xref: /freebsd/crypto/openssh/PROTOCOL (revision 2008043f386721d58158e37e0d7e50df8095942d)
1This documents OpenSSH's deviations and extensions to the published SSH
2protocol.
3
4Note that OpenSSH's sftp and sftp-server implement revision 3 of the SSH
5filexfer protocol described in:
6
7https://www.openssh.com/txt/draft-ietf-secsh-filexfer-02.txt
8
9Newer versions of the draft will not be supported, though some features
10are individually implemented as extensions described below.
11
12The protocol used by OpenSSH's ssh-agent is described in the file
13PROTOCOL.agent
14
151. Transport protocol changes
16
171.1. transport: Protocol 2 MAC algorithm "umac-64@openssh.com"
18
19This is a new transport-layer MAC method using the UMAC algorithm
20(rfc4418). This method is identical to the "umac-64" method documented
21in:
22
23https://www.openssh.com/txt/draft-miller-secsh-umac-01.txt
24
251.2. transport: Protocol 2 compression algorithm "zlib@openssh.com"
26
27This transport-layer compression method uses the zlib compression
28algorithm (identical to the "zlib" method in rfc4253), but delays the
29start of compression until after authentication has completed. This
30avoids exposing compression code to attacks from unauthenticated users.
31
32The method is documented in:
33
34https://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt
35
361.3. transport: New public key algorithms "ssh-rsa-cert-v01@openssh.com",
37     "ssh-dsa-cert-v01@openssh.com",
38     "ecdsa-sha2-nistp256-cert-v01@openssh.com",
39     "ecdsa-sha2-nistp384-cert-v01@openssh.com" and
40     "ecdsa-sha2-nistp521-cert-v01@openssh.com"
41
42OpenSSH introduces new public key algorithms to support certificate
43authentication for users and host keys. These methods are documented
44in the file PROTOCOL.certkeys
45
461.4. transport: Elliptic Curve cryptography
47
48OpenSSH supports ECC key exchange and public key authentication as
49specified in RFC5656. Only the ecdsa-sha2-nistp256, ecdsa-sha2-nistp384
50and ecdsa-sha2-nistp521 curves over GF(p) are supported. Elliptic
51curve points encoded using point compression are NOT accepted or
52generated.
53
541.5 transport: Protocol 2 Encrypt-then-MAC MAC algorithms
55
56OpenSSH supports MAC algorithms, whose names contain "-etm", that
57perform the calculations in a different order to that defined in RFC
584253. These variants use the so-called "encrypt then MAC" ordering,
59calculating the MAC over the packet ciphertext rather than the
60plaintext. This ordering closes a security flaw in the SSH transport
61protocol, where decryption of unauthenticated ciphertext provided a
62"decryption oracle" that could, in conjunction with cipher flaws, reveal
63session plaintext.
64
65Specifically, the "-etm" MAC algorithms modify the transport protocol
66to calculate the MAC over the packet ciphertext and to send the packet
67length unencrypted. This is necessary for the transport to obtain the
68length of the packet and location of the MAC tag so that it may be
69verified without decrypting unauthenticated data.
70
71As such, the MAC covers:
72
73      mac = MAC(key, sequence_number || packet_length || encrypted_packet)
74
75where "packet_length" is encoded as a uint32 and "encrypted_packet"
76contains:
77
78      byte      padding_length
79      byte[n1]  payload; n1 = packet_length - padding_length - 1
80      byte[n2]  random padding; n2 = padding_length
81
821.6 transport: AES-GCM
83
84OpenSSH supports the AES-GCM algorithm as specified in RFC 5647.
85Because of problems with the specification of the key exchange
86the behaviour of OpenSSH differs from the RFC as follows:
87
88AES-GCM is only negotiated as the cipher algorithms
89"aes128-gcm@openssh.com" or "aes256-gcm@openssh.com" and never as
90an MAC algorithm. Additionally, if AES-GCM is selected as the cipher
91the exchanged MAC algorithms are ignored and there doesn't have to be
92a matching MAC.
93
941.7 transport: chacha20-poly1305@openssh.com authenticated encryption
95
96OpenSSH supports authenticated encryption using ChaCha20 and Poly1305
97as described in PROTOCOL.chacha20poly1305.
98
991.8 transport: curve25519-sha256@libssh.org key exchange algorithm
100
101OpenSSH supports the use of ECDH in Curve25519 for key exchange as
102described at:
103http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519
104
105This is identical to curve25519-sha256 as later published in RFC8731.
106
1071.9 transport: ping facility
108
109OpenSSH implements a transport level ping message SSH2_MSG_PING
110and a corresponding SSH2_MSG_PONG reply.
111
112#define SSH2_MSG_PING	192
113#define SSH2_MSG_PONG	193
114
115The ping message is simply:
116
117	byte		SSH_MSG_PING
118	string		data
119
120The reply copies the data (which may be the empty string) from the
121ping:
122
123	byte		SSH_MSG_PONG
124	string		data
125
126Replies are sent in order. They are sent immediately except when rekeying
127is in progress, in which case they are queued until rekeying completes.
128
129The server advertises support for these messages using the
130SSH2_MSG_EXT_INFO mechanism (RFC8308), with the following message:
131
132	string		"ping@openssh.com"
133	string		"0" (version)
134
135The ping/reply message is implemented at the transport layer rather
136than as a named global or channel request to allow pings with very
137short packet lengths, which would not be possible with other
138approaches.
139
1402. Connection protocol changes
141
1422.1. connection: Channel write close extension "eow@openssh.com"
143
144The SSH connection protocol (rfc4254) provides the SSH_MSG_CHANNEL_EOF
145message to allow an endpoint to signal its peer that it will send no
146more data over a channel. Unfortunately, there is no symmetric way for
147an endpoint to request that its peer should cease sending data to it
148while still keeping the channel open for the endpoint to send data to
149the peer.
150
151This is desirable, since it saves the transmission of data that would
152otherwise need to be discarded and it allows an endpoint to signal local
153processes of the condition, e.g. by closing the corresponding file
154descriptor.
155
156OpenSSH implements a channel extension message to perform this
157signalling: "eow@openssh.com" (End Of Write). This message is sent by
158an endpoint when the local output of a session channel is closed or
159experiences a write error. The message is formatted as follows:
160
161	byte		SSH_MSG_CHANNEL_REQUEST
162	uint32		recipient channel
163	string		"eow@openssh.com"
164	boolean		FALSE
165
166On receiving this message, the peer SHOULD cease sending data of
167the channel and MAY signal the process from which the channel data
168originates (e.g. by closing its read file descriptor).
169
170As with the symmetric SSH_MSG_CHANNEL_EOF message, the channel does
171remain open after a "eow@openssh.com" has been sent and more data may
172still be sent in the other direction. This message does not consume
173window space and may be sent even if no window space is available.
174
175NB. due to certain broken SSH implementations aborting upon receipt
176of this message (in contravention of RFC4254 section 5.4), this
177message is only sent to OpenSSH peers (identified by banner).
178Other SSH implementations may be listed to receive this message
179upon request.
180
1812.2. connection: disallow additional sessions extension
182     "no-more-sessions@openssh.com"
183
184Most SSH connections will only ever request a single session, but a
185attacker may abuse a running ssh client to surreptitiously open
186additional sessions under their control. OpenSSH provides a global
187request "no-more-sessions@openssh.com" to mitigate this attack.
188
189When an OpenSSH client expects that it will never open another session
190(i.e. it has been started with connection multiplexing disabled), it
191will send the following global request:
192
193	byte		SSH_MSG_GLOBAL_REQUEST
194	string		"no-more-sessions@openssh.com"
195	char		want-reply
196
197On receipt of such a message, an OpenSSH server will refuse to open
198future channels of type "session" and instead immediately abort the
199connection.
200
201Note that this is not a general defence against compromised clients
202(that is impossible), but it thwarts a simple attack.
203
204NB. due to certain broken SSH implementations aborting upon receipt
205of this message, the no-more-sessions request is only sent to OpenSSH
206servers (identified by banner). Other SSH implementations may be
207listed to receive this message upon request.
208
2092.3. connection: Tunnel forward extension "tun@openssh.com"
210
211OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com"
212channel type. This channel type supports forwarding of network packets
213with datagram boundaries intact between endpoints equipped with
214interfaces like the BSD tun(4) device. Tunnel forwarding channels are
215requested by the client with the following packet:
216
217	byte		SSH_MSG_CHANNEL_OPEN
218	string		"tun@openssh.com"
219	uint32		sender channel
220	uint32		initial window size
221	uint32		maximum packet size
222	uint32		tunnel mode
223	uint32		remote unit number
224
225The "tunnel mode" parameter specifies whether the tunnel should forward
226layer 2 frames or layer 3 packets. It may take one of the following values:
227
228	SSH_TUNMODE_POINTOPOINT  1		/* layer 3 packets */
229	SSH_TUNMODE_ETHERNET     2		/* layer 2 frames */
230
231The "tunnel unit number" specifies the remote interface number, or may
232be 0x7fffffff to allow the server to automatically choose an interface. A
233server that is not willing to open a client-specified unit should refuse
234the request with a SSH_MSG_CHANNEL_OPEN_FAILURE error. On successful
235open, the server should reply with SSH_MSG_CHANNEL_OPEN_SUCCESS.
236
237Once established the client and server may exchange packet or frames
238over the tunnel channel by encapsulating them in SSH protocol strings
239and sending them as channel data. This ensures that packet boundaries
240are kept intact. Specifically, packets are transmitted using normal
241SSH_MSG_CHANNEL_DATA packets:
242
243	byte		SSH_MSG_CHANNEL_DATA
244	uint32		recipient channel
245	string		data
246
247The contents of the "data" field for layer 3 packets is:
248
249	uint32			packet length
250	uint32			address family
251	byte[packet length - 4]	packet data
252
253The "address family" field identifies the type of packet in the message.
254It may be one of:
255
256	SSH_TUN_AF_INET		2		/* IPv4 */
257	SSH_TUN_AF_INET6	24		/* IPv6 */
258
259The "packet data" field consists of the IPv4/IPv6 datagram itself
260without any link layer header.
261
262The contents of the "data" field for layer 2 packets is:
263
264	uint32			packet length
265	byte[packet length]	frame
266
267The "frame" field contains an IEEE 802.3 Ethernet frame, including
268header.
269
2702.4. connection: Unix domain socket forwarding
271
272OpenSSH supports local and remote Unix domain socket forwarding
273using the "streamlocal" extension.  Forwarding is initiated as per
274TCP sockets but with a single path instead of a host and port.
275
276Similar to direct-tcpip, direct-streamlocal is sent by the client
277to request that the server make a connection to a Unix domain socket.
278
279	byte		SSH_MSG_CHANNEL_OPEN
280	string		"direct-streamlocal@openssh.com"
281	uint32		sender channel
282	uint32		initial window size
283	uint32		maximum packet size
284	string		socket path
285	string		reserved
286	uint32		reserved
287
288Similar to forwarded-tcpip, forwarded-streamlocal is sent by the
289server when the client has previously send the server a streamlocal-forward
290GLOBAL_REQUEST.
291
292	byte		SSH_MSG_CHANNEL_OPEN
293	string		"forwarded-streamlocal@openssh.com"
294	uint32		sender channel
295	uint32		initial window size
296	uint32		maximum packet size
297	string		socket path
298	string		reserved for future use
299
300The reserved field is not currently defined and is ignored on the
301remote end.  It is intended to be used in the future to pass
302information about the socket file, such as ownership and mode.
303The client currently sends the empty string for this field.
