| SSH, Secure Shell |
|
|
Description | Glossary | RFCs | Publications | Obsolete RFCs |
| Protocol suite: | TCP/IP. |
| Protocol type: | Application layer protocol. |
| Port: | 22 (TCP). |
| MIME subtype: | |
| SNMP MIBs: | |
| Working groups: | secsh, Secure Shell. |
| Links: |
OpenSSH SSH |
SSH is a protocol for secure remote login and other secure network services over an insecure network. It consists of three major components:
- The Transport Layer Protocol provides server authentication, confidentiality, and integrity. It may optionally also provide compression. The transport layer will typically be run over a TCP/IP connection, but might also be used on top of any other reliable data stream.
- The User Authentication Protocol authenticates the client-side user to the server. It runs over the transport layer protocol.
- The Connection Protocol multiplexes the encrypted tunnel into several logical channels. It runs over the user authentication protocol.
The client sends a service request once a secure transport layer connection has been established. A second service request is sent after user authentication is complete. This allows new protocols to be defined and coexist with the protocols listed above.
The connection protocol provides channels that can be used for a wide range of purposes. Standard methods are provided for setting up secure interactive shell sessions and for forwarding ("tunneling") arbitrary TCP/IP ports and X11 connections.
| MAC header | IP header | TCP header | SSH message ::: |
SSH message:
| Message | Description | References |
|---|---|---|
| 30 | SSH_MSG_KEXRSA_PUBKEY | RFC 4432 |
| 31 | SSH_MSG_KEXRSA_SECRET | RFC 4432 |
| 32 | SSH_MSG_KEXRSA_DONE | RFC 4432 |
RFCs:
[RFC 4250] The Secure Shell (SSH) Protocol Assigned Numbers.
[RFC 4251] The Secure Shell (SSH) Protocol Architecture.
[RFC 4252] The Secure Shell (SSH) Authentication Protocol.
[RFC 4253] The Secure Shell (SSH) Transport Layer Protocol.
[RFC 4254] The Secure Shell (SSH) Connection Protocol.
[RFC 4256] Generic Message Exchange Authentication for the Secure Shell Protocol (SSH).
[RFC 4335] The Secure Shell (SSH) Session Channel Break Extension.
[RFC 4344] The Secure Shell (SSH) Transport Layer Encryption Modes.
[RFC 4345] Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol.
[RFC 4419] Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol.
[RFC 4432] RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol.
[RFC 4462] Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol.
|
|
Description | Glossary | RFCs | Publications | Obsolete RFCs |