The SSH-2 protocol is described in five main documents.
Architecture describes the overall design of SSH-2.
Transport provides a single, full-duplex, byte-oriented
connection between client and server, with privacy, integrity, server
authentication, and man-in-the-middle protection. Authentication
identifies the client to the server. Connection provides richer,
application-support services over the transport pipe, such as channel
multiplexing, flow control, remote program execution, signal propagation,
connection forwarding, etc. Finally, the Assigned Numbers
document gathers together and lists various constant assignments made in
the other documents.
The document titles link to local text-only copies, while the RFC numbers
on the right link to the IETF copies, which
also provide HTML and PDF versions.
These establish various extensions to the core SSH protocols, or related
Using DNS to Securely Publish Secure Shell Key Fingerprints
Documents a method of storing SSH hostkey fingerprints in the DNS. This is implemented by the
option to the OpenSSH client. Extended by RFC 6594
to cover elliptic-curve hostkeys and SHA-2.
Generic Message Exchange Authentication for
the Secure Shell Protocol (SSH)
Documents the keyboard-interactive
userauth method, which allows
for any number of server prompts and client responses as part of client
authentication. This can accommodate challenge-response schemes such as
one-time passwords, and is often implemented on Unix
The Secure Shell Transport Layer Encryption Modes
This document describes new symmetric encryption methods for the SSH
Transport Protocol and gives specific recommendations on how frequently
SSH implementations should rekey, in response to SSH protocol
vulnerabilities reported by Bellare, Kohno, and Namprempre.
Diffie-Hellman Group Exchange (Friedl, Provos & Simpson)
The original key agreement methods defined in the transport protocol use
fixed, well-known groups for the Diffie-Hellman algorithm. This method
allows a server to use a set of locally configured groups, and the client
to request a preferred group size.
RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol
This memo describes a key-exchange method for the Secure Shell (SSH)
protocol based on Rivest-Shamir-Adleman (RSA) public-key encryption. It
uses much less client CPU time than the Diffie-Hellman algorithm specified
as part of the core protocol, and hence is particularly suitable for slow
GSSAPI Authentication and Key Exchange for SSH
Describes methods for using
for authentication and key exchange in SSH. It defines an SSH user
authentication method that uses a specified GSS-API mechanism to
authenticate a user, and a family of SSH key exchange methods that use
GSS-API to authenticate a Diffie-Hellman key exchange. This typically uses
Kerberos to provide single-signon, as well as automatic server
authentication without hostkeys.
The Secure Shell Public Key File Format
Documents the public-key file format in use by several SSH implementations.
Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer
This document describes algorithms based on Elliptic Curve Cryptography
(ECC) for use within the Secure Shell (SSH) transport protocol. In
particular, it specifies Elliptic Curve Diffie-Hellman (ECDH) key
agreement, Elliptic Curve Menezes-Qu-Vanstone (ECMQV) key agreement, and
Elliptic Curve Digital Signature Algorithm (ECDSA) for use in the SSH
Transport Layer protocol.
Suite B Cryptographic Suites for Secure Shell
Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records
Updates RFC 4255
, which defines a method for storing SSH hostkey fingerprints in the DNS. This document adds support for elliptic-curve hostkeys (ECDSA), as well as the SHA-2 hash algorithm.
SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol
This memo defines algorithm names and parameters for use in some of the
SHA-2 family of secure hash algorithms for data integrity verification in
the Secure Shell (SSH) protocol. It also
updates RFC 4253
specifying a new RECOMMENDED data integrity algorithm.
|Version 2.0 (Drafts and Proposals)
SSH File Transfer Protocol (Ylonen & Lehtinen)
The Secure Shell File Transfer Protocol provides secure file transfer
functionality over any reliable data stream. It is the standard file
transfer protocol for use with the Secure Shell Remote Login Protocol.
This document describes the file transfer protocol and its interface to
the Secure Shell protocol suite.
X.509 authentication in SSH2 (Galbraith & Saarenmaa)
Specifies how X.509 certificates, keys and signatures are used within the
Secure Shell Public Key Channel (Galbraith & Van Dyke)
Protocol to run inside an SSH-TRANS channel, for configuring public-key
authorization data for a remote account. This addresses the problem of
multiplying implementation-specific methods for doing this (e.g. files
authorized_keys, authorization, authorized_keys2,
differing key storage formats, etc.).