304
305Similar to tcpip-forward, streamlocal-forward is sent by the client
306to request remote forwarding of a Unix domain socket.
307
308	byte		SSH2_MSG_GLOBAL_REQUEST
309	string		"streamlocal-forward@openssh.com"
310	boolean		TRUE
311	string		socket path
312
313Similar to cancel-tcpip-forward, cancel-streamlocal-forward is sent
314by the client cancel the forwarding of a Unix domain socket.
315
316	byte		SSH2_MSG_GLOBAL_REQUEST
317	string		"cancel-streamlocal-forward@openssh.com"
318	boolean		FALSE
319	string		socket path
320
3212.5. connection: hostkey update and rotation "hostkeys-00@openssh.com"
322and "hostkeys-prove-00@openssh.com"
323
324OpenSSH supports a protocol extension allowing a server to inform
325a client of all its protocol v.2 host keys after user-authentication
326has completed.
327
328	byte		SSH_MSG_GLOBAL_REQUEST
329	string		"hostkeys-00@openssh.com"
330	char		0 /* want-reply */
331	string[]	hostkeys
332
333Upon receiving this message, a client should check which of the
334supplied host keys are present in known_hosts.
335
336Note that the server may send key types that the client does not
337support. The client should disregard such keys if they are received.
338
339If the client identifies any keys that are not present for the host,
340it should send a "hostkeys-prove@openssh.com" message to request the
341server prove ownership of the private half of the key.
342
343	byte		SSH_MSG_GLOBAL_REQUEST
344	string		"hostkeys-prove-00@openssh.com"
345	char		1 /* want-reply */
346	string[]	hostkeys
347
348When a server receives this message, it should generate a signature
349using each requested key over the following:
350
351	string		"hostkeys-prove-00@openssh.com"
352	string		session identifier
353	string		hostkey
354
355These signatures should be included in the reply, in the order matching
356the hostkeys in the request:
357
358	byte		SSH_MSG_REQUEST_SUCCESS
359	string[]	signatures
360
361When the client receives this reply (and not a failure), it should
362validate the signatures and may update its known_hosts file, adding keys
363that it has not seen before and deleting keys for the server host that
364are no longer offered.
365
366These extensions let a client learn key types that it had not previously
367encountered, thereby allowing it to potentially upgrade from weaker
368key algorithms to better ones. It also supports graceful key rotation:
369a server may offer multiple keys of the same type for a period (to
370give clients an opportunity to learn them using this extension) before
371removing the deprecated key from those offered.
372
3732.6. connection: SIGINFO support for "signal" channel request
374
375The SSH channels protocol (RFC4254 section 6.9) supports sending a
376signal to a session attached to a channel. OpenSSH supports one
377extension signal "INFO@openssh.com" that allows sending SIGINFO on
378BSD-derived systems.
379
3803. Authentication protocol changes
381
3823.1. Host-bound public key authentication
383
384This is trivial change to the traditional "publickey" authentication
385method. The authentication request is identical to the original method
386but for the name and one additional field:
387
388	byte		SSH2_MSG_USERAUTH_REQUEST
389	string		username
390	string		"ssh-connection"
391	string		"publickey-hostbound-v00@openssh.com"
392	bool		has_signature
393	string		pkalg
394	string		public key
395	string		server host key
396
397Because the entire SSH2_MSG_USERAUTH_REQUEST message is included in
398the signed data, this ensures that a binding between the destination
399user, the server identity and the session identifier is visible to the
400signer. OpenSSH uses this binding via signed data to implement per-key
401restrictions in ssh-agent.
402
403A server may advertise this method using the SSH2_MSG_EXT_INFO
404mechanism (RFC8308), with the following message:
405
406	string		"publickey-hostbound@openssh.com"
407	string		"0" (version)
408
409Clients should prefer host-bound authentication when advertised by
410server.
