Secure Shell (SSH) Protocol Parameters
2005-06-02
2024-01-26
Message Numbers
Standards Action
0
Reserved
1
SSH_MSG_DISCONNECT
2
SSH_MSG_IGNORE
3
SSH_MSG_UNIMPLEMENTED
4
SSH_MSG_DEBUG
5
SSH_MSG_SERVICE_REQUEST
6
SSH_MSG_SERVICE_ACCEPT
7
SSH_MSG_EXT_INFO
8
SSH_MSG_NEWCOMPRESS
9-19
Unassigned (Transport layer generic)
20
SSH_MSG_KEXINIT
21
SSH_MSG_NEWKEYS
22-29
Unassigned (Algorithm negotiation)
30-49
Reserved (key exchange method specific)
50
SSH_MSG_USERAUTH_REQUEST
51
SSH_MSG_USERAUTH_FAILURE
52
SSH_MSG_USERAUTH_SUCCESS
53
SSH_MSG_USERAUTH_BANNER
54-59
Unassigned (User authentication generic)
60
SSH_MSG_USERAUTH_INFO_REQUEST
61
SSH_MSG_USERAUTH_INFO_RESPONSE
62-79
Reserved (User authentication method specific)
80
SSH_MSG_GLOBAL_REQUEST
81
SSH_MSG_REQUEST_SUCCESS
82
SSH_MSG_REQUEST_FAILURE
83-89
Unassigned (Connection protocol generic)
90
SSH_MSG_CHANNEL_OPEN
91
SSH_MSG_CHANNEL_OPEN_CONFIRMATION
92
SSH_MSG_CHANNEL_OPEN_FAILURE
93
SSH_MSG_CHANNEL_WINDOW_ADJUST
94
SSH_MSG_CHANNEL_DATA
95
SSH_MSG_CHANNEL_EXTENDED_DATA
96
SSH_MSG_CHANNEL_EOF
97
SSH_MSG_CHANNEL_CLOSE
98
SSH_MSG_CHANNEL_REQUEST
99
SSH_MSG_CHANNEL_SUCCESS
100
SSH_MSG_CHANNEL_FAILURE
101-127
Unassigned (Channel related messages)
128-191
Reserved (for client protocols)
192-255
Reserved for Private Use (local extensions)
Disconnection Messages Reason Codes and Descriptions
SSH_MSG_DISCONNECT 'description' and 'reason code' values
0x00000001-0xFDFFFFFF
Expert Review
0xFE000000-0xFFFFFFFF
Reserved for Private Use
Peter Yee, Markus Stenberg
0x00000000
Reserved
0x00000001
SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT
0x00000002
SSH_DISCONNECT_PROTOCOL_ERROR
0x00000003
SSH_DISCONNECT_KEY_EXCHANGE_FAILED
0x00000004
SSH_DISCONNECT_RESERVED
0x00000005
SSH_DISCONNECT_MAC_ERROR
0x00000006
SSH_DISCONNECT_COMPRESSION_ERROR
0x00000007
SSH_DISCONNECT_SERVICE_NOT_AVAILABLE
0x00000008
SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED
0x00000009
SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE
0x0000000A
SSH_DISCONNECT_CONNECTION_LOST
0x0000000B
SSH_DISCONNECT_BY_APPLICATION
0x0000000C
SSH_DISCONNECT_TOO_MANY_CONNECTIONS
0x0000000D
SSH_DISCONNECT_AUTH_CANCELLED_BY_USER
0x0000000E
SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE
0x0000000F
SSH_DISCONNECT_ILLEGAL_USER_NAME
0x00000010-0xFDFFFFFF
Unassigned
0xFE000000-0xFFFFFFFF
Reserved for Private Use
Channel Connection Failure Reason Codes and Descriptions
'reason code' values and 'description' values
0x00000001-0xFDFFFFFF
Expert Review
0xFE000000-0xFFFFFFFF
Reserved for Private Use
Peter Yee, Markus Stenberg
0x00000000
Reserved
0x00000001
SSH_OPEN_ADMINISTRATIVELY_PROHIBITED
0x00000002
SSH_OPEN_CONNECT_FAILED
0x00000003
SSH_OPEN_UNKNOWN_CHANNEL_TYPE
0x00000004
SSH_OPEN_RESOURCE_SHORTAGE
0x00000005-0xFDFFFFFF
Unassigned
0xFE000000-0xFFFFFFFF
Reserved for Private Use
Extended Channel Data Transfer data_type_code and Data
'data_type_code' values and 'data' values
0x00000001-0xFDFFFFFF
Expert Review
0xFE000000-0xFFFFFFFF
Reserved for Private Use
Peter Yee, Markus Stenberg
0x00000000
Reserved
0x00000001
SSH_EXTENDED_DATA_STDERR
0x00000002-0xFDFFFFFF
Unassigned
0xFE000000-0xFFFFFFFF
Reserved for Private Use
Pseudo-Terminal Encoded Terminal Modes
Expert Review
Peter Yee, Markus Stenberg
opcode and argument values which make up the "encoded terminal modes" values
0
TTY_OP_END
Indicates end of options.
