<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html xmlns:erl="http://erlang.org" xmlns:fn="http://www.w3.org/2005/02/xpath-functions">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" href="../../../../doc/otp_doc.css" type="text/css">
<title>Erlang -- SSH</title>
</head>
<body>
<div id="container">
<script id="js" type="text/javascript" language="JavaScript" src="../../../../doc/js/flipmenu/flipmenu.js"></script><script id="js2" type="text/javascript" src="../../../../doc/js/erlresolvelinks.js"></script><script language="JavaScript" type="text/javascript">
<!--
function getWinHeight() {
var myHeight = 0;
if( typeof( window.innerHeight ) == 'number' ) {
//Non-IE
myHeight = window.innerHeight;
} else if( document.documentElement && ( document.documentElement.clientWidth ||
document.documentElement.clientHeight ) ) {
//IE 6+ in 'standards compliant mode'
myHeight = document.documentElement.clientHeight;
} else if( document.body && ( document.body.clientWidth || document.body.clientHeight ) ) {
//IE 4 compatible
myHeight = document.body.clientHeight;
}
return myHeight;
}
function setscrollpos() {
var objf=document.getElementById('loadscrollpos');
document.getElementById("leftnav").scrollTop = objf.offsetTop - getWinHeight()/2;
}
function addEvent(obj, evType, fn){
if (obj.addEventListener){
obj.addEventListener(evType, fn, true);
return true;
} else if (obj.attachEvent){
var r = obj.attachEvent("on"+evType, fn);
return r;
} else {
return false;
}
}
addEvent(window, 'load', setscrollpos);
//--></script><div id="leftnav"><div class="innertube">
<div class="erlang-logo-wrapper"><a href="../../../../doc/index.html"><img alt="Erlang Logo" src="../../../../doc/erlang-logo.png" class="erlang-logo"></a></div>
<p class="section-title">SSH</p>
<p class="section-subtitle">Reference Manual</p>
<p class="section-version">Version 4.7.3</p>
<ul class="panel-sections">
<li><a href="users_guide.html">User's Guide</a></li>
<li><a href="index.html">Reference Manual</a></li>
<li><a href="release_notes.html">Release Notes</a></li>
<li><a href="../pdf/ssh-4.7.3.pdf">PDF</a></li>
<li><a href="../../../../doc/index.html">Top</a></li>
</ul>
<ul class="expand-collapse-items">
<li><a href="javascript:openAllFlips()">Expand All</a></li>
<li><a href="javascript:closeAllFlips()">Contract All</a></li>
</ul>
<h3>Table of Contents</h3>
<ul class="flipMenu">
<li title="SSH (App)"><a href="SSH_app.html">SSH (App)
</a></li>
<li id="no" title="ssh " expanded="false">ssh<ul>
<li><a href="ssh.html">
Top of manual page
</a></li>
<li title="close-1"><a href="ssh.html#close-1">close/1</a></li>
<li title="connect-3"><a href="ssh.html#connect-3">connect/3</a></li>
<li title="connect-4"><a href="ssh.html#connect-4">connect/4</a></li>
<li title="connect-2"><a href="ssh.html#connect-2">connect/2</a></li>
<li title="connect-3"><a href="ssh.html#connect-3">connect/3</a></li>
<li title="connection_info-2"><a href="ssh.html#connection_info-2">connection_info/2</a></li>
<li title="daemon-1"><a href="ssh.html#daemon-1">daemon/1</a></li>
<li title="daemon-2"><a href="ssh.html#daemon-2">daemon/2</a></li>
<li title="daemon-3"><a href="ssh.html#daemon-3">daemon/3</a></li>
<li title="daemon_info-1"><a href="ssh.html#daemon_info-1">daemon_info/1</a></li>
<li title="default_algorithms-0"><a href="ssh.html#default_algorithms-0">default_algorithms/0</a></li>
<li title="shell-1"><a href="ssh.html#shell-1">shell/1</a></li>
<li title="shell-2"><a href="ssh.html#shell-2">shell/2</a></li>
<li title="shell-3"><a href="ssh.html#shell-3">shell/3</a></li>
<li title="start-0"><a href="ssh.html#start-0">start/0</a></li>
<li title="start-1"><a href="ssh.html#start-1">start/1</a></li>
<li title="stop-0"><a href="ssh.html#stop-0">stop/0</a></li>
<li title="stop_daemon-1"><a href="ssh.html#stop_daemon-1">stop_daemon/1</a></li>
<li title="stop_daemon-2"><a href="ssh.html#stop_daemon-2">stop_daemon/2</a></li>