411
4124. SFTP protocol changes
413
4144.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK
415
416When OpenSSH's sftp-server was implemented, the order of the arguments
417to the SSH_FXP_SYMLINK method was inadvertently reversed. Unfortunately,
418the reversal was not noticed until the server was widely deployed. Since
419fixing this to follow the specification would cause incompatibility, the
420current order was retained. For correct operation, clients should send
421SSH_FXP_SYMLINK as follows:
422
423	uint32		id
424	string		targetpath
425	string		linkpath
426
4274.2. sftp: Server extension announcement in SSH_FXP_VERSION
428
429OpenSSH's sftp-server lists the extensions it supports using the
430standard extension announcement mechanism in the SSH_FXP_VERSION server
431hello packet:
432
433	uint32		3		/* protocol version */
434	string		ext1-name
435	string		ext1-version
436	string		ext2-name
437	string		ext2-version
438	...
439	string		extN-name
440	string		extN-version
441
442Each extension reports its integer version number as an ASCII encoded
443string, e.g. "1". The version will be incremented if the extension is
444ever changed in an incompatible way. The server MAY advertise the same
445extension with multiple versions (though this is unlikely). Clients MUST
446check the version number before attempting to use the extension.
447
4484.3. sftp: Extension request "posix-rename@openssh.com"
449
450This operation provides a rename operation with POSIX semantics, which
451are different to those provided by the standard SSH_FXP_RENAME in
452draft-ietf-secsh-filexfer-02.txt. This request is implemented as a
453SSH_FXP_EXTENDED request with the following format:
454
455	uint32		id
456	string		"posix-rename@openssh.com"
457	string		oldpath
458	string		newpath
459
460On receiving this request the server will perform the POSIX operation
461rename(oldpath, newpath) and will respond with a SSH_FXP_STATUS message.
462This extension is advertised in the SSH_FXP_VERSION hello with version
463"1".
464
4654.4. sftp: Extension requests "statvfs@openssh.com" and
466         "fstatvfs@openssh.com"
467
468These requests correspond to the statvfs and fstatvfs POSIX system
469interfaces. The "statvfs@openssh.com" request operates on an explicit
470pathname, and is formatted as follows:
471
472	uint32		id
473	string		"statvfs@openssh.com"
474	string		path
475
476The "fstatvfs@openssh.com" operates on an open file handle:
477
478	uint32		id
479	string		"fstatvfs@openssh.com"
480	string		handle
481
482These requests return a SSH_FXP_STATUS reply on failure. On success they
483return the following SSH_FXP_EXTENDED_REPLY reply:
484
485	uint32		id
486	uint64		f_bsize		/* file system block size */
487	uint64		f_frsize	/* fundamental fs block size */
488	uint64		f_blocks	/* number of blocks (unit f_frsize) */
489	uint64		f_bfree		/* free blocks in file system */
490	uint64		f_bavail	/* free blocks for non-root */
491	uint64		f_files		/* total file inodes */
492	uint64		f_ffree		/* free file inodes */
493	uint64		f_favail	/* free file inodes for to non-root */
494	uint64		f_fsid		/* file system id */
495	uint64		f_flag		/* bit mask of f_flag values */
496	uint64		f_namemax	/* maximum filename length */
497
498The values of the f_flag bitmask are as follows:
499
500	#define SSH_FXE_STATVFS_ST_RDONLY	0x1	/* read-only */
501	#define SSH_FXE_STATVFS_ST_NOSUID	0x2	/* no setuid */
502
503Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are
504advertised in the SSH_FXP_VERSION hello with version "2".
505
5064.5. sftp: Extension request "hardlink@openssh.com"
507
508This request is for creating a hard link to a regular file. This
509request is implemented as a SSH_FXP_EXTENDED request with the
510following format:
511
512	uint32		id
513	string		"hardlink@openssh.com"
514	string		oldpath
515	string		newpath
516
517On receiving this request the server will perform the operation
518link(oldpath, newpath) and will respond with a SSH_FXP_STATUS message.
519This extension is advertised in the SSH_FXP_VERSION hello with version
520"1".
