Check method: 1. Open "/etc/ssh/sshd_config" with a text editor and check the "Protocol" field. If "Protocol 2" is displayed, it means that the server only supports SSH2. If "Protocol 1" is displayed It means that the server supports both at the same time. 2. Force ssh to use a specific SSH protocol and judge by checking the response of the SSH server. 3. Use the scanssh tool with the syntax "sudo scanssh -s ssh ip address".
#The operating environment of this tutorial: linux7.3 system, Dell G3 computer.
Secure Shell (SSH) allows remote login or remote execution of commands through an encrypted secure communication channel. SSH is designed to replace insecure plaintext protocols such as telnet, rsh, and rlogin. SSH provides a number of required features such as authentication, encryption, data integrity, authorization and forwarding/tunneling.
SSH exists in two versions 1 and 2 (SSH1 and SSH2). What's the difference between these two? How to check the SSH protocol version on Linux?
SSH1 vs. SSH2
There are some minor version differences in the SSH protocol specification, but there are two main major versions: SSH1 (version 1.XX) and SSH2 (version 2.00).
In fact, SSH1 and SSH2 are two completely different and incompatible protocols. SSH2 significantly improves many aspects of SSH1. First of all, SSH is a macro design. Several different functions (such as authentication, transmission, connection) are packaged into a single protocol. SSH2 brings more powerful security features than SSH1, such as MAC-based integrity check, flexible session key updates, fully negotiated encryption algorithms, public key certificates, and more.
SSH2 is standardized by the IETF, and its implementation is widely deployed and accepted in the industry. Due to the popularity and encryption advantages of SSH2 over SSH1, many products have dropped support for SSH1. At the time of writing this article, OpenSSH still supports SSH1 and SSH2, however in all modern Linux distributions, OpenSSH servers disable SSH1 by default.
Linux check SSH version
Method 1
If you want to check local OpenSSH server support For the SSH protocol version, you can refer to the file /etc/ssh/sshd_config. Open /etc/ssh/sshd_config with a text editor and look at the "Protocol" field.
If it is displayed as follows, it means that the server only supports SSH2.
Protocol 2
If it is displayed as follows, it means that the server supports both SSH1 and SSH2.
Protocol 1
Method 2
If you cannot access /etc/ssh/sshd_config because the OpenSSH service is running on the remote server. You can use an SSH client called ssh to check the supported protocols. Specifically, it forces ssh to use a specific SSH protocol, and then we check the response of the SSH server.
The following command forces ssh to use SSH1:
ssh -1 user@remote_server
The following command forces ssh to use SSH2:
ssh -2 user@remote_server
If the remote SSH server only supports SSH2, then the first one with " -1" option will cause an error message like the following:
Protocol major versions differ: 1 vs. 2
If the SSH server supports both SSH1 and SSH2, then both commands are valid.
Method 3
Another way to check the version is to run an SSH scanning tool called scanssh. This command line tool is useful when you want to check a group of IP addresses or an entire local network to upgrade an SSH1-compatible SSH server.
The following is the basic SSH version scanning syntax.
sudo scanssh -s ssh -n [ports] [IP addresses or CIDR prefix]
The "-n" option can specify the SSH port to scan. You can use Duhao separation to scan multiple ports. Without this option, scanssh will scan port 22 by default.
Use the following command to discover the SSH server in the 192.168.1.0/24 local network and check the SSH protocol v version:
sudo scan -s ssh 192.168.1.0/24
If scanssh is A specific IP address reports "SSH-1.XX-XXXX", which implies that the minimum version supported by the associated SSH server is SSH1. If the remote server only supports SSH2, scanssh will display "SSH-2.0-XXXX".
Related recommendations: "Linux Video Tutorial"
The above is the detailed content of How to check SSH version in Linux. For more information, please follow other related articles on the PHP Chinese website!