Secure Shell (SSH) Protocol Parameters (last updated 2007-08-12) Registries below include: - Message Numbers - Disconnection Messages Reason Codes and Descriptions - Channel Connection Failure Reason Codes and Descriptions - Extended Channel Data Transfer data_type_code and Data Values - Pseudo-Terminal Encoded Terminal Modes - Service Names - Authentication Method Names - Connection Protocol Channel Types - Connection Protocol Global Request Names - Connection Protocol Channel Request Names - Signal Names - Connection Protocol Subsystem Names - Key Exchange Method Names - Assigned Algorithm Names - Encryption Algorithm Names - MAC Algorithm Names - Public Key Algorithm Names - Compression Algorithm Names - SSH Public-Key File Header Tags - Public Key Subsystem - Request Names - Response Names - Attribute Names - Status Codes Registry Name: Message Numbers Reference: [RFC4250] Registration Procedures: Standards Action Registry: Value Message ID Reference ------- ------------------------------------------------ -------------- 1 SSH_MSG_DISCONNECT [SSH-TRANS] 2 SSH_MSG_IGNORE [SSH-TRANS] 3 SSH_MSG_UNIMPLEMENTED [SSH-TRANS] 4 SSH_MSG_DEBUG [SSH-TRANS] 5 SSH_MSG_SERVICE_REQUEST [SSH-TRANS] 6 SSH_MSG_SERVICE_ACCEPT [SSH-TRANS] 7-19 Unassigned (Transport layer generic) 20 SSH_MSG_KEXINIT [SSH-TRANS] 21 SSH_MSG_NEWKEYS [SSH-TRANS] 22-29 Unassigned (Algorithm negotiation) 30-49 Reserved (key exchange method specific) [RFC4251] 50 SSH_MSG_USERAUTH_REQUEST [SSH-USERAUTH] 51 SSH_MSG_USERAUTH_FAILURE [SSH-USERAUTH] 52 SSH_MSG_USERAUTH_SUCCESS [SSH-USERAUTH] 53 SSH_MSG_USERAUTH_BANNER [SSH-USERAUTH] 54-59 Unassigned (User authentication generic) 60 SSH_MSG_USERAUTH_INFO_REQUEST [RFC4256] 61 SSH_MSG_USERAUTH_INFO_RESPONSE [RFC4256] 62-79 Reserved (User authentication method specific) [RFC4251] 80 SSH_MSG_GLOBAL_REQUEST [SSH-CONNECT] 81 SSH_MSG_REQUEST_SUCCESS [SSH-CONNECT] 82 SSH_MSG_REQUEST_FAILURE [SSH-CONNECT] 83-89 Unassigned (Connection protocol generic) 90 SSH_MSG_CHANNEL_OPEN [SSH-CONNECT] 91 SSH_MSG_CHANNEL_OPEN_CONFIRMATION [SSH-CONNECT] 92 SSH_MSG_CHANNEL_OPEN_FAILURE [SSH-CONNECT] 93 SSH_MSG_CHANNEL_WINDOW_ADJUST [SSH-CONNECT] 94 SSH_MSG_CHANNEL_DATA [SSH-CONNECT] 95 SSH_MSG_CHANNEL_EXTENDED_DATA [SSH-CONNECT] 96 SSH_MSG_CHANNEL_EOF [SSH-CONNECT] 97 SSH_MSG_CHANNEL_CLOSE [SSH-CONNECT] 98 SSH_MSG_CHANNEL_REQUEST [SSH-CONNECT] 99 SSH_MSG_CHANNEL_SUCCESS [SSH-CONNECT] 100 SSH_MSG_CHANNEL_FAILURE [SSH-CONNECT] 101-127 Unassigned (Channel related messages) 128-191 Reserved (for client protocols) 192-255 Reserved for Private Use (local extensions) Registry: Disconnection Messages Reason Codes and Descriptions Reference: [RFC4250] Range Registration Procedures ---------------------- ----------------------- 0x00000001-0xFDFFFFFF IETF Consensus 0xFE000000-0xFFFFFFFF Reserved for Private Use Note: SSH_MSG_DISCONNECT 'description' and 'reason code' values Registry: reason code Symbolic Name Reference --------------------- --------------------------------------------- ----------- 1 SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT [SSH-TRANS] 2 SSH_DISCONNECT_PROTOCOL_ERROR [SSH-TRANS] 3 