Features from newer versions of the draft are not supported, unless
explicitly implemented as extensions described below.
+The protocol used by OpenSSH's ssh-agent is described in the file
+PROTOCOL.agent
+
1. transport: Protocol 2 MAC algorithm "umac-64@openssh.com"
This is a new transport-layer MAC method using the UMAC algorithm
descriptor.
OpenSSH implements a channel extension message to perform this
-signalling: "eow@openssh.com" (End Of Write). This message is sent by an
-endpoint when the local output of a channel is closed or experiences a
-write error. The message is formatted as follows:
+signalling: "eow@openssh.com" (End Of Write). This message is sent by
+an endpoint when the local output of a session channel is closed or
+experiences a write error. The message is formatted as follows:
byte SSH_MSG_CHANNEL_REQUEST
uint32 recipient channel
still be sent in the other direction. This message does not consume
window space and may be sent even if no window space is available.
+NB. due to certain broken SSH implementations aborting upon receipt
+of this message (in contravention of RFC4254 section 5.4), this
+message is only sent to OpenSSH peers (identified by banner).
+Other SSH implementations may be whitelisted to receive this message
+upon request.
+
4. connection: disallow additional sessions extension
"no-more-sessions@openssh.com"
Note that this is not a general defence against compromised clients
(that is impossible), but it thwarts a simple attack.
+NB. due to certain broken SSH implementations aborting upon receipt
+of this message, the no-more-sessions request is only sent to OpenSSH
+servers (identified by banner). Other SSH implementations may be
+whitelisted to receive this message upon request.
+
5. connection: Tunnel forward extension "tun@openssh.com"
-OpenSSH supports layer 2 and layer 3 tunneling via the "tun@openssh.com"
+OpenSSH supports layer 2 and layer 3 tunnelling via the "tun@openssh.com"
channel type. This channel type supports forwarding of network packets
-with datagram boundaries entact between endpoints equipped with
+with datagram boundaries intact between endpoints equipped with
interfaces like the BSD tun(4) device. Tunnel forwarding channels are
requested by the client with the following packet:
uint32 packet length
byte[packet length] frame
-The "frame" field contains an IEEE 802.3 ethernet frame, including
+The "frame" field contains an IEEE 802.3 Ethernet frame, including
header.
6. sftp: Reversal of arguments to SSH_FXP_SYMLINK
When OpenSSH's sftp-server was implemented, the order of the arguments
-to the SSH_FXP_SYMLINK method was inadvertendly reversed. Unfortunately,
+to the SSH_FXP_SYMLINK method was inadvertently reversed. Unfortunately,
the reversal was not noticed until the server was widely deployed. Since
fixing this to follow the specification would cause incompatibility, the
current order was retained. For correct operation, clients should send
string, e.g. "1". The version will be incremented if the extension is
ever changed in an incompatible way. The server MAY advertise the same
extension with multiple versions (though this is unlikely). Clients MUST
-check the version number before attemping to use the extension.
+check the version number before attempting to use the extension.
8. sftp: Extension request "posix-rename@openssh.com"
string "statvfs@openssh.com"
string path
-The "fstatvfs@openssh.com" operates on an open filehandle:
+The "fstatvfs@openssh.com" operates on an open file handle:
uint32 id
string "fstatvfs@openssh.com"
#define SSH_FXE_STATVFS_ST_RDONLY 0x1 /* read-only */
#define SSH_FXE_STATVFS_ST_NOSUID 0x2 /* no setuid */
-This extension is advertised in the SSH_FXP_VERSION hello with version
-"2".
+Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are
+advertised in the SSH_FXP_VERSION hello with version "2".
-$OpenBSD: PROTOCOL,v 1.7 2008/06/12 05:15:41 djm Exp $
+$OpenBSD: PROTOCOL,v 1.12 2009/02/14 06:35:49 djm Exp $