<li title="stop_daemon-3"><a href="ssh.html#stop_daemon-3">stop_daemon/3</a></li>
<li title="stop_listener-1"><a href="ssh.html#stop_listener-1">stop_listener/1</a></li>
<li title="stop_listener-2"><a href="ssh.html#stop_listener-2">stop_listener/2</a></li>
<li title="stop_listener-3"><a href="ssh.html#stop_listener-3">stop_listener/3</a></li>
</ul>
</li>
<li id="no" title="ssh_client_channel " expanded="false">ssh_client_channel<ul>
<li><a href="ssh_client_channel.html">
Top of manual page
</a></li>
<li title="call-2"><a href="ssh_client_channel.html#call-2">call/2</a></li>
<li title="call-3"><a href="ssh_client_channel.html#call-3">call/3</a></li>
<li title="cast-2"><a href="ssh_client_channel.html#cast-2">cast/2</a></li>
<li title="enter_loop-1"><a href="ssh_client_channel.html#enter_loop-1">enter_loop/1</a></li>
<li title="init-1"><a href="ssh_client_channel.html#init-1">init/1</a></li>
<li title="reply-2"><a href="ssh_client_channel.html#reply-2">reply/2</a></li>
<li title="start-4"><a href="ssh_client_channel.html#start-4">start/4</a></li>
<li title="start_link-4"><a href="ssh_client_channel.html#start_link-4">start_link/4</a></li>
<li title="Module:code_change-3"><a href="ssh_client_channel.html#Module:code_change-3">Module:code_change/3</a></li>
<li title="Module:handle_call-3"><a href="ssh_client_channel.html#Module:handle_call-3">Module:handle_call/3</a></li>
<li title="Module:handle_cast-2"><a href="ssh_client_channel.html#Module:handle_cast-2">Module:handle_cast/2</a></li>
<li title="Module:handle_msg-2"><a href="ssh_client_channel.html#Module:handle_msg-2">Module:handle_msg/2</a></li>
<li title="Module:handle_ssh_msg-2"><a href="ssh_client_channel.html#Module:handle_ssh_msg-2">Module:handle_ssh_msg/2</a></li>
<li title="Module:init-1"><a href="ssh_client_channel.html#Module:init-1">Module:init/1</a></li>
<li title="Module:terminate-2"><a href="ssh_client_channel.html#Module:terminate-2">Module:terminate/2</a></li>
</ul>
</li>
<li id="no" title="ssh_server_channel " expanded="false">ssh_server_channel<ul>
<li><a href="ssh_server_channel.html">
Top of manual page
</a></li>
<li title="Module:handle_msg-2"><a href="ssh_server_channel.html#Module:handle_msg-2">Module:handle_msg/2</a></li>
<li title="Module:handle_ssh_msg-2"><a href="ssh_server_channel.html#Module:handle_ssh_msg-2">Module:handle_ssh_msg/2</a></li>
<li title="Module:init-1"><a href="ssh_server_channel.html#Module:init-1">Module:init/1</a></li>
<li title="Module:terminate-2"><a href="ssh_server_channel.html#Module:terminate-2">Module:terminate/2</a></li>
</ul>
</li>
<li id="no" title="ssh_connection " expanded="false">ssh_connection<ul>
<li><a href="ssh_connection.html">
Top of manual page
</a></li>
<li title="adjust_window-3"><a href="ssh_connection.html#adjust_window-3">adjust_window/3</a></li>
<li title="close-2"><a href="ssh_connection.html#close-2">close/2</a></li>
<li title="exec-4"><a href="ssh_connection.html#exec-4">exec/4</a></li>
<li title="exit_status-3"><a href="ssh_connection.html#exit_status-3">exit_status/3</a></li>
<li title="ptty_alloc-3"><a href="ssh_connection.html#ptty_alloc-3">ptty_alloc/3</a></li>
<li title="ptty_alloc-4"><a href="ssh_connection.html#ptty_alloc-4">ptty_alloc/4</a></li>
<li title="reply_request-4"><a href="ssh_connection.html#reply_request-4">reply_request/4</a></li>
<li title="send-3"><a href="ssh_connection.html#send-3">send/3</a></li>
<li title="send-4"><a href="ssh_connection.html#send-4">send/4</a></li>
<li title="send-4"><a href="ssh_connection.html#send-4">send/4</a></li>
<li title="send-5"><a href="ssh_connection.html#send-5">send/5</a></li>
<li title="send_eof-2"><a href="ssh_connection.html#send_eof-2">send_eof/2</a></li>
<li title="session_channel-2"><a href="ssh_connection.html#session_channel-2">session_channel/2</a></li>
<li title="session_channel-4"><a href="ssh_connection.html#session_channel-4">session_channel/4</a></li>
<li title="setenv-5"><a href="ssh_connection.html#setenv-5">setenv/5</a></li>