SSH_DISCONNECT_KEY_EXCHANGE_FAILED [SSH-TRANS] 4 SSH_DISCONNECT_RESERVED [SSH-TRANS] 5 SSH_DISCONNECT_MAC_ERROR [SSH-TRANS] 6 SSH_DISCONNECT_COMPRESSION_ERROR [SSH-TRANS] 7 SSH_DISCONNECT_SERVICE_NOT_AVAILABLE [SSH-TRANS] 8 SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED [SSH-TRANS] 9 SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE [SSH-TRANS] 10 SSH_DISCONNECT_CONNECTION_LOST [SSH-TRANS] 11 SSH_DISCONNECT_BY_APPLICATION [SSH-TRANS] 12 SSH_DISCONNECT_TOO_MANY_CONNECTIONS [SSH-TRANS] 13 SSH_DISCONNECT_AUTH_CANCELLED_BY_USER [SSH-TRANS] 14 SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE [SSH-TRANS] 15 SSH_DISCONNECT_ILLEGAL_USER_NAME [SSH-TRANS] 0x00000016-0xFDFFFFFF Unassigned 0xFE000000-0xFFFFFFFF Reserved for Private Use Registry Name: Channel Connection Failure Reason Codes and Descriptions Reference: [RFC4250] Range Registration Procedures ---------------------- ----------------------- 0x00000001-0xFDFFFFFF IETF Consensus 0xFE000000-0xFFFFFFFF Reserved for Private Use Note: 'reason code' values and 'description' values Registry: reason code Symbolic Name Reference --------------------- ------------------------------------- ------------- 1 SSH_OPEN_ADMINISTRATIVELY_PROHIBITED [SSH-CONNECT] 2 SSH_OPEN_CONNECT_FAILED [SSH-CONNECT] 3 SSH_OPEN_UNKNOWN_CHANNEL_TYPE [SSH-CONNECT] 4 SSH_OPEN_RESOURCE_SHORTAGE [SSH-CONNECT] 0x00000005-0xFDFFFFFF Unassigned 0xFE000000-0xFFFFFFFF Reserved for Private Use Registry Name: Extended Channel Data Transfer data_type_code and Data Reference: [RFC4250] Range Registration Procedures ---------------------- ----------------------- 0x00000001-0xFDFFFFFF IETF Consensus 0xFE000000-0xFFFFFFFF Reserved for Private Use Note: 'data_type_code' values and 'data' values Registry: data_type_code Symbolic Name Reference --------------------- -------------------------------- ------------- 1 SSH_EXTENDED_DATA_STDERR [SSH-CONNECT] 0x00000002-0xFFFFFFFF Unassigned 0xFE000000-0xFFFFFFFF Reserved for Private Use Registry Name: Pseudo-Terminal Encoded Terminal Modes Reference: [RFC4250] Registration Procedures: IETF Consensus Note: opcode and argument values which make up the "encoded terminal modes" values Registry: opcode argument Description Reference Note -------- ------------- ---------------------------------------- ------------- --------- 0 TTY_OP_END Indicates end of options. [RFC4250] 1 VINTR Interrupt character; 255 if none. [SSH-CONNECT] Section 8 Similarly for the other characters. Not all of these characters are supported on all systems. 2 VQUIT The quit character (sends SIGQUIT [SSH-CONNECT] Section 8 signal on POSIX systems). 3 VERASE Erase the character to left of the [SSH-CONNECT] Section 8 cursor. 4 VKILL Kill the current input line. [SSH-CONNECT] Section 8 5 VEOF End-of-file character (sends EOF from [SSH-CONNECT] Section 8 the terminal). 6 VEOL End-of-line character in addition to [SSH-CONNECT] Section 8 carriage return and/or linefeed. 7 VEOL2 Additional end-of-line character. [SSH-CONNECT] Section 8 8 VSTART Continues paused output (normally [SSH-CONNECT] Section 8 control-Q). 