Difference in SSH and SSH2

The program SSH (Secure Shell) is a secure replacement for telnet and the Berkeley r-utilities (rlogin, rsh, rcp, and rdist). It provides an encrypted channel for logging into another computer over a network, executing commands on a remote computer, and moving files from one computer to another. SSH provides strong host-to-host and user authentication as well as secure encrypted communications over an insecure Internet.

SSH2 is a more secure, efficient, and portable version of SSH that includes SFTP, which is functionally similar to FTP, but is SSH2 encrypted. At Indiana University, UITS has upgraded its central systems to SSH2 (usually the OpenSSH version), and encourages those who are concerned with secure communications to connect using an SSH2 client.

When connecting to a server for the first time, SSH presents you with a host key fingerprint for that server and asks you to confirm that you wish to save the new host key to the local database. Before agreeing, you should compare this fingerprint with one you obtain by some other means (e.g., by telephone) from the server administrators to avoid connecting to an imposter server. Click Yes in order to avoid this message the next time you connect. Rather than validating identities via passwords, SSH2 can also use public key encryption to authenticate remote hosts. For example, if you were to connect to a remote host called global.conspiracy.org (also running SSH2), SSH2 would use this system to verify that the remote system is the real global.conspiracy.org and not a computer set up to imitate it. If you wish, you can set up SSH2 to use public key authentication rather than passwords for logging into your other accounts, much like the Unix rlogin program.