datatracker.ietf.org
Sign in
Version 5.3.0, 2014-04-12
Report a bug

The Secure Shell (SSH) Protocol Architecture
RFC 4251

Document type: RFC - Proposed Standard (January 2006)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html
IETF State: WG Document
Consensus: Unknown
Document shepherd: No shepherd assigned
IESG State: RFC 4251 (Proposed Standard)
Responsible AD: Russ Housley
Send notices to: <sommerfeld@sun.com>
Email Authors | IPR Disclosures | References | Referenced By | Check nits | History feed | Search Mailing Lists 
Network Working Group                                          T. Ylonen
Request for Comments: 4251              SSH Communications Security Corp
Category: Standards Track                                C. Lonvick, Ed.
                                                     Cisco Systems, Inc.
                                                            January 2006

              The Secure Shell (SSH) Protocol Architecture

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   The Secure Shell (SSH) Protocol is a protocol for secure remote login
   and other secure network services over an insecure network.  This
   document describes the architecture of the SSH protocol, as well as
   the notation and terminology used in SSH protocol documents.  It also
   discusses the SSH algorithm naming system that allows local
   extensions.  The SSH protocol consists of three major components: The
   Transport Layer Protocol provides server authentication,
   confidentiality, and integrity with perfect forward secrecy.  The
   User Authentication Protocol authenticates the client to the server.
   The Connection Protocol multiplexes the encrypted tunnel into several
   logical channels.  Details of these protocols are described in
   separate documents.

Ylonen & Lonvick            Standards Track                     [Page 1]
RFC 4251               SSH Protocol Architecture            January 2006

Table of Contents

   1. Introduction ....................................................3
   2. Contributors ....................................................3
   3. Conventions Used in This Document ...............................4
   4. Architecture ....................................................4
      4.1. Host Keys ..................................................4
      4.2. Extensibility ..............................................6
      4.3. Policy Issues ..............................................6
      4.4. Security Properties ........................................7
      4.5. Localization and Character Set Support .....................7
   5. Data Type Representations Used in the SSH Protocols .............8
   6. Algorithm and Method Naming ....................................10
   7. Message Numbers ................................................11
   8. IANA Considerations ............................................12
   9. Security Considerations ........................................13
      9.1. Pseudo-Random Number Generation ...........................13
      9.2. Control Character Filtering ...............................14
      9.3. Transport .................................................14
           9.3.1. Confidentiality ....................................14
           9.3.2. Data Integrity .....................................16
           9.3.3. Replay .............................................16
           9.3.4. Man-in-the-middle ..................................17
           9.3.5. Denial of Service ..................................19
           9.3.6. Covert Channels ....................................20
           9.3.7. Forward Secrecy ....................................20
           9.3.8. Ordering of Key Exchange Methods ...................20
           9.3.9. Traffic Analysis ...................................21
      9.4. Authentication Protocol ...................................21
           9.4.1. Weak Transport .....................................21
           9.4.2. Debug Messages .....................................22
           9.4.3. Local Security Policy ..............................22
           9.4.4. Public Key Authentication ..........................23
           9.4.5. Password Authentication ............................23
           9.4.6. Host-Based Authentication ..........................23
      9.5. Connection Protocol .......................................24
           9.5.1. End Point Security .................................24
           9.5.2. Proxy Forwarding ...................................24
           9.5.3. X11 Forwarding .....................................24
   10. References ....................................................26
      10.1. Normative References .....................................26
      10.2. Informative References ...................................26
   Authors' Addresses ................................................29
   Trademark Notice ..................................................29

[include full document text]