Web manual pages are available from OpenBSD for the following commands.
These manual pages reflect the latest development release of OpenSSH.
- ssh(1)
— The basic rlogin/rsh-like client program
- sshd(8)
— The daemon that permits you to log in
- ssh_config(5)
— The client configuration file
- sshd_config(5)
— The daemon configuration file
- ssh-agent(1)
— An authentication agent that can store private keys
- ssh-add(1)
— Tool which adds keys to in the above agent
- sftp(1)
— FTP-like program that works over SSH1 and SSH2 protocol
- scp(1)
— File copy program that acts like rcp
- ssh-keygen(1)
— Key generation tool
- sftp-server(8)
— SFTP server subsystem (started automatically by sshd)
- ssh-keyscan(1)
— Utility for gathering public host keys from a number of hosts
- ssh-keysign(8)
— Helper program for host-based authentication
The SSH2 protocol implemented in OpenSSH is
standardized by the IETF
secsh
working group and is specified in several RFCs and drafts.
The overall structure of SSH2 is described in the
architecture RFC.
It is composed of three layered components:
-
The
transport layer
provides algorithm negotiation and a key exchange.
The key exchange includes server authentication and
results in a cryptographically secured connection:
it provides integrity, confidentiality and optional compression.
-
The
user authentication layer
uses the established connection and relies on the services provided
by the transport layer.
It provides several mechanisms for user authentication.
These include traditional password authentication as well as public-key
or host-based authentication mechanisms.
- The
connection layer
multiplexes many different concurrent channels over the authenticated connection
and allows tunneling of login sessions and TCP-forwarding.
It provides a flow control service for these channels.
Additionally, various channel-specific options can be negotiated.
Additional documents specify:
- The
interactive
authentication
RFC provides support for new authentication schemes like S/Key
or TIS authentication.
- The SFTP file transfer protocol is specified in the
filexfer draft.
OpenSSH implements a SFTP
client and
server.
- A file format for public keys is specified in the
publickeyfile draft.
The command
ssh-keygen(1) can be used
to convert an OpenSSH public key to this file format.
- The
Diffie-Hellman Group Exchange allows clients to request more secure groups for the Diffie-Hellman key exchange.
- OpenSSH implemented a compression method "zlib@openssh.com" that delays
starting compression until after user authentication, to eliminate the
risk of pre-authentication attacks against the compression code. It is
described in
draft-miller-secsh-compression-delayed-00.txt.
- OpenSSH implements an additional MAC (Message Authentication Code)
"umac-64@openssh.com", which has superior performance to the ones specified
in RFC 4253. It is described in
draft-miller-secsh-umac-01.txt.
- The authentication agent protocol used by
ssh-agent is documented in the
PROTOCOL.agent file.
- OpenSSH makes various other minor extensions to and divergences from the
standard SSH protocols. These are documented in the
PROTOCOL file.