path: root/PROTOCOL
AgeCommit message (Collapse)Author
2018-10-02upstream: mention for sending
OpenBSD-Commit-ID: 132471eeb0df658210afd27852fe65131b26e900
OpenBSD-Commit-ID: 40d839db0977b4e7ac8b647b16d5411d4faf2f60
2018-08-10upstream: Describe pubkey format, prompted by
While I'm here, describe and link to the remaining local PROTOCOL.* docs that weren't already mentioned (PROTOCOL.key, PROTOCOL.krl and PROTOCOL.mux) OpenBSD-Commit-ID: 2a900f9b994ba4d53e7aeb467d44d75829fd1231
2018-08-10upstream: fix
OpenBSD-Commit-ID: bc7a1764dff23fa4c5ff0e3379c9c4d5b63c9596
2018-02-23upstream: emphasise that the hostkey rotation may send key
that the client may not support, and that the client should simply disregard such keys (this is what ssh does already). OpenBSD-Commit-ID: 65f8ffbc32ac8d12be8f913d7c0ea55bef8622bf
fix references to obsolete v00 cert format; spotted by Jakub Jelen Upstream-ID: 7600ce193ab8fd19451acfe24fc2eb39d46b2c4f
2016-10-21Update links to https.Darren Tucker now supports https and no longer supports ftp. Make all links to these https.
We accidentally send an empty string and a zero uint32 with every channel open, in contravention of our own spec. Fixing this is too hard wrt existing versions that expect these fields to be present and fatal() if they aren't, so document them as "reserved" fields in the PROTOCOL spec as though we always intended this and let us never speak of it again. bz#2529, reported by Ron Frederick Upstream-ID: 34cd326a4d236ca6e39084c4ff796bd97ab833e7
2015-07-17upstream Unix domain foward messages do not contain a "reserved for future use" field and in fact, serverloop.c checks that there isn't one. Remove erroneous mention from PROTOCOL description. bz#2421 from Daniel Black Upstream-ID: 3d51a19e64f72f764682f1b08f35a8aa810a43ac
whitespace at EOL
UpdateHostKeys fixes: I accidentally changed the format of the messages last week without changing the extension name, and this has been causing connection failures for people who are running -current. First reported by sthen@ s/ Change the name of the proof message too, and reorder it a little. Also, UpdateHostKeys=ask is incompatible with ControlPersist (no TTY available to read the response) so disable UpdateHostKeys if it is in ask mode and ControlPersist is active (and document this)
Revise hostkey learning extension. The client will not ask the server to prove ownership of the private halves of any hitherto-unseen hostkeys it offers to the client. Allow UpdateHostKeys option to take an 'ask' argument to let the user manually review keys offered. ok markus@
Host key rotation support. Add a protocol extension (global request) for a server to inform a client of all its available host key after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default on). ok markus@
2014-07-18 - 2014/07/15 15:54:14Damien Miller
[PROTOCOL auth-options.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c] [auth-rsa.c auth.c auth1.c auth2-hostbased.c auth2-kbdint.c auth2-none.c] [auth2-passwd.c auth2-pubkey.c auth2.c canohost.c channels.c channels.h] [clientloop.c misc.c misc.h monitor.c mux.c packet.c readconf.c] [readconf.h servconf.c servconf.h serverloop.c session.c ssh-agent.c] [ssh.c ssh_config.5 sshconnect.c sshconnect1.c sshconnect2.c sshd.c] [sshd_config.5 sshlogin.c] Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: OK djm@ markus@
2013-12-05 - 2013/12/01 23:19:05Damien Miller
[PROTOCOL] mention key exchange algorithm
2013-11-21 - 2013/11/21 00:45:44Damien Miller
[ PROTOCOL PROTOCOL.chacha20poly1305 authfile.c chacha.c] [chacha.h cipher-chachapoly.c cipher-chachapoly.h cipher.c cipher.h] [dh.c myproposal.h packet.c poly1305.c poly1305.h servconf.c ssh.1] [ssh.c ssh_config.5 sshd_config.5] Add a new protocol 2 transport cipher "" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Inspired by and similar to Adam Langley's proposal for TLS: but differs in layout used for the MAC calculation and the use of a second ChaCha20 instance to separately encrypt packet lengths. Details are in the PROTOCOL.chacha20poly1305 file. Feedback markus@, naddy@; manpage bits Loganden Velvindron @ AfriNIC ok markus@ naddy@
2013-10-17 - 2013/10/17 00:30:13Damien Miller
[PROTOCOL sftp-client.c sftp-client.h sftp-server.c sftp.1 sftp.c] protocol extension for sftp-server client support to allow calling fsync() faster successful transfer patch mostly by imorgan AT; bz#1798 "fine" markus@ "grumble OK" deraadt@ "doesn't sound bad to me" millert@
2013-01-09 - 2013/01/08 18:49:04Damien Miller