<li title="shell-2"><a href="ssh_connection.html#shell-2">shell/2</a></li>
<li title="subsystem-4"><a href="ssh_connection.html#subsystem-4">subsystem/4</a></li>
</ul>
</li>
<li id="no" title="ssh_client_key_api " expanded="false">ssh_client_key_api<ul>
<li><a href="ssh_client_key_api.html">
Top of manual page
</a></li>
<li title="Module:add_host_key-3"><a href="ssh_client_key_api.html#Module:add_host_key-3">Module:add_host_key/3</a></li>
<li title="Module:is_host_key-4"><a href="ssh_client_key_api.html#Module:is_host_key-4">Module:is_host_key/4</a></li>
<li title="Module:user_key-2"><a href="ssh_client_key_api.html#Module:user_key-2">Module:user_key/2</a></li>
</ul>
</li>
<li id="no" title="ssh_server_key_api " expanded="false">ssh_server_key_api<ul>
<li><a href="ssh_server_key_api.html">
Top of manual page
</a></li>
<li title="Module:host_key-2"><a href="ssh_server_key_api.html#Module:host_key-2">Module:host_key/2</a></li>
<li title="Module:is_auth_key-3"><a href="ssh_server_key_api.html#Module:is_auth_key-3">Module:is_auth_key/3</a></li>
</ul>
</li>
<li id="no" title="ssh_file " expanded="false">ssh_file<ul>
<li><a href="ssh_file.html">
Top of manual page
</a></li>
<li title="add_host_key-3"><a href="ssh_file.html#add_host_key-3">add_host_key/3</a></li>
<li title="host_key-2"><a href="ssh_file.html#host_key-2">host_key/2</a></li>
<li title="is_auth_key-3"><a href="ssh_file.html#is_auth_key-3">is_auth_key/3</a></li>
<li title="is_host_key-4"><a href="ssh_file.html#is_host_key-4">is_host_key/4</a></li>
<li title="user_key-2"><a href="ssh_file.html#user_key-2">user_key/2</a></li>
</ul>
</li>
<li id="no" title="ssh_sftp " expanded="false">ssh_sftp<ul>
<li><a href="ssh_sftp.html">
Top of manual page
</a></li>
<li title="apread-4"><a href="ssh_sftp.html#apread-4">apread/4</a></li>
<li title="apwrite-4"><a href="ssh_sftp.html#apwrite-4">apwrite/4</a></li>
<li title="aread-3"><a href="ssh_sftp.html#aread-3">aread/3</a></li>
<li title="awrite-3"><a href="ssh_sftp.html#awrite-3">awrite/3</a></li>
<li title="close-2"><a href="ssh_sftp.html#close-2">close/2</a></li>
<li title="close-3"><a href="ssh_sftp.html#close-3">close/3</a></li>
<li title="del_dir-2"><a href="ssh_sftp.html#del_dir-2">del_dir/2</a></li>
<li title="del_dir-3"><a href="ssh_sftp.html#del_dir-3">del_dir/3</a></li>
<li title="delete-2"><a href="ssh_sftp.html#delete-2">delete/2</a></li>
<li title="delete-3"><a href="ssh_sftp.html#delete-3">delete/3</a></li>
<li title="list_dir-2"><a href="ssh_sftp.html#list_dir-2">list_dir/2</a></li>
<li title="list_dir-3"><a href="ssh_sftp.html#list_dir-3">list_dir/3</a></li>
<li title="make_dir-2"><a href="ssh_sftp.html#make_dir-2">make_dir/2</a></li>
<li title="make_dir-3"><a href="ssh_sftp.html#make_dir-3">make_dir/3</a></li>
<li title="make_symlink-3"><a href="ssh_sftp.html#make_symlink-3">make_symlink/3</a></li>
<li title="make_symlink-4"><a href="ssh_sftp.html#make_symlink-4">make_symlink/4</a></li>
<li title="open-3"><a href="ssh_sftp.html#open-3">open/3</a></li>
<li title="open-4"><a href="ssh_sftp.html#open-4">open/4</a></li>
<li title="open_tar-3"><a href="ssh_sftp.html#open_tar-3">open_tar/3</a></li>
<li title="open_tar-4"><a href="ssh_sftp.html#open_tar-4">open_tar/4</a></li>
<li title="opendir-2"><a href="ssh_sftp.html#opendir-2">opendir/2</a></li>
<li title="opendir-3"><a href="ssh_sftp.html#opendir-3">opendir/3</a></li>
<li title="position-3"><a href="ssh_sftp.html#position-3">position/3</a></li>
<li title="position-4"><a href="ssh_sftp.html#position-4">position/4</a></li>
<li title="pread-4"><a href="ssh_sftp.html#pread-4">pread/4</a></li>
<li title="pread-5"><a href="ssh_sftp.html#pread-5">pread/5</a></li>
<li title="pwrite-4"><a href="ssh_sftp.html#pwrite-4">pwrite/4</a></li>
<li title="pwrite-5"><a href="ssh_sftp.html#pwrite-5">pwrite/5</a></li>
<li title="read-3"><a href="ssh_sftp.html#read-3">read/3</a></li>
