draft-ietf-secsh-connect-08.txt   draft-ietf-secsh-connect-09.txt 
Network Working Group T. Ylonen Network Working Group T. Ylonen
INTERNET-DRAFT T. Kivinen INTERNET-DRAFT T. Kivinen
draft-ietf-secsh-connect-08.txt M. Saarinen draft-ietf-secsh-connect-09.txt M. Saarinen
Expires in six months T. Rinne Expires: 9 July, 2001 T. Rinne
S. Lehtinen S. Lehtinen
SSH Communications Security SSH Communications Security
21 Nov, 2000 9 January, 2001
SSH Connection Protocol SSH Connection Protocol
Status of This memo Status of This Memo
This document is an Internet-Draft and is in full conformance This document is an Internet-Draft and is in full conformance
with all provisions of Section 10 of RFC2026. with all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
skipping to change at page 2, line 16 skipping to change at page 2, line 16
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Global Requests . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Global Requests . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Channel Mechanism . . . . . . . . . . . . . . . . . . . . . . . 3 3. Channel Mechanism . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Opening a Channel . . . . . . . . . . . . . . . . . . . . . 3 3.1. Opening a Channel . . . . . . . . . . . . . . . . . . . . . 3
3.2. Data Transfer . . . . . . . . . . . . . . . . . . . . . . . 4 3.2. Data Transfer . . . . . . . . . . . . . . . . . . . . . . . 4
3.3. Closing a Channel . . . . . . . . . . . . . . . . . . . . . 5 3.3. Closing a Channel . . . . . . . . . . . . . . . . . . . . . 5
3.4. Channel-Specific Requests . . . . . . . . . . . . . . . . . 5 3.4. Channel-Specific Requests . . . . . . . . . . . . . . . . . 5
4. Interactive Sessions . . . . . . . . . . . . . . . . . . . . . . 6 4. Interactive Sessions . . . . . . . . . . . . . . . . . . . . . . 6
4.1. Opening a Session . . . . . . . . . . . . . . . . . . . . . 6 4.1. Opening a Session . . . . . . . . . . . . . . . . . . . . . 6
4.2. Requesting a Pseudo-Terminal . . . . . . . . . . . . . . . . 6 4.2. Requesting a Pseudo-Terminal . . . . . . . . . . . . . . . . 7
4.3. X11 Forwarding . . . . . . . . . . . . . . . . . . . . . . . 7 4.3. X11 Forwarding . . . . . . . . . . . . . . . . . . . . . . . 7
4.3.1. Requesting X11 Forwarding . . . . . . . . . . . . . . . 7 4.3.1. Requesting X11 Forwarding . . . . . . . . . . . . . . . 7
4.3.2. X11 Channels . . . . . . . . . . . . . . . . . . . . . . 8 4.3.2. X11 Channels . . . . . . . . . . . . . . . . . . . . . . 8
4.4. Environment Variable Passing . . . . . . . . . . . . . . . . 8 4.4. Environment Variable Passing . . . . . . . . . . . . . . . . 8
4.5. Starting a Shell or a Command . . . . . . . . . . . . . . . 8 4.5. Starting a Shell or a Command . . . . . . . . . . . . . . . 8
4.6. Session Data Transfer . . . . . . . . . . . . . . . . . . . 9 4.6. Session Data Transfer . . . . . . . . . . . . . . . . . . . 9
4.7. Window Dimension Change Message . . . . . . . . . . . . . . 9 4.7. Window Dimension Change Message . . . . . . . . . . . . . . 9
4.8. Local Flow Control . . . . . . . . . . . . . . . . . . . . . 9 4.8. Local Flow Control . . . . . . . . . . . . . . . . . . . . . 10
4.9. Signals . . . . . . . . . . . . . . . . . . . . . . . . . . 10 4.9. Signals . . . . . . . . . . . . . . . . . . . . . . . . . . 10
4.10. Returning Exit Status . . . . . . . . . . . . . . . . . . . 10 4.10. Returning Exit Status . . . . . . . . . . . . . . . . . . . 10
5. TCP/IP Port Forwarding . . . . . . . . . . . . . . . . . . . . . 11 5. TCP/IP Port Forwarding . . . . . . . . . . . . . . . . . . . . . 11
5.1. Requesting Port Forwarding . . . . . . . . . . . . . . . . . 11 5.1. Requesting Port Forwarding . . . . . . . . . . . . . . . . . 11
5.2. TCP/IP Forwarding Channels . . . . . . . . . . . . . . . . . 12 5.2. TCP/IP Forwarding Channels . . . . . . . . . . . . . . . . . 12
6. Encoding of Terminal Modes . . . . . . . . . . . . . . . . . . . 13 6. Encoding of Terminal Modes . . . . . . . . . . . . . . . . . . . 13
7. Summary of Message Numbers . . . . . . . . . . . . . . . . . . . 15 7. Summary of Message Numbers . . . . . . . . . . . . . . . . . . . 15
8. Security Considerations . . . . . . . . . . . . . . . . . . . . 15 8. Security Considerations . . . . . . . . . . . . . . . . . . . . 15
9. Trademark Issues . . . . . . . . . . . . . . . . . . . . . . . . 16 9. Trademark Issues . . . . . . . . . . . . . . . . . . . . . . . . 16
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16
skipping to change at page 4, line 22 skipping to change at page 4, line 23
... channel type specific data follows ... channel type specific data follows
where `recipient channel' is the channel number given in the original where `recipient channel' is the channel number given in the original
open request, and `sender channel' is the channel number allocated by open request, and `sender channel' is the channel number allocated by
the other side, or the other side, or
byte SSH_MSG_CHANNEL_OPEN_FAILURE byte SSH_MSG_CHANNEL_OPEN_FAILURE
uint32 recipient channel uint32 recipient channel
uint32 reason code uint32 reason code
string additional textual information (ISO-10646 UTF-8 string additional textual information (ISO-10646 UTF-8
[RFC-2044]) [RFC-2279])
string language tag (as defined in [RFC-1766]) string language tag (as defined in [RFC-1766])
If the recipient of the SSH_MSG_CHANNEL_OPEN message does not support If the recipient of the SSH_MSG_CHANNEL_OPEN message does not support
the specified channel type, it simply responds with the specified channel type, it simply responds with
SSH_MSG_CHANNEL_OPEN_FAILURE. The client MAY show the additional SSH_MSG_CHANNEL_OPEN_FAILURE. The client MAY show the additional
information to the user. If this is done, the client software should information to the user. If this is done, the client software should
take the precautions discussed in [SSH-ARCH]. take the precautions discussed in [SSH-ARCH].
