OpenSSH supports both the SSH-1 and SSH-2 protocols within a single daemon accepting both types of connections. The Protocol keyword can be used to limit the support to either protocol exclusively. [5.3.7]

For Tectia, however, the story is more complicated. The Tectia server itself only supports the SSH-2 protocol, but it can accept connections from clients that request the older SSH-1 protocol. This backward compatibility is achieved by having the Tectia server run some other server program for the SSH-1 protocol instead, whenever an SSH-1 connection is requested. This feature is enabled and disabled with the Tectia Ssh1Compatibility keyword, given a value of yes or no (the default):

    # Tectia
    Ssh1Compatibility yes

When Ssh1Compatibility is enabled, and an SSH-1 client connects to the Tectia server, the two programs exchange strings indicating their versions. [3.6.3] sshd (also known as sshd2, see the sidebar "Tectia’s File-Naming Conventions" [5.1]) then locates the sshd1 executable by examining the value of the Sshd1Path keyword:

    # Tectia
    Sshd1Path /usr/local/sbin/sshd1

and invokes sshd1. The Tectia server adds the -i option [5.3.3.2] to the sshd1 command line to indicate that the client connection has already been accepted by Tectia, and sshd1 should expect the socket to be attached to its standard input, output, and error streams. In addition, the Tectia server passes the client’s version string using the (mostly undocumented) -V