OpenSSH implements the following specifications. Where versions are noted, support for the corresponding specification was added or removed in that OpenSSH version.
Source: secsh working group
| Specification | Description |
|---|---|
| RFC4250 | SSH Protocol Assigned Numbers |
| RFC4251 | SSH Protocol Architecture |
| RFC4252 (e) | SSH Authentication Protocol |
| RFC4253 (e) | SSH Transport Layer Protocol |
| RFC4254 (e) | SSH Connection Protocol |
| Specification | Versions | Description |
|---|---|---|
| RFC4255 (e) | Using DNS to Securely Publish SSH Key Fingerprints (SSHFP) | |
| RFC4256 (e) | Generic Message Exchange Authentication (aka keyboard-interactive)
| |
| RFC4335 (e) | SSH Session Channel Break Extension | |
| RFC4344 | SSH Transport Layer Encryption Modes (aes128-ctr,
aes192-ctr, aes256-ctr)
| |
| RFC4345 (e) | 4.1-7.6 | Improved Arcfour Modes for the SSH Transport Layer Protocol |
| RFC4419 (e) | Diffie-Hellman Group Exchange | |
| RFC4462 (e) | GSS-API Authentication and Key Exchange (only authentication implemented) | |
| RFC4716 | SSH Public Key File Format (import and export via ssh-keygen only). | |
| RFC5647 | 6.2- | AES Galois Counter Mode (GCM) packet format (as
[email protected] and
[email protected]).
Algorithm negotation differs as per
draft-miller-sshm-aes-gcm due to problems with the original spec.
|
| RFC5656 (e) | 5.6- | Elliptic Curve Algorithm Integration in SSH |
| RFC6594 (e) | 6.1- | SHA-256 SSHFP Resource Records |
| RFC6668 | 5.9- | SHA-2 Data Integrity Algorithms (hmac-sha2-256,
hmac-sha2-512)
|
| RFC7479 (e) | 6.5- | ED25519 SSHFP Resource Records |
| RFC8160 | 7.3- | IUTF8 Terminal Mode |
| RFC8270 (e) | 7.1- | Increase Diffie-Hellman Modulus Size |
| RFC8308 | 7.2-, 9.6- | Extension Negotiation in the Secure Shell (SSH) Protocol
(ext-info-c
added in 7.2,
ext-info-s
added in 9.6)
|
| RFC8332 | 7.2- | Use of RSA Keys with SHA-2 (rsa-sha2-256,
rsa-sha2-512)
|
| RFC8709 (e) | 6.5- | Ed25519 and Ed448 Public Key Algorithms (ssh-ed25519 only)
|
| RFC8731 | 7.4- | Key Exchange Method Using Curve25519 and Curve448
(curve25519-sha256 only). Previously implemented as
[email protected] in 6.5
|
| Specification | Versions | Description |
|---|---|---|
| draft-ietf-secsh-filexfer-02 | SSH File Transfer Protocol version 3 | |
| draft-ietf-secsh-filexfer-extensions-00 | 9.0- | SFTP extension
copy-data
|
| draft-ietf-secsh-filexfer-extensions-00 | 9.1- | SFTP extension
home-directory
|
| draft-ietf-sshm-chacha20-poly1305 | 6.5- | [email protected] authenticated encryption mode.
|
| draft-ietf-curdle-ssh-kex-sha2-03 | 7.3- | Key Exchange (KEX) Method Updates and Recommendations |
| draft-ietf-secsh-scp-sftp-ssh-uri-04 | 7.6- | Uniform Resource Identifier (URI) Scheme for SSH and SFTP (with the exception of fingerprint) |
| draft-ietf-sshm-ntruprime-ssh | 8.9-, 9.9- | sntrup761x25519-sha512 key exchange method. Added as
[email protected] in 8.9.
|
| Specification | Description |
|---|---|
| socks4.protocol | SOCKS protocol version 4. Used for ssh(1) DynamicForward.
|
| socks4a.protocol | SOCKS protocol version 4a. Used for ssh(1) DynamicForward.
|
| RFC1928 | SOCKS protocol version 5. Used for ssh(1) DynamicForward.
|
| RFC1349 RFC8325 | IP Type of Service (ToS) and Differentiated Services.
OpenSSH will automatically set the IP Type of Service according to
RFC8325 unless otherwise specified via the IPQoS
keyword in ssh_config and sshd_config.
Versions 7.7 and earlier will set it per RFC1349
unless otherwise specified.
|