View the SSH version on Linux

View the SSH version on Linux

Question: I think SSH has two versions (SSH1 and SSH2 ). What is the difference between the two? Also, how can I check the SSH protocol version on Linux?

Secure Shell (SSH) uses an encrypted secure communication channel to remotely log on or execute commands. SSH is designed to replace insecure plain text protocols, such as telnet, rsh, and rlogin. SSH provides many required features, such as authentication, encryption, data integrity, authorization, and forwarding/channel.

SSH1 vs. SSH2

There are some minor version differences in the SSH protocol specification, but there are two major Major versions:SSH1 (version 1.XX) andSSH2 (version 2.00 ).

In fact, SSH1 and SSH2 are two completely different protocols that are incompatible with each other. SSH2 significantly improves many aspects of SSH1. First, SSH is a macro design. Several different functions (such as authentication, transmission, and connection) are packaged into a single protocol. SSH2 brings more powerful security features than SSH1, such as MAC-based integrity check, flexible session key updates, fully negotiated encryption algorithms, and public key certificates.

SSH2 is standardized by IETF and its implementation is widely deployed and accepted in the industry. Thanks to SSH2's popularity and encryption advantages for SSH1, many products have abandoned support for SSH1. At the time of writing this article, OpenSSH still supports SSH1 and SSH2. However, in all modern Linux distributions, the OpenSSH server disables SSH1 by default.

Method 1 of checking supported SSH protocol versions

If you want to check the SSH protocol version supported by the local OpenSSH server, refer/Etc/ssh/sshd_config file. Open/etc/ssh/sshd_config in a text editor and view the "Protocol" field.

If the following information is displayed, the server only supports SSH2.

Protocol 2

If the following figure shows that the server supports both SSH1 and SSH2.

Protocol 1,2

Method 2

If the OpenSSH service runs on a remote server, you cannot access/etc/ssh/sshd_config. You can use an ssh client called SSH to check supported protocols. Specifically, it is to force ssh to use a specific SSH protocol. Then I will check the response of the SSH server.

The following Command Forces ssh to use SSH1:

$ ssh -1 user@remote_server

The following Command Forces ssh to use SSH2:

$ ssh -2 user@remote_server

If the remote SSH server only supports SSH2, the first option with "-1" will display the following error message:

Protocol major versions differ: 1 vs. 2

If the SSH server supports both SSH1 and SSH2, both commands are valid.

Method 3

Another method to check the version is to run the SSH scanning tool, called scanssh. This command line tool is useful when you want to check a group of IP addresses or upgrade SSH1 compatible SSH servers over the local network.

The following is the basic SSH Version scan syntax.

$ sudo scanssh -s ssh -n [ports] [IP addresses or CIDR prefix] 

The "-n" option specifies the SSH port to be scanned. You can scan multiple ports with good separation. Without this option, scanssh will scan port 22 by default.

Run the following command to find the SSH server in the local network of 192.168.1.0/24 and check the SSH protocol v version:

$ sudo scan -s ssh 192.168.1.0/24 

If scanssh reports "SSH-1.XX-XXXX" for a specific IP address, it implies that the minimum version supported by the relevant SSH server is SSH1. if the remote server only supports SSH2, scanssh displays "SSH-2.0-XXXX ".

Via: http://ask.xmodulo.com/check-ssh-protocol-version-linux.html

Translator: geekpi Proofreader: wxy

This article was originally translated by LCTT and launched with the Linux honor in China