draft-ietf-secsh-assignednumbers-08.txt   draft-ietf-secsh-assignednumbers-09.txt 
Network Working Group C. Lonvick, Ed. Network Working Group C. Lonvick, Ed.
Internet-Draft Cisco Systems, Inc. Internet-Draft Cisco Systems, Inc.
Expires: May 19, 2005 November 18, 2004 Expires: May 30, 2005 November 29, 2004
SSH Protocol Assigned Numbers SSH Protocol Assigned Numbers
draft-ietf-secsh-assignednumbers-08.txt draft-ietf-secsh-assignednumbers-09.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of section 3 of RFC 3667. By submitting this Internet-Draft, each of section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with which he or she become aware will be disclosed, in accordance with
RFC 3668. RFC 3668.
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on May 19, 2005. This Internet-Draft will expire on May 30, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2004). Copyright (C) The Internet Society (2004).
Abstract Abstract
This document defines the instructions to the IANA and the initial This document defines the instructions to the IANA and the initial
state of the IANA assigned numbers for the SSH protocol. It is state of the IANA assigned numbers for the SSH protocol. It is
intended only for the initialization of the IANA registries intended only for the initialization of the IANA registries
referenced in the documents. referenced in the documents.
Table of Contents Table of Contents
1. Editor's Note . . . . . . . . . . . . . . . . . . . . . . . 4 1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
3. Conventions Used in This Document . . . . . . . . . . . . . 4 3. Conventions Used in This Document . . . . . . . . . . . . . 4
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . 5 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . 5
4.1 Message Numbers . . . . . . . . . . . . . . . . . . . . . 5 4.1 Message Numbers . . . . . . . . . . . . . . . . . . . . . 5
4.1.1 Conventions . . . . . . . . . . . . . . . . . . . . . 5 4.1.1 Conventions . . . . . . . . . . . . . . . . . . . . . 5
4.1.2 Initial Assignments . . . . . . . . . . . . . . . . . 6 4.1.2 Initial Assignments . . . . . . . . . . . . . . . . . 6
4.1.3 Future Assignments . . . . . . . . . . . . . . . . . . 7 4.1.3 Future Assignments . . . . . . . . . . . . . . . . . . 7
4.2 Disconnection Messages Reason Codes and Descriptions . . . 7 4.2 Disconnection Messages Reason Codes and Descriptions . . . 7
4.2.1 Conventions . . . . . . . . . . . . . . . . . . . . . 7 4.2.1 Conventions . . . . . . . . . . . . . . . . . . . . . 7
4.2.2 Initial Assignments . . . . . . . . . . . . . . . . . 7 4.2.2 Initial Assignments . . . . . . . . . . . . . . . . . 8
4.2.3 Future Assignments . . . . . . . . . . . . . . . . . . 8 4.2.3 Future Assignments . . . . . . . . . . . . . . . . . . 8
4.3 Channel Connection Failure Reason Codes and Descriptions . 8 4.3 Channel Connection Failure Reason Codes and Descriptions . 8
4.3.1 Conventions . . . . . . . . . . . . . . . . . . . . . 8 4.3.1 Conventions . . . . . . . . . . . . . . . . . . . . . 8
4.3.2 Initial Assignments . . . . . . . . . . . . . . . . . 8 4.3.2 Initial Assignments . . . . . . . . . . . . . . . . . 9
4.3.3 Future Assignments . . . . . . . . . . . . . . . . . . 9 4.3.3 Future Assignments . . . . . . . . . . . . . . . . . . 9
4.3.4 Notes about the PRIVATE USE Range . . . . . . . . . . 9 4.3.4 Notes about the PRIVATE USE Range . . . . . . . . . . 9
4.4 Extended Channel Data Transfer data_type_code and Data . . 9 4.4 Extended Channel Data Transfer data_type_code and Data . . 10
4.4.1 Conventions . . . . . . . . . . . . . . . . . . . . . 9 4.4.1 Conventions . . . . . . . . . . . . . . . . . . . . . 10
4.4.2 Initial Assignments . . . . . . . . . . . . . . . . . 10 4.4.2 Initial Assignments . . . . . . . . . . . . . . . . . 10
4.4.3 Future Assignments . . . . . . . . . . . . . . . . . . 10 4.4.3 Future Assignments . . . . . . . . . . . . . . . . . . 10
4.5 Pseudo-Terminal Encoded Terminal Modes . . . . . . . . . . 10 4.5 Pseudo-Terminal Encoded Terminal Modes . . . . . . . . . . 10
4.5.1 Conventions . . . . . . . . . . . . . . . . . . . . . 10 4.5.1 Conventions . . . . . . . . . . . . . . . . . . . . . 11
4.5.2 Initial Assignments . . . . . . . . . . . . . . . . . 10 4.5.2 Initial Assignments . . . . . . . . . . . . . . . . . 11
4.5.3 Future Assignments . . . . . . . . . . . . . . . . . . 12 4.5.3 Future Assignments . . . . . . . . . . . . . . . . . . 12
4.6 Names . . . . . . . . . . . . . . . . . . . . . . . . . . 12 4.6 Names . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4.6.1 Conventions for Names . . . . . . . . . . . . . . . . 12 4.6.1 Conventions for Names . . . . . . . . . . . . . . . . 13
4.6.2 Future Assignments of Names . . . . . . . . . . . . . 13 4.6.2 Future Assignments of Names . . . . . . . . . . . . . 13
4.7 Service Names . . . . . . . . . . . . . . . . . . . . . . 13 4.7 Service Names . . . . . . . . . . . . . . . . . . . . . . 13
