The Secure Shell Protocol Architecture
RFC 4251, “The Secure Shell Protocol Architecture”, is a Proposed Standard document published in January 2006 by T. Ylonen, C. Lonvick. It has since been updated by RFC 8308, RFC 9141. The canonical text is published by the RFC Editor.
Abstract
The Secure Shell (SSH) Protocol is a protocol for secure remote login and other secure network services over an insecure network. This document describes the architecture of the SSH protocol, as well as the notation and terminology used in SSH protocol documents. It also discusses the SSH algorithm naming system that allows local extensions. The SSH protocol consists of three major components: The Transport Layer Protocol provides server authentication, confidentiality, and integrity with perfect forward secrecy. The User Authentication Protocol authenticates the client to the server. The Connection Protocol multiplexes the encrypted tunnel into several logical channels. Details of these protocols are described in separate documents. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 4251 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4250 The Secure Shell Protocol Assigned Numbers
- RFC 4252 The Secure Shell Authentication Protocol
- RFC 4249 Implementer-Friendly Specification of Message and MIME-Part Header Fields and Field Components
- RFC 4253 The Secure Shell Transport Layer Protocol
- RFC 4254 The Secure Shell Connection Protocol
- RFC 4255 Using DNS to Securely Publish Secure Shell Key Fingerprints
- RFC 4246 International Standard Audiovisual Number URN Definition
- RFC 4256 Generic Message Exchange Authentication for the Secure Shell Protocol