What Is SSH?

The Secure Shell protocol version 2, or SSH2, specifies how a client can connect securely to an SSH server, and then use the resulting secure link to access the server's resources. Among other things, the client can run programs; transfer files; and forward other TCP/IP connections over the secure link. We call these the application features of SSH: to learn more about them, click here.

The SSH2 protocol is a descendant of the SSH v1.x series of protocols. SSH version 2 is standardized at IETF, and the majority of the world's SSH servers now support SSH version 2.

SSH2 Versus SSH1

SSH2 is a significant improvement over older versions of the Secure Shell protocol. It is better designed and more flexible; but most importantly, the protocols of the 1.x series have a major design flaw that renders them vulnerable to some active attacks. SSH2 has no such issues. Additionally, SSH2 has already achieved wide deployment, so everyone who still uses SSH1 is encouraged to upgrade to SSH2.

Bitvise does not support SSH1 in its products, and has no intention of implementing it.

How Secure Is SSH2?

The SSH2 protocol provides the services of server authentication; encryption; data integrity verification; and client authentication. Server authentication is performed using the DSA or the RSA public key algorithm. For encryption and data integrity verification, a number of algorithms are provided which every SSH2 product can implement in a modular fashion. Client authentication can be performed using a password, a public key algorithm such as DSA or RSA, as well as a variety of other methods.

The SSH2 protocol specification is publicly available and has been reviewed by several independent implementors. When properly implemented and used, the protocol is believed to be secure against all known cryptographic attacks, passive as well as active.