
Secure Shell (SSH) Protocol Parameters - per [RFC4250]

(last updated 2007-03-30)

Registries found below include:
Message Numbers
Disconnection Messages Reason Codes and Descriptions
Channel Connection Failure Reason Codes and Descriptions
Extended Channel Data Transfer data_type_code and Data Values
Pseudo-Terminal Encoded Terminal Modes
Service Names
Authentication Method Names
Connection Protocol Channel Types
Connection Protocol Global Request Names
Connection Protocol Channel Request Names
Signal Names
Connection Protocol Subsystem Names
Key Exchange Method Names
Assigned Algorithm Names
- Encryption Algorithm Names
- MAC Algorithm Names
- Public Key Algorithm Names
- Compression Algorithm Names
SSH Public-Key File Header Tags
Public Key Subsystem
- Request Names
- Response Names
- Attribute Names 
- Status Codes 


Message Numbers - per [RFC4250]
Registration Procedures: STANDARDS ACTION
Range: 1-255
 Value    Message ID                           Reference
-------   -----------------------------------  ---------
      1   SSH_MSG_DISCONNECT                   [SSH-TRANS]
      2   SSH_MSG_IGNORE                       [SSH-TRANS]
      3   SSH_MSG_UNIMPLEMENTED                [SSH-TRANS]
      4   SSH_MSG_DEBUG                        [SSH-TRANS]
      5   SSH_MSG_SERVICE_REQUEST              [SSH-TRANS]
      6   SSH_MSG_SERVICE_ACCEPT               [SSH-TRANS]
   7-19   UNASSIGNED (Transport layer generic)
     20   SSH_MSG_KEXINIT                      [SSH-TRANS]
     21   SSH_MSG_NEWKEYS                      [SSH-TRANS]
  22-29   UNASSIGNED (Algorithm negotiation)
  30-49   RESERVED (key exchange method specific) [RFC4251]
     50   SSH_MSG_USERAUTH_REQUEST             [SSH-USERAUTH]
     51   SSH_MSG_USERAUTH_FAILURE             [SSH-USERAUTH]
     52   SSH_MSG_USERAUTH_SUCCESS             [SSH-USERAUTH]
     53   SSH_MSG_USERAUTH_BANNER              [SSH-USERAUTH]
  54-59   UNASSIGNED (User authentication generic)
     60   SSH_MSG_USERAUTH_INFO_REQUEST        [RFC4256]
     61   SSH_MSG_USERAUTH_INFO_RESPONSE       [RFC4256]
  62-79   RESERVED (User authentication method specific) [RFC4251]
     80   SSH_MSG_GLOBAL_REQUEST               [SSH-CONNECT]
     81   SSH_MSG_REQUEST_SUCCESS              [SSH-CONNECT]
     82   SSH_MSG_REQUEST_FAILURE              [SSH-CONNECT]
  83-89   UNASSIGNED (Connection protocol generic)
     90   SSH_MSG_CHANNEL_OPEN                 [SSH-CONNECT]
     91   SSH_MSG_CHANNEL_OPEN_CONFIRMATION    [SSH-CONNECT]
     92   SSH_MSG_CHANNEL_OPEN_FAILURE         [SSH-CONNECT]
     93   SSH_MSG_CHANNEL_WINDOW_ADJUST        [SSH-CONNECT]
     94   SSH_MSG_CHANNEL_DATA                 [SSH-CONNECT]
     95   SSH_MSG_CHANNEL_EXTENDED_DATA        [SSH-CONNECT]
     96   SSH_MSG_CHANNEL_EOF                  [SSH-CONNECT]
     97   SSH_MSG_CHANNEL_CLOSE                [SSH-CONNECT]
     98   SSH_MSG_CHANNEL_REQUEST              [SSH-CONNECT]
     99   SSH_MSG_CHANNEL_SUCCESS              [SSH-CONNECT]
    100   SSH_MSG_CHANNEL_FAILURE              [SSH-CONNECT]
101-127   UNASSIGNED (Channel related messages)
128-191   RESERVED (for client protocols)
192-255   PRIVATE USE (local extensions)      


Disconnection Messages Reason Codes and Descriptions - per [RFC4250] 
SSH_MSG_DISCONNECT 'description' and 'reason code' values 
Registration Procedures: 0x00000010 through 0xFDFFFFFF - IETF CONSENSUS

