Home | History | Annotate | Line # | Download | only in dist
PROTOCOL revision 1.1.1.2
      1 This documents OpenSSH's deviations and extensions to the published SSH
      2 protocol.
      3 
      4 Note that OpenSSH's sftp and sftp-server implement revision 3 of the SSH
      5 filexfer protocol described in:
      6 
      7 http://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt
      8 
      9 Newer versions of the draft will not be supported, though some features
     10 are individually implemented as extensions described below.
     11 
     12 The protocol used by OpenSSH's ssh-agent is described in the file
     13 PROTOCOL.agent
     14 
     15 1. transport: Protocol 2 MAC algorithm "umac-64 (a] openssh.com"
     16 
     17 This is a new transport-layer MAC method using the UMAC algorithm
     18 (rfc4418). This method is identical to the "umac-64" method documented
     19 in:
     20 
     21 http://www.openssh.com/txt/draft-miller-secsh-umac-01.txt
     22 
     23 2. transport: Protocol 2 compression algorithm "zlib (a] openssh.com"
     24 
     25 This transport-layer compression method uses the zlib compression
     26 algorithm (identical to the "zlib" method in rfc4253), but delays the
     27 start of compression until after authentication has completed. This
     28 avoids exposing compression code to attacks from unauthenticated users.
     29 
     30 The method is documented in:
     31 
     32 http://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt
     33 
     34 3. transport: New public key algorithms "ssh-rsa-cert-v00 (a] openssh.com" and
     35    "ssh-dsa-cert-v00 (a] openssh.com"
     36 
     37 OpenSSH introduces two new public key algorithms to support certificate
     38 authentication for users and hostkeys. These methods are documented in
     39 the file PROTOCOL.certkeys
     40 
     41 4. connection: Channel write close extension "eow (a] openssh.com"
     42 
     43 The SSH connection protocol (rfc4254) provides the SSH_MSG_CHANNEL_EOF
     44 message to allow an endpoint to signal its peer that it will send no
     45 more data over a channel. Unfortunately, there is no symmetric way for
     46 an endpoint to request that its peer should cease sending data to it
     47 while still keeping the channel open for the endpoint to send data to
     48 the peer.
     49 
     50 This is desirable, since it saves the transmission of data that would
     51 otherwise need to be discarded and it allows an endpoint to signal local
     52 processes of the condition, e.g. by closing the corresponding file
     53 descriptor.
     54 
     55 OpenSSH implements a channel extension message to perform this
     56 signalling: "eow (a] openssh.com" (End Of Write). This message is sent by
     57 an endpoint when the local output of a session channel is closed or
     58 experiences a write error. The message is formatted as follows:
     59 
     60 	byte		SSH_MSG_CHANNEL_REQUEST
     61 	uint32		recipient channel
     62 	string		"eow (a] openssh.com"
     63 	boolean		FALSE
     64 
     65 On receiving this message, the peer SHOULD cease sending data of
     66 the channel and MAY signal the process from which the channel data
     67 originates (e.g. by closing its read file descriptor).
     68 
     69 As with the symmetric SSH_MSG_CHANNEL_EOF message, the channel does
     70 remain open after a "eow (a] openssh.com" has been sent and more data may
     71 still be sent in the other direction. This message does not consume
     72 window space and may be sent even if no window space is available.
     73 
     74 NB. due to certain broken SSH implementations aborting upon receipt
     75 of this message (in contravention of RFC4254 section 5.4), this
     76 message is only sent to OpenSSH peers (identified by banner).
     77 Other SSH implementations may be whitelisted to receive this message
     78 upon request.
     79 
     80 5. connection: disallow additional sessions extension
     81    "no-more-sessions (a] openssh.com"
     82 
     83 Most SSH connections will only ever request a single session, but a
     84 attacker may abuse a running ssh client to surreptitiously open
     85 additional sessions under their control. OpenSSH provides a global
     86 request "no-more-sessions (a] openssh.com" to mitigate this attack.