521
5224.6. sftp: Extension request "fsync@openssh.com"
523
524This request asks the server to call fsync(2) on an open file handle.
525
526	uint32		id
527	string		"fsync@openssh.com"
528	string		handle
529
530On receiving this request, a server will call fsync(handle_fd) and will
531respond with a SSH_FXP_STATUS message.
532
533This extension is advertised in the SSH_FXP_VERSION hello with version
534"1".
535
5364.7. sftp: Extension request "lsetstat@openssh.com"
537
538This request is like the "setstat" command, but sets file attributes on
539symlinks.  It is implemented as a SSH_FXP_EXTENDED request with the
540following format:
541
542	uint32		id
543	string		"lsetstat@openssh.com"
544	string		path
545	ATTRS		attrs
546
547See the "setstat" command for more details.
548
549This extension is advertised in the SSH_FXP_VERSION hello with version
550"1".
551
5524.8. sftp: Extension request "limits@openssh.com"
553
554This request is used to determine various limits the server might impose.
555Clients should not attempt to exceed these limits as the server might sever
556the connection immediately.
557
558	uint32		id
559	string		"limits@openssh.com"
560
561The server will respond with a SSH_FXP_EXTENDED_REPLY reply:
562
563	uint32		id
564	uint64		max-packet-length
565	uint64		max-read-length
566	uint64		max-write-length
567	uint64		max-open-handles
568
569The 'max-packet-length' applies to the total number of bytes in a
570single SFTP packet.  Servers SHOULD set this at least to 34000.
571
572The 'max-read-length' is the largest length in a SSH_FXP_READ packet.
573Even if the client requests a larger size, servers will usually respond
574with a shorter SSH_FXP_DATA packet.  Servers SHOULD set this at least to
57532768.
576
577The 'max-write-length' is the largest length in a SSH_FXP_WRITE packet
578the server will accept.  Servers SHOULD set this at least to 32768.
579
580The 'max-open-handles' is the maximum number of active handles that the
581server allows (e.g. handles created by SSH_FXP_OPEN and SSH_FXP_OPENDIR
582packets).  Servers MAY count internal file handles against this limit
583(e.g. system logging or stdout/stderr), so clients SHOULD NOT expect to
584open this many handles in practice.
585
586If the server doesn't enforce a specific limit, then the field may be
587set to 0.  This implies the server relies on the OS to enforce limits
588(e.g. available memory or file handles), and such limits might be
589dynamic.  The client SHOULD take care to not try to exceed reasonable
590limits.
591
592This extension is advertised in the SSH_FXP_VERSION hello with version
593"1".
594
5954.9. sftp: Extension request "expand-path@openssh.com"
596
597This request supports canonicalisation of relative paths and
598those that need tilde-expansion, i.e. "~", "~/..." and "~user/..."
599These paths are expanded using shell-like rules and the resultant
600path is canonicalised similarly to SSH2_FXP_REALPATH.
601
602It is implemented as a SSH_FXP_EXTENDED request with the following
603format:
604
605	uint32		id
606	string		"expand-path@openssh.com"
607	string		path
608
609Its reply is the same format as that of SSH2_FXP_REALPATH.
610
611This extension is advertised in the SSH_FXP_VERSION hello with version
612"1".
613
6144.10. sftp: Extension request "copy-data"
615
616This request asks the server to copy data from one open file handle and
617write it to a different open file handle.  This avoids needing to transfer
618the data across the network twice (a download followed by an upload).
619
620	byte		SSH_FXP_EXTENDED
621	uint32		id
622	string		"copy-data"
623	string		read-from-handle
624	uint64		read-from-offset
625	uint64		read-data-length
626	string		write-to-handle
627	uint64		write-to-offset
628
629The server will copy read-data-length bytes starting from
630read-from-offset from the read-from-handle and write them to
631write-to-handle starting from write-to-offset, and then respond with a
632SSH_FXP_STATUS message.
