1.2.1. Secure Shell (SSH)

General

• Both versions generally use a host-specific key of 2048-bits.
• Servers that support both SSH Version 1 and 2, usually indicate this by advertising version 1.99 in their connection banner.
• Minimum of 768-bits for RSA Key

Version 1

• No defined standard, considered proprietary
• Ciphers (3DES, Blowfish, DES)
• Authentication (?)
• Supports only RSA Keys
• Forward Security provided through an additional server key, of 768-bits. This is commonly regenerated (e.g. once per hour)
• Lack of strong mechanism for ensuring integrity of connection

Version 2

• Initially RFC 4251
• Incompatible with version 1
• Minimum of 768-bits for RSA Key
• Supports DSA, ECDSA and RSA Keys
• Forward Security provided through Diffie-Hellman (DH) Key Exchange
• Integrity provided through HMAC (HMAC-HD5, HMAC-SHA1, etc)
• Multiple supported authentication methods
  • Password
  • Public Key (at least DSA or RSA)
  • Keyboard Interactive / Generic Message Exchange Authentication
  • GSSAPI