1This documents OpenSSH's deviations and extensions to the published SSH 2protocol. 3 4Note that OpenSSH's sftp and sftp-server implement revision 3 of the SSH 5filexfer protocol described in: 6 7http://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt 8 9Newer versions of the draft will not be supported, though some features 10are individually implemented as extensions described below. 11 12The protocol used by OpenSSH's ssh-agent is described in the file 13PROTOCOL.agent 14 151. transport: Protocol 2 MAC algorithm "umac-64@openssh.com" 16 17This is a new transport-layer MAC method using the UMAC algorithm 18(rfc4418). This method is identical to the "umac-64" method documented 19in: 20 21http://www.openssh.com/txt/draft-miller-secsh-umac-01.txt 22 232. transport: Protocol 2 compression algorithm "zlib@openssh.com" 24 25This transport-layer compression method uses the zlib compression 26algorithm (identical to the "zlib" method in rfc4253), but delays the 27start of compression until after authentication has completed. This 28avoids exposing compression code to attacks from unauthenticated users. 29 30The method is documented in: 31 32http://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt 33 343. transport: New public key algorithms "ssh-rsa-cert-v00@openssh.com" and 35 "ssh-dsa-cert-v00@openssh.com" 36 37OpenSSH introduces two new public key algorithms to support certificate 38authentication for users and hostkeys. These methods are documented in 39the file PROTOCOL.certkeys 40 414. connection: Channel write close extension "eow@openssh.com" 42 43The SSH connection protocol (rfc4254) provides the SSH_MSG_CHANNEL_EOF 44message to allow an endpoint to signal its peer that it will send no 45more data over a channel. Unfortunately, there is no symmetric way for 46an endpoint to request that its peer should cease sending data to it 47while still keeping the channel open for the endpoint to send data to 48the peer. 49 50This is desirable, since it saves the transmission of data that would 51otherwise need to be discarded and it allows an endpoint to signal local 52processes of the condition, e.g. by closing the corresponding file 53descriptor. 54 55OpenSSH implements a channel extension message to perform this 56signalling: "eow@openssh.com" (End Of Write). This message is sent by 57an endpoint when the local output of a session channel is closed or 58experiences a write error. The message is formatted as follows: 59 60 byte SSH_MSG_CHANNEL_REQUEST 61 uint32 recipient channel 62 string "eow@openssh.com" 63 boolean FALSE 64 65On receiving this message, the peer SHOULD cease sending data of 66the channel and MAY signal the process from which the channel data 67originates (e.g. by closing its read file descriptor). 68 69As with the symmetric SSH_MSG_CHANNEL_EOF message, the channel does 70remain open after a "eow@openssh.com" has been sent and more data may 71still be sent in the other direction. This message does not consume 72window space and may be sent even if no window space is available. 73 74NB. due to certain broken SSH implementations aborting upon receipt 75of this message (in contravention of RFC4254 section 5.4), this 76message is only sent to OpenSSH peers (identified by banner). 77Other SSH implementations may be whitelisted to receive this message 78upon request. 79 805. connection: disallow additional sessions extension 81 "no-more-sessions@openssh.com" 82 83Most SSH connections will only ever request a single session, but a 84attacker may abuse a running ssh client to surreptitiously open 85additional sessions under their control. OpenSSH provides a global 86request "no-more-sessions@openssh.com" to mitigate this attack. 87 88When an OpenSSH client expects that it will never open another session 89(i.e. it has been started with connection multiplexing disabled), it 90will send the following global request: 91 92 byte SSH_MSG_GLOBAL_REQUEST 93 string "no-more-sessions@openssh.com" 94 char want-reply 95 96On receipt of such a message, an OpenSSH server will refuse to open 97future channels of type "session" and instead immediately abort the 98connection. 99 100Note that this is not a general defence against compromised clients 101(that is impossible), but it thwarts a simple attack. 102 103NB. due to certain broken SSH implementations aborting upon receipt 104of this message, the no-more-sessions request is only sent to OpenSSH 105servers (identified by banner). Other SSH implementations may be 106whitelisted to receive this message upon request. 