How to check the SSH version on Linux

How to check the SSH version on Linux

Question: I think SSH has two versions (SSH1 and SSH2 ). What is the difference between the two? Also, how can I check the SSH protocol version on Linux?

Secure Shell (SSH) uses an encrypted secure communication channel to remotely log on or execute commands. SSH is designed to replace insecure plain text protocols, such as telnet, rsh, and rlogin. SSH provides many required features, such as authentication, encryption, data integrity, authorization, and forwarding/channel.

SSH1 vs. SSH2

There are some minor differences in the SSH protocol specification, but there are two major Major versions: SSH1 (version 1.XX) and SSH2 (version 2.00 ).

In fact, SSH1 and SSH2 are two completely different protocols that are incompatible with each other. SSH2 significantly improves many aspects of SSH1. First, SSH is a macro design. Several different functions (such as authentication, transmission, and connection) are packaged into a single protocol. SSH2 brings more powerful security features than SSH1, such as MAC-based integrity check, flexible session key updates, fully negotiated encryption algorithms, and public key certificates.

SSH2 is standardized by IETF and its implementation is widely deployed and accepted in the industry. Thanks to SSH2's popularity and encryption advantages for SSH1, many products have abandoned support for SSH1. At the time of writing this article, OpenSSH still supports SSH1 and SSH2. However, in all modern Linux distributions, the OpenSSH server disables SSH1 by default.

Check the supported SSH protocol version

Method 1 

If you want to check the SSH protocol version supported by the local OpenSSH server, you can refer to the/etc/ssh/sshd_config file. Open/etc/ssh/sshd_config in a text editor and view the "Protocol" field.

If the following information is displayed, the server only supports SSH2.

Protocol 2

If the following figure shows that the server supports both SSH1 and SSH2.

Protocol 1,2

Method 2

If the OpenSSH service runs on a remote server, you cannot access/etc/ssh/sshd_config. You can use an ssh client called SSH to check supported protocols. Specifically, it is to force ssh to use a specific SSH protocol. Then I will check the response of the SSH server.

The following Command Forces ssh to use SSH1:

$ ssh -1 user@remote_server

The following Command Forces ssh to use SSH2:

$ ssh -2 user@remote_server

If the remote SSH server only supports SSH2, the first option with "-1" will display the following error message:

Protocol major versions differ: 1 vs. 2

If the SSH server supports both SSH1 and SSH2, both commands are valid.

Method 3

Another method to check the version is to run the SSH scanning tool, called scanssh. This command line tool is useful when you want to check a group of IP addresses or upgrade SSH1 compatible SSH servers over the local network.

The following is the basic SSH Version scan syntax.

$ sudo scanssh -s ssh -n [ports] [IP addresses or CIDR prefix] 

The "-n" option specifies the SSH port to be scanned. You can scan multiple ports with good separation. Without this option, scanssh will scan port 22 by default.

Run the following command to find the SSH server in the local network of 192.168.1.0/24 and check the SSH protocol v version:

$ sudo scan -s ssh 192.168.1.0/24 

If scanssh reports "SSH-1.XX-XXXX" for a specific IP address, it implies that the minimum version supported by the relevant SSH server is SSH1. if the remote server only supports SSH2, scanssh displays "SSH-2.0-XXXX ".

How to Improve the SSH login authentication speed of Ubuntu

Enable the SSH service to allow Android phones to remotely access Ubuntu 14.04

How to add dual authentication for SSH in Linux

Configure the SFTP environment for non-SSH users in Linux

Configure and manage the SSH service on Linux

Basic SSH tutorial

Linux SSH command instance Guide

Alibaba Cloud Hot Products
Elastic Compute Service (ECS)	Dedicated Host (DDH)	ApsaraDB RDS for MySQL (RDS)	ApsaraDB for PolarDB(PolarDB)	AnalyticDB for PostgreSQL (ADB for PG)
AnalyticDB for MySQL(ADB for MySQL)	Data Transmission Service (DTS)	Server Load Balancer (SLB)	Global Accelerator (GA)	Cloud Enterprise Network (CEN)
Object Storage Service (OSS)	Content Delivery Network (CDN)	Short Message Service (SMS)	Container Service for Kubernetes (ACK)	Data Lake Analytics (DLA)
ApsaraDB for Redis (Redis)	ApsaraDB for MongoDB (MongoDB)	NAT Gateway	VPN Gateway	Cloud Firewall
Anti-DDoS	Web Application Firewall (WAF)	Log Service	DataWorks	MaxCompute
Elastic MapReduce (EMR)	Elasticsearch