Documented in the RFC file from the SSH1 distribution, this version of the protocol is mostly obsolete and abandoned.
The SSH-2 protocol is described in five main documents. Architecture describes the overall design of SSH-2. Transport provides a single, full-duplex, byte-oriented connection between client and server, with privacy, integrity, server authentication, and man-in-the-middle protection. Authentication identifies the client to the server. Connection provides richer, application-support services over the transport pipe, such as channel multiplexing, flow control, remote program execution, signal propagation, connection forwarding, etc. Finally, the Assigned Numbers document gathers together and lists various constant assignments made in the other documents.
These establish various extensions to the core SSH protocols, or related mechanisms.
Documents a method of storing SSH hostkey fingerprints in the DNS. This is implemented by the
VerifyHostKeyDNSoption to the OpenSSH client. Extended by
RFC 6594to cover elliptic-curve hostkeys and SHA-2.
Documents the
keyboard-interactiveuserauth method, which allows for any number of server prompts and client responses as part of client authentication. This can accommodate challenge-response schemes such as one-time passwords, and is often implemented on Unix via
PAM.
This document describes new symmetric encryption methods for the SSH Transport Protocol and gives specific recommendations on how frequently SSH implementations should rekey, in response to SSH protocol vulnerabilities reported by Bellare, Kohno, and Namprempre.
The original key agreement methods defined in the transport protocol use fixed, well-known groups for the Diffie-Hellman algorithm. This method allows a server to use a set of locally configured groups, and the client to request a preferred group size.
This memo describes a key-exchange method for the Secure Shell (SSH) protocol based on Rivest-Shamir-Adleman (RSA) public-key encryption. It uses much less client CPU time than the Diffie-Hellman algorithm specified as part of the core protocol, and hence is particularly suitable for slow client systems.
Describes methods for using the
GSS-APIfor authentication and key exchange in SSH. It defines an SSH user authentication method that uses a specified GSS-API mechanism to authenticate a user, and a family of SSH key exchange methods that use GSS-API to authenticate a Diffie-Hellman key exchange. This typically uses Kerberos to provide single-signon, as well as automatic server authentication without hostkeys.
Documents the public-key file format in use by several SSH implementations.
This document describes algorithms based on Elliptic Curve Cryptography (ECC) for use within the Secure Shell (SSH) transport protocol. In particular, it specifies Elliptic Curve Diffie-Hellman (ECDH) key agreement, Elliptic Curve Menezes-Qu-Vanstone (ECMQV) key agreement, and Elliptic Curve Digital Signature Algorithm (ECDSA) for use in the SSH Transport Layer protocol.
Updates
RFC 4255, which defines a method for storing SSH hostkey fingerprints in the DNS. This document adds support for elliptic-curve hostkeys (ECDSA), as well as the SHA-2 hash algorithm.
This memo defines algorithm names and parameters for use in some of the SHA-2 family of secure hash algorithms for data integrity verification in the Secure Shell (SSH) protocol. It also updates
RFC 4253by specifying a new RECOMMENDED data integrity algorithm.
The Secure Shell File Transfer Protocol provides secure file transfer functionality over any reliable data stream. It is the standard file transfer protocol for use with the Secure Shell Remote Login Protocol. This document describes the file transfer protocol and its interface to the Secure Shell protocol suite.
Specifies how X.509 certificates, keys and signatures are used within the SSH2 protocol.
Protocol to run inside an SSH-TRANS channel, for configuring public-key authorization data for a remote account. This addresses the problem of multiplying implementation-specific methods for doing this (e.g. files authorized_keys, authorization, authorized_keys2, differing key storage formats, etc.).
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4