Skip to content
This repository was archived by the owner on Jan 26, 2026. It is now read-only.

Commit 1c66217

Browse files
Jakujecryptomilk
Jakuje
authored and
cryptomilk
committed
doc: Update the list of RFCs and clearly mention which are not implemented in libssh
Fixes T196 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Andreas Schneider <asn@cryptomilk.org> (cherry picked from commit 606a97c)
1 parent 95eb071 commit 1c66217

1 file changed

Lines changed: 39 additions & 12 deletions

File tree

doc/mainpage.dox

Lines changed: 39 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -179,15 +179,46 @@ It was later modified and expanded by the following RFCs.
179179
Protocol
180180
- <a href="http://tools.ietf.org/html/rfc4432" target="_blank">RFC 4432</a>,
181181
RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol
182-
- <a href="http://tools.ietf.org/html/rfc4462" target="_blank">RFC 4462</a>,
182+
(not implemented in libssh)
183+
- <a href="https://tools.ietf.org/html/rfc4462" target="_blank">RFC 4462</a>,
183184
Generic Security Service Application Program Interface (GSS-API)
184185
Authentication and Key Exchange for the Secure Shell (SSH) Protocol
185-
- <a href="http://tools.ietf.org/html/rfc4716" target="_blank">RFC 4716</a>,
186+
(only the authentication implemented in libssh)
187+
- <a href="https://tools.ietf.org/html/rfc4716" target="_blank">RFC 4716</a>,
186188
The Secure Shell (SSH) Public Key File Format
187-
- <a href="http://tools.ietf.org/html/rfc5647" target="_blank">RFC 5647</a>,
189+
(not implemented in libssh)
190+
- <a href="https://tools.ietf.org/html/rfc5647" target="_blank">RFC 5647</a>,
188191
AES Galois Counter Mode for the Secure Shell Transport Layer Protocol
189-
- <a href="http://tools.ietf.org/html/rfc5656" target="_blank">RFC 5656</a>,
192+
(the algorithm negotiation implemented according to openssh.com)
193+
- <a href="https://tools.ietf.org/html/rfc5656" target="_blank">RFC 5656</a>,
190194
Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer
195+
- <a href="https://tools.ietf.org/html/rfc6594" target="_blank">RFC 6594</a>,
196+
Use of the SHA-256 Algorithm with RSA, DSA, and ECDSA in SSHFP Resource Records
197+
(not implemented in libssh)
198+
- <a href="https://tools.ietf.org/html/rfc6668" target="_blank">RFC 6668</a>,
199+
SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol
200+
- <a href="https://tools.ietf.org/html/rfc7479" target="_blank">RFC 7479</a>,
201+
Using Ed25519 in SSHFP Resource Records
202+
(not implemented in libssh)
203+
- <a href="https://tools.ietf.org/html/rfc8160" target="_blank">RFC 8160</a>,
204+
IUTF8 Terminal Mode in Secure Shell (SSH)
205+
(not handled in libssh)
206+
- <a href="https://tools.ietf.org/html/rfc8270" target="_blank">RFC 8270</a>,
207+
Increase the Secure Shell Minimum Recommended Diffie-Hellman Modulus Size to 2048 Bits
208+
- <a href="https://tools.ietf.org/html/rfc8308" target="_blank">RFC 8308</a>,
209+
Extension Negotiation in the Secure Shell (SSH) Protocol
210+
(only the "server-sig-algs" extension implemented)
211+
- <a href="https://tools.ietf.org/html/rfc8332" target="_blank">RFC 8332</a>,
212+
Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol
213+
214+
There are also drafts that are being currently developed and followed.
215+
216+
- <a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2-10" target="_blank">draft-ietf-curdle-ssh-kex-sha2-10</a>
217+
Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH)
218+
- <a href="https://tools.ietf.org/html/draft-miller-ssh-agent-03" target="_blank">draft-miller-ssh-agent-03</a>
219+
SSH Agent Protocol
220+
- <a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves-12" target="_blank">draft-ietf-curdle-ssh-curves-12</a>
221+
Secure Shell (SSH) Key Exchange Method using Curve25519 and Curve448
191222

192223
Interesting cryptography documents:
193224

@@ -205,20 +236,16 @@ do the same in libssh.
205236

206237
@subsection main-rfc-extensions Secure Shell Extensions
207238

208-
The libssh project has an extension to support Curve25519 which is also supported by
209-
the OpenSSH project.
210-
211-
- <a href="http://git.libssh.org/projects/libssh.git/tree/doc/curve25519-sha256@libssh.org.txt" target="_blank">curve25519-sha256@libssh.org</a>,
212-
Curve25519-SHA256 for ECDH KEX
213-
214239
The OpenSSH project has defined some extensions to the protocol. We support some of
215240
them like the statvfs calls in SFTP or the ssh-agent.
216241

217242
- <a href="http://api.libssh.org/rfc/PROTOCOL" target="_blank">
218243
OpenSSH's deviations and extensions</a>
219-
- <a href="http://api.libssh.org/rfc/PROTOCOL.agent" target="_blank">
220-
OpenSSH's ssh-agent</a>
221244
- <a href="http://api.libssh.org/rfc/PROTOCOL.certkeys" target="_blank">
222245
OpenSSH's pubkey certificate authentication</a>
246+
- <a href="http://api.libssh.org/rfc/PROTOCOL.chacha20poly1305" target="_blank">
247+
chacha20-poly1305@openssh.com authenticated encryption mode</a>
248+
- <a href="http://api.libssh.org/rfc/PROTOCOL.key" target="_blank">
249+
OpenSSH private key format (openssh-key-v1)</a>
223250

224251
*/

0 commit comments

Comments
 (0)