1
VINTR
Interrupt character; 255 if none.
Similarly for the other characters.
Not all of these characters are
supported on all systems.
Section 8
2
VQUIT
The quit character (sends SIGQUIT
signal on POSIX systems).
Section 8
3
VERASE
Erase the character to left of the
cursor.
Section 8
4
VKILL
Kill the current input line.
Section 8
5
VEOF
End-of-file character (sends EOF from
the terminal).
Section 8
6
VEOL
End-of-line character in addition to
carriage return and/or linefeed.
Section 8
7
VEOL2
Additional end-of-line character.
Section 8
8
VSTART
Continues paused output (normally
control-Q).
Section 8
9
VSTOP
Pauses output (normally control-S).
Section 8
10
VSUSP
Suspends the current program.
Section 8
11
VDSUSP
Another suspend character.
Section 8
12
VREPRINT
Reprints the current input line.
Section 8
13
VWERASE
Erases a word left of cursor.
Section 8
14
VLNEXT
Enter the next character typed literally,
even if it is a special character
Section 8
15
VFLUSH
Character to flush output.
Section 8
16
VSWTCH
Switch to a different shell layer.
Section 8
17
VSTATUS
Prints system status line (load, command,
pid, etc).
Section 8
18
VDISCARD
Toggles the flushing of terminal output.
Section 8
19-29
Unassigned
30
IGNPAR
The ignore parity flag. The parameter
SHOULD be 0 if this flag is FALSE,
and 1 if it is TRUE.
Section 8
31
PARMRK
Mark parity and framing errors.
Section 8
32
INPCK
Enable checking of parity errors.
Section 8
33
ISTRIP
Strip 8th bit off characters.
Section 8
34
INLCR
Map NL into CR on input.
Section 8
35
IGNCR
Ignore CR on input.
Section 8
36
ICRNL
Map CR to NL on input.
Section 8
37
IUCLC
Translate uppercase characters to
lowercase.
Section 8
38
IXON
Enable output flow control.
Section 8
39
IXANY
Any char will restart after stop.
Section 8
40
IXOFF
Enable input flow control.
Section 8
41
IMAXBEL
Ring bell on input queue full.
Section 8
42
IUTF8
Terminal input and output is assumed to be
encoded in UTF-8.
43-49
Unassigned
50
ISIG
Enable signals INTR, QUIT, [D]SUSP.
Section 8
51
ICANON
Canonicalize input lines.
Section 8
52
XCASE
Enable input and output of uppercase
characters by preceding their lowercase
equivalents with "\".
Section 8
53
ECHO
Enable echoing.
Section 8
54
ECHOE
Visually erase chars.
Section 8
55
ECHOK
Kill character discards current line.
Section 8
56
ECHONL
Echo NL even if ECHO is off.
Section 8
57
NOFLSH
Don't flush after interrupt.
Section 8
58
TOSTOP
Stop background jobs from output.
Section 8
59
IEXTEN
Enable extensions.
Section 8
60
ECHOCTL
Echo control characters as ^(Char).
Section 8
61
ECHOKE
Visual erase for line kill.
Section 8
62
PENDIN
Retype pending input.
Section 8
63-69
Unassigned
70
OPOST
Enable output processing.
Section 8
71
OLCUC
Convert lowercase to uppercase.
Section 8
72
ONLCR
Map NL to CR-NL.
Section 8
73
OCRNL
Translate carriage return to newline
(output).
Section 8
74
ONOCR
Translate newline to carriage
return-newline (output).
