OpenSSH: Specifications

OpenSSH Specifications

OpenSSH implements the following specifications. Where versions are noted, support for the corresponding specification was added or removed in that OpenSSH version.

SSH protocol version 2 Core RFCs

Source: secsh working group

Specification	Description
RFC4250	SSH Protocol Assigned Numbers
RFC4251	SSH Protocol Architecture
RFC4252 (e)	SSH Authentication Protocol
RFC4253 (e)	SSH Transport Layer Protocol
RFC4254 (e)	SSH Connection Protocol

SSH protocol version 2 Extension RFCs

Specification	Versions	Description
RFC4255 (e)		Using DNS to Securely Publish SSH Key Fingerprints (SSHFP)
RFC4256 (e)		Generic Message Exchange Authentication (aka `keyboard-interactive`)
RFC4335 (e)		SSH Session Channel Break Extension
RFC4344		SSH Transport Layer Encryption Modes (`aes128-ctr`, `aes192-ctr`, `aes256-ctr`)
RFC4345 (e)	4.1-7.6	Improved Arcfour Modes for the SSH Transport Layer Protocol
RFC4419 (e)		Diffie-Hellman Group Exchange
RFC4462 (e)		GSS-API Authentication and Key Exchange (only authentication implemented)
RFC4716		SSH Public Key File Format (import and export via ssh-keygen only).
RFC5647	6.2-	AES Galois Counter Mode (GCM) packet format (as `aes128-gcm@openssh.com` and `aes256-gcm@openssh.com`). Algorithm negotation differs as per draft-miller-sshm-aes-gcm due to problems with the original spec.
RFC5656 (e)	5.6-	Elliptic Curve Algorithm Integration in SSH
RFC6594 (e)	6.1-	SHA-256 SSHFP Resource Records
RFC6668	5.9-	SHA-2 Data Integrity Algorithms (`hmac-sha2-256`, `hmac-sha2-512`)
RFC7479 (e)	6.5-	ED25519 SSHFP Resource Records
RFC8160	7.3-	IUTF8 Terminal Mode
RFC8270 (e)	7.1-	Increase Diffie-Hellman Modulus Size
RFC8308	7.2-, 9.6-	Extension Negotiation in the Secure Shell (SSH) Protocol (`ext-info-c` added in 7.2, `ext-info-s` added in 9.6)
RFC8332	7.2-	Use of RSA Keys with SHA-2 (`rsa-sha2-256`, `rsa-sha2-512`)
RFC8709 (e)	6.5-	Ed25519 and Ed448 Public Key Algorithms (`ssh-ed25519` only)
RFC8731	7.4-	Key Exchange Method Using Curve25519 and Curve448 (`curve25519-sha256` only). Previously implemented as `curve25519-sha256@libssh.org` in 6.5

SSH protocol version 2 IETF draft specifications

Specification	Versions	Description
draft-ietf-secsh-filexfer-02		SSH File Transfer Protocol version 3
draft-ietf-secsh-filexfer-extensions-00	9.0-	SFTP extension `copy-data`
draft-ietf-secsh-filexfer-extensions-00	9.1-	SFTP extension `home-directory`
draft-ietf-sshm-chacha20-poly1305	6.5-	`chacha20-poly1305@openssh.com` authenticated encryption mode.
draft-ietf-curdle-ssh-kex-sha2-03	7.3-	Key Exchange (KEX) Method Updates and Recommendations
draft-ietf-secsh-scp-sftp-ssh-uri-04	7.6-	Uniform Resource Identifier (URI) Scheme for SSH and SFTP (with the exception of fingerprint)
draft-ietf-sshm-ntruprime-ssh	8.9-, 9.9-	`sntrup761x25519-sha512` key exchange method. Added as `sntrup761x25519-sha512@openssh.com` in 8.9.

SSH protocol version 2 vendor extensions

Specification	Versions	Description
draft-miller-ssh-agent-04		ssh-agent protocol (`auth-agent@openssh.com`)
draft-miller-secsh-compression-delayed-00	4.2	Delayed compression until after authentication (`zlib@openssh.com`)
draft-miller-secsh-umac-01	6.2-	Use of UMAC in SSH (`umac-64@openssh.com`, `umac-128@openssh.com`)
draft-miller-sshm-hostkey-update	6.8-	Allows clients to learn additional host keys supported by hosts where one or more keys is already known (`hostkeys-00@openssh.com`, `hostkeys-prove-00@openssh.com`).
draft-kampanakis-curdle-pq-ssh-00	8.0-8.5	Post-quantum public key algorithms (`sntrup4591761x25519-sha512@tinyssh.org`)
draft-miller-sshm-strict-kex	9.6-	"Strict KEX" to improve the integrity of the initial key exchange.
PROTOCOL		An overview of all vendor extensions detailed below, and the specifications of the following protocol extensions: SSH2 connection: `eow@openssh.com`, `no-more-sessions@openssh.com` `tun@openssh.com` (layer 2 and 3 tunnelling) `direct-streamlocal@openssh.com`, `forwarded-streamlocal@openssh.com`, `streamlocal-forward@openssh.com`, `cancel-streamlocal-forward@openssh.com` (Unix domain socket forwarding) `INFO@openssh.com` (BSD SIGINFO) `publickey-hostbound-v00@openssh.com` (host-bound public key authentication) SSH2 transport MACs: `hmac-sha1-etm@openssh.com`, `hmac-sha1-96-etm@openssh.com`, `hmac-sha2-256-etm@openssh.com`, `hmac-sha2-512-etm@openssh.com`, `hmac-md5-etm@openssh.com`, `hmac-md5-96-etm@openssh.com`, `umac-64-etm@openssh.com`, `umac-128-etm@openssh.com` SFTP: `posix-rename@openssh.com`, `statvfs@openssh.com`, `fstatvfs@openssh.com`, `hardlink@openssh.com`, `fsync@openssh.com`, `lesetstat@openssh.com`, `limits@openssh.com`, `expand-path@openssh.com`
PROTOCOL.certkeys		`ssh-rsa-cert-v01@openssh.com`, `ssh-dsa-cert-v01@openssh.com`, `ecdsa-sha2-nistp256-cert-v01@openssh.com`, `ecdsa-sha2-nistp384-cert-v01@openssh.com`, `ecdsa-sha2-nistp521-cert-v01@openssh.com`, `ssh-ed25519-cert-v01@openssh.com`, `rsa-sha2-256-cert-v01@openssh.com`, `rsa-sha2-512-cert-v01@openssh.com` : new public key algorithms supporting certificates.
PROTOCOL.key		OpenSSH private key format (`openssh-key-v1`).
PROTOCOL.krl		Key Revocation Lists for OpenSSH keys and certificates.
PROTOCOL.mux		Multiplexing protocol used by ssh(1) ControlMaster connection-sharing.

Other specifications

Specification	Description
socks4.protocol	SOCKS protocol version 4. Used for `ssh(1) DynamicForward`.
socks4a.protocol	SOCKS protocol version 4a. Used for `ssh(1) DynamicForward`.
RFC1928	SOCKS protocol version 5. Used for `ssh(1) DynamicForward`.
RFC1349 RFC8325	IP Type of Service (ToS) and Differentiated Services. OpenSSH will automatically set the IP Type of Service according to RFC8325 unless otherwise specified via the `IPQoS` keyword in ssh_config and sshd_config. Versions 7.7 and earlier will set it per RFC1349 unless otherwise specified.