<li title="read-4"><a href="ssh_sftp.html#read-4">read/4</a></li>
<li title="read_file-2"><a href="ssh_sftp.html#read_file-2">read_file/2</a></li>
<li title="read_file-3"><a href="ssh_sftp.html#read_file-3">read_file/3</a></li>
<li title="read_file_info-2"><a href="ssh_sftp.html#read_file_info-2">read_file_info/2</a></li>
<li title="read_file_info-3"><a href="ssh_sftp.html#read_file_info-3">read_file_info/3</a></li>
<li title="read_link-2"><a href="ssh_sftp.html#read_link-2">read_link/2</a></li>
<li title="read_link-3"><a href="ssh_sftp.html#read_link-3">read_link/3</a></li>
<li title="read_link_info-2"><a href="ssh_sftp.html#read_link_info-2">read_link_info/2</a></li>
<li title="read_link_info-3"><a href="ssh_sftp.html#read_link_info-3">read_link_info/3</a></li>
<li title="rename-3"><a href="ssh_sftp.html#rename-3">rename/3</a></li>
<li title="rename-4"><a href="ssh_sftp.html#rename-4">rename/4</a></li>
<li title="start_channel-1"><a href="ssh_sftp.html#start_channel-1">start_channel/1</a></li>
<li title="start_channel-2"><a href="ssh_sftp.html#start_channel-2">start_channel/2</a></li>
<li title="start_channel-2"><a href="ssh_sftp.html#start_channel-2">start_channel/2</a></li>
<li title="start_channel-3"><a href="ssh_sftp.html#start_channel-3">start_channel/3</a></li>
<li title="start_channel-1"><a href="ssh_sftp.html#start_channel-1">start_channel/1</a></li>
<li title="start_channel-2"><a href="ssh_sftp.html#start_channel-2">start_channel/2</a></li>
<li title="stop_channel-1"><a href="ssh_sftp.html#stop_channel-1">stop_channel/1</a></li>
<li title="write-3"><a href="ssh_sftp.html#write-3">write/3</a></li>
<li title="write-4"><a href="ssh_sftp.html#write-4">write/4</a></li>
<li title="write_file-3"><a href="ssh_sftp.html#write_file-3">write_file/3</a></li>
<li title="write_file-4"><a href="ssh_sftp.html#write_file-4">write_file/4</a></li>
<li title="write_file_info-3"><a href="ssh_sftp.html#write_file_info-3">write_file_info/3</a></li>
<li title="write_file_info-4"><a href="ssh_sftp.html#write_file_info-4">write_file_info/4</a></li>
</ul>
</li>
<li id="no" title="ssh_sftpd " expanded="false">ssh_sftpd<ul>
<li><a href="ssh_sftpd.html">
Top of manual page
</a></li>
<li title="subsystem_spec-1"><a href="ssh_sftpd.html#subsystem_spec-1">subsystem_spec/1</a></li>
</ul>
</li>
</ul>
</div></div>
<div id="content">
<div class="innertube">
<!-- refpage --><center><h1>SSH</h1></center>
<h3><span onMouseOver="document.getElementById('ghlink-application-idm281472003835576').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-application-idm281472003835576').style.visibility = 'hidden';"><span id="ghlink-application-idm281472003835576"></span><a class="title_link" name="application" href="#application">Application</a></span></h3>
<div class="REFBODY application-body">SSH</div>
<h3><span onMouseOver="document.getElementById('ghlink-application-summary-idm281472003836632').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-application-summary-idm281472003836632').style.visibility = 'hidden';"><span id="ghlink-application-summary-idm281472003836632"></span><a class="title_link" name="application-summary" href="#application-summary">Application Summary</a></span></h3>
<div class="REFBODY application-summary-body">The ssh application implements the Secure Shell (SSH) protocol and
provides an SSH File Transfer Protocol (SFTP) client and server.</div>
<h3><span onMouseOver="document.getElementById('ghlink-description-idm281472003837304').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-description-idm281472003837304').style.visibility = 'hidden';"><span id="ghlink-description-idm281472003837304" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L35" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="description" href="#description">Description</a></span></h3>
<div class="REFBODY description-body"><p>
<p>The <span class="code">ssh</span> application is an implementation of the SSH protocol in Erlang.