Section 8
75
ONLRET
Newline performs a carriage return
(output).
Section 8
76-89
Unassigned
90
CS7
7 bit mode.
Section 8
91
CS8
8 bit mode.
Section 8
92
PARENB
Parity enable.
Section 8
93
PARODD
Odd parity, else even.
Section 8
94-127
Unassigned
128
TTY_OP_ISPEED
Specifies the input baud rate in
bits per second.
Section 8
129
TTY_OP_OSPEED
Specifies the output baud rate in
bits per second.
Section 8
130-255
Unassigned
Service Names
Expert Review
Peter Yee, Markus Stenberg
ssh-userauth
ssh-connection
Authentication Method Names
Expert Review
Peter Yee, Markus Stenberg
publickey
Section 7
password
Section 8
hostbased
Section 9
none
Section 5.2
keyboard-interactive
gssapi-with-mic
gssapi-keyex
gssapi
external-keyx
Connection Protocol Channel Types
Expert Review
Peter Yee, Markus Stenberg
session
Section 6.1
x11
Section 6.3.2
forwarded-tcpip
Section 7.2
direct-tcpip
Section 7.2
Connection Protocol Global Request Names
Expert Review
Peter Yee, Markus Stenberg
tcpip-forward
Section 7.1
cancel-tcpip-forward
Section 7.1
Connection Protocol Channel Request Names
Expert Review
Peter Yee, Markus Stenberg
pty-req
Section 6.2
x11-req
Section 6.3.1
env
Section 6.4
shell
Section 6.5
exec
Section 6.5
subsystem
Section 6.5
window-change
Section 6.7
xon-xoff
Section 6.8
signal
Section 6.9
exit-status
Section 6.10
exit-signal
Section 6.10
break
Signal Names
Expert Review
Peter Yee, Markus Stenberg
ABRT
ALRM
FPE
HUP
ILL
INT
KILL
PIPE
QUIT
SEGV
TERM
USR1
USR2
Connection Protocol Subsystem Names
Expert Review
Peter Yee, Markus Stenberg
publickey
snmp
netconf
rpki-rtr
Key Exchange Method Names
Expert Review
Peter Yee, Markus Stenberg
*All values beginning with the specified string and not containing "@".
“OK to Implement” guidance entries for registrations that pre-date
are found in Table 12 in Section 4 of .
diffie-hellman-group-exchange-sha1
Section 4.1
SHOULD NOT
diffie-hellman-group-exchange-sha256
Section 4.2
MAY
diffie-hellman-group1-sha1
Section 8.1
SHOULD NOT
diffie-hellman-group14-sha1
Section 8.2
MAY
diffie-hellman-group14-sha256
MUST
diffie-hellman-group15-sha512
MAY
diffie-hellman-group16-sha512
SHOULD
diffie-hellman-group17-sha512
MAY
diffie-hellman-group18-sha512
MAY
ecdh-sha2-*
MAY
ecmqv-sha2
MAY
gss-group1-sha1-*
SHOULD NOT
gss-group14-sha1-*
SHOULD NOT
gss-gex-sha1-*
SHOULD NOT
gss-
Section 2.6
reserved
rsa1024-sha1
MUST NOT
rsa2048-sha256
MAY
ext-info-s
Section 2
SHOULD
ext-info-c
Section 2
SHOULD
gss-group14-sha256-*
SHOULD
gss-group15-sha512-*
MAY
gss-group16-sha512-*
MAY
gss-group17-sha512-*
MAY
gss-group18-sha512-*
MAY
gss-nistp256-sha256-*
SHOULD
gss-nistp384-sha384-*
SHOULD
gss-nistp521-sha512-*
SHOULD
gss-curve25519-sha256-*
SHOULD
gss-curve448-sha512-*
MAY
curve25519-sha256
SHOULD
curve448-sha512
MAY
ecdh-sha2-nistp256
SHOULD
ecdh-sha2-nistp384
SHOULD
ecdh-sha2-nistp521
SHOULD
Encryption Algorithm Names
Expert Review
Peter Yee, Markus Stenberg
3des-cbc
Section 6.3
blowfish-cbc
Section 6.3
twofish256-cbc