Range: 0x00000010-0xFFFFFFFF 
reason code  Symbolic Name                                  Reference
-----------  -------------------------------------------    ---------
          1  SSH_DISCONNECT_HOST_NOT_ALLOWED_TO_CONNECT     [SSH-TRANS]      
          2  SSH_DISCONNECT_PROTOCOL_ERROR                  [SSH-TRANS]     
          3  SSH_DISCONNECT_KEY_EXCHANGE_FAILED             [SSH-TRANS]     
          4  SSH_DISCONNECT_RESERVED                        [SSH-TRANS] 
          5  SSH_DISCONNECT_MAC_ERROR                       [SSH-TRANS] 
          6  SSH_DISCONNECT_COMPRESSION_ERROR               [SSH-TRANS]     
          7  SSH_DISCONNECT_SERVICE_NOT_AVAILABLE           [SSH-TRANS]     
          8  SSH_DISCONNECT_PROTOCOL_VERSION_NOT_SUPPORTED  [SSH-TRANS]     
          9  SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE         [SSH-TRANS]     
         10  SSH_DISCONNECT_CONNECTION_LOST                 [SSH-TRANS]     
         11  SSH_DISCONNECT_BY_APPLICATION                  [SSH-TRANS]     
         12  SSH_DISCONNECT_TOO_MANY_CONNECTIONS            [SSH-TRANS]     
         13  SSH_DISCONNECT_AUTH_CANCELLED_BY_USER          [SSH-TRANS]     
         14  SSH_DISCONNECT_NO_MORE_AUTH_METHODS_AVAILABLE  [SSH-TRANS]     
         15  SSH_DISCONNECT_ILLEGAL_USER_NAME               [SSH-TRANS]     


Channel Connection Failure Reason Codes and Descriptions - per [RFC4250] 
'reason code' values and 'description' values
Registration Procedures: 0x00000005 through 0xFDFFFFFF - IETF CONSENSUS
Range: 0x00000001-0xFFFFFFFF
reason code  Symbolic Name                          Reference
-----------  -------------------------------------  ---------
          1  SSH_OPEN_ADMINISTRATIVELY_PROHIBITED   [SSH-CONNECT]   
          2  SSH_OPEN_CONNECT_FAILED                [SSH-CONNECT]    
          3  SSH_OPEN_UNKNOWN_CHANNEL_TYPE          [SSH-CONNECT]    
          4  SSH_OPEN_RESOURCE_SHORTAGE             [SSH-CONNECT]    


Extended Channel Data Transfer data_type_code and Data - per [RFC4250]
'data_type_code' values and 'data' values
Registration Procedures: IETF Consensus
Range: 0x00000001-0xFFFFFFFF
data_type_code  Symbolic name                    Reference
--------------  -------------------------------- ---------
             1  SSH_EXTENDED_DATA_STDERR         [SSH-CONNECT]       


