OpenSSH Спецификации


В OpenSSH реализованы следующие спецификации. Указанные версии говорят о добавлении или удалении той или иной спецификации в той или иной версии OpenSSH.

Основные RFC второй версии протокола SSH

Источник: secsh working group

Спецификация Описание
RFC4250 SSH Protocol Assigned Numbers
RFC4251 SSH Protocol Architecture
RFC4252 (e) SSH Authentication Protocol
RFC4253 (e) SSH Transport Layer Protocol
RFC4254 (e) SSH Connection Protocol

RFC, расширяющие возможности второй версии протокола SSH

Спецификация Версия Описание
RFC4255 (e) Using DNS to Securely Publish SSH Key Fingerprints (SSHFP)
RFC4256 (e) Generic Message Exchange Authentication (aka keyboard-interactive)
RFC4335 (e) SSH Session Channel Break Extension
RFC4344 SSH Transport Layer Encryption Modes (aes128-ctr, aes192-ctr, aes256-ctr)
RFC4345 (e) 4.1-7.6 Improved Arcfour Modes for the SSH Transport Layer Protocol
RFC4419 (e) Diffie-Hellman Group Exchange
RFC4462 (e) GSS-API Authentication and Key Exchange (only authentication implemented)
RFC4716 SSH Public Key File Format (import and export via ssh-keygen only).
RFC5656 (e) Elliptic Curve Algorithm Integration in SSH
RFC6594 (e) 6.1- SHA-256 SSHFP Resource Records
RFC6668 5.9- SHA-2 Data Integrity Algorithms (hmac-sha2-256, hmac-sha2-512)
RFC7479 (e) 6.5- ED25519 SSHFP Resource Records
RFC8160 7.3- IUTF8 Terminal Mode
RFC8270 (e) 7.1- Increase Diffie-Hellman Modulus Size
RFC8308 7.2-, 7.6- Extension Negotiation in the Secure Shell (SSH) Protocol (ext-info-c added in 7.2, ext-info-s added in 9.6)
RFC8332 7.2- Use of RSA Keys with SHA-2 (rsa-sha2-256, rsa-sha2-512)
RFC8709 (e) 6.5- Ed25519 and Ed448 Public Key Algorithms (ssh-ed25519 only)
RFC8731 7.3- Key Exchange Method Using Curve25519 and Curve448 (curve25519-sha256 only)

DRAFT-спецификации (черновики, не опубликованные версии) для второй версии протокола SSH

Спецификация Версия Описание
draft-ietf-secsh-filexfer-02 SSH File Transfer Protocol version 3
draft-ietf-secsh-filexfer-extensions-00 9.0- SFTP extension copy-data
draft-ietf-secsh-filexfer-extensions-00 9.1- SFTP extension home-directory
draft-ietf-curdle-ssh-kex-sha2-03 7.3- Key Exchange (KEX) Method Updates and Recommendations
draft-ietf-secsh-scp-sftp-ssh-uri-04 7.6- Uniform Resource Identifier (URI) Scheme for SSH and SFTP (with the exception of fingerprint)

Дополнения от производителей для второй версии протокола SSH

Спецификация Версия Описание
PROTOCOL An overview of all vendor extensions detailed below, and the specifications of the following protocol extensions:
  • SSH2 connection:
    • eow@openssh.com, no-more-sessions@openssh.com
    • hostkeys-00@openssh.com, hostkeys-prove-00@openssh.com (hostkey rotation)
    • tun@openssh.com (layer 2 and 3 tunnelling)
    • direct-streamlocal@openssh.com, forwarded-streamlocal@openssh.com, streamlocal-forward@openssh.com, cancel-streamlocal-forward@openssh.com (Unix domain socket forwarding)
    • INFO@openssh.com (BSD SIGINFO)
    • publickey-hostbound-v00@openssh.com (host-bound public key authentication)
  • SSH2 transport ciphers: aes128-gcm@openssh.com, aes256-gcm@openssh.com
  • SSH2 transport MACs: hmac-sha1-etm@openssh.com, hmac-sha1-96-etm@openssh.com, hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-md5-etm@openssh.com, hmac-md5-96-etm@openssh.com, umac-64-etm@openssh.com, umac-128-etm@openssh.com
  • SFTP: posix-rename@openssh.com, statvfs@openssh.com, fstatvfs@openssh.com, hardlink@openssh.com, fsync@openssh.com, lesetstat@openssh.com, limits@openssh.com, expand-path@openssh.com
draft-miller-ssh-agent-04 ssh-agent protocol (auth-agent@openssh.com)
PROTOCOL.certkeys ssh-rsa-cert-v01@openssh.com, ssh-dsa-cert-v01@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com : new public key algorithms supporting certificates.
PROTOCOL.chacha20poly1305 chacha20-poly1305@openssh.com authenticated encryption mode.
PROTOCOL.key OpenSSH private key format (openssh-key-v1).
PROTOCOL.krl Key Revocation Lists for OpenSSH keys and certificates.
PROTOCOL.mux Multiplexing protocol used by ssh(1) ControlMaster connection-sharing.
draft-miller-secsh-umac-01 Use of UMAC in SSH (umac-64@openssh.com, umac-128@openssh.com)
draft-miller-secsh-compression-delayed-00 Delayed compression until after authentication (zlib@openssh.com)
curve25519-sha256@libssh.org curve25519-sha256@libssh.org key exchange method. This is identical to curve25519-sha256 as later published in RFC8731.
sntrup761x25519-sha512@openssh.com sntrup761x25519-sha512@openssh.com key exchange method. This is identical to sntrup761x25519-sha512 as later published in the IANA Secure Shell (SSH) Protocol Parameters.
draft-kampanakis-curdle-pq-ssh-00 8.0-8.5 Post-quantum public key algorithms (sntrup4591761x25519-sha512@tinyssh.org)

Другие спецификации

Спецификация Описание
socks4.protocol SOCKS protocol version 4. Used for ssh(1) DynamicForward.
socks4a.protocol SOCKS protocol version 4a. Used for ssh(1) DynamicForward.
RFC1928 SOCKS protocol version 5. Used for ssh(1) DynamicForward.
RFC1349 RFC8325 IP Type of Service (ToS) and Differentiated Services. OpenSSH will automatically set the IP Type of Service according to RFC8325 unless otherwise specified via the IPQoS keyword in ssh_config and sshd_config. Versions 7.7 and earlier will set it per rfc1349 unless otherwise specified.