The Secure Shell Transport Layer Protocol
RFC 4253, “The Secure Shell Transport Layer Protocol”, is a Proposed Standard document published in January 2006 by T. Ylonen, C. Lonvick. It has since been updated by RFC 6668, RFC 8268, RFC 8308, RFC 8332, RFC 8709, RFC 8758, RFC 9142. The canonical text is published by the RFC Editor.
Abstract
The Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network.
This document describes the SSH transport layer protocol, which typically runs on top of TCP/IP. The protocol can be used as a basis for a number of secure network services. It provides strong encryption, server authentication, and integrity protection. It may also provide compression.
Key exchange method, public key algorithm, symmetric encryption algorithm, message authentication algorithm, and hash algorithm are all negotiated.
This document also describes the Diffie-Hellman key exchange method and the minimal set of algorithms that are needed to implement the SSH transport layer protocol. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 4253 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4252 The Secure Shell Authentication Protocol
- RFC 4254 The Secure Shell Connection Protocol
- RFC 4251 The Secure Shell Protocol Architecture
- RFC 4255 Using DNS to Securely Publish Secure Shell Key Fingerprints
- RFC 4250 The Secure Shell Protocol Assigned Numbers
- RFC 4256 Generic Message Exchange Authentication for the Secure Shell Protocol
- RFC 4249 Implementer-Friendly Specification of Message and MIME-Part Header Fields and Field Components
- RFC 4246 International Standard Audiovisual Number URN Definition