Pseudo-Terminal Encoded Terminal Modes - per [RFC4250] 
opcode and argument values which make up the "encoded terminal modes" values
Registration Procedures: IETF Consensus
Range: 1-255
opcode  argument       Description                              Reference
------  -------------  ---------------------------------------  ---------
     0  TTY_OP_END     Indicates end of options.                [RFC4250] ??
     1  VINTR          Interrupt character; 255 if none.        [SSH-CONNECT, section 8]
                       Similarly for the other characters. 
                       Not all of these characters are  
                       supported on all systems.
     2  VQUIT          The quit character (sends SIGQUIT        [SSH-CONNECT, section 8]
                       signal on POSIX systems).
     3  VERASE         Erase the character to left of the       [SSH-CONNECT, section 8]
                       cursor.
     4  VKILL          Kill the current input line.             [SSH-CONNECT, section 8]
     5  VEOF           End-of-file character (sends EOF from    [SSH-CONNECT, section 8]
                       the terminal).
     6  VEOL           End-of-line character in addition to     [SSH-CONNECT, section 8]
                       carriage return and/or linefeed.
     7  VEOL2          Additional end-of-line character.        [SSH-CONNECT, section 8]
     8  VSTART         Continues paused output (normally
                       control-Q).
     9  VSTOP          Pauses output (normally control-S).      [SSH-CONNECT, section 8]
    10  VSUSP          Suspends the current program.            [SSH-CONNECT, section 8] 
    11  VDSUSP         Another suspend character.               [SSH-CONNECT, section 8]
    12  VREPRINT       Reprints the current input line.         [SSH-CONNECT, section 8]
    13  VWERASE        Erases a word left of cursor.            [SSH-CONNECT, section 8]
    14  VLNEXT         Enter the next character typed literally,[SSH-CONNECT, section 8]
                       even if it is a special character
    15  VFLUSH         Character to flush output.               [SSH-CONNECT, section 8]
    16  VSWTCH         Switch to a different shell layer.       [SSH-CONNECT, section 8]
    17  VSTATUS        Prints system status line (load, command,[SSH-CONNECT, section 8]
                       pid, etc).
    18  VDISCARD       Toggles the flushing of terminal output. [SSH-CONNECT, section 8]
    30  IGNPAR         The ignore parity flag.  The parameter   [SSH-CONNECT, section 8]
                       SHOULD be 0 if this flag is FALSE,
                       and 1 if it is TRUE.
    31  PARMRK         Mark parity and framing errors.          [SSH-CONNECT, section 8]
    32  INPCK          Enable checking of parity errors.        [SSH-CONNECT, section 8] 
    33  ISTRIP         Strip 8th bit off characters.            [SSH-CONNECT, section 8]
    34  INLCR          Map NL into CR on input.                 [SSH-CONNECT, section 8]
    35  IGNCR          Ignore CR on input.                      [SSH-CONNECT, section 8]
    36  ICRNL          Map CR to NL on input.                   [SSH-CONNECT, section 8]
    37  IUCLC          Translate uppercase characters to        [SSH-CONNECT, section 8]
                       lowercase.
    38  IXON           Enable output flow control.              [SSH-CONNECT, section 8]
    39  IXANY          Any char will restart after stop.        [SSH-CONNECT, section 8]
    40  IXOFF          Enable input flow control.               [SSH-CONNECT, section 8]
    41  IMAXBEL        Ring bell on input queue full.           [SSH-CONNECT, section 8]
    50  ISIG           Enable signals INTR, QUIT, [D]SUSP.      [SSH-CONNECT, section 8]
    51  ICANON         Canonicalize input lines.                [SSH-CONNECT, section 8]
    52  XCASE          Enable input and output of uppercase     [SSH-CONNECT, section 8]
                       characters by preceding their lowercase
                       equivalents with "\".
    53  ECHO           Enable echoing.                          [SSH-CONNECT, section 8] 
    54  ECHOE          Visually erase chars.                    [SSH-CONNECT, section 8]
    55  ECHOK          Kill character discards current line.    [SSH-CONNECT, section 8]
    56  ECHONL          Echo NL even if ECHO is off.            [SSH-CONNECT, section 8]
    57  NOFLSH         Don't flush after interrupt.             [SSH-CONNECT, section 8]
    58  TOSTOP         Stop background jobs from output.        [SSH-CONNECT, section 8]
    59  IEXTEN         Enable extensions.                       [SSH-CONNECT, section 8]
    60  ECHOCTL        Echo control characters as ^(Char).      [SSH-CONNECT, section 8]
    61  ECHOKE         Visual erase for line kill.              [SSH-CONNECT, section 8]
    62  PENDIN         Retype pending input.                    [SSH-CONNECT, section 8]
    70  OPOST          Enable output processing.                [SSH-CONNECT, section 8]
    71  OLCUC          Convert lowercase to uppercase.          [SSH-CONNECT, section 8]
    72  ONLCR          Map NL to CR-NL.                         [SSH-CONNECT, section 8]
    73  OCRNL          Translate carriage return to newline     [SSH-CONNECT, section 8]
                       (output).
    74  ONOCR          Translate newline to carriage            [SSH-CONNECT, section 8]
                       return-newline (output).
    75  ONLRET         Newline performs a carriage return       [SSH-CONNECT, section 8]
                       (output).
    90  CS7            7 bit mode.                              [SSH-CONNECT, section 8]
    91  CS8            8 bit mode.                              [SSH-CONNECT, section 8]
    92  PARENB         Parity enable.                           [SSH-CONNECT, section 8]
    93  PARODD         Odd parity, else even.                   [SSH-CONNECT, section 8]
   128  TTY_OP_ISPEED  Specifies the input baud rate in         [SSH-CONNECT, section 8]
                       bits per second.
   129  TTY_OP_OSPEED  Specifies the output baud rate in        [SSH-CONNECT, section 8]
                       bits per second.