[PROTOCOL authfile.c cipher.c cipher.h kex.c kex.h monitor_wrap.c] [myproposal.h packet.c ssh_config.5 sshd_config.5] support AES-GCM as defined in RFC 5647 (but with simpler KEX handling) ok and feedback djm@
2013-01-09 - 2013/01/03 12:49:01Damien Miller
[PROTOCOL] fix description of MAC calculation for EtM modes; ok markus@
2012-12-12 - 2012/12/11 22:31:18Damien Miller
[PROTOCOL authfile.c cipher.c cipher.h kex.h mac.c myproposal.h] [packet.c ssh_config.5 sshd_config.5] add encrypt-then-mac (EtM) modes to openssh by defining new mac algorithms that change the packet format and compute the MAC over the encrypted message (including the packet size) instead of the plaintext data; these EtM modes are considered more secure and used by default. feedback and ok djm@
2010-12-05 - 2010/12/04 00:18:01Darren Tucker
[sftp-server.c sftp.1 sftp-client.h sftp.c PROTOCOL sftp-client.c] add a protocol extension to support a hard link operation. It is available through the "ln" command in the client. The old "ln" behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command; based on a patch from miklos AT in bz#1555; ok markus@
2010-08-31 - 2010/08/31 11:54:45Damien Miller
[PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
2010-02-27 - OpenBSD CVS SyncDamien Miller
- 2010/02/26 20:29:54 [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys addrmatch.c auth-options.c] [auth-options.h auth.h auth2-pubkey.c authfd.c dns.c dns.h hostfile.c] [hostfile.h kex.h kexdhs.c kexgexs.c key.c key.h match.h monitor.c] [myproposal.h servconf.c servconf.h ssh-add.c ssh-agent.c ssh-dss.c] [ssh-keygen.1 ssh-keygen.c ssh-rsa.c ssh.1 ssh.c ssh2.h sshconnect.c] [sshconnect2.c sshd.8 sshd.c sshd_config.5] Add support for certificate key types for users and hosts. OpenSSH certificate key types are not X.509 certificates, but a much simpler format that encodes a public key, identity information and some validity constraints and signs it with a CA key. CA keys are regular SSH keys. This certificate style avoids the attack surface of X.509 certificates and is very easy to deploy. Certified host keys allow automatic acceptance of new host keys when a CA certificate is marked as sh/known_hosts. see VERIFYING HOST KEYS in ssh(1) for details. Certified user keys allow authentication of users when the signing CA key is marked as trusted in authorized_keys. See "AUTHORIZED_KEYS FILE FORMAT" in sshd(8) for details. Certificates are minted using ssh-keygen(1), documentation is in the "CERTIFICATES" section of that manpage. Documentation on the format of certificates is in the file PROTOCOL.certkeys feedback and ok markus@
2010-01-09 - 2010/01/09 00:57:10Darren Tucker
[PROTOCOL] tweak language
2010-01-08 - 2009/12/20 23:20:40Darren Tucker
[PROTOCOL] fix an incorrect magic number and typo in PROTOCOL; bz#1688 report and fix from ueno AT
2009-02-14 - 2009/02/14 06:35:49Damien Miller
[PROTOCOL] mention that eow and no-more-sessions extensions are sent only to OpenSSH peers
2008-07-05 - 2008/07/05 05:16:01Damien Miller
[PROTOCOL] grammar
2008-07-02 - 2008/06/30 12:18:34Darren Tucker
[PROTOCOL] clarify that is only sent on session channels
2008-06-30 - 2008/06/28 14:08:30Damien Miller
[PROTOCOL PROTOCOL.agent] document the protocol used by ssh-agent; "looks ok" markus@
2008-06-30 - 2008/06/28 07:25:07Damien Miller
[PROTOCOL] spelling fixes
2008-06-13 - 2008/06/12 05:15:41Darren Tucker
[PROTOCOL] document forwarding method
2008-06-11 - 2008/06/10 22:15:23Darren Tucker
[PROTOCOL ssh.c serverloop.c] Add a global request extension that the client sends when it knows that it will never request another session (i.e. when session multiplexing is disabled). This allows a server to disallow further session requests and terminate the session. Why would a non-multiplexing client ever issue additional session requests? It could have been attacked with something like SSH'jack: feedback & ok markus
2008-06-09 - 2008/06/09 13:38:46Darren Tucker
[PROTOCOL] Use a $OpenBSD tag so our scripts will sync changes.
2008-06-09 - 2008/06/08 20:15:29Darren Tucker
[PROTOCOL] Have the sftp client store the statvfs replies in wire format, which prevents problems when the server's native sizes exceed the client's. Also extends the sizes of the remaining 32bit wire format to 64bit, they're specified as unsigned long in the standard.
2008-06-09 - 2008/06/07 21:52:46Darren Tucker
[PROTOCOL] statvfs member fsid needs to be wider, increase it to 64 bits and crank extension revision number to 2; prodded and ok dtucker@
2008-05-19 - 2008/05/16 08:30:42Damien Miller
[PROTOCOL] document our protocol extensions and deviations; ok markus@ - 2008/05/17 01:31:56 [PROTOCOL] grammar and correctness fixes from stevesk@