107 1086. connection: Tunnel forward extension "tun@openssh.com" 109 110OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" 111channel type. This channel type supports forwarding of network packets 112with datagram boundaries intact between endpoints equipped with 113interfaces like the BSD tun(4) device. Tunnel forwarding channels are 114requested by the client with the following packet: 115 116 byte SSH_MSG_CHANNEL_OPEN 117 string "tun@openssh.com" 118 uint32 sender channel 119 uint32 initial window size 120 uint32 maximum packet size 121 uint32 tunnel mode 122 uint32 remote unit number 123 124The "tunnel mode" parameter specifies whether the tunnel should forward 125layer 2 frames or layer 3 packets. It may take one of the following values: 126 127 SSH_TUNMODE_POINTOPOINT 1 /* layer 3 packets */ 128 SSH_TUNMODE_ETHERNET 2 /* layer 2 frames */ 129 130The "tunnel unit number" specifies the remote interface number, or may 131be 0x7fffffff to allow the server to automatically chose an interface. A 132server that is not willing to open a client-specified unit should refuse 133the request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful 134open, the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS. 135 136Once established the client and server may exchange packet or frames 137over the tunnel channel by encapsulating them in SSH protocol strings 138and sending them as channel data. This ensures that packet boundaries 139are kept intact. Specifically, packets are transmitted using normal 140SSH_MSG_CHANNEL_DATA packets: 141 142 byte SSH_MSG_CHANNEL_DATA 143 uint32 recipient channel 144 string data 145 146The contents of the "data" field for layer 3 packets is: 147 148 uint32 packet length 149 uint32 address family 150 byte[packet length - 4] packet data 151 152The "address family" field identifies the type of packet in the message. 153It may be one of: 154 155 SSH_TUN_AF_INET 2 /* IPv4 */ 156 SSH_TUN_AF_INET6 24 /* IPv6 */ 157 158The "packet data" field consists of the IPv4/IPv6 datagram itself 159without any link layer header. 160 161The contents of the "data" field for layer 2 packets is: 162 163 uint32 packet length 164 byte[packet length] frame 165 166The "frame" field contains an IEEE 802.3 Ethernet frame, including 167header. 168 1697. sftp: Reversal of arguments to SSH_FXP_SYMLINK 170 171When OpenSSH's sftp-server was implemented, the order of the arguments 172to the SSH_FXP_SYMLINK method was inadvertently reversed. Unfortunately, 173the reversal was not noticed until the server was widely deployed. Since 174fixing this to follow the specification would cause incompatibility, the 175current order was retained. For correct operation, clients should send 176SSH_FXP_SYMLINK as follows: 177 178 uint32 id 179 string targetpath 180 string linkpath 181 1828. sftp: Server extension announcement in SSH_FXP_VERSION 183 184OpenSSH's sftp-server lists the extensions it supports using the 185standard extension announcement mechanism in the SSH_FXP_VERSION server 186hello packet: 187 188 uint32 3 /* protocol version */ 189 string ext1-name 190 string ext1-version 191 string ext2-name 192 string ext2-version 193 ... 194 string extN-name 195 string extN-version 196 197Each extension reports its integer version number as an ASCII encoded 198string, e.g. "1". The version will be incremented if the extension is 199ever changed in an incompatible way. The server MAY advertise the same 200extension with multiple versions (though this is unlikely). Clients MUST 201check the version number before attempting to use the extension. 202 2039. sftp: Extension request "posix-rename@openssh.com" 204 205This operation provides a rename operation with POSIX semantics, which 206are different to those provided by the standard SSH_FXP_RENAME in 207draft-ietf-secsh-filexfer-02.txt. This request is implemented as a 208SSH_FXP_EXTENDED request with the following format: 209 210 uint32 id 211 string "posix-rename@openssh.com" 212 string oldpath 213 string newpath 214 215On receiving this request the server will perform the POSIX operation 216rename(oldpath, newpath) and will respond with a SSH_FXP_STATUS message. 217This extension is advertised in the SSH_FXP_VERSION hello with version 218"1". 219 22010. sftp: Extension requests "statvfs@openssh.com" and 221 "fstatvfs@openssh.com" 222 223These requests correspond to the statvfs and fstatvfs POSIX system 224interfaces. The "statvfs@openssh.com" request operates on an explicit 225pathname, and is formatted as follows: 226 227 uint32 id 228 string "statvfs@openssh.com" 229 string path 230 231The "fstatvfs@openssh.com" operates on an open file handle: 232 233 uint32 id 234 string "fstatvfs@openssh.com" 235 string handle 236 237These requests return a SSH_FXP_STATUS reply on failure. On success they 238return the following SSH_FXP_EXTENDED_REPLY reply: 239 240 uint32 id 241 uint64 f_bsize /* file system block size */ 242 uint64 f_frsize /* fundamental fs block size */ 243 uint64 f_blocks /* number of blocks (unit f_frsize) */ 244 uint64 f_bfree /* free blocks in file system */ 245 uint64 f_bavail /* free blocks for non-root */ 246 uint64 f_files /* total file inodes */ 247 uint64 f_ffree /* free file inodes */ 248 uint64 f_favail /* free file inodes for to non-root */ 249 uint64 f_fsid /* file system id */ 250 uint64 f_flag /* bit mask of f_flag values */ 251 uint64 f_namemax /* maximum filename length */ 252 253The values of the f_flag bitmask are as follows: 254 255 #define SSH_FXE_STATVFS_ST_RDONLY 0x1 /* read-only */ 256 #define SSH_FXE_STATVFS_ST_NOSUID 0x2 /* no setuid */ 257 258Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are 259advertised in the SSH_FXP_VERSION hello with version "2". 260 261$OpenBSD: PROTOCOL,v 1.15 2010/02/26 20:29:54 djm Exp $ 262