     87 
     88 When an OpenSSH client expects that it will never open another session
     89 (i.e. it has been started with connection multiplexing disabled), it
     90 will send the following global request:
     91 
     92 	byte		SSH_MSG_GLOBAL_REQUEST
     93 	string		"no-more-sessions (a] openssh.com"
     94 	char		want-reply
     95 
     96 On receipt of such a message, an OpenSSH server will refuse to open
     97 future channels of type "session" and instead immediately abort the
     98 connection.
     99 
    100 Note that this is not a general defence against compromised clients
    101 (that is impossible), but it thwarts a simple attack.
    102 
    103 NB. due to certain broken SSH implementations aborting upon receipt
    104 of this message, the no-more-sessions request is only sent to OpenSSH
    105 servers (identified by banner). Other SSH implementations may be
    106 whitelisted to receive this message upon request.
    107 
    108 6. connection: Tunnel forward extension "tun (a] openssh.com"
    109 
    110 OpenSSH supports layer 2 and layer 3 tunnelling via the "tun (a] openssh.com"
    111 channel type. This channel type supports forwarding of network packets
    112 with datagram boundaries intact between endpoints equipped with 
    113 interfaces like the BSD tun(4) device. Tunnel forwarding channels are
    114 requested by the client with the following packet:
    115 
    116 	byte		SSH_MSG_CHANNEL_OPEN
    117 	string		"tun (a] openssh.com"
    118 	uint32		sender channel
    119 	uint32		initial window size
    120 	uint32		maximum packet size
    121 	uint32		tunnel mode
    122 	uint32		remote unit number
    123 
    124 The "tunnel mode" parameter specifies whether the tunnel should forward
    125 layer 2 frames or layer 3 packets. It may take one of the following values:
    126 
    127 	SSH_TUNMODE_POINTOPOINT  1		/* layer 3 packets */
    128 	SSH_TUNMODE_ETHERNET     2		/* layer 2 frames */
    129 
    130 The "tunnel unit number" specifies the remote interface number, or may
    131 be 0x7fffffff to allow the server to automatically chose an interface. A
    132 server that is not willing to open a client-specified unit should refuse
    133 the request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful
    134 open, the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS.
    135 
    136 Once established the client and server may exchange packet or frames
    137 over the tunnel channel by encapsulating them in SSH protocol strings
    138 and sending them as channel data. This ensures that packet boundaries
    139 are kept intact. Specifically, packets are transmitted using normal
    140 SSH_MSG_CHANNEL_DATA packets:
    141 
    142 	byte		SSH_MSG_CHANNEL_DATA
    143 	uint32		recipient channel
    144 	string		data
    145 
    146 The contents of the "data" field for layer 3 packets is:
    147 
    148 	uint32			packet length
    149 	uint32			address family
    150 	byte[packet length - 4]	packet data
    151 
    152 The "address family" field identifies the type of packet in the message.
    153 It may be one of:
    154 
    155 	SSH_TUN_AF_INET		2		/* IPv4 */
    156 	SSH_TUN_AF_INET6	24		/* IPv6 */
    157 
    158 The "packet data" field consists of the IPv4/IPv6 datagram itself
    159 without any link layer header.
    160 
    161 The contents of the "data" field for layer 2 packets is:
    162 
    163 	uint32			packet length
    164 	byte[packet length]	frame
    165 
    166 The "frame" field contains an IEEE 802.3 Ethernet frame, including
    167 header.
