The SSH Protocol

Version 1.5

Documented in the RFC file from the SSH1 distribution, this version of the protocol is mostly obsolete and abandoned.

Version 2.0 (RFCs)

The SSH-2 protocol is described in five main documents. Architecture describes the overall design of SSH-2. Transport provides a single, full-duplex, byte-oriented connection between client and server, with privacy, integrity, server authentication, and man-in-the-middle protection. Authentication identifies the client to the server. Connection provides richer, application-support services over the transport pipe, such as channel multiplexing, flow control, remote program execution, signal propagation, connection forwarding, etc. Finally, the Assigned Numbers document gathers together and lists various constant assignments made in the other documents.

Other RFCs

These establish various extensions to the core SSH protocols, or related mechanisms.

Using DNS to Securely Publish Secure Shell Key Fingerprints (RFC 4255)
Documents a method of storing SSH hostkey fingerprints in the DNS. This is implemented by the VerifyHostKeyDNS option to the OpenSSH client. Extended by RFC 6594 to cover elliptic-curve hostkeys and SHA-2.
Generic Message Exchange Authentication for the Secure Shell Protocol (SSH) (RFC 4256)
Documents the keyboard-interactive userauth method, which allows for any number of server prompts and client responses as part of client authentication. This can accommodate challenge-response schemes such as one-time passwords, and is often implemented on Unix via PAM.
The Secure Shell Transport Layer Encryption Modes (RFC 4344)
This document describes new symmetric encryption methods for the SSH Transport Protocol and gives specific recommendations on how frequently SSH implementations should rekey, in response to SSH protocol vulnerabilities reported by Bellare, Kohno, and Namprempre.
Diffie-Hellman Group Exchange (Friedl, Provos & Simpson) (RFC 4419)
The original key agreement methods defined in the transport protocol use fixed, well-known groups for the Diffie-Hellman algorithm. This method allows a server to use a set of locally configured groups, and the client to request a preferred group size.
RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol (RFC 4432)
This memo describes a key-exchange method for the Secure Shell (SSH) protocol based on Rivest-Shamir-Adleman (RSA) public-key encryption. It uses much less client CPU time than the Diffie-Hellman algorithm specified as part of the core protocol, and hence is particularly suitable for slow client systems.
GSSAPI Authentication and Key Exchange for SSH (RFC 4462)
Describes methods for using the GSS-API for authentication and key exchange in SSH. It defines an SSH user authentication method that uses a specified GSS-API mechanism to authenticate a user, and a family of SSH key exchange methods that use GSS-API to authenticate a Diffie-Hellman key exchange. This typically uses Kerberos to provide single-signon, as well as automatic server authentication without hostkeys.
The Secure Shell Public Key File Format (RFC 4716)
Documents the public-key file format in use by several SSH implementations.
Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer (RFC 5656)
This document describes algorithms based on Elliptic Curve Cryptography (ECC) for use within the Secure Shell (SSH) transport protocol. In particular, it specifies Elliptic Curve Diffie-Hellman (ECDH) key agreement, Elliptic Curve Menezes-Qu-Vanstone (ECMQV) key agreement, and Elliptic Curve Digital Signature Algorithm (ECDSA) for use in the SSH Transport Layer protocol.
Suite B Cryptographic Suites for Secure Shell (RFC 6239)
Defines SSH extensions to provide cryptography compliant with the NSA “Suite B” recommendations.
Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records (RFC 6594)
Updates RFC 4255, which defines a method for storing SSH hostkey fingerprints in the DNS. This document adds support for elliptic-curve hostkeys (ECDSA), as well as the SHA-2 hash algorithm.
SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol (RFC 6668)
This memo defines algorithm names and parameters for use in some of the SHA-2 family of secure hash algorithms for data integrity verification in the Secure Shell (SSH) protocol. It also updates RFC 4253 by specifying a new RECOMMENDED data integrity algorithm.

Version 2.0 (Drafts and Proposals)

SSH File Transfer Protocol (Ylonen & Lehtinen)
The Secure Shell File Transfer Protocol provides secure file transfer functionality over any reliable data stream. It is the standard file transfer protocol for use with the Secure Shell Remote Login Protocol. This document describes the file transfer protocol and its interface to the Secure Shell protocol suite.
X.509 authentication in SSH2 (Galbraith & Saarenmaa) (Internet-Draft)
Specifies how X.509 certificates, keys and signatures are used within the SSH2 protocol.
Secure Shell Public Key Channel (Galbraith & Van Dyke)
Protocol to run inside an SSH-TRANS channel, for configuring public-key authorization data for a remote account. This addresses the problem of multiplying implementation-specific methods for doing this (e.g. files authorized_keys, authorization, authorized_keys2, differing key storage formats, etc.).