Legal Notices | Privacy Policy
Site Map | Refund Policy
Copyright © 1995 -
VanDyke Software, Inc.
All rights reserved.

SecSh IETF Drafts

"Secsh" is the official Internet Engineering Task Force's (IETF) name for the IETF working group's draft protocol. Secsh is commonly known as Secure Shell or SSH. The SSH protocol has two generations: SSH, the initial draft protocol dating to 1995, which is now labeled SSH1, and SSH version 2, usually called SSH2, which was first published in 1998.

The core documents for SSH2 have been published as RFCs, or IETF proposed standards. The next step will be the core documents' adoption as internet standards. The extension drafts are in various stages of completion, with some moving through last call while active work continues on others.

If you are interested in reading the drafts, click on one of the links below. The original drafts and the most recent changes may be found at http://www.ietf.org/html.charters/secsh-charter.html in the Internet Drafts section.

SSH Core documents

The following proposed standards describe the main elements of the SSH protocol.

• SSH Protocol Architecture (RFC 4251)
  This document provides an overview of the SSH architecture including the "layers" of the protocol. If you're going to read about SSH, you should read this draft first.
• SSH Transport Layer Protocol (RFC 4253)
  The transport layer is the lowest layer of the protocol. It typically runs on top of TCP/IP. All other layers of the protocol run on top of the secure tunnel provided by this layer.
• SSH Authentication Protocol (RFC 4252)
  The next layer of protocol is the user authentication layer. This document describes mechanisms that the SSH server uses to authenticate users. The primary mechanisms described here include password and public-key authentication.
• SSH Connection Protocol (RFC 4254)
  The connection protocol is a layer that runs on top of the transport and authentication layers. This document describes how interactive terminal sessions are created as well as other operations such as remote command execution, forwarded/tunneled network connections.
• SSH Protocol Assigned Numbers (RFC 4250)
  The official list of IANA-assigned numbers used by SSH implementations.

SSH Extension drafts for Secure File Transfer

• SSH File Transfer Protocol
  Describes a protocol for secure file transfer and/or a secure, remote file system. This protocol is commonly referred to as "SFTP".

SSH Extension drafts related to Public-Key Authentication

• SSH Public Key File Format
  Documentation of a common file format for public keys. Its purpose is to facilitate the exchange of public keys between different SSH implementations.
• Secure Shell Authentication Agent Protocol
  Description of a single sign-on mechanism that works by forwarding various private key signing operations back to an "agent" that stores your private keys.
• SSH Public Key Subsystem
  The public-key subsystem is a mechanism that allows users to upload and manage their public keys on any SSH server without having to delve into server-specific details of where those keys should be stored.

Other SSH Extension drafts

• GSSAPI Authentication and Key Exchange for the Secure Shell Protocol
  Description of a mechanism for using the Generic Security Service Application Program Interface (GSS-API) for authentication and key exchange in SSH. Most commonly this is how Kerberos authentication is done with the SSH protocol.
• Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol
  A mechanism that describes how the SSH server can vary the cryptographic inputs used during Diffie-Hellman key exchange. Its purpose is to mitigate possible cryptographic attacks on the protocol.
• Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)
  Describes a user authentication method officially known as "keyboard-interactive". This allows the SSH server to authenticate users through a generic series of challenges and responses. A common use of this authentication method is to facilitate the use of Pluggable Authentication Modules (PAM) on many UNIX systems.
• Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
  Documentation of a method to publish SSH server host keys using Secure DNS.
• The Secure Shell (SSH) Transport Layer Encryption Modes
  Recommendations for SSH implementations that mitigate potential cryptographic attacks on the SSH protocol.
• Session Channel Break Extension
  Description of a mechanism to send a BREAK signal over an SSH terminal session.
• SCP/SFTP/SSH URI Format
  A specification of how ssh, sftp and scp URLs should look. For example: ssh://user@host:2222
• X.509 Authentication in SSH2
  The X.509 extension specifies how X.509 keys and signatures are used within the SSH2 protocol.
• Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol
  This document specifies methods of using the Arcfour cipher in the Secure Shell (SSH) protocol that mitigate the weakness of the cipher's key-scheduling algorithm.