logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git

SSH Daemon Comparison.md (2829B)

    

  1. # SSH Server comparison of protocol and cryptography
  2. Note: Done by using the source code and listing everything that is available, regardless of the build or runtime configurations.
  4. - tinyssh: Minimalist, state-of-the-art cryptographic and secure-only SSH Daemon <https://tinyssh.org/>
  5. - dropbear: Small SSH Client/Server designed for small memory usage <https://matt.ucc.asn.au/dropbear/dropbear.html>
  6. - OpenSSH: Bloated SSH Suite from OpenBSD <https://openssh.org/>
  8. ## Versions
  9. - tinyssh: SSH2
  10. - dropbear: SSH2
  11. - OpenSSH: SSH1, SSH2
  13. ## Key Exchange
  14. - tinyssh (20190101): curve25519-sha256, curve25519-sha256@libssh.org, sntrup4591761x25519-sha512@tinyssh.org
  15. - tinyssh (20181206): curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256
  16. - dropbear (2018.76): curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp521, ecdh-sha2-nistp384, ecdh-sha2-nistp256, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1, diffie-hellman-group1-sha1, diffie-hellman-group16-sha512
  17. - libssh-based: curve25519-sha256, ecdh-sha2-nistp256, diffie-hellman-group1-sha1, diffie-hellman-group14-sha1
  19. ## Ciphers
  20. - tinyssh (20190101): chacha20-poly1305@openssh.com
  21. - tinyssh (20181206): chacha20-poly1305@openssh.com, aes256-ctr
  22. - dropbear (2018.76): aes128-ctr, aes256-ctr, twofish256-ctr, twofish128-ctr, aes128-cbc, aes256-cbc, twofish256-cbc, twofish-cbc, twofish128-cbc, 3des-ctr, 3des-cbc, blowfish-cbc
  23. - libssh-based: chachae20-poly1305, aes256-ctr, aes192-ctr, aes128-ctr, aes256-cbc, aes192-cbc, aes128-cbc, 3des-cbc, blowfish-cbc
  25. ## HMAC
  26. - tinyssh (20190101): hmac-sha2-256
  27. - tinyssh (20181206): hmac-sha2-256
  28. - dropbear (2018.76): hmac-sha1-96, hmac-sha1, hmac-sha2-256, hmac-sha2-512, hmac-md5
  29. - libssh-based: hmac-sha2-512, hmac-sha2-256, hmac-sha1, none
  31. ## Compression
  32. - tinyssh (20190101): none
  33. - tinyssh (20181206): none
  34. - dropbear (2018.76): zlib@openssh.com, zlib, none
  35. - libssh-based: zlib, zlib@openssh.com, none
  37. ## Host Keys
  38. - tinyssh (20190101): ssh-ed25519
  39. - tinyssh (20181206): ssh-ed25519, ecdsa-sha2-nistp256
  40. - dropbear (2018.76): ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
  41. - libssh-based: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512, rsa-sha2-256, ssh-dss
  43. ## Client Keys
  44. - tinyssh (20190101): ssh-ed25519
  45. - tinyssh (20181206): ssh-ed25519, ecdsa-sha2-nistp256
  46. - dropbear (2018.76): ssh-rsa, ssh-dss, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
  47. - libssh-based: ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-rsa, rsa-sha2-512, rsa-sha2-256, ssh-dss
  49. ## Authentication
  50. - libssh-based: none, password, public-key, keyboard-interactive, gssapi-with-mic
  52. ## Channels
  53. - libssh-based: shell, exec, direct-tcpip, subsystem, auth-agent-req@openssh.com