4.8 Authentication Method Names . . . . . . . . . . . . . . . 13 4.8 Authentication Method Names . . . . . . . . . . . . . . . 14
4.9 Connection Protocol Assigned Names . . . . . . . . . . . . 14 4.9 Connection Protocol Assigned Names . . . . . . . . . . . . 14
4.9.1 Connection Protocol Channel Types . . . . . . . . . . 14 4.9.1 Connection Protocol Channel Types . . . . . . . . . . 14
4.9.2 Connection Protocol Global Request Names . . . . . . . 14 4.9.2 Connection Protocol Global Request Names . . . . . . . 14
4.9.3 Connection Protocol Channel Request Names . . . . . . 14 4.9.3 Connection Protocol Channel Request Names . . . . . . 15
4.9.4 Initial Assignment of Signal Names . . . . . . . . . . 14 4.9.4 Initial Assignment of Signal Names . . . . . . . . . . 15
4.10 Key Exchange Method Names . . . . . . . . . . . . . . . 15 4.10 Key Exchange Method Names . . . . . . . . . . . . . . . 15
4.11 Assigned Algorithm Names . . . . . . . . . . . . . . . . 15 4.11 Assigned Algorithm Names . . . . . . . . . . . . . . . . 16
4.11.1 Encryption Algorithm Names . . . . . . . . . . . . . 15 4.11.1 Encryption Algorithm Names . . . . . . . . . . . . . 16
4.11.2 MAC Algorithm Names . . . . . . . . . . . . . . . . 16 4.11.2 MAC Algorithm Names . . . . . . . . . . . . . . . . 16
4.11.3 Public Key Algorithm Names . . . . . . . . . . . . . 16 4.11.3 Public Key Algorithm Names . . . . . . . . . . . . . 17
4.11.4 Compression Algorithm Names . . . . . . . . . . . . 16 4.11.4 Compression Algorithm Names . . . . . . . . . . . . 17
5. Security Considerations . . . . . . . . . . . . . . . . . . 16 5. Security Considerations . . . . . . . . . . . . . . . . . . 17
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 17
6.1 Normative References . . . . . . . . . . . . . . . . . . . . 17 6.1 Normative References . . . . . . . . . . . . . . . . . . . . 17
6.2 Informative References . . . . . . . . . . . . . . . . . . . 17 6.2 Informative References . . . . . . . . . . . . . . . . . . . 18
Author's Address . . . . . . . . . . . . . . . . . . . . . . 18 Author's Address . . . . . . . . . . . . . . . . . . . . . . 18
Intellectual Property and Copyright Statements . . . . . . . 19 Intellectual Property and Copyright Statements . . . . . . . 19
1. Editor's Note 1. Contributors
The references in this document are statically defined. However, the The major original contributors of this set of documents have been:
locations of the referenced materials are dynamic and are changing Tatu Ylonen, Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH
with the whims of the Working Group. Please do not comment to the Communications Security Corp), and Markku-Juhani O. Saarinen
editor or the Working Group about inaccuracies along those lines in (University of Jyvaskyla). Darren Moffit was the original editor of
this document at this time. (This paragraph will be removed before this set of documents and also made very substantial contributions.
this document is submitted to the RFC Editor.)
Additional contributors to this document include [need list].
Listing their names here does not mean that they endorse this
document, but that they have contributed to it.
Comments on this internet draft should be sent to the IETF SECSH
working group, details at:
http://ietf.org/html.charters/secsh-charter.html Note: This paragraph
will be removed before this document progresses to become an RFC.
2. Introduction 2. Introduction
This document does not define any new protocols. It is intended only This document does not define any new protocols. It is intended only
to create the initial state of the IANA databases for the SSH to create the initial state of the IANA databases for the SSH
protocol and also contains instructions for future assignments. protocol and also contains instructions for future assignments.
Except for one HISTORIC algorithm generally regarded as obsolete, Except for one HISTORIC algorithm generally regarded as obsolete,
this document does not define any new protocols or any number ranges this document does not define any new protocols or any number ranges
not already defined in: [SSH-ARCH], [SSH-TRANS], [SSH-USERAUTH], not already defined in: [SSH-ARCH], [SSH-TRANS], [SSH-USERAUTH],
[SSH-CONNECT]. [SSH-CONNECT].
skipping to change at page 5, line 49 skipping to change at page 6, line 8
The Message Number is an 8-bit value, which describes the payload of The Message Number is an 8-bit value, which describes the payload of
a packet. a packet.
4.1.1 Conventions 4.1.1 Conventions
Protocol packets have message numbers in the range 1 to 255. These Protocol packets have message numbers in the range 1 to 255. These
numbers are allocated as follows: numbers are allocated as follows:
Transport layer protocol: Transport layer protocol:
1 to 19 Transport layer generic (e.g. disconnect, ignore, 1 to 19 Transport layer generic (e.g., disconnect, ignore,
debug, etc.) debug, etc.)
