OpenSSH Specifications


OpenSSH implements the following specifications.

SSH protocol version 1

ssh-rfc-v1.3 SSH protocol version 1.3
ssh-rfc-v1.5 SSH protocol version 1.5

SSH protocol version 2 Core RFCs

Source: secsh working group

RFC4250 SSH Protocol Assigned Numbers
RFC4251 SSH Protocol Architecture
RFC4252 (e) SSH Authentication Protocol
RFC4253 (e) SSH Transport Layer Protocol
RFC4254 (e) SSH Connection Protocol

SSH protocol version 2 Extension RFCs

RFC4255 (e) Using DNS to Securely Publish SSH Key Fingerprints (SSHFP)
RFC4256 (e) Generic Message Exchange Authentication (aka "keyboard-interactive")
RFC4335 (e) SSH Session Channel Break Extension
RFC4344 SSH Transport Layer Encryption Modes
RFC4345 Improved Arcfour Modes for the SSH Transport Layer Protocol
RFC4419 Diffie-Hellman Group Exchange
RFC4462 (e) GSS-API Authentication and Key Exchange (only authentication implemented)
RFC4716 SSH Public Key File Format
RFC5656 (e) Elliptic Curve Algorithm Integration in SSH
RFC6594 (e) SHA-256 SSHFP Resource Records (new in OpenSSH 6.1).
RFC6668 SHA-2 Data Integrity Algorithms (new in OpenSSH 5.9)
RFC7479 (e) ED25519 SSHFP Resource Records (new in OpenSSH 6.5).

SSH protocol version 2 draft specifications

draft-ietf-secsh-filexfer-02 SSH File Transfer Protocol version 3
draft-ietf-curdle-ssh-kex-sha2-03 Key Exchange (KEX) Method Updates and Recommendations (new in OpenSSH 7.3).
draft-sgtatham-secsh-iutf8-01 IUTF8 Terminal Mode (new in OpenSSH 7.3).

SSH protocol version 2 vendor extensions

PROTOCOL An overview of all vendor extensions detailed below, and the specifications of the SSH2 extensions eow@openssh.com, no-more-sessions@openssh.com, tun@openssh.com and the sftp extensions posix-rename@openssh.com statvfs@openssh.com, fstatvfs@openssh.com
PROTOCOL.agent ssh-agent protocol (auth-agent@openssh.com)
PROTOCOL.certkeys ssh-rsa-cert-v00@openssh.com, ssh-dsa-cert-v00@openssh.com, ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com : new public key algorithms supporting certificates.
PROTOCOL.chacha20poly1305 chacha20-poly1305@openssh.com authenticated encryption mode.
PROTOCOL.key OpenSSH private key format (openssh-key-v1).
PROTOCOL.krl Key Revocation Lists for OpenSSH keys and certificates.
PROTOCOL.mux Multiplexing protocol used by ssh(1) ControlMaster connection-sharing.
draft-miller-secsh-umac-01 umac-64@openssh.com: a new transport-layer MAC.
draft-miller-secsh-compression-delayed-00 zlib@openssh.com: Delayed compression until after authentication.
curve25519-sha256@libssh.org curve25519-sha256@libssh.org key exchange method.

Other specifications

socks4.protocol SOCKS protocol version 4. Used for ssh -D.
socks4a.protocol SOCKS protocol version 4a. Used for ssh -D.
RFC1928 SOCKS protocol version 5. Used for ssh -D.
RFC1349
RFC2597
RFC2598
IP Type of Service (ToS) and Differentiated Services. ssh and sshd will automatically set the ToS as per rfc1349 unless specified otherwise via the IPQoS keyword in ssh_config and sshd_config.