PROTOCOL revision 204917
1180750SdesThis documents OpenSSH's deviations and extensions to the published SSH 2180750Sdesprotocol. 3180750Sdes 4180750SdesNote that OpenSSH's sftp and sftp-server implement revision 3 of the SSH 5180750Sdesfilexfer protocol described in: 6180750Sdes 7180750Sdeshttp://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt 8180750Sdes 9204917SdesNewer versions of the draft will not be supported, though some features 10204917Sdesare individually implemented as extensions described below. 11180750Sdes 12180750SdesThe protocol used by OpenSSH's ssh-agent is described in the file 13180750SdesPROTOCOL.agent 14180750Sdes 15180750Sdes1. transport: Protocol 2 MAC algorithm "umac-64@openssh.com" 16180750Sdes 17180750SdesThis is a new transport-layer MAC method using the UMAC algorithm 18180750Sdes(rfc4418). This method is identical to the "umac-64" method documented 19180750Sdesin: 20180750Sdes 21180750Sdeshttp://www.openssh.com/txt/draft-miller-secsh-umac-01.txt 22180750Sdes 23180750Sdes2. transport: Protocol 2 compression algorithm "zlib@openssh.com" 24180750Sdes 25180750SdesThis transport-layer compression method uses the zlib compression 26180750Sdesalgorithm (identical to the "zlib" method in rfc4253), but delays the 27180750Sdesstart of compression until after authentication has completed. This 28180750Sdesavoids exposing compression code to attacks from unauthenticated users. 29180750Sdes 30180750SdesThe method is documented in: 31180750Sdes 32180750Sdeshttp://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt 33180750Sdes 34204917Sdes3. transport: New public key algorithms "ssh-rsa-cert-v00@openssh.com" and 35204917Sdes "ssh-dsa-cert-v00@openssh.com" 36180750Sdes 37204917SdesOpenSSH introduces two new public key algorithms to support certificate 38204917Sdesauthentication for users and hostkeys. These methods are documented in 39204917Sdesthe file PROTOCOL.certkeys 40204917Sdes 41204917Sdes4. connection: Channel write close extension "eow@openssh.com" 42204917Sdes 43180750SdesThe SSH connection protocol (rfc4254) provides the SSH_MSG_CHANNEL_EOF 44180750Sdesmessage to allow an endpoint to signal its peer that it will send no 45180750Sdesmore data over a channel. Unfortunately, there is no symmetric way for 46180750Sdesan endpoint to request that its peer should cease sending data to it 47180750Sdeswhile still keeping the channel open for the endpoint to send data to 48180750Sdesthe peer. 49180750Sdes 50180750SdesThis is desirable, since it saves the transmission of data that would 51180750Sdesotherwise need to be discarded and it allows an endpoint to signal local 52180750Sdesprocesses of the condition, e.g. by closing the corresponding file 53180750Sdesdescriptor. 54180750Sdes 55180750SdesOpenSSH implements a channel extension message to perform this 56180750Sdessignalling: "eow@openssh.com" (End Of Write). This message is sent by 57180750Sdesan endpoint when the local output of a session channel is closed or 58180750Sdesexperiences a write error. The message is formatted as follows: 59180750Sdes 60180750Sdes byte SSH_MSG_CHANNEL_REQUEST 61180750Sdes uint32 recipient channel 62180750Sdes string "eow@openssh.com" 63180750Sdes boolean FALSE 64180750Sdes 65180750SdesOn receiving this message, the peer SHOULD cease sending data of 66180750Sdesthe channel and MAY signal the process from which the channel data 67180750Sdesoriginates (e.g. by closing its read file descriptor). 68180750Sdes 69180750SdesAs with the symmetric SSH_MSG_CHANNEL_EOF message, the channel does 70180750Sdesremain open after a "eow@openssh.com" has been sent and more data may 71180750Sdesstill be sent in the other direction. This message does not consume 72180750Sdeswindow space and may be sent even if no window space is available. 73180750Sdes 74192595SdesNB. due to certain broken SSH implementations aborting upon receipt 75192595Sdesof this message (in contravention of RFC4254 section 5.4), this 76192595Sdesmessage is only sent to OpenSSH peers (identified by banner). 77192595SdesOther SSH implementations may be whitelisted to receive this message 78192595Sdesupon request. 