PROTOCOL revision 181111
178344SobrienThis documents OpenSSH's deviations and extensions to the published SSH 278344Sobrienprotocol. 398184Sgordon 478344SobrienNote that OpenSSH's sftp and sftp-server implement revision 3 of the SSH 578344Sobrienfilexfer protocol described in: 678344Sobrien 7242153Sobrienhttp://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt 898184Sgordon 998184SgordonFeatures from newer versions of the draft are not supported, unless 10180564Sdougbexplicitly implemented as extensions described below. 1178344Sobrien 1298184SgordonThe protocol used by OpenSSH's ssh-agent is described in the file 1398184SgordonPROTOCOL.agent 1498184Sgordon 1578344Sobrien1. transport: Protocol 2 MAC algorithm "umac-64@openssh.com" 1678344Sobrien 1778344SobrienThis is a new transport-layer MAC method using the UMAC algorithm 18231653Sdougb(rfc4418). This method is identical to the "umac-64" method documented 1978344Sobrienin: 20149606Sgshapiro 21127896Sfjoehttp://www.openssh.com/txt/draft-miller-secsh-umac-01.txt 22127896Sfjoe 23151809Syar2. transport: Protocol 2 compression algorithm "zlib@openssh.com" 24151809Syar 25151809SyarThis transport-layer compression method uses the zlib compression 2678344Sobrienalgorithm (identical to the "zlib" method in rfc4253), but delays the 27124622Smtmstart of compression until after authentication has completed. This 28124622Smtmavoids exposing compression code to attacks from unauthenticated users. 29124622Smtm 30124622SmtmThe method is documented in: 31124622Smtm 32124622Smtmhttp://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt 33102864Sgordon 34102864Sgordon3. connection: Channel write close extension "eow@openssh.com" 35102864Sgordon 36133150SgshapiroThe SSH connection protocol (rfc4254) provides the SSH_MSG_CHANNEL_EOF 37133150Sgshapiromessage to allow an endpoint to signal its peer that it will send no 38133150Sgshapiromore data over a channel. Unfortunately, there is no symmetric way for 39133150Sgshapiroan endpoint to request that its peer should cease sending data to it 40133150Sgshapirowhile still keeping the channel open for the endpoint to send data to 41133150Sgshapirothe peer. 42133150Sgshapiro 43133150SgshapiroThis is desirable, since it saves the transmission of data that would 44133150Sgshapirootherwise need to be discarded and it allows an endpoint to signal local 45133150Sgshapiroprocesses of the condition, e.g. by closing the corresponding file 46133150Sgshapirodescriptor. 4778344Sobrien 4878344SobrienOpenSSH implements a channel extension message to perform this 4978344Sobriensignalling: "eow@openssh.com" (End Of Write). This message is sent by 5078344Sobrienan endpoint when the local output of a session channel is closed or 5178344Sobrienexperiences a write error. The message is formatted as follows: 5298184Sgordon 5378344Sobrien byte SSH_MSG_CHANNEL_REQUEST 5478344Sobrien uint32 recipient channel 5578344Sobrien string "eow@openssh.com" 5678344Sobrien boolean FALSE 5778344Sobrien 5878344SobrienOn receiving this message, the peer SHOULD cease sending data of 5978344Sobrienthe channel and MAY signal the process from which the channel data 6078344Sobrienoriginates (e.g. by closing its read file descriptor). 61170618Sgshapiro 62170618SgshapiroAs with the symmetric SSH_MSG_CHANNEL_EOF message, the channel does 63170618Sgshapiroremain open after a "eow@openssh.com" has been sent and more data may 64170618Sgshapirostill be sent in the other direction. This message does not consume 65170618Sgshapirowindow space and may be sent even if no window space is available. 66170618Sgshapiro 67170618Sgshapiro4. connection: disallow additional sessions extension 68170618Sgshapiro "no-more-sessions@openssh.com" 6978344Sobrien 70170618SgshapiroMost SSH connections will only ever request a single session, but a 71170618Sgshapiroattacker may abuse a running ssh client to surreptitiously open 7278344Sobrienadditional sessions under their control. OpenSSH provides a global 7378344Sobrienrequest "no-more-sessions@openssh.com" to mitigate this attack. 7478344Sobrien 7578344SobrienWhen an OpenSSH client expects that it will never open another session 7678344Sobrien(i.e. it has been started with connection multiplexing disabled), it 7798184Sgordonwill send the following global request: 78124622Smtm 79104980Sschweikh byte SSH_MSG_GLOBAL_REQUEST 80128366Sfjoe string "no-more-sessions@openssh.com" 81124622Smtm char want-reply 82231653Sdougb 83124622SmtmOn receipt of such a message, an OpenSSH server will refuse to open 84124622Smtmfuture channels of type "session" and instead immediately abort the 85124622Smtmconnection. 8698184Sgordon 87128366SfjoeNote that this is not a general defence against compromised clients 88124622Smtm(that is impossible), but it thwarts a simple attack. 