<span class="code">ssh</span> offers API functions to write customized SSH clients and servers as well as
making the Erlang shell available over SSH. An SFTP client, <span class="code">ssh_sftp</span>, and server,
<span class="code">ssh_sftpd</span>, are also included.</p>
</p></div>
<h3><span onMouseOver="document.getElementById('ghlink-dependencies-idm281472003838872').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-dependencies-idm281472003838872').style.visibility = 'hidden';"><span id="ghlink-dependencies-idm281472003838872" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L42" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="dependencies" href="#dependencies">DEPENDENCIES</a></span></h3>
<div class="REFBODY rb-3">
<p>The <span class="code">ssh</span> application uses the applications
<span class="bold_code bc-18"><a href="javascript:erlhref('../../../../doc/../','public_key','public_key.html');">public_key</a></span> and
<span class="bold_code bc-18"><a href="javascript:erlhref('../../../../doc/../','crypto','crypto.html');">crypto</a></span>
to handle public keys and encryption. Hence, these
applications must be loaded for the <span class="code">ssh</span> application to work. In
an embedded environment this means that they must be started with
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','kernel','application.html#start-1');">application:start/1,2</a></span> before the
<span class="code">ssh</span> application is started.
</p>
</div>
<h3><span onMouseOver="document.getElementById('ghlink-configuration-idm281472004758424').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-configuration-idm281472004758424').style.visibility = 'hidden';"><span id="ghlink-configuration-idm281472004758424" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L55" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="configuration" href="#configuration">CONFIGURATION</a></span></h3>
<div class="REFBODY rb-3">
<p>The <span class="code">ssh</span> application does not have an application-
specific configuration file, as described in <span class="bold_code bc-18"><a href="javascript:erlhref('../../../../doc/../','kernel','application.html');">application(3)</a></span>.
However, by default it use the following configuration files
from OpenSSH:</p>
<ul>
<li><span class="code">known_hosts</span></li>
<li><span class="code">authorized_keys</span></li>
<li><span class="code">authorized_keys2</span></li>
<li><span class="code">id_dsa</span></li>
<li><span class="code">id_rsa</span></li>
<li><span class="code">id_ecdsa</span></li>
<li><span class="code">ssh_host_dsa_key</span></li>
<li><span class="code">ssh_host_rsa_key</span></li>
<li><span class="code">ssh_host_ecdsa_key</span></li>
</ul>
<p>By default, <span class="code">ssh</span> looks for <span class="code">id_dsa</span>, <span class="code">id_rsa</span>,
<span class="code">id_ecdsa_key</span>,
<span class="code">known_hosts</span>, and <span class="code">authorized_keys</span> in ~/.ssh,
and for the host key files in <span class="code">/etc/ssh</span>. These locations can be changed
by the options
<span class="bold_code bc-15"><a href="ssh_file.html#type-user_dir_common_option"><span class="code">user_dir</span></a></span> and
<span class="bold_code bc-15"><a href="ssh_file.html#type-system_dir_daemon_option"><span class="code">system_dir</span></a></span>.
</p>
<p>Public key handling can also be customized through a callback module that
implements the behaviors
<span class="bold_code bc-19"><a href="ssh_client_key_api.html">ssh_client_key_api</a></span> and
<span class="bold_code bc-19"><a href="ssh_server_key_api.html">ssh_server_key_api</a></span>.
</p>
<p>See also the default callback module documentation in
<span class="bold_code bc-19"><a href="ssh_file.html">ssh_file</a></span>.
</p>
</div>
<h3><span onMouseOver="document.getElementById('ghlink-public-keys-idm281472005286216').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-public-keys-idm281472005286216').style.visibility = 'hidden';"><span id="ghlink-public-keys-idm281472005286216" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L91" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="public-keys" href="#public-keys">Public Keys</a></span></h3>
<div class="REFBODY rb-3">
<p><span class="code">id_dsa</span>, <span class="code">id_rsa</span> and <span class="code">id_ecdsa</span> are the users private key files.
