logo

blog

My website can't be that messy, right? git clone https://anongit.hacktivis.me/git/blog.git/

SSH Daemon Comparison.md (2829B)


  1. # SSH Server comparison of protocol and cryptography
  2. Note: Done by using the source code and listing everything that is available, regardless of the build or runtime configurations.
  3. - tinyssh: Minimalist, state-of-the-art cryptographic and secure-only SSH Daemon <https://tinyssh.org/>
  4. - dropbear: Small SSH Client/Server designed for small memory usage <https://matt.ucc.asn.au/dropbear/dropbear.html>
  5. - OpenSSH: Bloated SSH Suite from OpenBSD <https://openssh.org/>
  6. ## Versions
  7. - tinyssh: SSH2
  8. - dropbear: SSH2
  9. - OpenSSH: SSH1, SSH2
  10. ## Key Exchange
  11. - tinyssh (20190101): curve25519-sha256, curve25519-sha256@libssh.org, sntrup4591761x25519-sha512@tinyssh.org
  12. - tinyssh (20181206): curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256
  13. - dropbear (2018.76): curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1, diffie-hellman-group16-sha512
  14. - libssh-based: curve25519-sha256, ecdh-sha2-nistp256, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
  15. ## Ciphers
  16. - tinyssh (20190101): chacha20-poly1305@openssh.com
  17. - tinyssh (20181206): chacha20-poly1305@openssh.com, aes256-ctr
  18. - dropbear (2018.76): aes128-ctr, aes256-ctr, twofish256-ctr, twofish128-ctr, aes128-cbc, aes256-cbc, twofish256-cbc, twofish-cbc, twofish128-cbc, 3des-ctr, 3des-cbc, blowfish-cbc
  19. - libssh-based: chachae20-poly1305, aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc
  20. ## HMAC
  21. - tinyssh (20190101): hmac-sha2-256
  22. - tinyssh (20181206): hmac-sha2-256
  23. - dropbear (2018.76): hmac-sha1-96, hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5
  24. - libssh-based: hmac-sha2-512, hmac-sha2-256, hmac-sha1, none
  25. ## Compression
  26. - tinyssh (20190101): none
  27. - tinyssh (20181206): none
  28. - dropbear (2018.76): zlib@openssh.com, zlib, none
  29. - libssh-based: zlib, zlib@openssh.com, none
  30. ## Host Keys
  31. - tinyssh (20190101): ssh-ed25519
  32. - tinyssh (20181206): ssh-ed25519, ecdsa-sha2-nistp256
  33. - dropbear (2018.76): ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
  34. - libssh-based: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512, rsa-sha2-256, ssh-dss
  35. ## Client Keys
  36. - tinyssh (20190101): ssh-ed25519
  37. - tinyssh (20181206): ssh-ed25519, ecdsa-sha2-nistp256
  38. - dropbear (2018.76): ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
  39. - libssh-based: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512, rsa-sha2-256, ssh-dss
  40. ## Authentication
  41. - libssh-based: none, password, public-key, keyboard-interactive, gssapi-with-mic
  42. ## Channels
  43. - libssh-based: shell, exec, direct-tcpip, subsystem, auth-agent-req@openssh.com