33 |
|
|
34 |
|
https://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt |
35 |
|
|
36 |
< |
1.3. transport: New public key algorithms "ssh-rsa-cert-v00@openssh.com", |
37 |
< |
"ssh-dsa-cert-v00@openssh.com", |
36 |
> |
1.3. transport: New public key algorithms "ssh-rsa-cert-v01@openssh.com", |
37 |
> |
"ssh-dsa-cert-v01@openssh.com", |
38 |
|
"ecdsa-sha2-nistp256-cert-v01@openssh.com", |
39 |
|
"ecdsa-sha2-nistp384-cert-v01@openssh.com" and |
40 |
|
"ecdsa-sha2-nistp521-cert-v01@openssh.com" |
295 |
|
string[] hostkeys |
296 |
|
|
297 |
|
Upon receiving this message, a client should check which of the |
298 |
< |
supplied host keys are present in known_hosts. For keys that are |
299 |
< |
not present, it should send a "hostkeys-prove@openssh.com" message |
300 |
< |
to request the server prove ownership of the private half of the |
301 |
< |
key. |
298 |
> |
supplied host keys are present in known_hosts. |
299 |
|
|
300 |
+ |
Note that the server may send key types that the client does not |
301 |
+ |
support. The client should disgregard such keys if they are received. |
302 |
+ |
|
303 |
+ |
If the client identifies any keys that are not present for the host, |
304 |
+ |
it should send a "hostkeys-prove@openssh.com" message to request the |
305 |
+ |
server prove ownership of the private half of the key. |
306 |
+ |
|
307 |
|
byte SSH_MSG_GLOBAL_REQUEST |
308 |
|
string "hostkeys-prove-00@openssh.com" |
309 |
|
char 1 /* want-reply */ |
334 |
|
give clients an opportunity to learn them using this extension) before |
335 |
|
removing the deprecated key from those offered. |
336 |
|
|
337 |
+ |
2.6. connection: SIGINFO support for "signal" channel request |
338 |
+ |
|
339 |
+ |
The SSH channels protocol (RFC4254 section 6.9) supports sending a |
340 |
+ |
signal to a session attached to a channel. OpenSSH supports one |
341 |
+ |
extension signal "INFO@openssh.com" that allows sending SIGINFO on |
342 |
+ |
BSD-derived systems. |
343 |
+ |
|
344 |
|
3. SFTP protocol changes |
345 |
|
|
346 |
|
3.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK |
435 |
|
Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are |
436 |
|
advertised in the SSH_FXP_VERSION hello with version "2". |
437 |
|
|
438 |
< |
10. sftp: Extension request "hardlink@openssh.com" |
438 |
> |
3.5. sftp: Extension request "hardlink@openssh.com" |
439 |
|
|
440 |
|
This request is for creating a hard link to a regular file. This |
441 |
|
request is implemented as a SSH_FXP_EXTENDED request with the |
451 |
|
This extension is advertised in the SSH_FXP_VERSION hello with version |
452 |
|
"1". |
453 |
|
|
454 |
< |
10. sftp: Extension request "fsync@openssh.com" |
454 |
> |
3.6. sftp: Extension request "fsync@openssh.com" |
455 |
|
|
456 |
|
This request asks the server to call fsync(2) on an open file handle. |
457 |
|
|
465 |
|
This extension is advertised in the SSH_FXP_VERSION hello with version |
466 |
|
"1". |
467 |
|
|
468 |
< |
$OpenBSD: PROTOCOL,v 1.30 2016/04/08 06:35:54 djm Exp $ |
468 |
> |
4. Miscellaneous changes |
469 |
> |
|
470 |
> |
4.1 Public key format |
471 |
> |
|
472 |
> |
OpenSSH public keys, as generated by ssh-keygen(1) and appearing in |
473 |
> |
authorized_keys files, are formatted as a single line of text consisting |
474 |
> |
of the public key algorithm name followed by a base64-encoded key blob. |
475 |
> |
The public key blob (before base64 encoding) is the same format used for |
476 |
> |
the encoding of public keys sent on the wire: as described in RFC4253 |
477 |
> |
section 6.6 for RSA and DSA keys, RFC5656 section 3.1 for ECDSA keys |
478 |
> |
and the "New public key formats" section of PROTOCOL.certkeys for the |
479 |
> |
OpenSSH certificate formats. |
480 |
> |
|
481 |
> |
4.2 Private key format |
482 |
> |
|
483 |
> |
OpenSSH private keys, as generated by ssh-keygen(1) use the format |
484 |
> |
described in PROTOCOL.key by default. As a legacy option, PEM format |
485 |
> |
(RFC7468) private keys are also supported for RSA, DSA and ECDSA keys |
486 |
> |
and were the default format before OpenSSH 7.8. |
487 |
> |
|
488 |
> |
4.3 KRL format |
489 |
> |
|
490 |
> |
OpenSSH supports a compact format for Key Revocation Lists (KRLs). This |
491 |
> |
format is described in the PROTOCOL.krl file. |
492 |
> |
|
493 |
> |
4.4 Connection multiplexing |
494 |
> |
|
495 |
> |
OpenSSH's connection multiplexing uses messages as described in |
496 |
> |
PROTOCOL.mux over a Unix domain socket for communications between a |
497 |
> |
master instance and later clients. |
498 |
> |
|
499 |
> |
$OpenBSD: PROTOCOL,v 1.36 2018/10/02 12:51:58 djm Exp $ |