Which three statements about SSHv1 and SSHv2 are true? (Choose three.)
A.
Both SSHv1 and SSHv2 support multiple session channels on a single connection.
B.
Both SSHv1 and SSHv2 require a server key to protect the session key.
C.
SSHv2 supports a wider variety of user-authentication methods than SSHv1.
D.
Unlike SSHv1, SSHv2 uses separate protocols for authentication, connection, and
transport.
E.
Unlike SSHv1, SSHv2 supports multiple forms of user authentication in a single
session.
F.
Both SSHv1 and SSHv2 negotiate the bulk cipher.
Explanation:
SSH-1 and SSH-2 Differences
SSH-2 SSH-1
Separate transport, authentication, and
connection protocols.
One monolithic protocol.
Strong cryptographic integrity check. Weak CRC-32 integrity check.
Supports password changing. N/A
Any number of session channels per
connection (including none).
Exactly one session channel per connection (requires
issuing a remote command even when you don’t
want one).
Full negotiation of modular cryptographic and
compression algorithms, including bulk
encryption, MAC, and public-key.
Negotiates only the bulk cipher; all others are fixed.
Encryption, MAC, and compression are
negotiated separately for each direction, with
independent keys.
The same algorithms and keys are used in both
directions (although RC4 uses separate keys, since the
algorithm’s design demands that keys not be reused).
Extensible algorithm/protocol naming scheme
allows local extensions while preserving
interoperability.
Fixed encoding precludes interoperable additions.
User authentication methods:
public-key (DSA, RSA, OpenPGP)
hostbased
password
(Rhosts dropped due to insecurity)
Supports a wider variety:
public-key (RSA only)
RhostsRSA
password
Rhosts (rsh-style)
TIS
Kerberos
Use of Diffie-Hellman key agreement removes
the need for a server key.
Server key used for forward secrecy on the session
key.
Supports public-key certificates. N/A
User authentication exchange is more flexible
and allows requiring multiple forms of
authentication for access.
Allows exactly one form of authentication per
session.Hostbased authentication is in principle
independent of client network address, and so
can work with proxying, mobile clients, etc.
RhostsRSA authentication is effectively tied to the
client host address, limiting its usefulness.
Periodic replacement of session keys. N/A
http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch03_05.htm