draft-ietf-secsh-connect-24.txt   draft-ietf-secsh-connect-25.txt 
Network Working Group C. Lonvick, Ed. Network Working Group T. Ylonen
Internet-Draft Cisco Systems, Inc. Internet-Draft SSH Communications Security Corp
Expires: August 21, 2005 February 17, 2005 Expires: September 15, 2005 C. Lonvick, Ed.
Cisco Systems, Inc.
March 14, 2005
SSH Connection Protocol SSH Connection Protocol
draft-ietf-secsh-connect-24.txt draft-ietf-secsh-connect-25.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of Section 3 of RFC 3667. By submitting this Internet-Draft, each of Section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with which he or she become aware will be disclosed, in accordance with
RFC 3668. RFC 3668.
skipping to change at page 1, line 35 skipping to change at page 1, line 37
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 21, 2005. This Internet-Draft will expire on September 15, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2005).
Abstract Abstract
SSH is a protocol for secure remote login and other secure network SSH is a protocol for secure remote login and other secure network
services over an insecure network. services over an insecure network.
skipping to change at page 2, line 21 skipping to change at page 2, line 23
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Conventions Used in This Document . . . . . . . . . . . . . . 3 3. Conventions Used in This Document . . . . . . . . . . . . . . 3
4. Global Requests . . . . . . . . . . . . . . . . . . . . . . . 4 4. Global Requests . . . . . . . . . . . . . . . . . . . . . . . 4
5. Channel Mechanism . . . . . . . . . . . . . . . . . . . . . . 5 5. Channel Mechanism . . . . . . . . . . . . . . . . . . . . . . 5
5.1 Opening a Channel . . . . . . . . . . . . . . . . . . . . 5 5.1 Opening a Channel . . . . . . . . . . . . . . . . . . . . 5
5.2 Data Transfer . . . . . . . . . . . . . . . . . . . . . . 7 5.2 Data Transfer . . . . . . . . . . . . . . . . . . . . . . 7
5.3 Closing a Channel . . . . . . . . . . . . . . . . . . . . 8 5.3 Closing a Channel . . . . . . . . . . . . . . . . . . . . 8
5.4 Channel-Specific Requests . . . . . . . . . . . . . . . . 9 5.4 Channel-Specific Requests . . . . . . . . . . . . . . . . 9
6. Interactive Sessions . . . . . . . . . . . . . . . . . . . . . 10 6. Interactive Sessions . . . . . . . . . . . . . . . . . . . . . 10
6.1 Opening a Session . . . . . . . . . . . . . . . . . . . . 10 6.1 Opening a Session . . . . . . . . . . . . . . . . . . . . 10
6.2 Requesting a Pseudo-Terminal . . . . . . . . . . . . . . . 10 6.2 Requesting a Pseudo-Terminal . . . . . . . . . . . . . . . 11
6.3 X11 Forwarding . . . . . . . . . . . . . . . . . . . . . . 11 6.3 X11 Forwarding . . . . . . . . . . . . . . . . . . . . . . 11
6.3.1 Requesting X11 Forwarding . . . . . . . . . . . . . . 11 6.3.1 Requesting X11 Forwarding . . . . . . . . . . . . . . 11
6.3.2 X11 Channels . . . . . . . . . . . . . . . . . . . . . 11 6.3.2 X11 Channels . . . . . . . . . . . . . . . . . . . . . 12
6.4 Environment Variable Passing . . . . . . . . . . . . . . . 12 6.4 Environment Variable Passing . . . . . . . . . . . . . . . 12
6.5 Starting a Shell or a Command . . . . . . . . . . . . . . 12 6.5 Starting a Shell or a Command . . . . . . . . . . . . . . 13
6.6 Session Data Transfer . . . . . . . . . . . . . . . . . . 13 6.6 Session Data Transfer . . . . . . . . . . . . . . . . . . 14
6.7 Window Dimension Change Message . . . . . . . . . . . . . 13 6.7 Window Dimension Change Message . . . . . . . . . . . . . 14
6.8 Local Flow Control . . . . . . . . . . . . . . . . . . . . 14 6.8 Local Flow Control . . . . . . . . . . . . . . . . . . . . 14
6.9 Signals . . . . . . . . . . . . . . . . . . . . . . . . . 14 6.9 Signals . . . . . . . . . . . . . . . . . . . . . . . . . 15
6.10 Returning Exit Status . . . . . . . . . . . . . . . . . . 14 6.10 Returning Exit Status . . . . . . . . . . . . . . . . . . 15
7. TCP/IP Port Forwarding . . . . . . . . . . . . . . . . . . . . 16 7. TCP/IP Port Forwarding . . . . . . . . . . . . . . . . . . . . 16
7.1 Requesting Port Forwarding . . . . . . . . . . . . . . . . 16 7.1 Requesting Port Forwarding . . . . . . . . . . . . . . . . 16
7.2 TCP/IP Forwarding Channels . . . . . . . . . . . . . . . . 17 7.2 TCP/IP Forwarding Channels . . . . . . . . . . . . . . . . 18
8. Encoding of Terminal Modes . . . . . . . . . . . . . . . . . . 18 8. Encoding of Terminal Modes . . . . . . . . . . . . . . . . . . 19
9. Summary of Message Numbers . . . . . . . . . . . . . . . . . . 20 9. Summary of Message Numbers . . . . . . . . . . . . . . . . . . 21