Notice that the public key is part of the private key so the <span class="code">ssh</span>
application does not use the <span class="code">id_<*>.pub</span> files. These are
for the user's convenience when it is needed to convey the user's
public key.
</p>
</div>
<h3><span onMouseOver="document.getElementById('ghlink-known-hosts-idm281472005377352').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-known-hosts-idm281472005377352').style.visibility = 'hidden';"><span id="ghlink-known-hosts-idm281472005377352" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L100" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="known-hosts" href="#known-hosts">Known Hosts</a></span></h3>
<div class="REFBODY rb-3">
<p>The <span class="code">known_hosts</span> file contains a list of approved servers and
their public keys. Once a server is listed, it can be verified
without user interaction.
</p>
</div>
<h3><span onMouseOver="document.getElementById('ghlink-authorized-keys-idm281472005623400').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-authorized-keys-idm281472005623400').style.visibility = 'hidden';"><span id="ghlink-authorized-keys-idm281472005623400" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L107" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="authorized-keys" href="#authorized-keys">Authorized Keys</a></span></h3>
<div class="REFBODY rb-3">
<p>The <span class="code">authorized_key</span> file keeps track of the user's authorized
public keys. The most common use of this file is to let users
log in without entering their password, which is supported by the
Erlang <span class="code">ssh</span> daemon.
</p>
</div>
<h3><span onMouseOver="document.getElementById('ghlink-host-keys-idm281472005376856').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-host-keys-idm281472005376856').style.visibility = 'hidden';"><span id="ghlink-host-keys-idm281472005376856" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L115" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="host-keys" href="#host-keys">Host Keys</a></span></h3>
<div class="REFBODY rb-3">
<p>RSA, DSA and ECDSA host keys are supported and are
expected to be found in files named <span class="code">ssh_host_rsa_key</span>,
<span class="code">ssh_host_dsa_key</span> and <span class="code">ssh_host_ecdsa_key</span>.
</p>
</div>
<h3><span onMouseOver="document.getElementById('ghlink-error-logger-and-event-handlers-idm281472005391672').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-error-logger-and-event-handlers-idm281472005391672').style.visibility = 'hidden';"><span id="ghlink-error-logger-and-event-handlers-idm281472005391672" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L122" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="error-logger-and-event-handlers" href="#error-logger-and-event-handlers">ERROR LOGGER AND EVENT HANDLERS</a></span></h3>
<div class="REFBODY rb-3">
<p>The <span class="code">ssh</span> application uses the default <span class="bold_code bc-18"><a href="javascript:erlhref('../../../../doc/../','kernel','error_logger.html');">OTP error logger</a></span> to log unexpected errors or print information about special events.</p>
</div>
<h3>
<a name="supported"></a><span onMouseOver="document.getElementById('ghlink-supported-specifications-and-standards-idm281472004673192').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-supported-specifications-and-standards-idm281472004673192').style.visibility = 'hidden';"><span id="ghlink-supported-specifications-and-standards-idm281472004673192" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L127" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="supported-specifications-and-standards" href="#supported-specifications-and-standards">SUPPORTED SPECIFICATIONS AND STANDARDS</a></span>
</h3>
<div class="REFBODY rb-3">
<p>The supported SSH version is 2.0.</p>
</div>
<h3><span onMouseOver="document.getElementById('ghlink-algorithms-idm281472005267624').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-algorithms-idm281472005267624').style.visibility = 'hidden';"><span id="ghlink-algorithms-idm281472005267624" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L132" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="algorithms" href="#algorithms">Algorithms</a></span></h3>
<div class="REFBODY rb-3">
<p>The actual set of algorithms may vary depending on which OpenSSL crypto library that is installed on the machine.
For the list on a particular installation, use the command
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#default_algorithms-0');">ssh:default_algorithms/0</a></span>.
The user may override the default algorithm configuration both on the server side and the client side.
See the options
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#type-preferred_algorithms_common_option');">preferred_algorithms</a></span>
and
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#type-modify_algorithms_common_option');">modify_algorithms</a></span>
in the <span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#daemon-1');">ssh:daemon/1,2,3</a></span> and
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#connect-3');">ssh:connect/3,4</a></span> functions.
