Home Page
        Orders     Downloads     Support     Contact    

Comparison of SSH v1 vs. SSH v2

SSH version 2 in the ZOC Terminal ssh client and terminal emulator.
 

Glossary

Secure Shell (SSH) is a cryptographic protocol that securely transports data over an unsecured network. Usually it operates on tcp port 22.

In 1995 Tatu Ylonen developed the first version SSH protocol and released the source code to the public.

In 2006, a revised version of the protocol, called SSH-2, was adopted as a new standard. Compared to SSH1 it has improved security and new features like new key exchange mechanisms and has an improved protocol structure in which the protocol is divided into separate layers, a negotiable hashing mechanism, new encryption methods, etc.

 


Table of Contents

 

SSH2 Introduction

In 2006 the SSH-2 protocol became a proposed industry standard by having been submitted as an RFC (Request For Comment) with the Internet Engineering Task Force (IETF). This version is not compatible with SSH-1, but it has improved security and new features compared to SSH-1. For example, it introduces an improved and layered protocol structure with three layers building on top of each other, a negotiable hashing mechanism (where SSH v1 always uses CRC-32), new negotiable key exchange and encryption methods, more flexible naming conventions that allow to impelement extensions in a way that they will not collide with names that are required to be registered with the IANA.

Other improvements are the possibility to periodically replacec the session key ("rekeying") and a mechanism to provide certificatition for public keys. Another new aspect is the implementation of a new file transfer protocol named SFTP (Secure File Transfer Protocol) in addition to the existing SCP (Secure Copy Protocol).


Comparison of SSH v2 vs SSH v1

Architechture

While SSH1 has a monolithic, SSH2 separates itself into three layers: SSH Transport Layer Protocol (SSH-TRANS), SSH Authentication Protocol (SSH-AUTH) and SSH Connection Protocol (SSH-CONN)

Integrity Checking docstore.mik.ua/orelly/networking_2ndEd/ssh/ch03_05.htm

SSH v1 uses CRC-32 to check the integrity of data packets. In SSH v2 the two parties (client and server) can negotiate a hasing mechanism of their choice, e.g. there are several flavors of HMAC or SHA.

Algorithm Choice

While SSH1 lets the client and server negotiate the encryption algorithm that is used to encrypt the session data, other aspects involving encryption were hard coded. SSH2 also allows the negotiation of algorithms for key exchange, hashing and compression.

Algorithm Namespace

SSH1 did depend on names for the algorithm that were registered with the IANA. SSH2 has a naming scheme that divides the algorithms into two classes: One where new mechanisms can be added that are guaranteed to to not collide with IANA names and one that needs to be registered by the IANA.

Authentication

SSH1 has a predetermined sequence of authentication mechanisms. In SSH2 the server is more flexible and can change the authentication methods, e.g. depending on what happened with previous authentication attempts.

Cryptographic Algorithms

SSH1 did support a range of cryptographic algorithms, e.g. 3-des, arcfour, blowfish, DSA, RSA or AES, most of which are now thoroughly outdated because they can be brute-forced even by non-state actors with moderate financial or computational means. SSH2 did deprecate some of these and introduced a range of new algorithms like aes-ctr, aes-cbc, aes-gc, chacha-poly, etc.

The same is true for cryptographic keys, where SSH2 offers aglorithms like diffie-hellman, ecdsa and curve 25519.

Session Rekeying

SSH2 has a method where the encryption key can be changed periodically during a session, while SSH1 used the same key throughout the duration of the whole session.

Hostbased Authentication

SSH1 has limited ways to authenticate the client based on it's host (only via IP address), while SSH2 can also used the host name via DNS lookup.

Certification

Similar to the SSL protocol, SSH2 introduces a mechanism where a server can certify a key (public/private key pair) that is use for authentication, thus proving that the key was issued by a trusted authority and subsequently allowing such keys to be used for authentication without them being added to the authorized_keys file.

File Transfer

While SSH1 supports the SCP file transfer method, SSH2 adds SFTP which implements features that are similar to FTP, e.g. the retrieval of the list of file names from the remote server, so that applications can be built that allow to browse the remote file system witout using the shell.


SSH2 vs SSH1 Feature Comparison Table

The following table indicates the main differences between SSH v1 and SSH v2.

SSH1 SSH2
Architechture monolithic 3-layered with TRANS, AUTH, CONN
Hashing CRC32 only Negotiated algorithms like hmac-sha1, hmac-sha2 or umac
Namespace IANA names only IANA names and extensions using a @ sign
Crypto Algorithms 3-des, blowfish, arcfour,... aes-ctr, aes-cbc, aes-gc, chacha-poly,...
Session Rekeying n/a New keys during sessions
Hostbased Authentication IP only Name or IP based
Certification n/a SSL like certification of keys
File Transfer SCP only SCP and SFTP

 

 

 

 

 

 

 

Downloads
Orders
Contact
Support
Terms of Use
Privacy Policy
pixel