How to Check SSH Protocol Version (SSH1 vs SSH2) in Active Connections on Linux


2 views

When working with SSH connections, it's often necessary to verify which protocol version (SSH-1 or SSH-2) is being used for the current session. Here are several reliable methods to check this information.

Most SSH clients including PuTTY will display the protocol version during connection establishment. Look for lines similar to:

Using SSH protocol version 2

On the server side, examine the SSH daemon configuration:

# View SSH server configuration
grep Protocol /etc/ssh/sshd_config

# Typical output (if SSH2 is enabled):
Protocol 2

For established connections, use netstat to identify the SSH version:

netstat -tnpa | grep sshd

# Sample output showing SSH-2 connection:
tcp 0 0 192.168.1.100:22 192.168.1.50:54321 ESTABLISHED 1234/sshd: user [priv]

If you have shell access, try this command:

ssh -V

# Output example:
OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017

Initiate a new connection with verbose output:

ssh -vvv user@hostname

Look for protocol negotiation messages in the output:

debug1: Remote protocol version 2.0, remote software version OpenSSH_7.4

For PuTTY specifically, you can:

  1. Check the Event Log (right-click title bar > Event Log)
  2. Look for "Using SSH protocol version 2" message
  3. Configure connection logging before connecting

SSH-1 is considered insecure and should be disabled in modern systems. Ensure your server only accepts SSH-2 connections by setting:

# In /etc/ssh/sshd_config
Protocol 2

The most straightforward way to check your active SSH protocol version is by examining the SSH daemon's log:

# Check auth.log for SSH version information
sudo grep sshd /var/log/auth.log | grep -i protocol

# Alternative for systems using journalctl
sudo journalctl -u sshd | grep -i protocol

For your current SSH session, you can use these diagnostic commands:

# Method 1: Check process arguments
ps aux | grep sshd | grep -v grep

# Method 2: Use netstat to identify the connection
sudo netstat -tnpa | grep sshd

# Method 3: Verify SSH client version
echo $SSH_CLIENT

When using PuTTY on Windows:

1. During connection, check the initial handshake message in the terminal window
2. Look for phrases like "SSH-2.0" in the connection banner
3. Examine PuTTY's Event Log (right-click title bar > Event Log)

Verify server-side configuration to determine supported protocols:

# Check SSH daemon configuration
sudo cat /etc/ssh/sshd_config | grep Protocol

# Typical output:
# Protocol 2 (means only SSH2)
# Protocol 1,2 (means both versions enabled)

For scripted checking, you can use this Python example:

import paramiko

def check_ssh_version(host):
    try:
        transport = paramiko.Transport(host)
        transport.connect()
        print(f"SSH version: {transport.remote_version}")
        transport.close()
    except Exception as e:
        print(f"Error checking version: {str(e)}")

check_ssh_version('localhost')

Modern systems should exclusively use SSH2 due to vulnerabilities in SSH1. To enforce this:

# Edit sshd_config to disable SSH1
sudo sed -i 's/^#*Protocol.*/Protocol 2/' /etc/ssh/sshd_config
sudo systemctl restart sshd