| 33 |
|
|
| 34 |
|
https://www.openssh.com/txt/draft-miller-secsh-compression-delayed-00.txt |
| 35 |
|
|
| 36 |
< |
1.3. transport: New public key algorithms "ssh-rsa-cert-v00@openssh.com", |
| 37 |
< |
"ssh-dsa-cert-v00@openssh.com", |
| 36 |
> |
1.3. transport: New public key algorithms "ssh-rsa-cert-v01@openssh.com", |
| 37 |
> |
"ssh-dsa-cert-v01@openssh.com", |
| 38 |
|
"ecdsa-sha2-nistp256-cert-v01@openssh.com", |
| 39 |
|
"ecdsa-sha2-nistp384-cert-v01@openssh.com" and |
| 40 |
|
"ecdsa-sha2-nistp521-cert-v01@openssh.com" |
| 295 |
|
string[] hostkeys |
| 296 |
|
|
| 297 |
|
Upon receiving this message, a client should check which of the |
| 298 |
< |
supplied host keys are present in known_hosts. For keys that are |
| 299 |
< |
not present, it should send a "hostkeys-prove@openssh.com" message |
| 300 |
< |
to request the server prove ownership of the private half of the |
| 301 |
< |
key. |
| 298 |
> |
supplied host keys are present in known_hosts. |
| 299 |
|
|
| 300 |
+ |
Note that the server may send key types that the client does not |
| 301 |
+ |
support. The client should disgregard such keys if they are received. |
| 302 |
+ |
|
| 303 |
+ |
If the client identifies any keys that are not present for the host, |
| 304 |
+ |
it should send a "hostkeys-prove@openssh.com" message to request the |
| 305 |
+ |
server prove ownership of the private half of the key. |
| 306 |
+ |
|
| 307 |
|
byte SSH_MSG_GLOBAL_REQUEST |
| 308 |
|
string "hostkeys-prove-00@openssh.com" |
| 309 |
|
char 1 /* want-reply */ |
| 334 |
|
give clients an opportunity to learn them using this extension) before |
| 335 |
|
removing the deprecated key from those offered. |
| 336 |
|
|
| 337 |
+ |
2.6. connection: SIGINFO support for "signal" channel request |
| 338 |
+ |
|
| 339 |
+ |
The SSH channels protocol (RFC4254 section 6.9) supports sending a |
| 340 |
+ |
signal to a session attached to a channel. OpenSSH supports one |
| 341 |
+ |
extension signal "INFO@openssh.com" that allows sending SIGINFO on |
| 342 |
+ |
BSD-derived systems. |
| 343 |
+ |
|
| 344 |
|
3. SFTP protocol changes |
| 345 |
|
|
| 346 |
|
3.1. sftp: Reversal of arguments to SSH_FXP_SYMLINK |
| 435 |
|
Both the "statvfs@openssh.com" and "fstatvfs@openssh.com" extensions are |
| 436 |
|
advertised in the SSH_FXP_VERSION hello with version "2". |
| 437 |
|
|
| 438 |
< |
10. sftp: Extension request "hardlink@openssh.com" |
| 438 |
> |
3.5. sftp: Extension request "hardlink@openssh.com" |
| 439 |
|
|
| 440 |
|
This request is for creating a hard link to a regular file. This |
| 441 |
|
request is implemented as a SSH_FXP_EXTENDED request with the |
| 451 |
|
This extension is advertised in the SSH_FXP_VERSION hello with version |
| 452 |
|
"1". |
| 453 |
|
|
| 454 |
< |
10. sftp: Extension request "fsync@openssh.com" |
| 454 |
> |
3.6. sftp: Extension request "fsync@openssh.com" |
| 455 |
|
|
| 456 |
|
This request asks the server to call fsync(2) on an open file handle. |
| 457 |
|
|
| 465 |
|
This extension is advertised in the SSH_FXP_VERSION hello with version |
| 466 |
|
"1". |
| 467 |
|
|
| 468 |
< |
$OpenBSD: PROTOCOL,v 1.30 2016/04/08 06:35:54 djm Exp $ |
| 468 |
> |
4. Miscellaneous changes |
| 469 |
> |
|
| 470 |
> |
4.1 Public key format |
| 471 |
> |
|
| 472 |
> |
OpenSSH public keys, as generated by ssh-keygen(1) and appearing in |
| 473 |
> |
authorized_keys files, are formatted as a single line of text consisting |
| 474 |
> |
of the public key algorithm name followed by a base64-encoded key blob. |
| 475 |
> |
The public key blob (before base64 encoding) is the same format used for |
| 476 |
> |
the encoding of public keys sent on the wire: as described in RFC4253 |
| 477 |
> |
section 6.6 for RSA and DSA keys, RFC5656 section 3.1 for ECDSA keys |
| 478 |
> |
and the "New public key formats" section of PROTOCOL.certkeys for the |
| 479 |
> |
OpenSSH certificate formats. |
| 480 |
> |
|
| 481 |
> |
4.2 Private key format |
| 482 |
> |
|
| 483 |
> |
OpenSSH private keys, as generated by ssh-keygen(1) use the format |
| 484 |
> |
described in PROTOCOL.key by default. As a legacy option, PEM format |
| 485 |
> |
(RFC7468) private keys are also supported for RSA, DSA and ECDSA keys |
| 486 |
> |
and were the default format before OpenSSH 7.8. |
| 487 |
> |
|
| 488 |
> |
4.3 KRL format |
| 489 |
> |
|
| 490 |
> |
OpenSSH supports a compact format for Key Revocation Lists (KRLs). This |
| 491 |
> |
format is described in the PROTOCOL.krl file. |
| 492 |
> |
|
| 493 |
> |
4.4 Connection multiplexing |
| 494 |
> |
|
| 495 |
> |
OpenSSH's connection multiplexing uses messages as described in |
| 496 |
> |
PROTOCOL.mux over a Unix domain socket for communications between a |
| 497 |
> |
master instance and later clients. |
| 498 |
> |
|
| 499 |
> |
$OpenBSD: PROTOCOL,v 1.36 2018/10/02 12:51:58 djm Exp $ |