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . 21 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . 21
11. Security Considerations . . . . . . . . . . . . . . . . . . 21 11. Security Considerations . . . . . . . . . . . . . . . . . . 21
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 21 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 22
12.1 Normative References . . . . . . . . . . . . . . . . . . . 21 12.1 Normative References . . . . . . . . . . . . . . . . . . . 22
12.2 Informative References . . . . . . . . . . . . . . . . . . 22 12.2 Informative References . . . . . . . . . . . . . . . . . . 22
Author's Address . . . . . . . . . . . . . . . . . . . . . . . 22 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 23
Intellectual Property and Copyright Statements . . . . . . . . 23 A. Trademark Notice . . . . . . . . . . . . . . . . . . . . . . . 23
Intellectual Property and Copyright Statements . . . . . . . . 24
1. Contributors 1. Contributors
The major original contributors of this set of documents have been: The major original contributors of this set of documents have been:
Tatu Ylonen, Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH Tatu Ylonen, Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH
Communications Security Corp), and Markku-Juhani O. Saarinen Communications Security Corp), and Markku-Juhani O. Saarinen
(University of Jyvaskyla). Darren Moffit was the original editor of (University of Jyvaskyla). Darren Moffit was the original editor of
this set of documents and also made very substantial contributions. this set of documents and also made very substantial contributions.
Additional contributors to this document include [need list]. Many people contributed to the development of this document over the
Listing their names here does not mean that they endorse this years. People who should be acknowledged include Mats Andersson, Ben
document, but that they have contributed to it. Harris, Brent McClure, Niels Moller, Damien Miller, Derek Fawcus,
Frank Cusack, Heikki Nousiainen, Jakob Schlyter, Jeff Van Dyke,
Comments on this internet draft should be sent to the IETF SECSH Jeffrey Altman, Jeffrey Hutzelman, Jon Bright, Joseph Galbraith, Ken
working group, details at: Hornstein, Markus Friedl, Martin Forssen, Nicolas Williams, Niels
http://ietf.org/html.charters/secsh-charter.html Note: This paragraph Provos, Perry Metzger, Peter Gutmann, Simon Josefsson, Simon Tatham,
will be removed before this document progresses to become an RFC. Wei Dai, Denis Bider, der Mouse, and Tadayoshi Kohno. Listing their
names here does not mean that they endorse this document, but that
they have contributed to it.
2. Introduction 2. Introduction
The SSH Connection Protocol has been designed to run on top of the The SSH Connection Protocol has been designed to run on top of the
SSH transport layer and user authentication protocols. It provides SSH transport layer and user authentication protocols. It provides
interactive login sessions, remote execution of commands, forwarded interactive login sessions, remote execution of commands, forwarded
TCP/IP connections, and forwarded X11 connections. The service name TCP/IP connections, and forwarded X11 connections. The service name
for this protocol is "ssh-connection". for this protocol is "ssh-connection".
This document should be read only after reading the SSH architecture This document should be read only after reading the SSH architecture
skipping to change at page 7, line 31 skipping to change at page 7, line 42
The window size specifies how many bytes the other party can send The window size specifies how many bytes the other party can send
before it must wait for the window to be adjusted. Both parties use before it must wait for the window to be adjusted. Both parties use
the following message to adjust the window. the following message to adjust the window.
byte SSH_MSG_CHANNEL_WINDOW_ADJUST byte SSH_MSG_CHANNEL_WINDOW_ADJUST
uint32 recipient channel uint32 recipient channel
uint32 bytes to add uint32 bytes to add
After receiving this message, the recipient MAY send the given number After receiving this message, the recipient MAY send the given number
of bytes more than it was previously allowed to send; the window size of bytes more than it was previously allowed to send; the window size
is incremented. is incremented. Implementations MUST correctly handle window sizes
of up to 2^32 - 1 bytes. The window MUST NOT be increased above 2^32
- 1 bytes.
