DEV Community

Cover image for Be safe with the SSH version you use — for Roadrunners
Tharun Shiv
Tharun Shiv

Posted on • Updated on • Originally published at tharunshiv.com

Be safe with the SSH version you use — for Roadrunners

SSH ( Secure Shell ) is a program that is used to create a secure connection between two network enabled hosts. With this connection, the user will be able to get remote access to machines or transfer data between machines. Both these operations are critical from a security point of view, and even one slight vulnerability will cause a heavy damage.

There are two major components involved in SSH:

  1. SSH server: It is the component that will enable a machine to listen or be open to accept SSH connections from clients.
  2. SSH client: It is the component that will allow a machine to connect to a remote server that is listening to incoming connections.

Major versions of SSH

There are two major versions of SSH. SSH version 1 & SSH version 2.

SSH is secure, only because of the encryption that is involved. Now what is encryption? It is basically converting all the raw data that would be transmitted from Machine A to Machine B in a form that would be understandable only by those two machines.

The encryption involved in SSH version 1 is weak enough for a middleman to decrypt it, view the contents, and even modify it without both the parties knowing about it.

Thus, make sure to use SSH version 2 both on client side, as well as enforcing the same on the server side.

Check SSH client version

> grep -irn "Protocol" /etc/ssh/sshd_config
2:Protocol 2
Enter fullscreen mode Exit fullscreen mode

Make sure the protocol is 2. By default, if this field is missing, then the SSH client will try to connect to the server using SSH protocol 2, and will fallback to SSH protocol 1. Hence, if you want to be strictly secure, then we have to add Protocol 2 to the /etc/ssh/sshd_config file and restart the ssh client.

Check the SSH server versions allowed

> grep -irn "Protocol" /etc/ssh/sshd_config
2:Protocol 2
Enter fullscreen mode Exit fullscreen mode

The process is similar to SSH configuring the ssh client, but is more critical to configure on the server. We have to add Protocol 2 to the /etc/ssh/sshd_config file and restart the ssh client.

More articles on SSH coming up, but before moving ahead with them, I wanted to make sure you are aware of the SSH protocol versions.

You can find more articles here: https://www.tharunshiv.com

Written by,

Thank you for reading, This is Tharun Shiv a.k.a Developer Tharun

Tharun Shiv

Roadrunners is a series that is aimed at delivering concepts as precisely as possible. Here, a roadrunner is referred to as a person who does things super fast & efficiently. Are you a roadrunner?

Thank you

Top comments (0)