Secure Shell (secsh)

Last Modified: 2005-09-08

Additional information is available at


Security Area Director(s):

Security Area Advisor:

Mailing Lists:

General Discussion:
To Subscribe:
In Body: subscribe ietf-ssh

Description of Working Group:

The goal of the working group is to update and standardize the popular
SSH protocol. SSH provides support for secure remote login, secure file
transfer, and secure TCP/IP and X11 forwardings. It can automatically
encrypt, authenticate, and compress transmitted data.  The working
group will attempt to assure that the SSH protocol

o  provides strong security against cryptanalysis and protocol

o  can work reasonably well without a global key management or
    certificate infrastructure,

o  can utilize existing certificate infrastructures (e.g., DNSSEC,
    SPKI, X.509) when available,

o  can be made easy to deploy and take into use,

o  requires minimum or no manual interaction from users,

o  is reasonably clean and simple to implement.

The resulting protocol will operate over TCP/IP or other reliable but
insecure transport. It is intended to be implemented at the application

Goals and Milestones:

Done    Submit Internet-Draft on SSH-2.0 protocol
Done    Decide on Transport Layer protocol at Memphis IETF.
Done    Post revised core secsh drafts
Done    Submit core drafts to IESG for publication as proposed standard
Done    Post extensions drafts for review
Done    Start sending extensions drafts to Last Call
Done    Publish draft on new crypto modes
Done    GSSAPI draft ready for last call
Done    Publish draft on X.509v3/pkix support (or subsume into gssapi draft)
Done    Publish draft on terminal server support
Done    IESG approval of core drafts
Aug 2005    Public key subsystem ready for last call
Done    Publickeyfile ready for last call as Informational
Sep 2005    URI draft ready for last call
Oct 2005    File transfer draft ready for last call
Oct 2005    X.509v3/pkix draft ready for last call
Nov 2005    Investigate Draft Standard status for secure shell


SSH File Transfer Protocol (120970 bytes)

Request For Comments:

The Secure Shell (SSH) Protocol Assigned Numbers (RFC 4250) (44010 bytes)
Generic Message Exchange Authentication For The Secure Shell Protocol (SSH) (RFC 4256) (24728 bytes)
Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints (RFC 4255) (18399 bytes)
The Secure Shell (SSH) Connection Protocol (RFC 4254) (50338 bytes)
The Secure Shell (SSH) Transport Layer Protocol (RFC 4253) (68263 bytes)
The Secure Shell (SSH) Authentication Protocol (RFC 4252) (34268 bytes)
The Secure Shell (SSH) Protocol Architecture (RFC 4251) (71750 bytes)
The Secure Shell (SSH) Transport Layer Encryption Modes (RFC 4344) (27521 bytes)
Secure Shell (SSH) Session Channel Break Extension (RFC 4335) (11370 bytes)
Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol (RFC 4419) (18356 bytes)
Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell Protocol (RFC 4462) (65280 bytes)
The Secure Shell (SSH) Public Key File Format (RFC 4716) (18395 bytes)
Secure Shell Public-Key Subsystem (RFC 4819) (32794 bytes)