The Secure Shell (SSH) Connection Protocol
RFC 4254
Document Type RFC - Proposed Standard (January 2006; Errata)
Updated by RFC 8308
Last updated 2020-01-21
Stream IETF
Formats plain text html pdf htmlized with errata bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state RFC 4254 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to (None)
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                          T. Ylonen
Request for Comments: 4254              SSH Communications Security Corp
Category: Standards Track                                C. Lonvick, Ed.
                                                     Cisco Systems, Inc.
                                                            January 2006

               The Secure Shell (SSH) Connection Protocol

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).

Abstract

   Secure Shell (SSH) is a protocol for secure remote login and other
   secure network services over an insecure network.

   This document describes the SSH Connection Protocol.  It provides
   interactive login sessions, remote execution of commands, forwarded
   TCP/IP connections, and forwarded X11 connections.  All of these
   channels are multiplexed into a single encrypted tunnel.

   The SSH Connection Protocol has been designed to run on top of the
   SSH transport layer and user authentication protocols.

Ylonen & Lonvick            Standards Track                     [Page 1]
RFC 4254                SSH Connection Protocol             January 2006

Table of Contents

   1. Introduction ....................................................2
   2. Contributors ....................................................3
   3. Conventions Used in This Document ...............................3
   4. Global Requests .................................................4
   5. Channel Mechanism ...............................................5
      5.1. Opening a Channel ..........................................5
      5.2. Data Transfer ..............................................7
      5.3. Closing a Channel ..........................................9
      5.4. Channel-Specific Requests ..................................9
   6. Interactive Sessions ...........................................10
      6.1. Opening a Session .........................................10
      6.2. Requesting a Pseudo-Terminal ..............................11
      6.3. X11 Forwarding ............................................11
           6.3.1. Requesting X11 Forwarding ..........................11
           6.3.2. X11 Channels .......................................12
      6.4. Environment Variable Passing ..............................12
      6.5. Starting a Shell or a Command .............................13
      6.6. Session Data Transfer .....................................14
      6.7. Window Dimension Change Message ...........................14
      6.8. Local Flow Control ........................................14
      6.9. Signals ...................................................15
      6.10. Returning Exit Status ....................................15
   7. TCP/IP Port Forwarding .........................................16
      7.1. Requesting Port Forwarding ................................16
      7.2. TCP/IP Forwarding Channels ................................18
   8. Encoding of Terminal Modes .....................................19
   9. Summary of Message Numbers .....................................21
   10. IANA Considerations ...........................................21
   11. Security Considerations .......................................21
   12. References ....................................................22
      12.1. Normative References .....................................22
      12.2. Informative References ...................................22
   Authors' Addresses ................................................23
   Trademark Notice ..................................................23

1.  Introduction

   The SSH Connection Protocol has been designed to run on top of the
   SSH transport layer and user authentication protocols ([SSH-TRANS]
   and [SSH-USERAUTH]).  It provides interactive login sessions, remote
   execution of commands, forwarded TCP/IP connections, and forwarded
   X11 connections.

   The 'service name' for this protocol is "ssh-connection".

Ylonen & Lonvick            Standards Track                     [Page 2]
RFC 4254                SSH Connection Protocol             January 2006

   This document should be read only after reading the SSH architecture
   document [SSH-ARCH].  This document freely uses terminology and
   notation from the architecture document without reference or further
   explanation.

2.  Contributors

   The major original contributors of this set of documents have been:
   Tatu Ylonen, Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH
   Communications Security Corp), and Markku-Juhani O. Saarinen
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools