
Major security differences between protocols


Protocol v.1 CRC is weak integrity mechanism
Not collision resistant, easily spoofed
Elaborate tricks used to detect attacks
Attacks can not be prevented (just detected)

Protocol v.1 is more susceptible to a MITM attack
Only a problem before server key has been learned
D-H key exchange in v.2 avoids this when using PubKey auth

Protocol v.2 is recommended:
+ More secure
+ In IETF standardisation process
+ More extensible
- More per-packet overhead

OpenSSH defaults to protocol v.2, but still supports v.1