79192595Sdes 80204917Sdes5. connection: disallow additional sessions extension 81180750Sdes "no-more-sessions@openssh.com" 82180750Sdes 83180750SdesMost SSH connections will only ever request a single session, but a 84180750Sdesattacker may abuse a running ssh client to surreptitiously open 85180750Sdesadditional sessions under their control. OpenSSH provides a global 86180750Sdesrequest "no-more-sessions@openssh.com" to mitigate this attack. 87180750Sdes 88180750SdesWhen an OpenSSH client expects that it will never open another session 89180750Sdes(i.e. it has been started with connection multiplexing disabled), it 90180750Sdeswill send the following global request: 91180750Sdes 92180750Sdes byte SSH_MSG_GLOBAL_REQUEST 93180750Sdes string "no-more-sessions@openssh.com" 94180750Sdes char want-reply 95180750Sdes 96180750SdesOn receipt of such a message, an OpenSSH server will refuse to open 97180750Sdesfuture channels of type "session" and instead immediately abort the 98180750Sdesconnection. 99180750Sdes 100180750SdesNote that this is not a general defence against compromised clients 101180750Sdes(that is impossible), but it thwarts a simple attack. 102180750Sdes 103192595SdesNB. due to certain broken SSH implementations aborting upon receipt 104192595Sdesof this message, the no-more-sessions request is only sent to OpenSSH 105192595Sdesservers (identified by banner). Other SSH implementations may be 106192595Sdeswhitelisted to receive this message upon request. 107192595Sdes 108204917Sdes6. connection: Tunnel forward extension "tun@openssh.com" 109180750Sdes 110180750SdesOpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" 111180750Sdeschannel type. This channel type supports forwarding of network packets 112180750Sdeswith datagram boundaries intact between endpoints equipped with 113180750Sdesinterfaces like the BSD tun(4) device. Tunnel forwarding channels are 114180750Sdesrequested by the client with the following packet: 115180750Sdes 116180750Sdes byte SSH_MSG_CHANNEL_OPEN 117180750Sdes string "tun@openssh.com" 118180750Sdes uint32 sender channel 119180750Sdes uint32 initial window size 120180750Sdes uint32 maximum packet size 121180750Sdes uint32 tunnel mode 122180750Sdes uint32 remote unit number 123180750Sdes 124180750SdesThe "tunnel mode" parameter specifies whether the tunnel should forward 125180750Sdeslayer 2 frames or layer 3 packets. It may take one of the following values: 126180750Sdes 127180750Sdes SSH_TUNMODE_POINTOPOINT 1 /* layer 3 packets */ 128180750Sdes SSH_TUNMODE_ETHERNET 2 /* layer 2 frames */ 129180750Sdes 130180750SdesThe "tunnel unit number" specifies the remote interface number, or may 131204917Sdesbe 0x7fffffff to allow the server to automatically chose an interface. A 132204917Sdesserver that is not willing to open a client-specified unit should refuse 133204917Sdesthe request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful 134204917Sdesopen, the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS. 135180750Sdes 136180750SdesOnce established the client and server may exchange packet or frames 137180750Sdesover the tunnel channel by encapsulating them in SSH protocol strings 138180750Sdesand sending them as channel data. This ensures that packet boundaries 139180750Sdesare kept intact. Specifically, packets are transmitted using normal 140180750SdesSSH_MSG_CHANNEL_DATA packets: 141180750Sdes 142180750Sdes byte SSH_MSG_CHANNEL_DATA 143180750Sdes uint32 recipient channel 144180750Sdes string data 145180750Sdes 146180750SdesThe contents of the "data" field for layer 3 packets is: 147180750Sdes 148180750Sdes uint32 packet length 149180750Sdes uint32 address family 150180750Sdes byte[packet length - 4] packet data 151180750Sdes 152180750SdesThe "address family" field identifies the type of packet in the message. 153180750SdesIt may be one of: 154180750Sdes 155180750Sdes SSH_TUN_AF_INET 2 /* IPv4 */ 156180750Sdes SSH_TUN_AF_INET6 24 /* IPv6 */ 157180750Sdes 158180750SdesThe "packet data" field consists of the IPv4/IPv6 datagram itself 159180750Sdeswithout any link layer header. 160180750Sdes 161204917SdesThe contents of the "data" field for layer 2 packets is: 162180750Sdes 163180750Sdes uint32 packet length 164180750Sdes byte[packet length] frame 165180750Sdes 166180750SdesThe "frame" field contains an IEEE 802.3 Ethernet frame, including 167180750Sdesheader. 