ROOTVG - AIX, LinuxOnPower & POWER Systems Portal - How to spot differences in OpenSSH

Visitors: 15543440

Latest Articles

Building python packages using AIXTOOLS python
2017-09-08 13:21:34
IBM SECURITY ADVISORY - TCPDUMP
2017-05-30 15:22:43
Openssl.base.1.0.2 and AIX OpenSSH.base
2017-05-15 18:34:31

Blogs

FYI: "openssh and AIX" dependancies
2017-09-08 11:43:09
IBM Power 822LC quickstart and installation
2017-05-02 19:27:15
IBM Power 822LC HPC Server Overview
2017-04-25 09:47:02

How to spot differences in OpenSSH

Written by Michael Felt

There are ways to spot differences of ssh and sshd. Here are just a few.

And I hope you find the differences easy to spot and maybe even enlightening!

Using telnet - to see what demon you are connecting to:

root@x063:[/home/mamfelt]telnet localhost 22
Trying...
Connected to loopback.
Escape character is '^]'.
SSH-2.0-OpenSSH_6.0

Connection closed.
root@x063:[/home/mamfelt]telnet x071 22
Trying...
Connected to x071.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.4

After installing the latest version from AIX WebPacks

root@x062:[/data/prj/IBM/OpenSSH_7.1.101.5000]telnet localhost 22
Trying...
Connected to loopback.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.1

Executing the command - and request version

root@x063:[/home/mamfelt]ssh -V
OpenSSH_6.0p1, OpenSSL 1.0.1e 11 Feb 2013

This e-mail address is being protected from spam bots, you need JavaScript enabled to view it :[/home/michael/.ssh]ssh -V
OpenSSH_7.4p1, OpenSSL 1.0.2h 3 May 2016

root@x062:[/data/prj/IBM/OpenSSH_7.1.101.5000]ssh -V
OpenSSH_7.1p1, OpenSSL 1.0.1e 11 Feb 2013

Using a util such as ssh-keygen

This e-mail address is being protected from spam bots, you need JavaScript enabled to view it :[/home/michael/.ssh]/usr/bin/ssh-keygen -lf id_rsa.pub
1024 89:ad:16:cf:3a:f5:cd:fa:89:ab:49:17:2a:56:14:a5 michael@felt-1 (RSA)
This e-mail address is being protected from spam bots, you need JavaScript enabled to view it :[/home/michael/.ssh]/opt/bin/ssh-keygen -lf id_rsa.pub
1024 SHA256:AzHSpmLb8H+VU3/c8AB9o7397YwZeN7dmvrApq+4AEU michael@felt-1 (RSA)

Using/getting debug information

From openssh-7.4 to openssh-6.0

This e-mail address is being protected from spam bots, you need JavaScript enabled to view it :[/home/michael/.ssh]/opt/bin/ssh -v root@x063 date
OpenSSH_7.4p1, OpenSSL 1.0.2h 3 May 2016
debug1: Reading configuration data /var/openssh/etc/ssh_config
...
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.4
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0
...
debug1: kex: host key algorithm: ssh-rsa
debug1: kex: server->client cipher: aes128-ctr MAC: This e-mail address is being protected from spam bots, you need JavaScript enabled to view it compression: none
debug1: kex: client->server cipher: aes128-ctr MAC: This e-mail address is being protected from spam bots, you need JavaScript enabled to view it compression: none
...
debug1: Server host key: ssh-rsa SHA256:u7o8Qy+Q7Kh+ml4Y+GcCitYjBeZunJkMjU06nNvpCuc

From openssh-6.0 to openssh-7.4

root@x063:[/home/mamfelt]ssh -v michael@x071
OpenSSH_6.0p1, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
...

debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4
debug1: match: OpenSSH_7.4 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.0
...

debug1: Server host key: RSA 7b:89:b4:a1:1a:dd:f1:04:59:8f:69:35:5e:3b:dd:4a
debug1: checking without port identifier
The authenticity of host '[x071]:22 ([192.168.XX.YY]:22)' can't be established.
RSA key fingerprint is 7b:89:b4:a1:1a:dd:f1:04:59:8f:69:35:5e:3b:dd:4a.
Are you sure you want to continue connecting (yes/no)?