Service Names - per [RFC4250] 
Registration Procedures: IETF Consensus
Service Name                   Reference
-------------                  ---------
ssh-userauth                   [SSH-USERAUTH]
ssh-connection                 [SSH-CONNECT]
netconf                        [RFC4742]


Authentication Method Names - per [RFC4250] 
Registration Procedures: IETF Consensus
Method Name                    Reference
------------                   ---------
publickey                      [SSH-USERAUTH, Section 7]
password                       [SSH-USERAUTH, Section 8]
hostbased                      [SSH-USERAUTH, Section 9]
none                           [SSH-USERAUTH, Section 5.2]
gssapi-with-mic                [RFC4462]
gssapi-keyex                   [RFC4462]
gssapi                         [RFC4462]
external-keyx                  [RFC4462]


Connection Protocol Channel Types - per [RFC4250] 
Registration Procedures: IETF Consensus
Channel type                   Reference
------------                   ---------
session                        [SSH-CONNECT, Section 6.1]
x11                            [SSH-CONNECT, Section 6.3.2]
forwarded-tcpip                [SSH-CONNECT, Section 7.2]
direct-tcpip                   [SSH-CONNECT, Section 7.2]


Connection Protocol Global Request Names - per [RFC4250]
Registration Procedures: IETF Consensus
Request type                   Reference
------------                   ---------
tcpip-forward                  [SSH-CONNECT, Section 7.1]
cancel-tcpip-forward           [SSH-CONNECT, Section 7.1]


Connection Protocol Channel Request Names - per [RFC4250]
Registration Procedures: IETF Consensus
Request type                   Reference
------------                   ---------
pty-req                        [SSH-CONNECT, Section 6.2]
x11-req                        [SSH-CONNECT, Section 6.3.1]
env                            [SSH-CONNECT, Section 6.4]
shell                          [SSH-CONNECT, Section 6.5]
exec                           [SSH-CONNECT, Section 6.5]
subsystem                      [SSH-CONNECT, Section 6.5]
window-change                  [SSH-CONNECT, Section 6.7]
xon-xoff                       [SSH-CONNECT, Section 6.8]
signal                         [SSH-CONNECT, Section 6.9]
exit-status                    [SSH-CONNECT, Section 6.10]
exit-signal                    [SSH-CONNECT, Section 6.10]
break                          [RFC4335]


Signal Names - per [RFC4250]
Registration Procedures: IETF Consensus
Signal                         Reference
---------                      ---------
ABRT                           [SSH-CONNECT]
ALRM                           [SSH-CONNECT]
FPE                            [SSH-CONNECT]
HUP                            [SSH-CONNECT]
ILL                            [SSH-CONNECT]
INT                            [SSH-CONNECT]
KILL                           [SSH-CONNECT]
PIPE                           [SSH-CONNECT]
QUIT                           [SSH-CONNECT]
SEGV                           [SSH-CONNECT]
TERM                           [SSH-CONNECT]
USR1                           [SSH-CONNECT]
USR2                           [SSH-CONNECT]


Connection Protocol Subsystem Names - per [RFC4250]
Registration Procedures: IETF Consensus
Subsystem Name                  Reference
---------------                 ---------
publickey                       [RFC4819]


Key Exchange Method Names - per [RFC4250]
Registration Procedures: IETF Consensus
Method name                           Reference
------------------------------------  ---------
diffie-hellman-group1-sha1            [SSH-TRANS, Section 8.1]
diffie-hellman-group14-sha1           [SSH-TRANS, Section 8.2]
gss-group1-sha1-*                     [RFC4462] Section 2.3
gss-gex-sha1-*                        [RFC4462] Section 2.5
gss-*                                 [RFC4462] Section 2.6
rsa1024-sha1                          [RFC4432] 
rsa2048-sha256                        [RFC4432]

*All values beginning with the specified string and not containing "@".

