SSH is a protocol for secure remote logon and other secure network services over an insecure network.
SSH provides a single, full-duplex, and byte-oriented connection between client and server. The protocol also provides privacy, integrity, server authentication, and man-in-the-middle protection.
ssh application is an implementation of the SSH Transport, Connection and Authentication Layer Protocols in Erlang. It provides the following:
ssh_sftp) and server (
It is assumed that the reader is familiar with the Erlang programming language, concepts of OTP, and has a basic understanding of public keys.
Conceptually, the SSH protocol can be partitioned into four layers:
The SSH Transport Protocol is a secure, low-level transport. It provides strong encryption, cryptographic host authentication, and integrity protection. A minimum of Message Authentication Code (MAC) and encryption algorithms are supported. For details, see the
ssh(3) manual page in
The SSH Authentication Protocol is a general-purpose user authentication protocol run over the SSH Transport Layer Protocol. The
ssh application supports user authentication as follows:
The public key handling can be customized by implementing the following behaviours from
The SSH Connection Protocol provides application-support services over the transport pipe, for example, channel multiplexing, flow control, remote program execution, signal propagation, and connection forwarding. Functions for handling the SSH Connection Protocol can be found in the module
All terminal sessions, forwarded connections, and so on, are channels. Multiple channels are multiplexed into a single connection. All channels are flow-controlled. This means that no data is sent to a channel peer until a message is received to indicate that window space is available. The initial window size specifies how many bytes of channel data that can be sent to the channel peer without adjusting the window. Typically, an SSH client opens a channel, sends data (commands), receives data (control information), and then closes the channel. The
ssh_client_channel behaviour handles generic parts of SSH channel management. This makes it easy to write your own SSH client/server processes that use flow-control and thus opens for more focus on the application logic.
Channels come in the following three flavors:
(ssh_sftpd), that is built into the SSH daemon (server) by default, but it can be disabled. The Erlang
sshdaemon can be configured to run any Erlang- implemented SSH subsystem.
ssh_connection:exec/4for more information.
For detailed information about the SSH protocol, refer to the following Request for Comments(RFCs):
RFC 4250- Protocol Assigned Numbers
RFC 4251- Protocol Architecture
RFC 4252- Authentication Protocol
RFC 4253- Transport Layer Protocol
RFC 4254- Connection Protocol
RFC 4344- Transport Layer Encryption Modes
RFC 4716- Public Key File Format
© 2010–2017 Ericsson AB
Licensed under the Apache License, Version 2.0.