OpenSSH implements the following specifications. Where versions
are noted, support for the corresponding specification was added
or removed in that OpenSSH version.
Specification
| Versions
| Description
|
RFC4255
(e)
|
| Using DNS to Securely Publish SSH Key Fingerprints (SSHFP)
|
RFC4256
(e)
|
| Generic Message Exchange Authentication (aka keyboard-interactive )
|
RFC4335
(e)
|
| SSH Session Channel Break Extension
|
RFC4344
|
| SSH Transport Layer Encryption Modes (aes128-ctr ,
aes192-ctr , aes256-ctr )
|
RFC4345
(e)
| 4.1-7.6
| Improved Arcfour Modes for the SSH Transport Layer Protocol
|
RFC4419
(e)
|
| Diffie-Hellman Group Exchange
|
RFC4462
(e)
|
| GSS-API Authentication and Key Exchange (only authentication implemented)
|
RFC4716
|
| SSH Public Key File Format (import and export via
ssh-keygen only).
|
RFC5656
(e)
|
| Elliptic Curve Algorithm Integration in SSH
|
RFC6594
(e)
| 6.1-
| SHA-256 SSHFP Resource Records
|
RFC6668
| 5.9-
| SHA-2 Data Integrity Algorithms (hmac-sha2-256 ,
hmac-sha2-512 )
|
RFC7479
(e)
| 6.5-
| ED25519 SSHFP Resource Records
|
RFC8160
| 7.3-
| IUTF8 Terminal Mode
|
RFC8270
(e)
| 7.1-
| Increase Diffie-Hellman Modulus Size
|
RFC8308
| 7.2-
| Extension Negotiation in the Secure Shell (SSH) Protocol
(ext-info-s , ext-info-c )
|
RFC8332
| 7.2-
| Use of RSA Keys with SHA-2 (rsa-sha2-256 ,
rsa-sha2-512 )
|
RFC8709
(e)
| 6.5-
| Ed25519 and Ed448 Public Key Algorithms (ssh-ed25519 only)
|
RFC8731
| 7.3-
| Key Exchange Method Using Curve25519 and Curve448
(curve25519-sha256 only)
|
Specification
| Versions
| Description
|
PROTOCOL
|
| An overview of all vendor extensions detailed below, and the
specifications of the following protocol extensions:
- SSH2 connection:
- SSH2 transport ciphers:
[email protected] ,
[email protected]
- SSH2 transport MACs:
[email protected] ,
[email protected] ,
[email protected] ,
[email protected] ,
[email protected] ,
[email protected] ,
[email protected] ,
[email protected]
- SFTP:
[email protected] ,
[email protected] , [email protected] ,
[email protected] , [email protected] ,
[email protected] , [email protected] ,
[email protected]
|
draft-miller-ssh-agent-04
|
| ssh-agent protocol ([email protected] )
|
PROTOCOL.certkeys
|
| [email protected] ,
[email protected] ,
[email protected] ,
[email protected] ,
[email protected] ,
[email protected] ,
[email protected] ,
[email protected] : new public
key algorithms supporting certificates.
|
PROTOCOL.chacha20poly1305
|
| [email protected] authenticated encryption mode.
|
PROTOCOL.key
|
| OpenSSH private key format (openssh-key-v1 ).
|
PROTOCOL.krl
|
| Key Revocation Lists for OpenSSH keys and certificates.
|
PROTOCOL.mux
|
| Multiplexing protocol used by ssh(1) ControlMaster connection-sharing.
|
draft-miller-secsh-umac-01
|
| Use of UMAC in SSH ([email protected] ,
[email protected] )
|
draft-miller-secsh-compression-delayed-00
|
| Delayed compression until after authentication
([email protected] )
|
[email protected]
|
| [email protected] key exchange method. This is
identical to curve25519-sha256 as later published in
RFC8731.
|
draft-kampanakis-curdle-pq-ssh-00
| 8.0-8.5
| Post-quantum public key algorithms
([email protected] )
|