Merge pull request #2157 from geekpi/master

translated

sources/tech/20141224 Linux FAQs with Answers--How to check SSH protocol version on Linux.md

@@ -1,77 +0,0 @@
-Translating---------geekpi
-
-Linux FAQs with Answers--How to check SSH protocol version on Linux
-================================================================================
-> **Question**: I am aware that there exist SSH protocol version 1 and 2 (SSH1 and SSH2). What is the difference between SSH1 and SSH2, and how can I check which SSH protocol version is supported on a Linux server? 
-
-Secure Shell (SSH) is a network protocol that enables remote login or remote command execution between two hosts over a cryptographically secure communication channel. SSH was designed to replace insecure clear-text protocols such as telnet, rsh or rlogin. SSH provides a number of desirable features such as authentication, encryption, data integrity, authorization, and forwarding/tunneling.
-
-### SSH1 vs. SSH2 ###
-
-The SSH protocol specification has a number of minor version differences, but there are two major versions of the protocol: **SSH1** (SSH version 1.XX) and **SSH2** (SSH version 2.00).
-
-In fact, SSH1 and SSH2 are two entirely different protocols with no compatibility in between. SSH2 is a significantly improved version of SSH1 in many respects. First of all, while SSH1 is a monolithic design where several different functions (e.g., authentication, transport, connection) are packed into a single protocol, SSH2 is a layered architecture designed with extensibility and flexibility in mind. In terms of security, SSH2 comes with a number of stronger security features than SSH1, such as MAC-based integrity check, flexible session re-keying, fully-negotiable cryptographic algorithms, public-key certificates, etc.
-
-SSH2 is standardized by IETF, and as such its implementation is widely deployed and accepted in the industry. Due to SSH2's popularity and cryptographic superiority over SSH1, many products are dropping support for SSH1. As of this writing, OpenSSH still [supports][1] both SSH1 and SSH2, while on all modern Linux distributions, OpenSSH server comes with SSH1 disabled by default.
-
-### Check Supported SSH Protocol Version ###
-
-#### Method One ####
-
-If you want to check what SSH protocol version(s) are supported by a local OpenSSH server, you can refer to **/etc/ssh/sshd_config** file. Open /etc/ssh/sshd_config with a text editor, and look for "Protocol" field.
-
-If it shows the following, it means that OpenSSH server supports SSH2 only.
-
-    Protocol 2
-
-If it displays the following instead, OpenSSH server supports both SSH1 and SSH2.
-
-    Protocol 1,2
-
-#### Method Two ####
-
-If you cannot access /etc/ssh/sshd_config because OpenSSH server is running on a remote server, you can test its SSH protocol support by using SSH client program called ssh. More specifically, we force ssh to use a specific SSH protocol, and see how the remote SSH server responds.
-
-The following command will force ssh command to use SSH1:
-
-    $ ssh -1 user@remote_server
-
-The following command will force ssh command to use SSH2:
-
-    $ ssh -2 user@remote_server
-
-If the remote SSH server supports SSH2 only, the first command with "-1" option will fails with an error message like this:
-
-    Protocol major versions differ: 1 vs. 2
-
-If the SSH server supports both SSH1 and SSH2, both commands should work successfully.
-
-### Method Three ###
-
-Another method to check supported SSH protocol version of a remote SSH server is to run an SSH scanning tool called [scanssh][2]. This command-line tool is useful when you want to check SSH protocol versions for a bulk of IP addresses or the entire local network to upgrade SSH1-capable SSH servers.
-
-Here is the basic syntax of scanssh for SSH version scanning.
-
-    $ sudo scanssh -s ssh -n [ports] [IP addresses or CIDR prefix] 
-
-The "-n" option can specify the SSH port number(s) to scan. You can specify multiple port numbers separated by comma. Without this option, scanssh will scan port 22 by default.
-
-Use the following command to discover SSH servers on 192.168.1.0/24 local nework, and detect their SSH protocol versions:
-
-    $ sudo scan -s ssh 192.168.1.0/24 
-
-![](https://farm8.staticflickr.com/7550/15460750074_95f83217a2_b.jpg)
-
-If scanssh reports "SSH-1.XX-XXXX" for a particular IP address, it implies that the minimum SSH protocol version supported by the corresponding SSH server is SSH1. If the remote server supports SSH2 only, scanssh will show "SSH-2.0-XXXX".
-
---------------------------------------------------------------------------------
-
-via: http://ask.xmodulo.com/check-ssh-protocol-version-linux.html
-
-译者：[译者ID](https://github.com/译者ID)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
-
-[1]:http://www.openssh.com/specs.html
-[2]:http://www.monkey.org/~provos/scanssh/

translated/tech/20141224 Linux FAQs with Answers--How to check SSH protocol version on Linux.md

@@ -0,0 +1,77 @@
+Linux有问必答-- 如何在Linux上检查SSH的版本
+================================================================================
+> **Question**：我想到SSH存在1和2两个版本（SSH1和SSH2）。这两者之间有什么不同？还有我该怎么在Linux上检查SSH协议的版本？
+
+Secure Shell (SSH) is a network protocol that enables remote login or remote command execution between two hosts over a cryptographically secure communication channel. SSH was designed to replace insecure clear-text protocols such as telnet, rsh or rlogin. SSH provides a number of desirable features such as authentication, encryption, data integrity, authorization, and forwarding/tunneling.
+安全Shell（SSH）通过加密的安全通信通道来远程登录或者远程执行命令。SSH被设计来替代不安全的明文协议，如telnet、rsh和rlogin。SSH提供了大量需要的特性，如认证、加密、数据完整性、授权和转发/通道。
+
+### SSH1 vs. SSH2 ###
+
+SSH协议规范存在一些小版本的差异，但是有两个主要的大版本：**SSH1** (版本号 1.XX) 和 **SSH2** (版本号 2.00)。
+
+事实上，SSH1和SSH2是两个完全不同互不兼容的协议。SSH2明显地提升了SSH1中的很多方面。首先，SSH是宏设计，几个不同的功能（如：认证、传输、连接）被打包进一个单一的协议，SSH2带来了比SSH1更强大的安全特性，如基于MAC的完整性检查，灵活的会话密钥更新、充分协商的加密算法、公钥证书等等。
+
+SSH2 is standardized by IETF, and as such its implementation is widely deployed and accepted in the industry. Due to SSH2's popularity and cryptographic superiority over SSH1, many products are dropping support for SSH1. As of this writing, OpenSSH still [supports][1] both SSH1 and SSH2, while on all modern Linux distributions, OpenSSH server comes with SSH1 disabled by default.
+SSH2由IETF标准化，且它的实现在业界被广泛部署和接受。由于SSH2对于SSH1的流行和加密优势，许多产品对SSH1放弃了支持。在写这篇文章的时候，OpenSSH仍旧[支持][1]SSH1和SSH2,然而在所有的现代Linux发行版中，OpenSSH服务器默认禁用了SSH1。
+
+### 检查支持的SSH协议版本 ###
+
+#### 方法一 ####
+
+如果你想检查本地OpenSSH服务器支持的SSH协议版本，你可以参考**/etc/ssh/sshd_config**这个文件。用文本编辑器打开/etc/ssh/sshd_config，并且查看"Protocol"字段。
+
+如果如下显示，就代表服务器只支持SSH2。
+
+    Protocol 2
+
+如果如下显示，就代表服务器同时支持SSH1和SSH2。
+
+    Protocol 1,2
+
+#### 方法二 ####
+
+如果因为OpenSSH服务其运行在远端服务器上而你不能访问/etc/ssh/sshd_config。你可以使用叫ssh的SSH客户端来检查支持的协议。具体说来，就是强制ssh使用特定的SSH协议，接着我么查看SSH服务器的响应。
+
+下面的命令强制ssh使用SSH1：
+
+    $ ssh -1 user@remote_server
+
+下面的命令强制ssh使用SSH2：
+
+    $ ssh -2 user@remote_server
+
+如果远程SSH服务器只支持SSH2,那么第一个带“-1”的选项就会出现像下面的错误信息：
+
+    Protocol major versions differ: 1 vs. 2
+
+如果SSH服务器同时支持SSH1和SSH2,那么两个命令都有效。
+
+### 方法三 ###
+
+另一个检查版本的方法是运行SSH扫描工具，叫做[scanssh][2]。这个命令行工具在你想要检查一组IP地址或者整个本地网络来升级SSH1兼容的SSH服务器时很有用。
+
+下面是基本的SSH版本扫描语法。
+
+    $ sudo scanssh -s ssh -n [ports] [IP addresses or CIDR prefix] 
+
+"-n"选项可以指定扫描的SSH端口。你可以用都好分隔来扫描多个端口，不带这个选项，scanssh会默认扫描22端口。
+
+使用下面的命令来发现192.168.1.0/24本地网络中的SSH服务器，并检查SSH协议v版本：
+
+    $ sudo scan -s ssh 192.168.1.0/24 
+
+![](https://farm8.staticflickr.com/7550/15460750074_95f83217a2_b.jpg)
+
+如果scanssh为特定IP地址报告“SSH-1.XX-XXXX”，这暗示着相关的SSH服务器支持的最低版本是SSH1.如果远程服务器只支持SSH2,scanssh会显示“SSH-2.0-XXXX”。
+
+--------------------------------------------------------------------------------
+
+via: http://ask.xmodulo.com/check-ssh-protocol-version-linux.html
+
+译者：[geekpi](https://github.com/geekpi)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
+
+[1]:http://www.openssh.com/specs.html
+[2]:http://www.monkey.org/~provos/scanssh/