20 to 29 Algorithm negotiation 20 to 29 Algorithm negotiation
30 to 49 Key exchange method specific (numbers can be reused 30 to 49 Key exchange method specific (numbers can be reused
for different authentication methods) for different authentication methods)
User authentication protocol: User authentication protocol:
50 to 59 User authentication generic 50 to 59 User authentication generic
60 to 79 User authentication method specific (numbers can be 60 to 79 User authentication method specific (numbers can be
reused for different authentication methods) reused for different authentication methods)
skipping to change at page 6, line 29 skipping to change at page 6, line 35
Reserved for client protocols: Reserved for client protocols:
128 to 191 Reserved 128 to 191 Reserved
Local extensions: Local extensions:
192 to 255 Local extensions 192 to 255 Local extensions
4.1.2 Initial Assignments 4.1.2 Initial Assignments
The following table identifies the initial assignments of the Message
ID values.
Message ID Value Reference Message ID Value Reference
----------- ----- --------- ----------- ----- ---------
SSH_MSG_DISCONNECT 1 [SSH-TRANS] SSH_MSG_DISCONNECT 1 [SSH-TRANS]
SSH_MSG_IGNORE 2 [SSH-TRANS] SSH_MSG_IGNORE 2 [SSH-TRANS]
SSH_MSG_UNIMPLEMENTED 3 [SSH-TRANS] SSH_MSG_UNIMPLEMENTED 3 [SSH-TRANS]
SSH_MSG_DEBUG 4 [SSH-TRANS] SSH_MSG_DEBUG 4 [SSH-TRANS]
SSH_MSG_SERVICE_REQUEST 5 [SSH-TRANS] SSH_MSG_SERVICE_REQUEST 5 [SSH-TRANS]
SSH_MSG_SERVICE_ACCEPT 6 [SSH-TRANS] SSH_MSG_SERVICE_ACCEPT 6 [SSH-TRANS]
SSH_MSG_KEXINIT 20 [SSH-TRANS] SSH_MSG_KEXINIT 20 [SSH-TRANS]
SSH_MSG_NEWKEYS 21 [SSH-TRANS] SSH_MSG_NEWKEYS 21 [SSH-TRANS]
skipping to change at page 7, line 21 skipping to change at page 7, line 31
SSH_MSG_CHANNEL_REQUEST 98 [SSH-CONNECT] SSH_MSG_CHANNEL_REQUEST 98 [SSH-CONNECT]
SSH_MSG_CHANNEL_SUCCESS 99 [SSH-CONNECT] SSH_MSG_CHANNEL_SUCCESS 99 [SSH-CONNECT]
SSH_MSG_CHANNEL_FAILURE 100 [SSH-CONNECT] SSH_MSG_CHANNEL_FAILURE 100 [SSH-CONNECT]
4.1.3 Future Assignments 4.1.3 Future Assignments
Requests for assignments of new message numbers in the range of 1 to Requests for assignments of new message numbers in the range of 1 to
127 MUST be done through the STANDARDS ACTION method as described in 127 MUST be done through the STANDARDS ACTION method as described in
[RFC2434]. [RFC2434].
Requests for assigments of new message numbers in the range of 128 to Requests for assignments of new message numbers in the range of 128
191 MUST be done through the IETF CONSENSUS method as described in to 191 MUST be done through the IETF CONSENSUS method as described in
[RFC2434]. [RFC2434].
The IANA will not control the message numbers range of 192 through The IANA will not control the message numbers range of 192 through
255. This range will be left for PRIVATE USE. 255. This range will be left for PRIVATE USE.
4.2 Disconnection Messages Reason Codes and Descriptions 4.2 Disconnection Messages Reason Codes and Descriptions
The Disconnection Message 'reason code' is a uint32 value. The The Disconnection Message 'reason code' is a uint32 value. The
associated Disconnection Message 'description string' is a associated Disconnection Message 'description' is a human-readable
human-readable message which describes the disconnect reason. message which describes the disconnect reason.
4.2.1 Conventions 4.2.1 Conventions
Protocol packets containing the SSH_MSG_DISCONNECT message MUST have Protocol packets containing the SSH_MSG_DISCONNECT message MUST have
Disconnection Message 'reason code' values in the range of 0x00000001 Disconnection Message 'reason code' values in the range of 0x00000001
to 0xFFFFFFFF. These are described in [SSH-TRANS]. to 0xFFFFFFFF. These are described in [SSH-TRANS].
4.2.2 Initial Assignments 4.2.2 Initial Assignments
description string reason code The following table identifies the initial assignments of the
------------------ ----------- SSH_MSG_DISCONNECT 'description' and 'reason code' values.