Encryption Algorithm Names - per [RFC4250]
Registration Procedures: IETF Consensus
Encryption Algorithm Name        Reference   Section (if applicable)
-------------------------        ---------   ------------
3des-cbc                         [SSH-TRANS] Section 6.3
blowfish-cbc                     [SSH-TRANS] Section 6.3
twofish256-cbc                   [SSH-TRANS] Section 6.3
twofish-cbc                      [SSH-TRANS] Section 6.3
twofish192-cbc                   [SSH-TRANS] Section 6.3
twofish128-cbc                   [SSH-TRANS] Section 6.3
aes256-cbc                       [SSH-TRANS] Section 6.3
aes192-cbc                       [SSH-TRANS] Section 6.3
aes128-cbc                       [SSH-TRANS] Section 6.3
serpent256-cbc                   [SSH-TRANS] Section 6.3
serpent192-cbc                   [SSH-TRANS] Section 6.3
serpent128-cbc                   [SSH-TRANS] Section 6.3
arcfour                          [SSH-TRANS] Section 6.3
idea-cbc                         [SSH-TRANS] Section 6.3
cast128-cbc                      [SSH-TRANS] Section 6.3
none                             [SSH-TRANS] Section 6.3
des-cbc                          [FIPS-46-3] HISTORIC, See page 4 
arcfour128                       [RFC4345]
arcfour256                       [RFC4345]
aes128-ctr                       [RFC4344]
aes192-ctr                       [RFC4344]
aes256-ctr                       [RFC4344]
3des-ctr                         [RFC4344]
blowfish-ctr                     [RFC4344]
twofish128-ctr                   [RFC4344]
twofish192-ctr                   [RFC4344]
twofish256-ctr                   [RFC4344]
serpent128-ctr                   [RFC4344]
serpent192-ctr                   [RFC4344]
serpent256-ctr                   [RFC4344]
idea-ctr                         [RFC4344]
cast128-ctr                      [RFC4344]


MAC Algorithm Names - per [RFC4250]
Registration Procedures: IETF Consensus
MAC Algorithm Name               Reference   Section (if applicable)
------------------               ---------   ------------
hmac-sha1                        [SSH-TRANS] Section 6.4
hmac-sha1-96                     [SSH-TRANS] Section 6.4
hmac-md5                         [SSH-TRANS] Section 6.4
hmac-md5-96                      [SSH-TRANS] Section 6.4
none                             [SSH-TRANS] Section 6.4


Public Key Algorithm Names - per [RFC4250]
Registration Procedures: IETF Consensus
Public Key Algorithm Name        Reference   Section (if applicable)
-------------------------        ---------   ------------
ssh-dss                          [SSH-TRANS, Section 6.6]
ssh-rsa                          [SSH-TRANS, Section 6.6]
spki-sign-rsa                    [SSH-TRANS, Section 6.6]
spki-sign-dss                    [SSH-TRANS, Section 6.6]
pgp-sign-rsa                     [SSH-TRANS, Section 6.6]
pgp-sign-dss                     [SSH-TRANS, Section 6.6]
null                             [RFC4462] Section 5


Compression Algorithm Names - per [RFC4250]
Registration Procedures: IETF Consensus
Compression Algorithm Name       Reference    Section (if applicable)
--------------------------       ---------    --------------
none                             [SSH-TRANS]  Section 6.2
zlib                             [SSH-TRANS]  Section 6.2



SSH Public-Key File Header Tags - per [RFC4716]
Registration Procedures: IETF Consensus
Tags beginning with x- Reserved for Private Use
Header Tag                       Reference    Section (if applicable)
--------------------------       ---------    --------------
subject                          [RFC4716] Section 3.3.1
comment                          [RFC4716] Section 3.3.2



Publickey Subsystem Request Names - per [RFC4819]
Registration Procedures: IETF consensus

Request Name                Reference
-----------------          -----------------------------------------
version                    [RFC4819]
add                        [RFC4819]
remove                     [RFC4819]
list                       [RFC4819]
listattributes             [RFC4819]


Publickey Subsystem Response Names - per [RFC4819]
Registration Procedures: IETF consensus

