SSH-2 compared to SSH-1
Non modular
Ssh1 is define in a single monolithic protocol, whereas ssh2 is separated into 4 layer
Less negotiation
Ssh1 has fixed parameters, only bulk cipher is negotiated.
Ad hoc naming
Ssh1 lack in naming convention.
Single authentication
Ssh1 authorised only one way of authentication, the server can't request more authentication method.
RhostsRSA authentication
SSH-1's rhostsRSA authentication, analogous to host based, is limited to using a network address as the client host identifier. It reduce is usefulness in network issue such as NAT, proxying, mobile client.
Less flexible remote forwarding
- SSH-1 remote forwarding specifies only a port, not a full socket, so can’t be
bound to different addresses on multihomed servers, and the gatewayhosts option must be set globally for all remote forwardings rather than per port
- SSH-1 remote forwarding specifies only a port, not a full socket, so can’t be
- Weak Key exchange
The SSH-1 key exchanges is weak in that the client alone determine the session key and send it to the server. A Trojaned client can easily use weak key to compromise all its sessions undetectably.
Server keys
The fixed exchange of SSH-1 employs an extra asymmetric key call server key. The servey key is an ephemeral public/private key pair, reproduce every hour to provide forward secrecy for the session key. The Diffie-Hellman algorithm which is the basis of all the SSH-2 key exchanges provides forward secrecy by itself, and so an extra server key is not needed.
Weaker Integrity Check
SSH-1 uses a weak integrity check such as the CRC-32, its weakness is the basis of the futoransky/kargieman insertion attack.