Data transfer is done with messages of the following type. Data transfer is done with messages of the following type.
byte SSH_MSG_CHANNEL_DATA byte SSH_MSG_CHANNEL_DATA
uint32 recipient channel uint32 recipient channel
string data string data
The maximum amount of data allowed is the current window size. The The maximum amount of data allowed is the current window size. The
window size is decremented by the amount of data sent. Both parties window size is decremented by the amount of data sent. Both parties
MAY ignore all extra data sent after the allowed window is empty. MAY ignore all extra data sent after the allowed window is empty.
Additionally, some channels can transfer several types of data. An Additionally, some channels can transfer several types of data. An
example of this is stderr data from interactive sessions. Such data example of this is stderr data from interactive sessions. Such data
can be passed with SSH_MSG_CHANNEL_EXTENDED_DATA messages, where a can be passed with SSH_MSG_CHANNEL_EXTENDED_DATA messages, where a
separate integer specifies the type of the data. The available types separate integer specifies the type of the data. The available types
and their interpretation depend on the type of the channel. and their interpretation depend on the type of the channel.
skipping to change at page 21, line 29 skipping to change at page 22, line 15
implementations disable all the potentially dangerous features (e.g., implementations disable all the potentially dangerous features (e.g.,
agent forwarding, X11 forwarding, and TCP/IP forwarding) if the host agent forwarding, X11 forwarding, and TCP/IP forwarding) if the host
key has changed without notice or explanation. key has changed without notice or explanation.
12. References 12. References
12.1 Normative References 12.1 Normative References
[SSH-ARCH] [SSH-ARCH]
Lonvick, C., "SSH Protocol Architecture", Lonvick, C., "SSH Protocol Architecture",
I-D draft-ietf-secsh-architecture-21.txt, February 2005. I-D draft-ietf-secsh-architecture-22.txt, March 2005.
[SSH-TRANS] [SSH-TRANS]
Lonvick, C., "SSH Transport Layer Protocol", Lonvick, C., "SSH Transport Layer Protocol",
I-D draft-ietf-secsh-transport-23.txt, February 2005. I-D draft-ietf-secsh-transport-24.txt, March 2005.
[SSH-USERAUTH] [SSH-USERAUTH]
Lonvick, C., "SSH Authentication Protocol", Lonvick, C., "SSH Authentication Protocol",
I-D draft-ietf-secsh-userauth-26.txt, February 2005. I-D draft-ietf-secsh-userauth-27.txt, March 2005.
[SSH-NUMBERS] [SSH-NUMBERS]
Lonvick, C., "SSH Protocol Assigned Numbers", Lonvick, C., "SSH Protocol Assigned Numbers",
I-D draft-ietf-secsh-assignednumbers-11.txt, February I-D draft-ietf-secsh-assignednumbers-12.txt, March 2005.
2005.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434, IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998. October 1998.
[RFC3066] Alvestrand, H., "Tags for the Identification of [RFC3066] Alvestrand, H., "Tags for the Identification of
Languages", BCP 47, RFC 3066, January 2001. Languages", BCP 47, RFC 3066, January 2001.
skipping to change at page 22, line 29 skipping to change at page 23, line 15
[SCHEIFLER] [SCHEIFLER]
Scheifler, R., "X Window System : The Complete Reference Scheifler, R., "X Window System : The Complete Reference
to Xlib, X Protocol, Icccm, Xlfd, 3rd edition.", Digital to Xlib, X Protocol, Icccm, Xlfd, 3rd edition.", Digital
Press ISBN 1555580882, February 1992. Press ISBN 1555580882, February 1992.
[POSIX] ISO/IEC, 9945-1., "Information technology -- Portable [POSIX] ISO/IEC, 9945-1., "Information technology -- Portable
Operating System Interface (POSIX)-Part 1: System Operating System Interface (POSIX)-Part 1: System
Application Program Interface (API) C Language", Application Program Interface (API) C Language",
ANSI/IEE Std 1003.1, July 1996. ANSI/IEE Std 1003.1, July 1996.
Author's Address Authors' Addresses
Tatu Ylonen
SSH Communications Security Corp
Fredrikinkatu 42
HELSINKI FIN-00100
Finland
Email: ylo@ssh.com
Chris Lonvick (editor) Chris Lonvick (editor)
Cisco Systems, Inc. Cisco Systems, Inc.
12515 Research Blvd. 12515 Research Blvd.
Austin 78759 Austin 78759
USA USA
Email: clonvick@cisco.com Email: clonvick@cisco.com
Appendix A. Trademark Notice
"ssh" is a registered trademark in the United States and/or other
countries.
Note to the RFC Editor: This should be a separate section like the
subsequent ones, and not an appendix. This paragraph to be removed
before publication.
Intellectual Property Statement Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/