description reason code
----------- -----------
SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1 SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT 1
SSH_DISCONNECT_PROTOCOL_ERROR 2 SSH_DISCONNECT_PROTOCOL_ERROR 2
SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3 SSH_DISCONNECT_KEY_EXCHANGE_FAILED 3
SSH_DISCONNECT_RESERVED 4 SSH_DISCONNECT_RESERVED 4
SSH_DISCONNECT_MAC_ERROR 5 SSH_DISCONNECT_MAC_ERROR 5
SSH_DISCONNECT_COMPRESSION_ERROR 6 SSH_DISCONNECT_COMPRESSION_ERROR 6
SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7 SSH_DISCONNECT_SERVICE_NOT_AVAILABLE 7
SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8 SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED 8
SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9 SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE 9
SSH_DISCONNECT_CONNECTION_LOST 10 SSH_DISCONNECT_CONNECTION_LOST 10
skipping to change at page 8, line 18 skipping to change at page 8, line 33
SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12 SSH_DISCONNECT_TOO_MANY_CONNECTIONS 12
SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13 SSH_DISCONNECT_AUTH_CANCELLED_BY_USER 13
SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14 SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE 14
SSH_DISCONNECT_ILLEGAL_USER_NAME 15 SSH_DISCONNECT_ILLEGAL_USER_NAME 15
4.2.3 Future Assignments 4.2.3 Future Assignments
Disconnection Message 'reason code' values MUST be assigned Disconnection Message 'reason code' values MUST be assigned
sequentially. Requests for assignments of new Disconnection Message sequentially. Requests for assignments of new Disconnection Message
'reason code' values, and their associated Disconnection Message 'reason code' values, and their associated Disconnection Message
'description string', in the range of 0x00000010 through 0xFDFFFFFF 'description' text, in the range of 0x00000010 through 0xFDFFFFFF
MUST be done through the IETF CONSENSUS method as described in MUST be done through the IETF CONSENSUS method as described in
[RFC2434]. The IANA will not assign Disconnection Message 'reason [RFC2434]. The IANA will not assign Disconnection Message 'reason
code' values in the range of 0xFE000000 through 0xFFFFFFFF. code' values in the range of 0xFE000000 through 0xFFFFFFFF.
Disconnection Message 'reason code' values in that range are left for Disconnection Message 'reason code' values in that range are left for
PRIVATE USE as described in [RFC2434]. PRIVATE USE as described in [RFC2434].
4.3 Channel Connection Failure Reason Codes and Descriptions 4.3 Channel Connection Failure Reason Codes and Descriptions
The Channel Connection Failure 'reason code' is a uint32 value. The The Channel Connection Failure 'reason code' is a uint32 value. The
associated Channel Connection Failure 'description string' is a associated Channel Connection Failure 'description' text is a
human-readable message which describes the channel connection failure human-readable message which describes the channel connection failure
reason. This is described in [SSH-CONNECT]. reason. This is described in [SSH-CONNECT].
4.3.1 Conventions 4.3.1 Conventions
Protocol packets containing the SSH_MSG_CHANNEL_OPEN_FAILURE message Protocol packets containing the SSH_MSG_CHANNEL_OPEN_FAILURE message
MUST have Channel Connection Failure 'reason code' values in the MUST have Channel Connection Failure 'reason code' values in the
range of 0x00000001 to 0xFFFFFFFF. range of 0x00000001 to 0xFFFFFFFF.
4.3.2 Initial Assignments 4.3.2 Initial Assignments
The initial assignments for the 'reason code' values and 'description The initial assignments for the 'reason code' values and
string' values are given below. Note that the values for the 'reason 'description' values are given in the table below. Note that the
code' are given in decimal format for readability but that they are values for the 'reason code' are given in decimal format for
actually uinit32 values. readability but that they are actually uinit32 values.
description string reason code description reason code
------------------ ----------- ----------- -----------
SSH_OPEN_ADMINISTRATIVELY_PROHIBITED 1 SSH_OPEN_ADMINISTRATIVELY_PROHIBITED 1
SSH_OPEN_CONNECT_FAILED 2 SSH_OPEN_CONNECT_FAILED 2
SSH_OPEN_UNKNOWN_CHANNEL_TYPE 3 SSH_OPEN_UNKNOWN_CHANNEL_TYPE 3
SSH_OPEN_RESOURCE_SHORTAGE 4 SSH_OPEN_RESOURCE_SHORTAGE 4
4.3.3 Future Assignments 4.3.3 Future Assignments
Channel Connection Failure 'reason code' values MUST be assigned Channel Connection Failure 'reason code' values MUST be assigned
sequentially. Requests for assignments of new Channel Connection sequentially. Requests for assignments of new Channel Connection
Failure 'reason code' values, and their associated Channel Connection Failure 'reason code' values, and their associated Channel Connection
Failure 'description string', in the range of 0x00000005 to Failure 'description string', in the range of 0x00000005 to
0x0xFDFFFFFF MUST be done through the IETF CONSENSUS method as 0xFDFFFFFF MUST be done through the IETF CONSENSUS method as
described in [RFC2434]. The IANA will not assign Channel Connection described in [RFC2434]. The IANA will not assign Channel Connection
Failure 'reason code' values in the range of 0xFF000000 to Failure 'reason code' values in the range of 0xFE000000 to
0xFFFFFFFF. Channel Connection Failure 'reason code' values in that 0xFFFFFFFF. Channel Connection Failure 'reason code' values in that
range are left for PRIVATE USE as described in [RFC2434]. range are left for PRIVATE USE as described in [RFC2434].
