Linux view ssh version method

ssh is the system's secure shell protocol. Several versions have been developed. Do you know which version of ssh you use? The following small series teaches you how to view the ssh version of the Linux system. Interested friends may wish to understand.

Secure Shell (SSH) remotely logs in or remotely executes commands through an encrypted secure communication channel. SSH is designed to replace unsecure plaintext protocols such as telnet, rsh, and rlogin. SSH provides a number of required features such as authentication, encryption, data integrity, authorization, and forwarding/channel.

SSH1 vs. SSH2
there are some small differences in versions

SSH protocol specifications, but there are two major major version: SSH1 (version 1.XX) and SSH2 (version No. 2.00).

In fact, SSH1 and SSH2 are two completely different and incompatible protocols. SSH2 has significantly improved many aspects of SSH1. First, SSH is a macro design. Several different functions (such as authentication, transmission, and connection) are packaged into a single protocol. SSH2 brings more powerful security features than SSH1, such as MAC-based integrity checking, and flexibility. Session key updates, fully negotiated encryption algorithms, public key certificates, and more.

SSH2 is standardized by the IETF and its implementation is widely deployed and accepted in the industry. Due to the popularity and encryption advantages of SSH2 for SSH1, many products have given up support for SSH1. At the time of this writing, OpenSSH still supports SSH1 and SSH2, but in all modern Linux distributions, OpenSSH server disables SSH1 by default.

Checking the supported SSH protocol version

Method 1

If you want to check the version of the SSH protocol supported by the local OpenSSH server, you can refer to the /etc/ssh/sshd_config file. . Open /etc/ssh/sshd_config with a text editor and look at the “Protocol" field.

If the following is displayed, it means that the server only supports SSH2.

Protocol 2

If shown below, it means that the server supports both SSH1 and SSH2.

Protocol 1,2

Method 2

If you are running on a remote server because of the OpenSSH service, you cannot access /etc/ssh/sshd_config. You can use an SSH client called ssh to check for supported protocols. Specifically, it is to force ssh to use a specific SSH protocol, and then we can check the response of the SSH server.

The following command forces ssh to use SSH1:

$ ssh -1 user@remote_server

The following command forces ssh to use SSH2:

$ ssh - 2 user@remote_server

If the remote SSH server only supports SSH2, then the first option with “-1” will result in the following error message:

Protocol major versions differ: 1 vs. 2

If the SSH server supports both SSH1 and SSH2, both commands are valid.

Method 3

Another way to check the version is to run the SSH scanning tool called scanssh. This command line tool is useful when you want to check a set of IP addresses or the entire local network to upgrade an SSH1 compliant SSH server.

Below is the basic SSH version scan syntax.

$ sudo scanssh -s ssh -n [ports] [IP addresses or CIDR prefix]

The “-n” option specifies the SSH port to scan. You can scan multiple ports with separate partitions. Without this option, scanssh will scan 22 ports by default.

Use the following command to discover the SSH server on the 192.168.1.0/24 local network and check the SSH protocol v version:

$ sudo scan -s ssh 192.168.1.0/24

If scanssh reports "SSH-1.XX-XXXX" for a specific IP address, this implies that the minimum supported version of the SSH server is SSH1. If the remote server only supports SSH2, scanssh will display "lds" ;SSH-2.0-XXXX”.

The above is the way to view the ssh version of Linux, because the syntax supported by different versions is slightly different, some commands will not be used, resulting in invalid commands.