Xeraph@NCHOVY

SSH Core Documents

The following proposed standards describe the main elements of the SSH protocol.

• SSH Protocol Architecture (RFC 4251)
  This document provides an overview of the SSH architecture including the "layers" of the protocol. If you're going to read about SSH, you should read this draft first.
• SSH Transport Layer Protocol (RFC 4253)
  The transport layer is the lowest layer of the protocol. It typically runs on top of TCP/IP. All other layers of the protocol run on top of the secure tunnel provided by this layer.
• SSH Authentication Protocol (RFC 4252) 
  The next layer of protocol is the user authentication layer. This document describes mechanisms that the SSH server uses to authenticate users. The primary mechanisms described here include password and public-key authentication.
• SSH Connection Protocol (RFC 4254)
  The connection protocol is a layer that runs on top of the transport and authentication layers. This document describes how interactive terminal sessions are created as well as other operations such as remote command execution, forwarded/tunneled network connections.
• SSH Protocol Assigned Numbers (RFC 4250)
  The official list of IANA-assigned numbers used by SSH implementations.
• SSH Public Key File Format (RFC 4716)
  Documentation of a common file format for public keys. Its purpose is to facilitate the exchange of public keys between different SSH implementations.
• SSH Public Key Subsystem (RFC 4819)
  The public-key subsystem is a mechanism that allows users to upload and manage their public keys on any SSH server without having to delve into server-specific details of where those keys should be stored.

SSH Extension Documents

• GSSAPI Authentication and Key Exchange for the Secure Shell Protocol (RFC 4462)
  Description of a mechanism for using the Generic Security Service Application Program Interface (GSS-API) for authentication and key exchange in SSH. Most commonly this is how Kerberos authentication is done with the SSH protocol.
• Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol (RFC 4419)
  A mechanism that describes how the SSH server can vary the cryptographic inputs used during Diffie-Hellman key exchange. Its purpose is to mitigate possible cryptographic attacks on the protocol.
• Generic Message Exchange Authentication for the Secure Shell Protocol (SSH) (RFC 4256)
  Describes a user authentication method officially known as "keyboard-interactive". This allows the SSH server to authenticate users through a generic series of challenges and responses. A common use of this authentication method is to facilitate the use of Pluggable Authentication Modules (PAM) on many UNIX systems.
• Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints (RFC 4255)
  Documentation of a method to publish SSH server host keys using Secure DNS.
• The Secure Shell (SSH) Transport Layer Encryption Modes (RFC 4344)
  Recommendations for SSH implementations that mitigate potential cryptographic attacks on the SSH protocol.
• Session Channel Break Extension (RFC 4335)
  Description of a mechanism to send a BREAK signal over an SSH terminal session.
• Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol (RFC 4345) 
  This document specifies methods of using the Arcfour cipher in the Secure Shell (SSH) protocol that mitigate the weakness of the cipher's key-scheduling algorithm.

SSH Extension Drafts

• SSH File Transfer Protocol
  Describes a protocol for secure file transfer and/or a secure, remote file system. This protocol is commonly referred to as "SFTP".
• Secure Shell Authentication Agent Protocol
  Description of a single sign-on mechanism that works by forwarding various private key signing operations back to an "agent" that stores your private keys.
• SCP/SFTP/SSH URI Format
  A specification of how ssh, sftp and scp URLs should look. For example: ssh://user@host:2222
• X.509 Authentication in SSH2
  The X.509 extension specifies how X.509 keys and signatures are used within the SSH2 protocol.