9 VSTOP Pauses output (normally control-S). [SSH-CONNECT] Section 8 10 VSUSP Suspends the current program. [SSH-CONNECT] Section 8 11 VDSUSP Another suspend character. [SSH-CONNECT] Section 8 12 VREPRINT Reprints the current input line. [SSH-CONNECT] Section 8 13 VWERASE Erases a word left of cursor. [SSH-CONNECT] Section 8 14 VLNEXT Enter the next character typed literally, [SSH-CONNECT] Section 8 even if it is a special character 15 VFLUSH Character to flush output. [SSH-CONNECT] Section 8 16 VSWTCH Switch to a different shell layer. [SSH-CONNECT] Section 8 17 VSTATUS Prints system status line (load, command, [SSH-CONNECT] Section 8 pid, etc). 18 VDISCARD Toggles the flushing of terminal output. [SSH-CONNECT] Section 8 19-29 Unassigned 30 IGNPAR The ignore parity flag. The parameter [SSH-CONNECT] Section 8 SHOULD be 0 if this flag is FALSE, and 1 if it is TRUE. 31 PARMRK Mark parity and framing errors. [SSH-CONNECT] Section 8 32 INPCK Enable checking of parity errors. [SSH-CONNECT] Section 8 33 ISTRIP Strip 8th bit off characters. [SSH-CONNECT] Section 8 34 INLCR Map NL into CR on input. [SSH-CONNECT] Section 8 35 IGNCR Ignore CR on input. [SSH-CONNECT] Section 8 36 ICRNL Map CR to NL on input. [SSH-CONNECT] Section 8 37 IUCLC Translate uppercase characters to [SSH-CONNECT] Section 8 lowercase. 38 IXON Enable output flow control. [SSH-CONNECT] Section 8 39 IXANY Any char will restart after stop. [SSH-CONNECT] Section 8 40 IXOFF Enable input flow control. [SSH-CONNECT] Section 8 41 IMAXBEL Ring bell on input queue full. [SSH-CONNECT] Section 8 42-49 Unassigned 50 ISIG Enable signals INTR, QUIT, [D]SUSP. [SSH-CONNECT] Section 8 51 ICANON Canonicalize input lines. [SSH-CONNECT] Section 8 52 XCASE Enable input and output of uppercase [SSH-CONNECT] Section 8 characters by preceding their lowercase equivalents with "\". 53 ECHO Enable echoing. [SSH-CONNECT] Section 8 54 ECHOE Visually erase chars. [SSH-CONNECT] Section 8 55 ECHOK Kill character discards current line. [SSH-CONNECT] Section 8 56 ECHONL Echo NL even if ECHO is off. [SSH-CONNECT] Section 8 57 NOFLSH Don't flush after interrupt. [SSH-CONNECT] Section 8 58 TOSTOP Stop background jobs from output. [SSH-CONNECT] Section 8 59 IEXTEN Enable extensions. [SSH-CONNECT] Section 8 60 ECHOCTL Echo control characters as ^(Char). [SSH-CONNECT] Section 8 61 ECHOKE Visual erase for line kill. [SSH-CONNECT] Section 8 62 PENDIN Retype pending input. [SSH-CONNECT] Section 8 63-69 Unassigned 70 OPOST Enable output processing. [SSH-CONNECT] Section 8 71 OLCUC Convert lowercase to uppercase. [SSH-CONNECT] Section 8 72 ONLCR Map NL to CR-NL. [SSH-CONNECT] Section 8 73 OCRNL Translate carriage return to newline [SSH-CONNECT] Section 8 (output). 74 ONOCR Translate newline to carriage [SSH-CONNECT] Section 8 return-newline (output). 75 ONLRET Newline performs a carriage return [SSH-CONNECT] Section 8 (output). 76-89 Unassigned 90 CS7 7 bit mode. [SSH-CONNECT] Section 8 91 CS8 8 bit mode. [SSH-CONNECT] Section 8 92 PARENB Parity enable. [SSH-CONNECT] Section 8 93 PARODD Odd parity, else even. [SSH-CONNECT] Section 8 94-127 Unassigned 128 TTY_OP_ISPEED Specifies the input baud rate in [SSH-CONNECT] Section 8 bits per second. 