633
634It's equivalent to issuing a series of SSH_FXP_READ requests on
635read-from-handle and a series of requests of SSH_FXP_WRITE on
636write-to-handle.
637
638If read-from-handle and write-to-handle are the same, the server will
639fail the request and respond with a SSH_FX_INVALID_PARAMETER message.
640
641If read-data-length is 0, then the server will read data from the
642read-from-handle until EOF is reached.
643
644This extension is advertised in the SSH_FXP_VERSION hello with version
645"1".
646
647This request is identical to the "copy-data" request documented in:
648
649https://tools.ietf.org/html/draft-ietf-secsh-filexfer-extensions-00#section-7
650
6514.11. sftp: Extension request "home-directory"
652
653This request asks the server to expand the specified user's home directory.
654An empty username implies the current user.  This can be used by the client
655to expand ~/ type paths locally.
656
657	byte		SSH_FXP_EXTENDED
658	uint32		id
659	string		"home-directory"
660	string		username
661
662This extension is advertised in the SSH_FXP_VERSION hello with version
663"1".
664
665This provides similar information as the "expand-path@openssh.com" extension.
666
667This request is identical to the "home-directory" request documented in:
668
669https://datatracker.ietf.org/doc/html/draft-ietf-secsh-filexfer-extensions-00#section-5
670
6714.12. sftp: Extension request "users-groups-by-id@openssh.com"
672
673This request asks the server to return user and/or group names that
674correspond to one or more IDs (e.g. as returned from a SSH_FXP_STAT
675request). This may be used by the client to provide usernames in
676directory listings.
677
678	byte		SSH_FXP_EXTENDED
679	uint32		id
680	string		"users-groups-by-id@openssh.com"
681	string		uids
682	string		gids
683
684Where "uids" and "gids" consists of one or more integer user or group
685identifiers:
686
687	uint32		id-0
688	...
689
690The server will reply with a SSH_FXP_EXTENDED_REPLY:
691
692	byte		SSH_FXP_EXTENDED_REPLY
693	string		usernames
694	string		groupnames
695
696Where "username" and "groupnames" consists of names in identical request
697order to "uids" and "gids" respectively:
698
699	string		name-0
700	...
701
702If a name cannot be identified for a given user or group ID, an empty
703string will be returned in its place.
704
705It is acceptable for either "uids" or "gids" to be an empty set, in
706which case the respective "usernames" or "groupnames" list will also
707be empty.
708
709This extension is advertised in the SSH_FXP_VERSION hello with version
710"1".
711
7125. Miscellaneous changes
713
7145.1 Public key format
715
716OpenSSH public keys, as generated by ssh-keygen(1) and appearing in
717authorized_keys files, are formatted as a single line of text consisting
718of the public key algorithm name followed by a base64-encoded key blob.
719The public key blob (before base64 encoding) is the same format used for
720the encoding of public keys sent on the wire: as described in RFC4253
721section 6.6 for RSA and DSA keys, RFC5656 section 3.1 for ECDSA keys
722and the "New public key formats" section of PROTOCOL.certkeys for the
723OpenSSH certificate formats.
724
7255.2 Private key format
726
727OpenSSH private keys, as generated by ssh-keygen(1) use the format
728described in PROTOCOL.key by default. As a legacy option, PEM format
729(RFC7468) private keys are also supported for RSA, DSA and ECDSA keys
730and were the default format before OpenSSH 7.8.
731
7325.3 KRL format
733
734OpenSSH supports a compact format for Key Revocation Lists (KRLs). This
735format is described in the PROTOCOL.krl file.
736
7375.4 Connection multiplexing
738
739OpenSSH's connection multiplexing uses messages as described in
740PROTOCOL.mux over a Unix domain socket for communications between a
741master instance and later clients.
742
7435.5. Agent protocol extensions
744
745OpenSSH extends the usual agent protocol. These changes are documented
746in the PROTOCOL.agent file.
747
748$OpenBSD: PROTOCOL,v 1.49 2023/08/28 03:28:43 djm Exp $
749