Web manual pages are available from OpenBSD for the following commands.
These manual pages reflect the latest development release of OpenSSH.
- The basic rlogin/rsh-like client program
- The daemon that permits you to log in
- The client configuration file
- The daemon configuration file
- An authentication agent that can store private keys
- Tool which adds keys to in the above agent
- FTP-like program that works over SSH1 and SSH2 protocol
- File copy program that acts like rcp
- Key generation tool
- SFTP server subsystem (started automatically by sshd)
- Utility for gathering public host keys from a number of hosts
- Helper program for host-based authentication
The SSH2 protocol implemented in OpenSSH is
standardized by the IETF
working group and is specified in several RFCs and drafts.
The overall structure of SSH2 is described in the
It is composed of three layered components:
Additional documents specify:
provides algorithm negotiation and a key exchange.
The key exchange includes server authentication and
results in a cryptographically secured connection:
it provides integrity, confidentiality and optional compression.
user authentication layer
uses the established connection and relies on the services provided
by the transport layer.
It provides several mechanisms for user authentication.
These include traditional password authentication as well as public-key
or host-based authentication mechanisms.
multiplexes many different concurrent channels over the authenticated connection
and allows tunneling of login sessions and TCP-forwarding.
It provides a flow control service for these channels.
Additionally, various channel-specific options can be negotiated.
RFC provides support for new authentication schemes like S/Key
or TIS authentication.
- The SFTP file transfer protocol is specified in the
OpenSSH implements a SFTP
- A file format for public keys is specified in the
ssh-keygen(1) can be used
to convert an OpenSSH public key to this file format.
Diffie-Hellman Group Exchange allows clients to request more secure groups for the Diffie-Hellman key exchange.
- OpenSSH implemented a compression method "firstname.lastname@example.org" that delays
starting compression until after user authentication, to eliminate the
risk of pre-authentication attacks against the compression code. It is
- OpenSSH implements an additional MAC (Message Authentication Code)
"email@example.com", which has superior performance to the ones specified
in RFC 4253. It is described in
- The authentication agent protocol used by
ssh-agent is documented in the
- OpenSSH makes various other minor extensions to and divergences from the
standard SSH protocols. These are documented in the