enabled.
Implementation tips
- IT team should check all servers: Review which servers are using SSH connections to ensure none are using version 1. Use a network monitoring tool to identify these connections and make a list for updating.
- System administrator should update configurations: Turn off SSH version 1 on servers by adjusting the server software settings. Follow the software provider’s guide to make this change and apply updates as necessary.
- IT security lead should test the updates: After disabling SSH version 1, perform a security check to ensure connections are using the newer version. Use a network scanner to verify the change is active.
- Manager should communicate changes: Inform all staff that the older SSH version will be turned off and explain how the change strengthens security. Provide guidance for anyone who connects remotely on how to access systems using the updated setup.
- HR or IT trainer should plan a training session: Organise a short session for staff to show how to use the new SSH version for secure connections. Include a practical demonstration and a Q&A period at the end.
Audit / evidence tips
-
Askserver configuration reports: Request a document showing which SSH versions are active on each server
GoodThe report lists only SSH version 2 or higher as active
-
Askrecords of changes made to the server configurations regarding SSH versions
GoodA change log showing SSH version 1 removal with corresponding dates
-
Asknetwork scan results: Request logs from recent network scans to check for SSH version use
GoodA scan report listing no connections using SSH version 1
-
Askrecords of training sessions held on the new SSHversion
GoodA training record with dated attendance lists and covered topics
-
Askthe communication plan: Request a copy of the plan or emails sent to inform staff about the SSH change
GoodA plan or email detailing the change, its importance, and clear next steps for users
Cross-framework mappings
How ISM-1506 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.20 | ISM-1506 requires organisations to disable SSH version 1 for SSH connections to reduce network-exposed cryptographic and protocol weaknesses | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.