Response Name              Reference
--------------             ------------------------------------------
version                    [RFC4819]
status                     [RFC4819]
publickey                  [RFC4819]
attribute                  [RFC4819]


Publickey Subsystem Attributes - per [RFC4819]
Registration Procedures: IETF consensus

Attribute Name             Reference
---------------            ----------------------------------
comment                    [RFC4819]
comment-language           [RFC4819]
command-override           [RFC4819]
subsystem                  [RFC4819]
x11                        [RFC4819]
shell                      [RFC4819]
exec                       [RFC4819]
agent                      [RFC4819]
env                        [RFC4819]
from                       [RFC4819]
port-forward               [RFC4819]
reverse-forward            [RFC4819]


Publickey Subsystem Status Codes - per [RFC4819]
Registration Procedures: Standards Action

Status code                            Value    Reference
-------------------------------------- ------- -------------------------------
SSH_PUBLICKEY_SUCCESS                    0     [RFC4819]
SSH_PUBLICKEY_ACCESS_DENIED              1     [RFC4819]
SSH_PUBLICKEY_STORAGE_EXCEEDED           2     [RFC4819]
SSH_PUBLICKEY_VERSION_NOT_SUPPORTED      3     [RFC4819]
SSH_PUBLICKEY_KEY_NOT_FOUND              4     [RFC4819]
SSH_PUBLICKEY_KEY_NOT_SUPPORTED          5     [RFC4819]
SSH_PUBLICKEY_KEY_ALREADY_PRESENT        6     [RFC4819]
SSH_PUBLICKEY_GENERAL_FAILURE            7     [RFC4819]
SSH_PUBLICKEY_REQUEST_NOT_SUPPORTED      8     [RFC4819]
SSH_PUBLICKEY_ATTRIBUTE_NOT_SUPPORTED    9     [RFC4819]


REFERENCES
----------
[RFC4335]  J. Galbraith and P. Remaker, "Secure Shell (SSH) Session Channel 
           Break Extension", RFC 4335, January 2006.

[RFC4344]  M. Bellare, T. Kohno and C. Namprempre, "SSH Transport Layer 
           Encryption Modes", RFC 4344, January 2006.

[RFC4345]  B. Harris, "Improved Arcfour Modes for the Secure Shell (SSH) 
           Transport Layer Protocol", RFC 4345, January 2006. 

[RFC4462]  J. Hutzelman, J. Salowey, J. Galbraith, and V. Welch, "GSSAPI 
           Authentication and Key Exchange for the Secure Shell Protocol",
           RFC 4462, May 2006.

[RFC4250]  S. Lehtinen and C. Lonvick, Ed., "SSH Protocol Assigned Numbers",
           RFC 4250, January 2006.

[RFC4251]  T. Ylonen and C. Lonvick, Ed., "SSH Protocol Architecture", 
           RFC 4251, January 2006.

[SSH-TRANS] [RFC4253]
           T. Ylonen and C. Lonvick, Ed., "SSH Transport Layer Protocol", 
           RFC 4253, January 2006.

[SSH-CONNECT] [RFC4254]
           T. Ylonen and C. Lonvick, Ed., "SSH Connection Protocol", 
           RFC 4254, January 2006.

[SSH-USERAUTH] [RFC4252]
           T. Ylonen and C. Lonvick, Ed., "SSH Authentication Protocol",
           RFC 4252, January 2006.

[RFC4256]  F. Cusack and M. Forssen, "Generic Message Exchange Authentication for
           the Secure Shell Protocol (SSH)", RFC 4256, January 2006.

[RFC4432]  B. Harris, "Rivest-Shamir-Adleman (RSA) key exchange for the 
           Secure Shell (SSH) Transport Layer Protocol", RFC 4432, March 2006.

[RFC4742]  M. Wasserman and T. Goddard, "Using the NETCONF Configuration Protocol 
           over Secure Shell (SSH)", RFC 4742, December 2006.

[RFC4716]  J. Galbraith and R. Thayer, "SSH Public Key File Format", RFC 4716,
           November 2006.

[RFC4819]  J. Galbraith, J. Van Dyke, B. McClure, J. Bright, "Secure Shell 
           Public-Key Subsystem", RFC 4819, March 2007.
           

(Registry created 02 June 2005)

[]