129 TTY_OP_OSPEED Specifies the output baud rate in [SSH-CONNECT] Section 8 bits per second. 130-255 Unassigned Registry Name: Service Names Reference: [RFC4250] Registration Procedures: IETF Consensus Registry: Service Name Reference ----------------------------- -------------- ssh-userauth [SSH-USERAUTH] ssh-connection [SSH-CONNECT] netconf [RFC4742] Registry Name: Authentication Method Names Reference: [RFC4250] Registration Procedures: IETF Consensus Registry: Method Name Reference Note ----------------------------- -------------- ------------- publickey [SSH-USERAUTH] Section 7 password [SSH-USERAUTH] Section 8 hostbased [SSH-USERAUTH] Section 9 none [SSH-USERAUTH] Section 5.2 gssapi-with-mic [RFC4462] gssapi-keyex [RFC4462] gssapi [RFC4462] external-keyx [RFC4462] Registry Name: Connection Protocol Channel Types Reference: [RFC4250] Registration Procedures: IETF Consensus Registry: Channel type Reference Note ----------------------------- ------------- ------------- session [SSH-CONNECT] Section 6.1 x11 [SSH-CONNECT] Section 6.3.2 forwarded-tcpip [SSH-CONNECT] Section 7.2 direct-tcpip [SSH-CONNECT] Section 7.2 Registry Name: Connection Protocol Global Request Names Reference: [RFC4250] Registration Procedures: IETF Consensus Registry: Request type Reference Note ----------------------------- ------------- ----------- tcpip-forward [SSH-CONNECT] Section 7.1 cancel-tcpip-forward [SSH-CONNECT Section 7.1 Registry Name: Connection Protocol Channel Request Names Reference: [RFC4250] Registration Procedures: IETF Consensus Registry: Request type Reference Note ----------------------------- ------------- ------------- pty-req [SSH-CONNECT] Section 6.2 x11-req [SSH-CONNECT] Section 6.3.1 env [SSH-CONNECT] Section 6.4 shell [SSH-CONNECT] Section 6.5 exec [SSH-CONNECT] Section 6.5 subsystem [SSH-CONNECT] Section 6.5 window-change [SSH-CONNECT] Section 6.7 xon-xoff [SSH-CONNECT] Section 6.8 signal [SSH-CONNECT] Section 6.9 exit-status [SSH-CONNECT] Section 6.10 exit-signal [SSH-CONNECT] Section 6.10 break [RFC4335] Registry Name: Signal Names Reference: [RFC4250] Registration Procedures: IETF Consensus Registry: Signal Reference ----------------------------- ------------- ABRT [SSH-CONNECT] ALRM [SSH-CONNECT] FPE [SSH-CONNECT] HUP [SSH-CONNECT] ILL [SSH-CONNECT] INT [SSH-CONNECT] KILL [SSH-CONNECT] PIPE [SSH-CONNECT] QUIT [SSH-CONNECT] SEGV [SSH-CONNECT] TERM [SSH-CONNECT] USR1 [SSH-CONNECT] USR2 [SSH-CONNECT] Registry Name: Connection Protocol Subsystem Names Reference: [RFC4250] Registration Procedures: IETF Consensus Registry: Subsystem Name Reference ------------------------------ --------- publickey [RFC4819] Registry Name: Key Exchange Method Names Reference: [RFC4250] Registration Procedures: IETF Consensus Note: *All values beginning with the specified string and not containing "@". Registry: Method name Reference Note ------------------------------------ ----------- ----------- diffie-hellman-group-exchange-sha1 [RFC4419] Section 4.1 diffie-hellman-group-exchange-sha256 [RFC4419] Section 4.2 diffie-hellman-group1-sha1 [SSH-TRANS] Section 8.1 