SSH, Secure Shell, is a protocol that allows user to log into another computer, to executerncommands in a remote machine, and to move files from one machine to another securelyrnover an insecure network. It provides cryptographic authentication, encryption and datarnintegrity to secure network communications. Negotiation of the security parameters andrnauthentication of the peers require using public key cryptosystems. Public key operationsrnare generally slow. In order to improve the performance of the protocol and make itrnapplicable in both powerful and resource constrained environments Elliptic CurvernCryptography is used.rnIn addition, since SSH uses plain public keys to authenticate a remote server, always thernfirst time authentication is vulnerable to the Man-in-the-Middle attack. Using a publicrnkey certificate as a host key will eliminate the above vulnerability. And it requires a PKI,rnPublic Key Infrastructure to support the certificate approach. PKI may potentially impactrnthe performance of the security protocol. And PKI path validation techniques (certificaternrevocation status checking) need more storage capacity, more communication cost andrnmore processing time. This seems to have a problem to scale with large communicatingrnnodes.rnIn this thesis, SSHâ€™s key exchange handshake is implemented using java and bouncyrncastle cryptographic api.rnPerformance with RSA (Rivest-Shamir-Adleman) and ECDH_ECDSA (Elliptic CurvernDiffie-Hellman Elliptic Curve Digital Signature Algorithm) key exchange suites havernbeen compared for both PKI and non-PKI authentication. Client waiting time (keyrnexchange latency), server key exchange throughput, and revocation status message sizernhave been measured for each key exchange suite.rnSimulation results show that ECC has better processing time performance and betterrnthroughput than RSA. Response time and revocation status message size are minimumrnwhen Authenticated Directories are used as a certificate status responder.rnKeywords used: SSH, PKI, Elliptic Curve Cryptography, ECDH, ECDSA, certificate,rncertificate path validation, certificate revocation status checking, key exchangernhandshake, authentication, Authenticated Dictionaries and RSA.