</p>
<p>Supported algorithms are (in the default order):</p>
<a name="supported_algos"></a>
<dl>
<dt><strong>Key exchange algorithms</strong></dt>
<dd>
<ul>
<li>ecdh-sha2-nistp384</li>
<li>ecdh-sha2-nistp521</li>
<li>ecdh-sha2-nistp256</li>
<li>diffie-hellman-group-exchange-sha256</li>
<li>diffie-hellman-group16-sha512</li>
<li>diffie-hellman-group18-sha512</li>
<li>diffie-hellman-group14-sha256</li>
<li>curve25519-sha256</li>
<li>curve25519-sha256@libssh.org</li>
<li>curve448-sha512</li>
<li>diffie-hellman-group14-sha1</li>
<li>diffie-hellman-group-exchange-sha1</li>
<li>(diffie-hellman-group1-sha1, retired: It can be enabled with the
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#type-preferred_algorithms_common_option');">preferred_algorithms</a></span>
or
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#type-modify_algorithms_common_option');">modify_algorithms</a></span>
options)</li>
</ul>
</dd>
<dt><strong>Public key algorithms</strong></dt>
<dd>
<ul>
<li>ecdsa-sha2-nistp384</li>
<li>ecdsa-sha2-nistp521</li>
<li>ecdsa-sha2-nistp256</li>
<li>ssh-ed25519</li>
<li>ssh-ed448</li>
<li>ssh-rsa</li>
<li>rsa-sha2-256</li>
<li>rsa-sha2-512</li>
<li>ssh-dss</li>
</ul>
</dd>
<dt><strong>MAC algorithms</strong></dt>
<dd>
<ul>
<li>hmac-sha2-256</li>
<li>hmac-sha2-512</li>
<li>hmac-sha1</li>
</ul>
</dd>
<dt><strong>Encryption algorithms (ciphers)</strong></dt>
<dd>
<ul>
<li>chacha20-poly1305@openssh.com</li>
<li>aes256-gcm@openssh.com</li>
<li>aes256-ctr</li>
<li>aes192-ctr</li>
<li>aes128-gcm@openssh.com</li>
<li>aes128-ctr</li>
<li>aes128-cbc</li>
<li>3des-cbc</li>
<li>(AEAD_AES_128_GCM, not enabled per default)</li>
<li>(AEAD_AES_256_GCM, not enabled per default)</li>
</ul>
<p>See the text at the description of <span class="bold_code bc-17"><a href="#rfc5647_note">the rfc 5647 further down</a></span>
for more information regarding AEAD_AES_*_GCM.
</p>
<p>Following the internet de-facto standard, the cipher and mac algorithm AEAD_AES_128_GCM is selected when the
cipher aes128-gcm@openssh.com is negotiated. The cipher and mac algorithm AEAD_AES_256_GCM is selected when the
cipher aes256-gcm@openssh.com is negotiated.
</p>
</dd>
<dt><strong>Compression algorithms</strong></dt>
<dd>
<ul>
<li>none</li>
<li>zlib@openssh.com</li>
<li>zlib</li>
</ul>
</dd>
</dl>
</div>
<h3><span onMouseOver="document.getElementById('ghlink-unicode-support-idm281472005415880').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-unicode-support-idm281472005415880').style.visibility = 'hidden';"><span id="ghlink-unicode-support-idm281472005415880" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L229" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="unicode-support" href="#unicode-support">Unicode support</a></span></h3>
<div class="REFBODY rb-3">
<p>Unicode filenames are supported if the emulator and the underlaying OS support it. See section DESCRIPTION in the
<span class="bold_code bc-18"><a href="javascript:erlhref('../../../../doc/../','kernel','file.html');">file</a></span> manual page in Kernel for information about this subject.
</p>
<p>The shell and the cli both support unicode.
</p>
</div>
<h3><span onMouseOver="document.getElementById('ghlink-rfcs-idm281472005212040').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-rfcs-idm281472005212040').style.visibility = 'hidden';"><span id="ghlink-rfcs-idm281472005212040" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L238" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="rfcs" href="#rfcs">Rfcs</a></span></h3>
<div class="REFBODY rb-3">
<p>The following rfc:s are supported:</p>
<ul>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/rfc4251">RFC 4251</a></span>, The Secure Shell (SSH) Protocol Architecture.
<p>Except</p>
<ul>
<li>9.4.6 Host-Based Authentication</li>
<li>9.5.2 Proxy Forwarding</li>
<li>9.5.3 X11 Forwarding</li>
</ul>
<p></p>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/rfc4252">RFC 4252</a></span>, The Secure Shell (SSH) Authentication Protocol.
<p>Except</p>
<ul>
<li>9. Host-Based Authentication: "hostbased"</li>
</ul>
<p></p>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/rfc4253">RFC 4253</a></span>, The Secure Shell (SSH) Transport Layer Protocol.
