SSH1 vs SSH2
SSH (Secure Shell) is a protocol which is used to enable security to data communication over the networks. SSH was found by Tatu Ylonen (SSH Communications Security Corporation) in 1995. This protocol provides the infrastructure to secure data transportation, remote command execution and security enabled network services among two computers in a network. The communication is managed according to client – server architecture (SSH Client and SSH server). SSH protocol has developed with two versions named SSH1 and SSH2.
SSH1 (Secure Shell Version 1)
SSH protocol version 1 was found in 1995 and it consists of three major protocols, called SSH-TRANS, SSH-USERAUTH, and SSH-CONNECT.
SSH-TRANS: It is the transport layer protocol (TCP/IP) which basically provides server authentication, confidentiality and integrity.
SSH-USERAUTH: It is the protocol used for user authentication at the communication establishment. This protocol authenticates SSH client in SSH server. This protocol also runs over the transport layer.
SSH-CONNECT: It is the connection protocol which multiplexes encrypted data into some logical streams. This protocol runs on top of SSH-USERAUTH protocol.
To initiate the secure connection, client sends its authentication information to SSH server with 128 bit encryption. Each server host has a host key, which is to verify the correct client server communication. Also, it should have a public key of the relevant SSH server. Each transferred data segment is encrypted using encryption algorithms (DES, 3DES, IDEA, Blowfish).
Other than remote login SSH can be used to Tunnelling, X11 connectivity, SFTP (SSH File transfer Protocol), SCP (Secure Copy), and also TCP port forwarding. TCP port 22 is used by SSH protocol by default. Data compression is also supported by SSH. This feature is useful when the client-server link with low bandwidth and can be used to improve the throughput of the connection.
In SSH version 1.5, developers have identified some vulnerability. In this version, unauthorized data insertion to the middle of encrypted data stream was possible which can cause high risk to the data security. Also, vulnerability of unauthorized, malicious authentication server to forward authentication to another server was identified in 2001.
SSH2 (Secure Shell Version 2)
SSH2 was introduced in 2006 with many significant improvements over SSH1. Although it is an improvement of SSH1, SSH2 is not compatible with SSH1. SSH2 is re-written with adding more defensive mechanisms to avoid vulnerabilities.
SSH2 uses a different set of improved and stronger algorithms for encryption and authentication such as DSA (Digital Signature Algorithm). SSH2 is no longer free software like SSH1; the developer of SSH2 has restricted the free use of SSH2. Unlike SSH1, SFTP (Secure File Transfer) program has built in to SSH2 package and it uses the same Encryption protocols used by SSH2, to encrypt data streams.
|
What is the difference between SSH1 and SSH2? Many UNIX based operating systems has inbuilt SSH capability and many SSH capable consoles have developed for windows systems, as well (TeraTerm, Putty, OpenSSH, WinSCP etc). • As mentioned above SSH2 is an improved version of SSH1. • SSH1 has some known documented issues which are corrected and re-coded in SSH2. • Normally latest version of any applications supports to its older versions, but SSH2 is not fully compatible with SSH1 and also SSH2 required licensing.
|