The following reason codes are defined: The following reason codes are defined:
skipping to change at page 7, line 57 skipping to change at page 8, line 5
cookie when a connection request is received. cookie when a connection request is received.
X11 connection forwarding should stop when the session channel is X11 connection forwarding should stop when the session channel is
closed; however, already opened forwardings should not be automatically closed; however, already opened forwardings should not be automatically
closed when the session channel is closed. closed when the session channel is closed.
If `single connection' is TRUE, only a single connection should be If `single connection' is TRUE, only a single connection should be
forwarded. No more connections will be forwarded after the first, or forwarded. No more connections will be forwarded after the first, or
after the session channel has been closed. after the session channel has been closed.
`X11 authentication protocol is the name of the X11 authentication The `x11 authentication protocol' is the name of the X11 authentication
method used, i.e. "MIT-MAGIC-COOKIE-1". method used, i.e. "MIT-MAGIC-COOKIE-1".
X Protocol is documented in [Scheifler]. X Protocol is documented in [SCHEIFLER].
4.3.2. X11 Channels 4.3.2. X11 Channels
X11 channels are opened with a channel open request. The resulting X11 channels are opened with a channel open request. The resulting
channels are independent of the session, and closing the session channel channels are independent of the session, and closing the session channel
does not close the forwarded X11 channels. does not close the forwarded X11 channels.
byte SSH_MSG_CHANNEL_OPEN byte SSH_MSG_CHANNEL_OPEN
string "x11" string "x11"
uint32 sender channel uint32 sender channel
skipping to change at page 9, line 22 skipping to change at page 9, line 24
This message will request the server to start the execution of the given This message will request the server to start the execution of the given
command. The command string may contain a path. Normal precautions MUST command. The command string may contain a path. Normal precautions MUST
be taken to prevent the execution of unauthorized commands. be taken to prevent the execution of unauthorized commands.
byte SSH_MSG_CHANNEL_REQUEST byte SSH_MSG_CHANNEL_REQUEST
uint32 recipient channel uint32 recipient channel
string "subsystem" string "subsystem"
boolean want reply boolean want reply
string subsystem name string subsystem name
This last form executes a predefined subsystem. It expected that these This last form executes a predefined subsystem. It is expected that
will include a general file transfer mechanism, and possibly other these will include a general file transfer mechanism, and possibly other
features. Implementations may also allow configuring more such features. Implementations may also allow configuring more such
mechanisms. mechanisms. As the user's shell is usually used to execute the
subsystem, it is advisable for the subsystem protocol to have a "magic
cookie" at the beginning of the protocol transaction to distinguish from
arbitrary output from shell initialization scripts etc. This spurious
output from the shell may be filtered out either at the server or at the
client.
The server SHOULD not halt the execution of the protocol stack when The server SHOULD not halt the execution of the protocol stack when
starting a shell or a program. All input and output from these SHOULD be starting a shell or a program. All input and output from these SHOULD be
redirected to the channel or to the encrypted tunnel. redirected to the channel or to the encrypted tunnel.
It is RECOMMENDED to request and check the reply for these messages. The It is RECOMMENDED to request and check the reply for these messages. The
client SHOULD ignore these messages. client SHOULD ignore these messages.