diffie-hellman-group14-sha1 [SSH-TRANS] Section 8.2 gss-group1-sha1-* [RFC4462] Section 2.3 gss-gex-sha1-* [RFC4462] Section 2.5 gss-* [RFC4462] Section 2.6 rsa1024-sha1 [RFC4432] rsa2048-sha256 [RFC4432] Registry Name: Encryption Algorithm Names Reference: [RFC4250] Registration Procedures: IETF Consensus Registry: Encryption Algorithm Name Reference Note ------------------------------- ----------- --------------------- 3des-cbc [SSH-TRANS] Section 6.3 blowfish-cbc [SSH-TRANS] Section 6.3 twofish256-cbc [SSH-TRANS] Section 6.3 twofish-cbc [SSH-TRANS] Section 6.3 twofish192-cbc [SSH-TRANS] Section 6.3 twofish128-cbc [SSH-TRANS] Section 6.3 aes256-cbc [SSH-TRANS] Section 6.3 aes192-cbc [SSH-TRANS] Section 6.3 aes128-cbc [SSH-TRANS] Section 6.3 serpent256-cbc [SSH-TRANS] Section 6.3 serpent192-cbc [SSH-TRANS] Section 6.3 serpent128-cbc [SSH-TRANS] Section 6.3 arcfour [SSH-TRANS] Section 6.3 idea-cbc [SSH-TRANS] Section 6.3 cast128-cbc [SSH-TRANS] Section 6.3 none [SSH-TRANS] Section 6.3 des-cbc [FIPS-46-3] HISTORIC, See page 4 arcfour128 [RFC4345] arcfour256 [RFC4345] aes128-ctr [RFC4344] aes192-ctr [RFC4344] aes256-ctr [RFC4344] 3des-ctr [RFC4344] blowfish-ctr [RFC4344] twofish128-ctr [RFC4344] twofish192-ctr [RFC4344] twofish256-ctr [RFC4344] serpent128-ctr [RFC4344] serpent192-ctr [RFC4344] serpent256-ctr [RFC4344] idea-ctr [RFC4344] cast128-ctr [RFC4344] Registry Name: MAC Algorithm Names Reference: [RFC4250] Registration Procedures: IETF Consensus Registry: MAC Algorithm Name Reference Note ------------------------------- ----------- ------------ hmac-sha1 [SSH-TRANS] Section 6.4 hmac-sha1-96 [SSH-TRANS] Section 6.4 hmac-md5 [SSH-TRANS] Section 6.4 hmac-md5-96 [SSH-TRANS] Section 6.4 none [SSH-TRANS] Section 6.4 Registry Name: Public Key Algorithm Names Reference: [RFC4250] Registration Procedures: IETF Consensus Registry: Public Key Algorithm Name Reference Note ------------------------------- ----------- ------------ ssh-dss [SSH-TRANS] Section 6.6 ssh-rsa [SSH-TRANS] Section 6.6 spki-sign-rsa [SSH-TRANS] Section 6.6 spki-sign-dss [SSH-TRANS] Section 6.6 pgp-sign-rsa [SSH-TRANS] Section 6.6 pgp-sign-dss [SSH-TRANS] Section 6.6 null [RFC4462] Section 5 Registry Name: Compression Algorithm Names Reference: [RFC4250] Registration Procedures: IETF Consensus Registry: Compression Algorithm Name Reference Note ------------------------------- ----------- ----------- none [SSH-TRANS] Section 6.2 zlib [SSH-TRANS] Section 6.2 Registry Name: SSH Public-Key File Header Tags Reference: [RFC4716] Registration Procedures: IETF Consensus Note: Tags beginning with x- Reserved for Private Use Registry: Header Tag Reference Note ------------------------------- --------- -------------- subject [RFC4716] Section 3.3.1 comment [RFC4716] Section 3.3.2 Registry Name: Publickey Subsystem Request Names Reference: [RFC4819] Registration Procedures: IETF consensus Registry: Request Name Reference ------------------------- --------- version [RFC4819] add [RFC4819] remove [RFC4819] list [RFC4819] listattributes [RFC4819] Registry Name: Publickey Subsystem Response Names Reference: [RFC4819] Registration