SSHv2

the session key is generated by the Diffie-Hellman protocol:

the server authenticates by signing a fingerprint of exchanged messages

client authentication uses same methods as sshv1

the attack is always possible by a mitm attack against the DH protocol

sshmitm doesn't implement sshv2