Vulnerabilities in 2.x
In November 2008, a theoretical vulnerability was discovered for all versions of SSH which allowed recovery of up to 32 bits of plaintext from a block of ciphertext that was encrypted using what was then the standard default encryption mode, CBC. The most straightforward solution is to use CTR mode instead of CBC mode, since this renders SSH resistant to the attack.
On December 28, 2014 Der Spiegel published classified information leaked by whistleblower Edward Snowden which suggests that the National Security Agency may be able to decrypt some SSH traffic. The technical details associated with this attack were not released as a part of the publication.