Re: SSH 1.0 vs. 2.0

From: bigwayne (whurley3@si.rr.com)
Date: 05/12/02 

From: "bigwayne" <whurley3@si.rr.com>
Date: Sun, 12 May 2002 00:55:29 GMT

SSH2 was a total rewite of the protocol. SSH1 was written by Tatu H from
SSH limited www.ssh.com He also wrote the SSH2 specs. In a nutshell SSH1
was done to replace plaintext telnet logins. It has little to no other
"management Features", no PKI support, little cert authentication, and had
many security holes. SSH2 is a more robust protocol. It has all the
things that SSH1 does not have and has little to no security flaws found for
it.

If you decide to use it, make sure you use version 1.3.7 and up. If cost is
any issue, go with openssh.com's code. It is fairly stable and has decent
support if your business does not depend upon it. If you are running a
business or are in an enterprise setting, you should look into either
F-Secure at www.f-secure.com/products/ssh or www.ssh.com They are both
Finnish based companies. If it were me I would go with the F-Secure
solution for a business and OpenSSH.com for educational and small business
settings.

Hope it helps,

BigWayne

"Matt Shelton" <turbo3k@hotmail.com> wrote in message
news:76f0700d.0205101228.281309b0@posting.google.com...
> Check out this page:
> http://www.snailbook.com/faq/ssh-1-vs-2.auto.html
>
> Personally, I always disable SSH1. I have never had a problem with
> SSH2 on either Linux or Microsoft clients.
>
> Hope this helps,
> Matt Shelton
>
> goe <goeldi.com@freesurf.ch> wrote in message
news:<3cdbc638$0$13365$7402020d@newsfeed.sunrise.ch>...
> > what are the pros and cons of SSH v1.0 and v2.0?
> >
> > How are clients affected, when I disable v1.0 on a server?
> > (not only linux clients, but micros~1.oft clients too)

Relevant Pages

  • Re: SSH 1.0 vs. 2.0
    ... SSH1 was written by Tatu H from ... SSH2 is a more robust protocol. ... SSH2's primary *business* motivation was to avoid RSA, ...
    (comp.os.linux.security)
  • Re: SSH Vulnerability
    ... Almost all reports of "the SSH1 vulnerability" are traceable back to ... SSH2 was created for a ... primarily, IMHO, to get away from the patented RSA protocol. ...
    (comp.security.ssh)
  • Re: [SOLVED] Help please: how to enable SSH password authentication under FreeBSD 6.2? Solved -
    ... Is this what you tried too, or did you use SSH2 (i.e. key authentication, instead of password authentication)? ... SSH1 versus SSH2 is *nothing* to do with keys versus passwords. ... The difference is that SSH1 an older protocol and is *insecure* and no-one should still be using it unless they have some legacy app which really cannot be updated. ...
    (freebsd-questions)
  • Re: Connection setup for SSH2 much slower than for SSH1 on Solaris8
    ... > JC> I'm seeing very slow connection setup using SSH2 vs SSH1... ... is it normal for SSH2 to take this much longer than SSH1? ... The Solaris-Linux vs Linux-Solaris results would seem to ...
    (comp.security.ssh)
  • Re: Ive been hacked...tips for a postmortem?
    ... > www.openssh.com) That SSH1 is not to be used for anything other than ... > vulnerable to several remote root attacks (thus the reason for SSH2). ... > SSH at all. ... because they use the same port and ssh.com got ...
    (comp.os.linux.security)