03-14-2014 03:01 AM - edited 07-05-2021 12:25 AM
Hi,Can anyone say what is the difference ssh version 1and version 2
03-14-2014 04:53 AM
Sure... here is a good link to look at:
https://learningnetwork.cisco.com/blogs/network-sheriff/2008/09/22/sshv1-or-sshv2-whats-the-big-deal
05-31-2020 07:53 AM
Should downvote this, the link is broken.
03-16-2014 11:33 PM
SSH protocol, version 2 | SSH protocol, version 1 |
Separate transport, authentication, and connection protocols | One monolithic protocol |
Strong cryptographic integrity check | Weak CRC-32 integrity check; admits an insertion attack in conjunction with some bulk ciphers. |
Supports password changing | N/A |
Any number of session channels per connection (including none) | Exactly one session channel per connection (requires issuing a remote command even when you don't want one) |
Full negotiation of modular cryptographic and compression algorithms, including bulk encryption, MAC, and public-key | Negotiates only the bulk cipher; all others are fixed |
Encryption, MAC, and compression are negotiated separately for each direction, with independent keys | The same algorithms and keys are used in both directions (although RC4 uses separate keys, since the algorithm's design demands that keys not be reused) |
Extensible algorithm/protocol naming scheme allows local extensions while preserving interoperability | Fixed encoding precludes interoperable additions |
User authentication methods:
| Supports a wider variety:
|
Use of Diffie-Hellman key agreement removes the need for a server key | Server key used for forward secrecy on the session key |
Supports public-key certificates | N/A |
User authentication exchange is more flexible, and allows requiring multiple forms of authentication for access. | Allows for exactly one form of authentication per session. |
hostbased authentication is in principle independent of client network address, and so can work with proxying, mobile clients, etc. (though this is not currently implemented). | RhostsRSA authentication is effectively tied to the client host address, limiting its usefulness. |
periodic replacement of session keys | N/A |
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide