NAME
SSH - The sshapplication implements the Secure Shell (SSH) protocol and
provides an SSH File Transfer Protocol (SFTP) client andserver.
DESCRIPTION
The sshapplication is an implementation of the SSH protocol inErlang. ssh offers API functions to write customizedSSH clients and servers as well as making the Erlang shellavailable over SSH. An SFTP client, ssh_sftp, andserver, ssh_sftpd, are also included.
DEPENDENCIES
The sshapplication uses the applications public_key andcrypto to handle public keys and encryption. Hence,these applications must be loaded for the sshapplication to work. In an embedded environment this meansthat they must be started with application:start/1,2before the ssh application is started.
CONFIGURATION
The sshapplication does not have an application- specificconfiguration file, as described inapplication(3erl). However, by default it use thefollowing configuration files from OpenSSH:
* | known_hosts | |||
* | authorized_keys | |||
* | authorized_keys2 | |||
* | id_dsa | |||
* | id_rsa | |||
* | id_ecdsa | |||
* | ssh_host_dsa_key | |||
* | ssh_host_rsa_key | |||
* | ssh_host_ecdsa_key |
By default,ssh looks for id_dsa, id_rsa,id_ecdsa_key, known_hosts, andauthorized_keys in ~/.ssh, and for the host key filesin /etc/ssh. These locations can be changed by theoptions user_dir and system_dir.
Public keyhandling can also be customized through a callback modulethat implements the behaviors ssh_client_key_api andssh_server_key_api.
See also thedefault callback module documentation inssh_file.
PUBLIC KEYS
id_dsa,id_rsa and id_ecdsa are the users private keyfiles. Notice that the public key is part of the private keyso the ssh application does not use theid_<*>.pub files. These are for theuser’s convenience when it is needed to convey theuser’s public key.
KNOWN HOSTS
Theknown_hosts file contains a list of approved serversand their public keys. Once a server is listed, it can beverified without user interaction.
AUTHORIZED KEYS
Theauthorized_key file keeps track of the user’sauthorized public keys. The most common use of this file isto let users log in without entering their password, whichis supported by the Erlang ssh daemon.
HOST KEYS
RSA, DSA andECDSA host keys are supported and are expected to be foundin files named ssh_host_rsa_key,ssh_host_dsa_key and ssh_host_ecdsa_key.
ERROR LOGGER AND EVENT HANDLERS
The sshapplication uses the default OTP error logger to logunexpected errors or print information about specialevents.
SUPPORTED SPECIFICATIONS AND STANDARDS
The supportedSSH version is 2.0.
ALGORITHMS
The actual setof algorithms may vary depending on which OpenSSL cryptolibrary that is installed on the machine. For the list on aparticular installation, use the commandssh:default_algorithms/0. The user may override thedefault algorithm configuration both on the server side andthe client side. See the options preferred_algorithmsand modify_algorithms in the ssh:daemon/1,2,3and ssh:connect/3,4 functions.
Supportedalgorithms are (in the default order):
Key exchangealgorithms:
* | ecdh-sha2-nistp384 | ||
* | ecdh-sha2-nistp521 | ||
* | ecdh-sha2-nistp256 | ||
* | diffie-hellman-group-exchange-sha256 | ||
* | diffie-hellman-group16-sha512 | ||
* | diffie-hellman-group18-sha512 | ||
* | diffie-hellman-group14-sha256 | ||
* | curve25519-sha256 | ||
* | curve25519-sha256 [AT] libssh.org | ||
* | curve448-sha512 | ||
* | diffie-hellman-group14-sha1 | ||
* | diffie-hellman-group-exchange-sha1 | ||
* | (diffie-hellman-group1-sha1, retired: It can be enabledwith the preferred_algorithms ormodify_algorithms options. Use for example the Optionvalue {modify_algorithms, [{append,[{kex,[’diffie-hellman-group1-sha1’]}]}]}) |
Public keyalgorithms:
* | ecdsa-sha2-nistp384 | |||
* | ecdsa-sha2-nistp521 | |||
* | ecdsa-sha2-nistp256 | |||
* | ssh-ed25519 | |||
* | ssh-ed448 | |||
* | ssh-rsa | |||
* | rsa-sha2-256 | |||
* | rsa-sha2-512 | |||
* | ssh-dss |
MAC algorithms:
* | hmac-sha2-256 | ||
* | hmac-sha2-512 | ||
* | hmac-sha1 | ||
* | (hmac-sha1-96 It can be enabled with thepreferred_algorithms or modify_algorithmsoptions. Use for example the Option value{modify_algorithms, [{append,[{mac,[’hmac-sha1-96’]}]}]}) |
Encryption algorithms(ciphers):
* | chacha20-poly1305 [AT] openssh.com | |||
* | aes256-gcm [AT] openssh.com | |||
* | aes256-ctr | |||
* | aes192-ctr | |||
* | aes128-gcm [AT] openssh.com | |||
* | aes128-ctr | |||
* | aes256-cbc | |||
* | aes192-cbc | |||
* | aes128-cbc | |||
* | 3des-cbc | |||
* | (AEAD_AES_128_GCM, not enabled per default) | |||
* | (AEAD_AES_256_GCM, not enabled per default) |
See the text atthe description of the rfc 5647 further down for moreinformation regarding AEAD_AES_*_GCM.
Following theinternet de-facto standard, the cipher and mac algorithmAEAD_AES_128_GCM is selected when the cipheraes128-gcm [AT] openssh.com is negotiated. The cipher and macalgorithm AEAD_AES_256_GCM is selected when the cipheraes256-gcm [AT] openssh.com is negotiated.
Compressionalgorithms:
* | none | |||
* | zlib [AT] openssh.com | |||
* | zlib |
UNICODE SUPPORT
Unicodefilenames are supported if the emulator and the underlayingOS support it. See section DESCRIPTION in the filemanual page in Kernel for information about thissubject.
The shell andthe cli both support unicode.
RFCS
The followingrfc:s are supported:
* | RFC 4251, The Secure Shell (SSH)Protocol Architecture. |
Except
* | 9.4.6 Host-BasedAuthentication | |||
* | 9.5.2 Proxy Forwarding | |||
* | 9.5.3 X11 Forwarding | |||
* |
RFC 4252, TheSecure Shell (SSH) Authentication Protocol.
Except
* | 9. Host-Based Authentication:"hostbased" | |||
* |
RFC 4253, TheSecure Shell (SSH) Transport Layer Protocol.
Except
* | 8.1. diffie-hellman-group1-sha1.Disabled by default, can be enabled with thepreferred_algorithms or modify_algorithmsoptions. | ||
* |
RFC 4254, TheSecure Shell (SSH) Connection Protocol.
Except
* | 6.3. X11 Forwarding | |||
* | 7. TCP/IP Port Forwarding | |||
* |
RFC 4256,Generic Message Exchange Authentication for the Secure ShellProtocol (SSH).
Except
* | num-prompts > 1 | |||
* | password changing | |||
* | other identification methods than userid-password | |||
* |
RFC 4419,Diffie-Hellman Group Exchange for the Secure Shell (SSH)Transport Layer Protocol.
* | RFC 4716, The Secure Shell (SSH)Public Key File Format. | ||
* | RFC 5647, AES Galois Counter Mode for the Secure ShellTransport Layer Protocol. |
There is anambiguity in the synchronized selection of cipher and macalgorithm. This is resolved by OpenSSH in the ciphersaes128-gcm [AT] openssh.com and aes256-gcm [AT] openssh.com which areimplemented. If the explicit ciphers and macsAEAD_AES_128_GCM or AEAD_AES_256_GCM are needed, they couldbe enabled with the options preferred_algorithms ormodify_algorithms.
Warning:
If the client or the server isnot Erlang/OTP, it is the users responsibility to check thatother implementation has the same interpretation ofAEAD_AES_*_GCM as the Erlang/OTP SSH before enabling them.The aes*-gcm [AT] openssh.com variants are always safe to usesince they lack the ambiguity.
The secondparagraph in section 5.1 is resolved as:
* | If the negotiated cipher isAEAD_AES_128_GCM, the mac algorithm is set toAEAD_AES_128_GCM. | ||
* | If the negotiated cipher is AEAD_AES_256_GCM, the macalgorithm is set to AEAD_AES_256_GCM. | ||
* | If the mac algorithm is AEAD_AES_128_GCM, the cipher isset to AEAD_AES_128_GCM. | ||
* | If the mac algorithm is AEAD_AES_256_GCM, the cipher isset to AEAD_AES_256_GCM. |
The first rulethat matches when read in order from the top is applied
* | RFC 5656, Elliptic CurveAlgorithm Integration in the Secure Shell TransportLayer. |
Except
* | 5. ECMQV Key Exchange | ||
* | 6.4. ECMQV Key Exchange and Verification Method Name | ||
* | 7.2. ECMQV Message Numbers | ||
* | 10.2. Recommended Curves | ||
* |
RFC 6668, SHA-2Data Integrity Verification for the Secure Shell (SSH)Transport Layer Protocol
Comment:Defines hmac-sha2-256 and hmac-sha2-512
* | Draft-ietf-curdle-ssh-kex-sha2(work in progress), Key Exchange (KEX) Method Updates andRecommendations for Secure Shell (SSH). |
Deviations:
* | Thediffie-hellman-group1-sha1 is not enabled by default,but is still supported and can be enabled with the optionspreferred_algorithms or modify_algorithms. | ||
* | The questionable sha1-based algorithmsdiffie-hellman-group-exchange-sha1 anddiffie-hellman-group14-sha1 are still enabled bydefault for compatibility with ancient clients and servers.They can be disabled with the optionspreferred_algorithms or modify_algorithms.They will be disabled by default when the draft is turnedinto an RFC. | ||
* |
RFC 8332, Useof RSA Keys with SHA-256 and SHA-512 in the Secure Shell(SSH) Protocol.
* | RFC 8308, Extension Negotiationin the Secure Shell (SSH) Protocol. |
Implementedare:
* | The Extension NegotiationMechanism | |||
* | The extension server-sig-algs | |||
* |
Secure Shell(SSH) Key Exchange Method using Curve25519 and Curve448(work in progress)
* | Ed25519 and Ed448 public keyalgorithms for the Secure Shell (SSH) protocol (work inprogress) |
SEE ALSO
application(3erl)