4.3.4 Notes about the PRIVATE USE Range 4.3.4 Notes about the PRIVATE USE Range
While it is understood that the IANA will have no control over the While it is understood that the IANA will have no control over the
range of 0xFF000000 to 0xFFFFFFFF, this range will be split in two range of 0xFE000000 to 0xFFFFFFFF, this range will be split in two
parts and administered by the following conventions. parts and administered by the following conventions.
o The range of 0xFF000000 to 0xFEFFFFFF is to be used in conjunction o The range of 0xFE000000 to 0xFEFFFFFF is to be used in conjunction
with locally assigned channels. For example, if a channel is with locally assigned channels. For example: if a channel is
proposed with a 'channel type' of "example_session@example.com" proposed with a 'channel type' of "example_session@example.com"
but fails, then the server will respond with either a 'reason but fails, then the server will respond with either a 'reason
code' assigned by the IANA (as listed above and in the range of code' assigned by the IANA (as listed above and in the range of
0x00000001 to 0x0xFDFFFFFF), or with a locally assigned value in 0x00000001 to 0xFDFFFFFF), or with a locally assigned value in the
the range of 0xFF000000 to 0xFEFFFFFF. Naturally, if the server range of 0xFE000000 to 0xFEFFFFFF. Naturally, if the server does
does not understand the proposed 'channel type', even if it is a not understand the proposed 'channel type', even if it is a
locally defined 'channel type', then the 'reason code' MUST be locally defined 'channel type', then the 'reason code' MUST be
0x00000003 as described above. If the server does understand the 0x00000003 as described above. If the server does understand the
'channel type' but the channel still fails to open, then the 'channel type' but the channel still fails to open, then the
server SHOULD respond with a locally assigned 'reason code' value server SHOULD respond with a locally assigned 'reason code' value
consistent with the proposed, local 'channel type'. It is assumed consistent with the proposed, local 'channel type'. It is assumed
that practitioners will first attempt to use the IANA assigned that practitioners will first attempt to use the IANA assigned
'reason code' values and then document their locally assigned 'reason code' values and then document their locally assigned
'reason code' values. 'reason code' values.
o There are no restrictions or suggestions for the range starting o There are no restrictions or suggestions for the range starting
with 0xFF. No interoperability is expected for anything used in with 0xFF. No interoperability is expected for anything used in
this range. Essentially it is for experimentation. this range. Essentially it is for experimentation.
4.4 Extended Channel Data Transfer data_type_code and Data 4.4 Extended Channel Data Transfer data_type_code and Data
The Extended Channel Data Transfer 'data_type_code' is an uint23 The Extended Channel Data Transfer 'data_type_code' is an uint23
value. The associated Extended Channel Data Transfer 'data' is a value. The associated Extended Channel Data Transfer 'data' is a
human-readable message which describes the type of data allowed to be human-readable message which describes the type of data allowed to be
transferred in the channel. transferred in the channel.
skipping to change at page 10, line 10 skipping to change at page 10, line 26
4.4.1 Conventions 4.4.1 Conventions
Protocol packets containing the SSH_MSG_CHANNEL_EXTENDED_DATA message Protocol packets containing the SSH_MSG_CHANNEL_EXTENDED_DATA message
MUST have Extended Channel Data Transfer 'data_type_code' values in MUST have Extended Channel Data Transfer 'data_type_code' values in
the range of 0x00000001 to 0xFFFFFFFF. This is described in the range of 0x00000001 to 0xFFFFFFFF. This is described in
[SSH-CONNECT]. [SSH-CONNECT].
4.4.2 Initial Assignments 4.4.2 Initial Assignments
The initial assignments for the 'data_type_code' values and 'data' The initial assignments for the 'data_type_code' values and 'data'
values are given below. Note that the value for the 'data_type_code' values are given in the table below. Note that the value for the
is given in decimal format for readability but that the values are 'data_type_code' is given in decimal format for readability but that
actually uinit32 values. the values are actually uinit32 values.
data data_type_code data data_type_code
---- -------------- ---- --------------
SSH_EXTENDED_DATA_STDERR 1 SSH_EXTENDED_DATA_STDERR 1
4.4.3 Future Assignments 4.4.3 Future Assignments
Extended Channel Data Transfer 'data_type_code' values MUST be Extended Channel Data Transfer 'data_type_code' values MUST be
assigned sequentially. Requests for assignments of new Extended assigned sequentially. Requests for assignments of new Extended
Channel Data Transfer 'data_type_code' values, and their associated Channel Data Transfer 'data_type_code' values, and their associated
skipping to change at page 10, line 47 skipping to change at page 11, line 15
4.5.1 Conventions 4.5.1 Conventions
Protocol packets containing the SSH_MSG_CHANNEL_REQUEST message with Protocol packets containing the SSH_MSG_CHANNEL_REQUEST message with
a "pty-req" string MUST contain "encoded terminal modes" with an a "pty-req" string MUST contain "encoded terminal modes" with an
opcode of 1 byte. The opcode values are in the range of 1 to 255. opcode of 1 byte. The opcode values are in the range of 1 to 255.
Opcodes 1 to 159 have a single uint32 argument. Opcodes 160 to 255 Opcodes 1 to 159 have a single uint32 argument. Opcodes 160 to 255
are not yet defined. are not yet defined.
4.5.2 Initial Assignments 4.5.2 Initial Assignments
The following table identifies the initial assignments of the opcode
and argument values which make up the "encoded terminal modes"
values.
opcode argument description opcode argument description
------ -------- ----------- ------ -------- -----------
0 TTY_OP_END Indicates end of options. 0 TTY_OP_END Indicates end of options.
1 VINTR Interrupt character; 255 if none. Similarly 1 VINTR Interrupt character; 255 if none. Similarly
for the other characters. Not all of these for the other characters. Not all of these
characters are supported on all systems. characters are supported on all systems.
2 VQUIT The quit character (sends SIGQUIT signal on 2 VQUIT The quit character (sends SIGQUIT signal on
POSIX systems). POSIX systems).
