Secure Shell (SSH) is a cryptographic protocol that securely transports data over an unsecured network.
In 1995 Tatu Ylonen developed the first version SSH protocol and released the source code to the public.
In 2006, a revised version of the protocol, called SSH-2, was adopted as a new standard. Compared to SSH1 it has improved security and new features like new key exchange mechanisms and has an improved protocol structure in which the protocol is divided into separate layers, a negotiable hashing mechanism, new encryption methods, etc.
In 2006 the SSH-2 protocol became a proposed industry standard by having been submitted as an RFC (Request For Comment) with the Internet Engineering Task Force (IETF). This version is not compatible with SSH-1, but it has improved security and new features compared to SSH-1. For example, it introduces an improved and layered protocol structure with three layers building on top of each other, a negotiable hashing mechanism (where SSH v1 always uses CRC-32), new negotiable key exchange and encryption methods, more flexible naming conventions that allow to impelement extensions in a way that they will not collide with names that are required to be registered with the IANA.
Other improvements are the possibility to periodically replacec the session key ("rekeying") and a mechanism to provide certificatition for public keys. Another new aspect is the implementation of a new file transfer protocol named SFTP (Secure File Transfer Protocol) in addition to the existing SCP (Secure Copy Protocol).
While SSH1 has a monolithic, SSH2 separates itself into three layers: SSH Transport Layer Protocol (SSH-TRANS), SSH Authentication Protocol (SSH-AUTH) and SSH Connection Protocol (SSH-CONN)
SSH v1. uses CRC-32 to check the integrity of data packets. In SSH v2 the two parties (client and server) can negotiate a hasing mechanism of their choice, e.g. there are several flavors of HMAC or SHA.
While SSH1 lets the client and server negotiate the encryption algorithm that is used to encrypt the session data, other aspects involving encryption were hard coded. SSH2 also allows the negotiation of algorithms for key exchange, hashing and compression.
SSH1 did depend on names for the algorithm that were registered with the IANA. SSH2 has a naming scheme that divides the algorithms into two classes: One where new mechanisms can be added that are guaranteed to to not collide with IANA names and one that needs to be registered by the IANA.
SSH1 has a predetermined sequence of authentication mechanisms. In SSH2 the server is more flexible and can change the authentication methods, e.g. depending on what happened with previous authentication attempts.
SSH1 did support a range of cryptographic algorithms, e.g. 3-des, arcfour, blowfish, DSA, RSA or AES, most of which are now thoroughly outdated because they can be brute-forced even by non-state actors with moderate financial or computational means. SSH2 did deprecate some of these and introduced a range of new algorithms like aes-ctr, aes-cbc, aes-gc, chacha-poly, etc.
The same is true for cryptographic keys, where SSH2 offers aglorithms like diffie-hellman, ecdsa and curve 25519.
SSH2 has a method where the encryption key can be changed periodically during a session, while SSH1 used the same key throughout the duration of the whole session.
SSH1 has limited ways to authenticate the client based on it's host (only via IP address), while SSH2 can also used the host name via DNS lookup.
Similar to the SSL protocol, SSH2 introduces a mechanism where a server can certify a
key (public/private key pair) that is use for authentication, thus proving that the
key was issued by a trusted authority and subsequently allowing such keys to be
used for authentication without them being added to the
While SSH1 supports the SCP file transfer method, SSH2 adds SFTP which implements features that are similar to FTP, e.g. the retrieval of the list of file names from the remote server, so that applications can be built that allow to browse the remote file system witout using the shell.
The following table indicates the main differences between SSH v1 and SSH v2.
|3-layered with TRANS, AUTH, CONN
|Negotiated algorithms like hmac-sha1, hmac-sha2 or umac
|IANA names and extensions using a @ sign
|IANA names only
|aes-ctr, aes-cbc, aes-gc, chacha-poly,...
|3-des, blowfish, arcfour, ...
|New keys during sessions
|Name or IP based
|SSL like certification of keys
|SCP and SFTP
SSH clients ZOC Terminal supports the full range of SSH2 features.