89231653Sdougb 90124622Smtm5. connection: Tunnel forward extension "tun@openssh.com" 91124622Smtm 92124622SmtmOpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com" 9398184Sgordonchannel type. This channel type supports forwarding of network packets 94124622Smtmwith datagram boundaries intact between endpoints equipped with 95124622Smtminterfaces like the BSD tun(4) device. Tunnel forwarding channels are 96124622Smtmrequested by the client with the following packet: 97124622Smtm 98124622Smtm byte SSH_MSG_CHANNEL_OPEN 99124622Smtm string "tun@openssh.com" 100 uint32 sender channel 101 uint32 initial window size 102 uint32 maximum packet size 103 uint32 tunnel mode 104 uint32 remote unit number 105 106The "tunnel mode" parameter specifies whether the tunnel should forward 107layer 2 frames or layer 3 packets. It may take one of the following values: 108 109 SSH_TUNMODE_POINTOPOINT 1 /* layer 3 packets */ 110 SSH_TUNMODE_ETHERNET 2 /* layer 2 frames */ 111 112The "tunnel unit number" specifies the remote interface number, or may 113be zero to allow the server to automatically chose an interface. A server 114that is not willing to open a client-specified unit should refuse the 115request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful open, 116the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS. 117 118Once established the client and server may exchange packet or frames 119over the tunnel channel by encapsulating them in SSH protocol strings 120and sending them as channel data. This ensures that packet boundaries 121are kept intact. Specifically, packets are transmitted using normal 122SSH_MSG_CHANNEL_DATA packets: 123 124 byte SSH_MSG_CHANNEL_DATA 125 uint32 recipient channel 126 string data 127 128The contents of the "data" field for layer 3 packets is: 129 130 uint32 packet length 131 uint32 address family 132 byte[packet length - 4] packet data 133 134The "address family" field identifies the type of packet in the message. 135It may be one of: 136 137 SSH_TUN_AF_INET 2 /* IPv4 */ 138 SSH_TUN_AF_INET6 24 /* IPv6 */ 139 140The "packet data" field consists of the IPv4/IPv6 datagram itself 141without any link layer header. 142 143The contents of the "data" field for layer 3 packets is: 144 145 uint32 packet length 146 byte[packet length] frame 147 148The "frame" field contains an IEEE 802.3 Ethernet frame, including 149header. 150 1516. sftp: Reversal of arguments to SSH_FXP_SYMLINK 152 153When OpenSSH's sftp-server was implemented, the order of the arguments 154to the SSH_FXP_SYMLINK method was inadvertently reversed. Unfortunately, 155the reversal was not noticed until the server was widely deployed. Since 156fixing this to follow the specification would cause incompatibility, the 157current order was retained. For correct operation, clients should send 158SSH_FXP_SYMLINK as follows: 159 160 uint32 id 161 string targetpath 162 string linkpath 163 1647. sftp: Server extension announcement in SSH_FXP_VERSION 165 166OpenSSH's sftp-server lists the extensions it supports using the 167standard extension announcement mechanism in the SSH_FXP_VERSION server 168hello packet: 169 170 uint32 3 /* protocol version */ 171 string ext1-name 172 string ext1-version 173 string ext2-name 174 string ext2-version 175 ... 176 string extN-name 177 string extN-version 178 179Each extension reports its integer version number as an ASCII encoded 180string, e.g. "1". The version will be incremented if the extension is 181ever changed in an incompatible way. The server MAY advertise the same 182extension with multiple versions (though this is unlikely). Clients MUST 183check the version number before attempting to use the extension. 184 1858. sftp: Extension request "posix-rename@openssh.com" 186 187This operation provides a rename operation with POSIX semantics, which 188are different to those provided by the standard SSH_FXP_RENAME in 189draft-ietf-secsh-filexfer-02.txt. This request is implemented as a 190SSH_FXP_EXTENDED request with the following format: 191 192 uint32 id 193 string "posix-rename@openssh.com" 194 string oldpath 195 string newpath 196 197On receiving this request the server will perform the POSIX operation 198rename(oldpath, newpath) and will respond with a SSH_FXP_STATUS message. 199This extension is advertised in the SSH_FXP_VERSION hello with version 200"1". 201 2029. sftp: Extension requests "statvfs@openssh.com" and 203 "fstatvfs@openssh.com" 204 205These requests correspond to the statvfs and fstatvfs POSIX system 206interfaces. The "statvfs@openssh.com" request operates on an explicit 207pathname, and is formatted as follows: 208 209 uint32 id 210 string "statvfs@openssh.com" 211 string path 212 213The "fstatvfs@openssh.com" operates on an open file handle: 214 215 uint32 id 216 string "fstatvfs@openssh.com" 217 string handle 218 219These requests return a SSH_FXP_STATUS reply on failure. On success they 220return the following SSH_FXP_EXTENDED_REPLY reply: 221 222 uint32 id 223 uint64 f_bsize /* file system block size */ 224 uint64 f_frsize /* fundamental fs block size */ 225 uint64 f_blocks /* number of blocks (unit f_frsize) */ 226 uint64 f_bfree /* free blocks in file system */ 227 uint64 f_bavail /* free blocks for non-root */ 228 uint64 f_files /* total file inodes */ 229 uint64 f_ffree /* free file inodes */ 230 uint64 f_favail /* free file inodes for to non-root */ 231 uint64 f_fsid /* file system id */ 232 uint64 f_flag /* bit mask of f_flag values */ 233 uint64 f_namemax /* maximum filename length */ 234 235The values of the f_flag bitmask are as follows: 236 237 #define SSH_FXE_STATVFS_ST_RDONLY 0x1 /* read-only */ 238 #define SSH_FXE_STATVFS_ST_NOSUID 0x2 /* no setuid */ 239 240Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are 241advertised in the SSH_FXP_VERSION hello with version "2". 242 243$OpenBSD: PROTOCOL,v 1.11 2008/07/05 05:16:01 djm Exp $ 244