3 VERASE Erase the character to left of the cursor. 3 VERASE Erase the character to left of the cursor.
4 VKILL Kill the current input line. 4 VKILL Kill the current input line.
skipping to change at page 13, line 6 skipping to change at page 13, line 23
4.6.1 Conventions for Names 4.6.1 Conventions for Names
All names registered by the IANA in the following sections MUST be All names registered by the IANA in the following sections MUST be
printable US-ASCII strings, and MUST NOT contain the characters printable US-ASCII strings, and MUST NOT contain the characters
at-sign ("@"), comma (","), or whitespace or control characters at-sign ("@"), comma (","), or whitespace or control characters
(ASCII codes 32 or less). Names are case-sensitive, and MUST NOT be (ASCII codes 32 or less). Names are case-sensitive, and MUST NOT be
longer than 64 characters. longer than 64 characters.
A provision is made here for locally extensible names. The IANA will A provision is made here for locally extensible names. The IANA will
not register, and will not control names with the at-sign ("@") in not register, and will not control names with the at-sign in them.
them. Names with the at-sign in them will have the format of Names with the at-sign in them will have the format of
"name@domainname" (without the double quotes) where the part "name@domainname" (without the double quotes) where the part
preceeding the at-sign is the name. The format of the part preceding preceeding the at-sign is the name. The format of the part preceding
the at sign is not specified, however these names MUST be printable the at-sign is not specified, however these names MUST be printable
US-ASCII strings, and MUST NOT contain the comma character (","), or US-ASCII strings, and MUST NOT contain the comma character (","), or
whitespace, or control characters (ASCII codes 32 or less). The part whitespace, or control characters (ASCII codes 32 or less). The part
following the at-sign MUST be a valid, fully qualified internet following the at-sign MUST be a valid, fully qualified internet
domain name [RFC1034] controlled by the person or organization domain name [RFC1034] controlled by the person or organization
defining the name. Names are case-sensitive, and MUST NOT be longer defining the name. Names are case-sensitive, and MUST NOT be longer
than 64 characters. It is up to each domain how it manages its local than 64 characters. It is up to each domain how it manages its local
namespace. It has been noted that these names resemble STD 11 namespace. It has been noted that these names resemble STD 11
[RFC0822] email addresses. This is purely coincidental and actually [RFC0822] email addresses. This is purely coincidental and actually
has nothing to do with STD 11 [RFC0822]. An example of a locally has nothing to do with STD 11 [RFC0822]. An example of a locally
defined name is "ourcipher-cbc@example.com" (without the double defined name is "ourcipher-cbc@example.com" (without the double
quotes). quotes).
4.6.2 Future Assignments of Names 4.6.2 Future Assignments of Names
Requests for assignments of new Names MUST be done through the IETF Requests for assignments of new Names MUST be done through the IETF
CONSENSUS method as described in [RFC2434]. CONSENSUS method as described in [RFC2434].
4.7 Service Names 4.7 Service Names
The Service Name is used to describe a protocol layer. The Service Name is used to describe a protocol layer. The following
table lists the initial assignments of the Service Names.
Service name Reference Service Name Reference
------------- --------- ------------- ---------
ssh-userauth [SSH-USERAUTH] ssh-userauth [SSH-USERAUTH]
ssh-connection [SSH-CONNECT] ssh-connection [SSH-CONNECT]
4.8 Authentication Method Names 4.8 Authentication Method Names
The Authentication Method Name is used to describe an authentication The Authentication Method Name is used to describe an authentication
method for the "ssh-userauth" service [SSH-USERAUTH]. method for the "ssh-userauth" service [SSH-USERAUTH]. The following
table identifies the initial assignments of the Authentication Method
Names.
Method name Reference Method Name Reference
------------ --------- ------------ ---------
publickey [SSH-USERAUTH, Section 4] publickey [SSH-USERAUTH, Section 7]
password [SSH-USERAUTH, Section 5] password [SSH-USERAUTH, Section 8]
hostbased [SSH-USERAUTH, Section 6] hostbased [SSH-USERAUTH, Section 9]
none [SSH-USERAUTH, Section 2.3] none [SSH-USERAUTH, Section 5.2]
4.9 Connection Protocol Assigned Names 4.9 Connection Protocol Assigned Names
The following are the Connection Protocol Type and Request names. The following table lists the initial assignments of the Connection
Protocol Type and Request names.
4.9.1 Connection Protocol Channel Types 4.9.1 Connection Protocol Channel Types
The following table lists the initial assignments of the Connection
Protocol Channel Types.
Channel type Reference Channel type Reference
------------ --------- ------------ ---------
session [SSH-CONNECT, Section 4.1] session [SSH-CONNECT, Section 6.1]
x11 [SSH-CONNECT, Section 4.3.2] x11 [SSH-CONNECT, Section 6.3.2]
forwarded-tcpip [SSH-CONNECT, Section 5.2] forwarded-tcpip [SSH-CONNECT, Section 7.2]
direct-tcpip [SSH-CONNECT, Section 5.2] direct-tcpip [SSH-CONNECT, Section 7.2]
4.9.2 Connection Protocol Global Request Names 4.9.2 Connection Protocol Global Request Names
The following table lists the initial assignments of the Connection
Protocol Global Request Names.