168180750Sdes 169204917Sdes7. sftp: Reversal of arguments to SSH_FXP_SYMLINK 170180750Sdes 171180750SdesWhen OpenSSH's sftp-server was implemented, the order of the arguments 172180750Sdesto the SSH_FXP_SYMLINK method was inadvertently reversed. Unfortunately, 173180750Sdesthe reversal was not noticed until the server was widely deployed. Since 174180750Sdesfixing this to follow the specification would cause incompatibility, the 175180750Sdescurrent order was retained. For correct operation, clients should send 176180750SdesSSH_FXP_SYMLINK as follows: 177180750Sdes 178180750Sdes uint32 id 179180750Sdes string targetpath 180180750Sdes string linkpath 181180750Sdes 182204917Sdes8. sftp: Server extension announcement in SSH_FXP_VERSION 183180750Sdes 184180750SdesOpenSSH's sftp-server lists the extensions it supports using the 185180750Sdesstandard extension announcement mechanism in the SSH_FXP_VERSION server 186180750Sdeshello packet: 187180750Sdes 188180750Sdes uint32 3 /* protocol version */ 189180750Sdes string ext1-name 190180750Sdes string ext1-version 191180750Sdes string ext2-name 192180750Sdes string ext2-version 193180750Sdes ... 194180750Sdes string extN-name 195180750Sdes string extN-version 196180750Sdes 197180750SdesEach extension reports its integer version number as an ASCII encoded 198180750Sdesstring, e.g. "1". The version will be incremented if the extension is 199180750Sdesever changed in an incompatible way. The server MAY advertise the same 200180750Sdesextension with multiple versions (though this is unlikely). Clients MUST 201180750Sdescheck the version number before attempting to use the extension. 202180750Sdes 203204917Sdes9. sftp: Extension request "posix-rename@openssh.com" 204180750Sdes 205180750SdesThis operation provides a rename operation with POSIX semantics, which 206180750Sdesare different to those provided by the standard SSH_FXP_RENAME in 207180750Sdesdraft-ietf-secsh-filexfer-02.txt. This request is implemented as a 208180750SdesSSH_FXP_EXTENDED request with the following format: 209180750Sdes 210180750Sdes uint32 id 211180750Sdes string "posix-rename@openssh.com" 212180750Sdes string oldpath 213180750Sdes string newpath 214180750Sdes 215180750SdesOn receiving this request the server will perform the POSIX operation 216180750Sdesrename(oldpath, newpath) and will respond with a SSH_FXP_STATUS message. 217180750SdesThis extension is advertised in the SSH_FXP_VERSION hello with version 218180750Sdes"1". 219180750Sdes 220204917Sdes10. sftp: Extension requests "statvfs@openssh.com" and 221180750Sdes "fstatvfs@openssh.com" 222180750Sdes 223180750SdesThese requests correspond to the statvfs and fstatvfs POSIX system 224180750Sdesinterfaces. The "statvfs@openssh.com" request operates on an explicit 225180750Sdespathname, and is formatted as follows: 226180750Sdes 227180750Sdes uint32 id 228180750Sdes string "statvfs@openssh.com" 229180750Sdes string path 230180750Sdes 231180750SdesThe "fstatvfs@openssh.com" operates on an open file handle: 232180750Sdes 233180750Sdes uint32 id 234180750Sdes string "fstatvfs@openssh.com" 235180750Sdes string handle 236180750Sdes 237180750SdesThese requests return a SSH_FXP_STATUS reply on failure. On success they 238180750Sdesreturn the following SSH_FXP_EXTENDED_REPLY reply: 239180750Sdes 240180750Sdes uint32 id 241180750Sdes uint64 f_bsize /* file system block size */ 242180750Sdes uint64 f_frsize /* fundamental fs block size */ 243180750Sdes uint64 f_blocks /* number of blocks (unit f_frsize) */ 244180750Sdes uint64 f_bfree /* free blocks in file system */ 245180750Sdes uint64 f_bavail /* free blocks for non-root */ 246180750Sdes uint64 f_files /* total file inodes */ 247180750Sdes uint64 f_ffree /* free file inodes */ 248180750Sdes uint64 f_favail /* free file inodes for to non-root */ 249180750Sdes uint64 f_fsid /* file system id */ 250180750Sdes uint64 f_flag /* bit mask of f_flag values */ 251180750Sdes uint64 f_namemax /* maximum filename length */ 252180750Sdes 253180750SdesThe values of the f_flag bitmask are as follows: 254180750Sdes 255180750Sdes #define SSH_FXE_STATVFS_ST_RDONLY 0x1 /* read-only */ 256180750Sdes #define SSH_FXE_STATVFS_ST_NOSUID 0x2 /* no setuid */ 257180750Sdes 258180750SdesBoth the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are 259180750Sdesadvertised in the SSH_FXP_VERSION hello with version "2". 260180750Sdes 261204917Sdes$OpenBSD: PROTOCOL,v 1.15 2010/02/26 20:29:54 djm Exp $ 262