Section 6.3
twofish-cbc
Section 6.3
twofish192-cbc
Section 6.3
twofish128-cbc
Section 6.3
aes256-cbc
Section 6.3
aes192-cbc
Section 6.3
aes128-cbc
Section 6.3
serpent256-cbc
Section 6.3
serpent192-cbc
Section 6.3
serpent128-cbc
Section 6.3
arcfour
HISTORIC
idea-cbc
Section 6.3
cast128-cbc
Section 6.3
none
Section 6.3
des-cbc
FIPS-46-3
HISTORIC, See page 4
arcfour128
HISTORIC
arcfour256
HISTORIC
aes128-ctr
aes192-ctr
aes256-ctr
3des-ctr
blowfish-ctr
twofish128-ctr
twofish192-ctr
twofish256-ctr
serpent128-ctr
serpent192-ctr
serpent256-ctr
idea-ctr
cast128-ctr
AEAD_AES_128_GCM
Section 6.1
AEAD_AES_256_GCM
Section 6.2
MAC Algorithm Names
Expert Review
Peter Yee, Markus Stenberg
hmac-sha1
Section 6.4
hmac-sha1-96
Section 6.4
hmac-md5
Section 6.4
hmac-md5-96
Section 6.4
none
Section 6.4
AEAD_AES_128_GCM
Section 6.1
AEAD_AES_256_GCM
Section 6.2
hmac-sha2-256
Section 2
hmac-sha2-512
Section 2
Public Key Algorithm Names
Expert Review
Peter Yee, Markus Stenberg
*All values beginning with the specified string and not containing "@".
ssh-dss
ssh-dss
Section 6.6
ssh-rsa
ssh-rsa
Section 6.6
rsa-sha2-256
ssh-rsa
Section 3
rsa-sha2-512
ssh-rsa
Section 3
spki-sign-rsa
spki-sign-rsa
Section 6.6
spki-sign-dss
spki-sign-dss
Section 6.6
pgp-sign-rsa
pgp-sign-rsa
Section 6.6
pgp-sign-dss
pgp-sign-dss
Section 6.6
null
null
Section 5
ecdsa-sha2-*
ecdsa-sha2-*
x509v3-ssh-dss
x509v3-ssh-dss
x509v3-ssh-rsa
x509v3-ssh-rsa
x509v3-rsa2048-sha256
x509v3-rsa2048-sha256
x509v3-ecdsa-sha2-*
x509v3-ecdsa-sha2-*
ssh-ed25519
ssh-ed25519
ssh-ed448
ssh-ed448
Compression Algorithm Names
Expert Review
Peter Yee, Markus Stenberg
none
Section 6.2
zlib
Section 6.2
SSH Public-Key File Header Tags
Expert Review
Peter Yee, Markus Stenberg
Tags beginning with x- Reserved for Private Use
subject
Section 3.3.1
comment
Section 3.3.2
Publickey Subsystem Request Names
Expert Review
Peter Yee, Markus Stenberg
version
add
remove
list
listattributes
Publickey Subsystem Response Names
Expert Review
Peter Yee, Markus Stenberg
version
status
publickey
attribute
Publickey Subsystem Attributes
Expert Review
Peter Yee, Markus Stenberg
comment
comment-language
command-override
subsystem
x11
shell
exec
agent
env
from
port-forward
reverse-forward
Publickey Subsystem Status Codes
0-191
Standards Action
192-255
Reserved for Private Use
0
SSH_PUBLICKEY_SUCCESS
1
SSH_PUBLICKEY_ACCESS_DENIED
2
SSH_PUBLICKEY_STORAGE_EXCEEDED
3
SSH_PUBLICKEY_VERSION_NOT_SUPPORTED
4
SSH_PUBLICKEY_KEY_NOT_FOUND
5
SSH_PUBLICKEY_KEY_NOT_SUPPORTED
6
SSH_PUBLICKEY_KEY_ALREADY_PRESENT
7
SSH_PUBLICKEY_GENERAL_FAILURE
8
SSH_PUBLICKEY_REQUEST_NOT_SUPPORTED
9
SSH_PUBLICKEY_ATTRIBUTE_NOT_SUPPORTED
10-191
Standards Action
192-255
Reserved
Extension Names
Expert Review
Peter Yee, Markus Stenberg
Names in the Extension Names table MUST follow the Conventions for
Names defined in , Section 4.6.1.
server-sig-algs
Section 3.1
delay-compression
Section 3.2
no-flow-control
Section 3.3
elevation
Section 3.4