Skip to content

RFCs

https://xkcd.com/927

Interesting RFCs

SSH

Core RFCs

Specification Description
RFC4250 SSH Protocol Assigned Numbers
RFC4251 SSH Protocol Architecture
RFC4252 SSH Authentication Protocol
RFC4253 SSH Transport Layer Protocol
RFC4254 SSH Connection Protocol

Extension RFCs

Specification Versions Description
RFC4255 Using DNS to Securely Publish SSH Key Fingerprints (SSHFP)
RFC4256 Generic Message Exchange Authentication (aka keyboard-interactive)
RFC4335 SSH Session Channel Break Extension
RFC4344 SSH Transport Layer Encryption Modes (aes128-ctr, aes192-ctr, aes256-ctr)
RFC4345 4.1-7.6 Improved Arcfour Modes for the SSH Transport Layer Protocol
RFC4419 Diffie-Hellman Group Exchange
RFC4462 GSS-API Authentication and Key Exchange (only authentication implemented)
RFC4716 SSH Public Key File Format (import and export via ssh-keygen only).
RFC5656 Elliptic Curve Algorithm Integration in SSH
RFC6594 6.1- SHA-256 SSHFP Resource Records
RFC6668 5.9- SHA-2 Data Integrity Algorithms (hmac-sha2-256, hmac-sha2-512)
RFC7479 6.5- ED25519 SSHFP Resource Records
RFC8160 7.3- IUTF8 Terminal Mode
RFC8270 7.1- Increase Diffie-Hellman Modulus Size
RFC8308 7.2- Extension Negotiation in the Secure Shell (SSH) Protocol (ext-info-s, ext-info-c)
RFC8332 7.2- Use of RSA Keys with SHA-2 (rsa-sha2-256, rsa-sha2-512)
RFC8709 6.5- Ed25519 and Ed448 Public Key Algorithms (ssh-ed25519 only)
RFC8731 7.3- Key Exchange Method Using Curve25519 and Curve448 (curve25519-sha256 only)

Other

Specification Description
RFC1928 SOCKS protocol version 5. Used for ssh(1) DynamicForward.
RFC1349, RFC8325 IP Type of Service (ToS) and Differentiated Services. OpenSSH will automatically set the IP Type of Service according to RFC8325 unless otherwise specified via the IPQoS keyword in ssh_config and sshd_config. Versions 7.7 and earlier will set it per rfc1349 unless otherwise specified.