Request type Reference Request type Reference
------------ --------- ------------ ---------
tcpip-forward [SSH-CONNECT, Section 5.1] tcpip-forward [SSH-CONNECT, Section 7.1]
cancel-tcpip-forward [SSH-CONNECT, Section 5.1] cancel-tcpip-forward [SSH-CONNECT, Section 7.1]
4.9.3 Connection Protocol Channel Request Names 4.9.3 Connection Protocol Channel Request Names
The following table lists the initial assignments of the Connection
Protocol Channel Request Names.
Request type Reference Request type Reference
------------ --------- ------------ ---------
pty-req [SSH-CONNECT, Section 4.2] pty-req [SSH-CONNECT, Section 6.2]
x11-req [SSH-CONNECT, Section 4.3.1] x11-req [SSH-CONNECT, Section 6.3.1]
env [SSH-CONNECT, Section 4.4] env [SSH-CONNECT, Section 6.4]
shell [SSH-CONNECT, Section 4.5] shell [SSH-CONNECT, Section 6.5]
exec [SSH-CONNECT, Section 4.5] exec [SSH-CONNECT, Section 6.5]
subsystem [SSH-CONNECT, Section 4.5] subsystem [SSH-CONNECT, Section 6.5]
window-change [SSH-CONNECT, Section 4.7] window-change [SSH-CONNECT, Section 6.7]
xon-xoff [SSH-CONNECT, Section 4.8] xon-xoff [SSH-CONNECT, Section 6.8]
signal [SSH-CONNECT, Section 4.9] signal [SSH-CONNECT, Section 6.9]
exit-status [SSH-CONNECT, Section 4.10] exit-status [SSH-CONNECT, Section 6.10]
exit-signal [SSH-CONNECT, Section 4.10] exit-signal [SSH-CONNECT, Section 6.10]
4.9.4 Initial Assignment of Signal Names 4.9.4 Initial Assignment of Signal Names
The following table lists the initial assignments of the Signal
Names.
Signal Reference Signal Reference
------ --------- ------ ---------
ABRT [SSH-CONNECT] ABRT [SSH-CONNECT]
ALRM [SSH-CONNECT] ALRM [SSH-CONNECT]
FPE [SSH-CONNECT] FPE [SSH-CONNECT]
HUP [SSH-CONNECT] HUP [SSH-CONNECT]
ILL [SSH-CONNECT] ILL [SSH-CONNECT]
INT [SSH-CONNECT] INT [SSH-CONNECT]
KILL [SSH-CONNECT] KILL [SSH-CONNECT]
PIPE [SSH-CONNECT] PIPE [SSH-CONNECT]
skipping to change at page 15, line 19 skipping to change at page 16, line 4
TERM [SSH-CONNECT] TERM [SSH-CONNECT]
USR1 [SSH-CONNECT] USR1 [SSH-CONNECT]
USR2 [SSH-CONNECT] USR2 [SSH-CONNECT]
4.10 Key Exchange Method Names 4.10 Key Exchange Method Names
The Key Exchange Method Name describes a key-exchange method for the The Key Exchange Method Name describes a key-exchange method for the
protocol [SSH-TRANS]. Note that, for historical reasons, the name protocol [SSH-TRANS]. Note that, for historical reasons, the name
"diffie-hellman-group1-sha1" is used for a key exchange method using "diffie-hellman-group1-sha1" is used for a key exchange method using
Oakley Group 2. This is considered an aberration and should not be Oakley Group 2. This is considered an aberration and should not be
repeated. Any future specifications of Diffie Hellman key exchange repeated. Any future specifications of Diffie-Hellman key exchange
using Oakley groups defined in [RFC2412] or its successors should be using Oakley groups defined in [RFC2412] or its successors should be
named using the group numbers assigned by IANA, and names of the form named using the group numbers assigned by IANA, and names of the form
"diffie-hellman-groupN-sha1" should be reserved for this purpose. "diffie-hellman-groupN-sha1" should be reserved for this purpose.
The following table identifies the initial assignments of the
key-exchange methods.
Method name Reference Method name Reference
------------ --------- ------------ ---------
diffie-hellman-group1-sha1 [SSH-TRANS, Section 8.1] diffie-hellman-group1-sha1 [SSH-TRANS, Section 8.1]
diffie-hellman-group14-sha1 [SSH-TRANS, Section 8.2] diffie-hellman-group14-sha1 [SSH-TRANS, Section 8.2]
4.11 Assigned Algorithm Names 4.11 Assigned Algorithm Names
The following names identify the Encryption Algorithm Names.
4.11.1 Encryption Algorithm Names 4.11.1 Encryption Algorithm Names
Cipher name Reference The following table identifies the initial assignment of the
------------ --------- Encryption Algorithm Names.