4.6. Session Data Transfer 4.6. Session Data Transfer
skipping to change at page 11, line 8 skipping to change at page 11, line 14
byte SSH_MSG_CHANNEL_REQUEST byte SSH_MSG_CHANNEL_REQUEST
uint32 recipient_channel uint32 recipient_channel
string "exit-status" string "exit-status"
boolean FALSE boolean FALSE
uint32 exit_status uint32 exit_status
The remote command may also terminate violently due to a signal. Such a The remote command may also terminate violently due to a signal. Such a
condition can be indicated by the following message. A zero exit_status condition can be indicated by the following message. A zero exit_status
usually means that the command terminated successfully. usually means that the command terminated successfully.
byte SSH_MSG_CHANNEL_REQUEST byte SSH_MSG_CHANNEL_REQUEST
uint32 recipient channel uint32 recipient channel
string "exit-signal" string "exit-signal"
boolean FALSE boolean FALSE
string signal name without the "SIG" prefix. string signal name without the "SIG" prefix.
boolean core dumped boolean core dumped
string error message (ISO-10646 UTF-8 [RFC-2044]) string error message (ISO-10646 UTF-8)
string language tag (as defined in [RFC-1766]) string language tag (as defined in [RFC-1766])
The signal name is one of the following (these are from [POSIX]): The signal name is one of the following (these are from [POSIX]):
ABRT ABRT
ALRM ALRM
FPE FPE
HUP HUP
ILL ILL
INT INT
skipping to change at page 16, line 24 skipping to change at page 16, line 29
and permits their use to describe that a product conforms to this and permits their use to describe that a product conforms to this
standard, provided that the following acknowledgement is included where standard, provided that the following acknowledgement is included where
the trademarks are used: ``SSH is a registered trademark and Secure the trademarks are used: ``SSH is a registered trademark and Secure
Shell is a trademark of SSH Communications Security Corp Shell is a trademark of SSH Communications Security Corp
(www.ssh.com)''. These trademarks may not be used as part of a product (www.ssh.com)''. These trademarks may not be used as part of a product
name or in otherwise confusing manner without prior written permission name or in otherwise confusing manner without prior written permission
of SSH Communications Security Corp. of SSH Communications Security Corp.
10. References 10. References
[RFC-1766] Alvestrand, H., "Tags for the Identification of Languages", [RFC-1766] Alvestrand, H: "Tags for the Identification of Languages",
March 1995. March 1995.
[RFC-1884] Hinden, R., and Deering, S., "IP Version 6 Addressing [RFC-1884] Hinden, R., and Deering, S: "IP Version 6 Addressing
Architecture", December 1995 Architecture", December 1995
[RFC-2044] Yergeau, F., "UTF-8, a Transformation Format of Unicode and [RFC-2279] Yergeau, F: "UTF-8, a transformation format of ISO 10646",
ISO 10646", October 1996. January 1998.
[Scheifler] Scheifler, R. W., et al, "X Window System : The Complete [SCHEIFLER] Scheifler, R. W., et al: "X Window System : The Complete
Reference to Xlib, X Protocol, Icccm, Xlfd", 3rd edition, Digital Press, Reference to Xlib, X Protocol, Icccm, Xlfd", 3rd edition, Digital Press,
ISBN 1555580882, February 1992. ISBN 1555580882, February 1992.
[POSIX] ISO/IEC Std 9945-1, ANSI/IEEE Std 1003.1 Information [POSIX] ISO/IEC Std 9945-1, ANSI/IEEE Std 1003.1 Information technology
technology-- Portable Operating System Interface (POSIX)-Part 1: System -- Portable Operating System Interface (POSIX)-Part 1: System
Application Program Interface (API) [C Language], July 1996. Application Program Interface (API) [C Language], July 1996.
[SSH-ARCH] Ylonen, T., et al, "SSH Protocol Architecture", Internet [SSH-ARCH] Ylonen, T., et al: "SSH Protocol Architecture", Internet-
Draft, draft-ietf-secsh-architecture-05.txt Draft, draft-ietf-secsh-architecture-07.txt
[SSH-TRANS] Ylonen, T., et al: "SSH Transport Layer Protocol", Internet-
[SSH-TRANS] Ylonen, T., et al, "SSH Transport Layer Protocol", Internet Draft, draft-ietf-secsh-transport-09.txt
Draft, draft-ietf-secsh-transport-07.txt
[SSH-USERAUTH] Ylonen, T., et al, "SSH Authentication Protocol", [SSH-USERAUTH] Ylonen, T., et al: "SSH Authentication Protocol",
Internet Draft, draft-ietf-secsh-userauth-07.txt Internet-Draft, draft-ietf-secsh-userauth-09.txt
11. Authors' Addresses 11. Authors' Addresses
Tatu Ylonen Tatu Ylonen
SSH Communications Security Corp SSH Communications Security Corp
Fredrikinkatu 42 Fredrikinkatu 42
FIN-00100 HELSINKI FIN-00100 HELSINKI
Finland Finland
E-mail: ylo@ssh.com E-mail: ylo@ssh.com
Tero Kivinen Tero Kivinen
SSH Communications Security Corp SSH Communications Security Corp
Fredrikinkatu 42 Fredrikinkatu 42
FIN-00100 HELSINKI FIN-00100 HELSINKI
Finland Finland
E-mail: kivinen@ssh.com E-mail: kivinen@ssh.com
Markku-Juhani O. Saarinen Markku-Juhani O. Saarinen
University of Jyvaskyla University of Jyvaskyla
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/