Procedures: IETF consensus Registry: Response Name Reference ------------------------- --------- version [RFC4819] status [RFC4819] publickey [RFC4819] attribute [RFC4819] Registry Name: Publickey Subsystem Attributes Reference: [RFC4819] Registration Procedures: IETF consensus Registry: Attribute Name Reference ------------------------- --------- comment [RFC4819] comment-language [RFC4819] command-override [RFC4819] subsystem [RFC4819] x11 [RFC4819] shell [RFC4819] exec [RFC4819] agent [RFC4819] env [RFC4819] from [RFC4819] port-forward [RFC4819] reverse-forward [RFC4819] Registry Name: Publickey Subsystem Status Codes Reference: [RFC4819] Range Registration Procedures -------- -------------------------- 0-191 Standards Action 192-255 Reserved for Private Use Registry: Value Status code Reference -------- ------------------------------------------- ---------- 0 SSH_PUBLICKEY_SUCCESS [RFC4819] 1 SSH_PUBLICKEY_ACCESS_DENIED [RFC4819] 2 SSH_PUBLICKEY_STORAGE_EXCEEDED [RFC4819] 3 SSH_PUBLICKEY_VERSION_NOT_SUPPORTED [RFC4819] 4 SSH_PUBLICKEY_KEY_NOT_FOUND [RFC4819] 5 SSH_PUBLICKEY_KEY_NOT_SUPPORTED [RFC4819] 6 SSH_PUBLICKEY_KEY_ALREADY_PRESENT [RFC4819] 7 SSH_PUBLICKEY_GENERAL_FAILURE [RFC4819] 8 SSH_PUBLICKEY_REQUEST_NOT_SUPPORTED [RFC4819] 9 SSH_PUBLICKEY_ATTRIBUTE_NOT_SUPPORTED [RFC4819] 10-191 Standards Action 192-255 Reserved References ---------- [SSH-CONNECT][RFC4254] T. Ylonen and C. Lonvick, Ed., "SSH Connection Protocol", RFC 4254, January 2006. [SSH-TRANS][RFC4253] T. Ylonen and C. Lonvick, Ed., "SSH Transport Layer Protocol", RFC 4253, January 2006. [SSH-USERAUTH][RFC4252] T. Ylonen and C. Lonvick, Ed., "SSH Authentication Protocol", RFC 4252, January 2006. [RFC4250] S. Lehtinen and C. Lonvick, Ed., "SSH Protocol Assigned Numbers", RFC 4250, January 2006. [RFC4251] T. Ylonen and C. Lonvick, Ed., "SSH Protocol Architecture", RFC 4251, January 2006. [RFC4256] F. Cusack and M. Forssen, "Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)", RFC 4256, January 2006. [RFC4335] J. Galbraith and P. Remaker, "Secure Shell (SSH) Session Channel Break Extension", RFC 4335, January 2006. [RFC4344] M. Bellare, T. Kohno and C. Namprempre, "SSH Transport Layer Encryption Modes", RFC 4344, January 2006. [RFC4345] B. Harris, "Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol", RFC 4345, January 2006. [RFC4419] M. Friedl, N. Provos, W. Simpson, "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol", RFC 4419, March 2006. [RFC4432] B. Harris, "Rivest-Shamir-Adleman (RSA) key exchange for the Secure Shell (SSH) Transport Layer Protocol", RFC 4432, March 2006. [RFC4462] J. Hutzelman, J. Salowey, J. Galbraith, and V. Welch, "GSSAPI Authentication and Key Exchange for the Secure Shell Protocol", RFC 4462, May 2006. [RFC4742] M. Wasserman and T. Goddard, "Using the NETCONF Configuration Protocol over Secure Shell (SSH)", RFC 4742, December 2006. [RFC4716] J. Galbraith and R. Thayer, "SSH Public Key File Format", RFC 4716, November 2006. [RFC4819] J. Galbraith, J. Van Dyke, B. McClure, J. Bright, "Secure Shell Public-Key Subsystem", RFC 4819, March 2007. (Registry created 2005-06-02) []