3des-cbc [SSH-TRANS, Section 4.3]
blowfish-cbc [SSH-TRANS, Section 4.3] Encryption Algorithm Name Reference
twofish256-cbc [SSH-TRANS, Section 4.3] ------------------------- ---------
twofish-cbc [SSH-TRANS, Section 4.3] 3des-cbc [SSH-TRANS, Section 6.3]
twofish192-cbc [SSH-TRANS, Section 4.3] blowfish-cbc [SSH-TRANS, Section 6.3]
twofish128-cbc [SSH-TRANS, Section 4.3] twofish256-cbc [SSH-TRANS, Section 6.3]
aes256-cbc [SSH-TRANS, Section 4.3] twofish-cbc [SSH-TRANS, Section 6.3]
aes192-cbc [SSH-TRANS, Section 4.3] twofish192-cbc [SSH-TRANS, Section 6.3]
aes128-cbc [SSH-TRANS, Section 4.3] twofish128-cbc [SSH-TRANS, Section 6.3]
serpent256-cbc [SSH-TRANS, Section 4.3] aes256-cbc [SSH-TRANS, Section 6.3]
serpent192-cbc [SSH-TRANS, Section 4.3] aes192-cbc [SSH-TRANS, Section 6.3]
serpent128-cbc [SSH-TRANS, Section 4.3] aes128-cbc [SSH-TRANS, Section 6.3]
arcfour [SSH-TRANS, Section 4.3] serpent256-cbc [SSH-TRANS, Section 6.3]
idea-cbc [SSH-TRANS, Section 4.3] serpent192-cbc [SSH-TRANS, Section 6.3]
cast128-cbc [SSH-TRANS, Section 4.3] serpent128-cbc [SSH-TRANS, Section 6.3]
none [SSH-TRANS, Section 4.3] arcfour [SSH-TRANS, Section 6.3]
idea-cbc [SSH-TRANS, Section 6.3]
cast128-cbc [SSH-TRANS, Section 6.3]
none [SSH-TRANS, Section 6.3]
of [FIPS 46-3] of [FIPS 46-3]
4.11.2 MAC Algorithm Names 4.11.2 MAC Algorithm Names
The following names identify the MAC Algorithm Names. The following table identifies the initial assignments of the MAC
Algorithm Names.
MAC name Reference MAC Algorithm Name Reference
--------- --------- ------------------ ---------
hmac-sha1 [SSH-TRANS, Section 4.4] hmac-sha1 [SSH-TRANS, Section 6.4]
hmac-sha1-96 [SSH-TRANS, Section 4.4] hmac-sha1-96 [SSH-TRANS, Section 6.4]
hmac-md5 [SSH-TRANS, Section 4.4] hmac-md5 [SSH-TRANS, Section 6.4]
hmac-md5-96 [SSH-TRANS, Section 4.4] hmac-md5-96 [SSH-TRANS, Section 6.4]
none [SSH-TRANS, Section 4.4] none [SSH-TRANS, Section 6.4]
4.11.3 Public Key Algorithm Names 4.11.3 Public Key Algorithm Names
This table identifies the Public Key Algorithm names. The following table identifies the initial assignments of the Public
Key Algorithm names.
Algorithm name Reference Public Key Algorithm Name Reference
--------------- --------- ------------------------- ---------
ssh-dss [SSH-TRANS, Section 4.6] ssh-dss [SSH-TRANS, Section 6.6]
ssh-rsa [SSH-TRANS, Section 4.6] ssh-rsa [SSH-TRANS, Section 6.6]
spki-sign-rsa [SSH-TRANS, Section 4.6] spki-sign-rsa [SSH-TRANS, Section 6.6]
spki-sign-dss [SSH-TRANS, Section 4.6] spki-sign-dss [SSH-TRANS, Section 6.6]
pgp-sign-rsa [SSH-TRANS, Section 4.6] pgp-sign-rsa [SSH-TRANS, Section 6.6]
pgp-sign-dss [SSH-TRANS, Section 4.6] pgp-sign-dss [SSH-TRANS, Section 6.6]
4.11.4 Compression Algorithm Names 4.11.4 Compression Algorithm Names
The following names identify the Compression Algorithm names. The following table identifies the initial assignments of the
Compression Algorithm names.
Algorithm name Reference Compression Algorithm Name Reference
--------------- --------- -------------------------- ---------
none [SSH-TRANS, Section 4.2] none [SSH-TRANS, Section 6.2]
zlib [SSH-TRANS, Section 4.2] zlib [SSH-TRANS, Section 6.2]
5. Security Considerations 5. Security Considerations
This protocol provides a secure encrypted channel over an insecure This protocol provides a secure encrypted channel over an insecure
network. network.
Full security considerations for this protocol are provided in Full security considerations for this protocol are provided in
[SSH-ARCH]. [SSH-ARCH].
6. References 6. References
6.1 Normative References 6.1 Normative References
[SSH-ARCH] [SSH-ARCH]
Lonvick, C., "SSH Protocol Architecture", I-D Lonvick, C., "SSH Protocol Architecture", I-D
draft-ietf-architecture-18.txt, October 2004. draft-ietf-architecture-19.txt, November 2004.
[SSH-TRANS] [SSH-TRANS]
Lonvick, C., "SSH Transport Layer Protocol", I-D Lonvick, C., "SSH Transport Layer Protocol", I-D
draft-ietf-transport-20.txt, October 2004. draft-ietf-transport-21.txt, November 2004.
[SSH-USERAUTH] [SSH-USERAUTH]
Lonvick, C., "SSH Authentication Protocol", I-D Lonvick, C., "SSH Authentication Protocol", I-D
draft-ietf-userauth-23.txt, October 2004. draft-ietf-userauth-24.txt, November 2004.
[SSH-CONNECT] [SSH-CONNECT]
Lonvick, C., "SSH Connection Protocol", I-D Lonvick, C., "SSH Connection Protocol", I-D
draft-ietf-connect-21.txt, October 2004. draft-ietf-connect-22.txt, November 2004.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2412] Orman, H., "The OAKLEY Key Determination Protocol", RFC [RFC2412] Orman, H., "The OAKLEY Key Determination Protocol", RFC
2412, November 1998. 2412, November 1998.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434, IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998. October 1998.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/