    168 
    169 7. sftp: Reversal of arguments to SSH_FXP_SYMLINK
    170 
    171 When OpenSSH's sftp-server was implemented, the order of the arguments
    172 to the SSH_FXP_SYMLINK method was inadvertently reversed. Unfortunately,
    173 the reversal was not noticed until the server was widely deployed. Since
    174 fixing this to follow the specification would cause incompatibility, the
    175 current order was retained. For correct operation, clients should send
    176 SSH_FXP_SYMLINK as follows:
    177 
    178 	uint32		id
    179 	string		targetpath
    180 	string		linkpath
    181 
    182 8. sftp: Server extension announcement in SSH_FXP_VERSION
    183 
    184 OpenSSH's sftp-server lists the extensions it supports using the
    185 standard extension announcement mechanism in the SSH_FXP_VERSION server
    186 hello packet:
    187 
    188 	uint32		3		/* protocol version */
    189 	string		ext1-name
    190 	string		ext1-version
    191 	string		ext2-name
    192 	string		ext2-version
    193 	...
    194 	string		extN-name
    195 	string		extN-version
    196 
    197 Each extension reports its integer version number as an ASCII encoded
    198 string, e.g. "1". The version will be incremented if the extension is
    199 ever changed in an incompatible way. The server MAY advertise the same
    200 extension with multiple versions (though this is unlikely). Clients MUST
    201 check the version number before attempting to use the extension.
    202 
    203 9. sftp: Extension request "posix-rename (a] openssh.com"
    204 
    205 This operation provides a rename operation with POSIX semantics, which
    206 are different to those provided by the standard SSH_FXP_RENAME in
    207 draft-ietf-secsh-filexfer-02.txt. This request is implemented as a
    208 SSH_FXP_EXTENDED request with the following format:
    209 
    210 	uint32		id
    211 	string		"posix-rename (a] openssh.com"
    212 	string		oldpath
    213 	string		newpath
    214 
    215 On receiving this request the server will perform the POSIX operation
    216 rename(oldpath, newpath) and will respond with a SSH_FXP_STATUS message.
    217 This extension is advertised in the SSH_FXP_VERSION hello with version
    218 "1".
    219 
    220 10. sftp: Extension requests "statvfs (a] openssh.com" and
    221          "fstatvfs (a] openssh.com"
    222 
    223 These requests correspond to the statvfs and fstatvfs POSIX system
    224 interfaces. The "statvfs (a] openssh.com" request operates on an explicit
    225 pathname, and is formatted as follows:
    226 
    227 	uint32		id
    228 	string		"statvfs (a] openssh.com"
    229 	string		path
    230 
    231 The "fstatvfs (a] openssh.com" operates on an open file handle:
    232 
    233 	uint32		id
    234 	string		"fstatvfs (a] openssh.com"
    235 	string		handle
    236 
    237 These requests return a SSH_FXP_STATUS reply on failure. On success they
    238 return the following SSH_FXP_EXTENDED_REPLY reply:
    239 
    240 	uint32		id
    241 	uint64		f_bsize		/* file system block size */
    242 	uint64		f_frsize	/* fundamental fs block size */
    243 	uint64		f_blocks	/* number of blocks (unit f_frsize) */
    244 	uint64		f_bfree		/* free blocks in file system */
    245 	uint64		f_bavail	/* free blocks for non-root */
    246 	uint64		f_files		/* total file inodes */
    247 	uint64		f_ffree		/* free file inodes */
    248 	uint64		f_favail	/* free file inodes for to non-root */
    249 	uint64		f_fsid		/* file system id */
    250 	uint64		f_flag		/* bit mask of f_flag values */
    251 	uint64		f_namemax	/* maximum filename length */
    252 
    253 The values of the f_flag bitmask are as follows:
    254 
    255 	#define SSH_FXE_STATVFS_ST_RDONLY	0x1	/* read-only */
    256 	#define SSH_FXE_STATVFS_ST_NOSUID	0x2	/* no setuid */
    257 
    258 Both the "statvfs (a] openssh.com" and "fstatvfs (a] openssh.com" extensions are
    259 advertised in the SSH_FXP_VERSION hello with version "2".
    260 
    261 $OpenBSD: PROTOCOL,v 1.15 2010/02/26 20:29:54 djm Exp $
    262