What doesn't work against sshmitm

hoax #1 : use sshv2

today only the v1 protocol have been implemented

in the case of a password authentication:

sshv2 is as vulnerable as sshv1

private versions have / will be implemented

hoax #2 : use compression in ssh

today compression haven't been implemented yet

which may prevent the attacker to monitor the session and to hijack it

but not to catch the password

private versions have / will be implemented