Version 1 In 1995,
Tatu Ylönen, a researcher at
Helsinki University of Technology in Finland designed the first version of the protocol (now called
SSH-1) prompted by a password-
sniffing attack at his
university network. The goal of SSH was to replace the earlier
rlogin,
TELNET,
FTP and
rsh protocols, which did not provide strong authentication nor guarantee confidentiality. He chose the port number 22 because it is between telnet (port 23) and ftp (port 21). Ylönen released his implementation as
freeware in July 1995, and the tool quickly gained in popularity. Towards the end of 1995, the SSH user base had grown to 20,000 users in fifty countries. In December 1995, Ylönen founded SSH Communications Security to market and develop SSH. The original version of the SSH software used various pieces of
free software, such as
GNU libgmp, but later versions released by SSH Communications Security evolved into increasingly
proprietary software. It was estimated that by 2000, the number of users had grown to 2 million.
Version 2 In 2006, after being discussed in a working group named "secsh", a revised version of the SSH protocol,
SSH-2 was adopted as a standard. This version offers improved security and new features, but is not compatible with SSH-1. For example, it introduces new key-exchange mechanisms like
Diffie–Hellman key exchange, improved
data integrity checking via
message authentication codes like
MD5 or
SHA-1, which can be negotiated between client and server. SSH-2 also adds stronger encryption methods like
AES which eventually replaced weaker and compromised ciphers from the previous standard like
3DES. New features of SSH-2 include the ability to run any number of
shell sessions over a single SSH connection. Due to SSH-2's superiority and popularity over SSH-1, some implementations such as libssh (v0.8.0+),
Lsh and
Dropbear eventually supported only the SSH-2 protocol.
Version 1.99 In January 2006, well after version 2.1 was established, specified that an SSH server supporting 2.0 as well as prior versions should identify its protocol version as 1.99. This version number does not reflect a historical software revision, but a method to identify
backward compatibility.
OSSH and OpenSSH In 1999, developers, desiring availability of a free software version, restarted software development from the 1.2.12 release of the original SSH program, which was the last released under an
open source license. This served as a code base for Björn Grönvall's OSSH software. Shortly thereafter,
OpenBSD developers
forked Grönvall's code and created
OpenSSH, which shipped with Release 2.6 of OpenBSD. From this version, a "portability" branch was formed to port OpenSSH to other operating systems. ,
OpenSSH was the single most popular SSH implementation, being the default version in a large number of operating system distributions. OSSH, meanwhile, has become obsolete. OpenSSH continues to be maintained and supports the SSH-2 protocol, having expunged SSH-1 support from the codebase in the OpenSSH 7.6 release.
Future In 2023, an alternative to traditional SSH was proposed under the name
SSH3 by PhD student François Michel and Professor Olivier Bonaventure and its code has been made open source. This new version implements the original SSH Connection Protocol but operates on top of
HTTP/3, which runs on
QUIC. It offers multiple features such as: • Faster session establishment, reducing the number of
Round-trip delays from 5-7 to 3. • High security: while SSHv2 relies on its own protocols, SSH3 leverages
TLS 1.3,
QUIC, and
HTTP. • UDP port forwarding • X.509 certificates • OpenID Connect However, the name SSH3 is under discussion, and the project aims to rename itself to a more suitable name. The discussion stems from the fact that this new implementation significantly revises the SSH protocol, suggesting it should not be called SSH3. ==Uses==