Open SSH Specifications

Darren Tucker dtucker at zip.com.au
Wed Jun 22 09:07:46 EST 2005 

Velupula, Prakash wrote:
> We have Open SSH 3.4p1 available on our HPTE (HP Telco Extensions)
> Linux. We have a need to comply with the following requirements for our
> customers:
> 
> *	The SSH product shall support Version 2 of SSH as defined by the
> standards

There are no standards for SSH version 2.  There are only draft protocol 
specifications and they're still changing.

> *	The SSH product shall support both client and server versions 
> *	The SSH product shall support the following authentication
> methods
> -          Password Authentication 
> -          Public-Key Authentication 
> -          Host-Based Authentication 
> -          Certificate Authentication

Vanilla OpenSSH doesn't support (x.509) certificates you would need a 
third-party patch such as Roumen Petrov's.

> -          Kerberos Authentication 
> -          Pluggable Authentication Module (PAM) 
> -          SecurID

OpenSSH supports PAM via keyboard-interactive authentication.  There's 
no direct support for SecurID however it ought to work via PAM if a 
suitable module is available.  There are also third-party patches but 
I'm not sure if they're currently maintained.

> *	The SSH shall support a packet filtering firewall.  This
> requirement allows for secure telnet only from some physical ports and
> regular telnet from other physical ports

Packet filtering is a kernel function not an application function.

> *	The SSH product shall support secure Public Key encryption 
> *	The SSH product shall be capable of being exported to all
> countries in accordance with US governmental trade policies (i.e. Denied
> or Restricted Parties)

That's a question for your legal team.

> *	The SSH product shall support real time applications.  Run time
> speed, footprint, etc are important parameters that should be optimized 

I'm not sure what an SSH application would do differently to "support 
real time applications".

> *	SSH agent should be included in the product 
> *	Use force command configuration of the SSH - it limits what
> clients can do in a session
> 
> Is there any Specifications document for Open SSH which describes as to
> what all features are supported in a particular version?

The best bet is the ssh_config(5) and sshd_config(5) man pages for the 
version you're interested in.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list