<p>Except</p>
<ul>
<li>8.1. diffie-hellman-group1-sha1. Disabled by default, can be enabled with the
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#type-preferred_algorithms_common_option');">preferred_algorithms</a></span>
or
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#type-modify_algorithms_common_option');">modify_algorithms</a></span>
options.</li>
</ul>
<p></p>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/rfc4254">RFC 4254</a></span>, The Secure Shell (SSH) Connection Protocol.
<p>Except</p>
<ul>
<li>6.3. X11 Forwarding</li>
<li>7. TCP/IP Port Forwarding</li>
</ul>
<p></p>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/rfc4256">RFC 4256</a></span>, Generic Message Exchange Authentication for
the Secure Shell Protocol (SSH).
<p>Except</p>
<ul>
<li><span class="code">num-prompts > 1</span></li>
<li>password changing</li>
<li>other identification methods than userid-password</li>
</ul>
<p></p>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/rfc4419">RFC 4419</a></span>, Diffie-Hellman Group Exchange for
the Secure Shell (SSH) Transport Layer Protocol.
<p></p>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/rfc4716">RFC 4716</a></span>, The Secure Shell (SSH) Public Key File Format.
<p></p>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/rfc5647">RFC 5647</a></span>, AES Galois Counter Mode for
the Secure Shell Transport Layer Protocol.
<p><a name="rfc5647_note"></a>There is an ambiguity in the synchronized selection of cipher and mac algorithm.
This is resolved by OpenSSH in the ciphers aes128-gcm@openssh.com and aes256-gcm@openssh.com which are implemented.
If the explicit ciphers and macs AEAD_AES_128_GCM or AEAD_AES_256_GCM are needed,
they could be enabled with the options
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#type-preferred_algorithms_common_option');">preferred_algorithms</a></span>
or
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#type-modify_algorithms_common_option');">modify_algorithms</a></span>.
</p>
<div class="warning">
<div class="label">Warning</div>
<div class="content"><p>
<p>
If the client or the server is not Erlang/OTP, it is the users responsibility to check that
other implementation has the same interpretation of AEAD_AES_*_GCM as the Erlang/OTP SSH before
enabling them. The aes*-gcm@openssh.com variants are always safe to use since they lack the
ambiguity.
</p>
</p></div>
</div>
<p>The second paragraph in section 5.1 is resolved as:</p>
<ul>
<li>If the negotiated cipher is AEAD_AES_128_GCM, the mac algorithm is set to AEAD_AES_128_GCM.</li>
<li>If the negotiated cipher is AEAD_AES_256_GCM, the mac algorithm is set to AEAD_AES_256_GCM.</li>
<li>If the mac algorithm is AEAD_AES_128_GCM, the cipher is set to AEAD_AES_128_GCM.</li>
<li>If the mac algorithm is AEAD_AES_256_GCM, the cipher is set to AEAD_AES_256_GCM.</li>
</ul>
<p>The first rule that matches when read in order from the top is applied</p>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/rfc5656">RFC 5656</a></span>, Elliptic Curve Algorithm Integration in
the Secure Shell Transport Layer.
<p>Except</p>
<ul>
<li>5. ECMQV Key Exchange</li>
<li>6.4. ECMQV Key Exchange and Verification Method Name</li>
<li>7.2. ECMQV Message Numbers</li>
<li>10.2. Recommended Curves</li>
</ul>
<p></p>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/rfc6668">RFC 6668</a></span>, SHA-2 Data Integrity Verification for
the Secure Shell (SSH) Transport Layer Protocol
<p>Comment: Defines hmac-sha2-256 and hmac-sha2-512
</p>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-kex-sha2">Draft-ietf-curdle-ssh-kex-sha2 (work in progress)</a></span>, Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH).
<p>Deviations:</p>
<ul>
<li>The <span class="code">diffie-hellman-group1-sha1</span> is not enabled by default, but is still supported and can be enabled
with the options
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#type-preferred_algorithms_common_option');">preferred_algorithms</a></span>
or
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#type-modify_algorithms_common_option');">modify_algorithms</a></span>.
</li>
<li>The questionable sha1-based algorithms <span class="code">diffie-hellman-group-exchange-sha1</span> and
<span class="code">diffie-hellman-group14-sha1</span> are still enabled by default for compatibility with ancient clients and servers.
They can be disabled with the options
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#type-preferred_algorithms_common_option');">preferred_algorithms</a></span>
or
<span class="bold_code bc-13"><a href="javascript:erlhref('../../../../doc/../','ssh','ssh.html#type-modify_algorithms_common_option');">modify_algorithms</a></span>.
They will be disabled by default when the draft is turned into an RFC.</li>
</ul>
<p></p>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/rfc8332">RFC 8332</a></span>, Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol.
</li>
<li>
<a name="supported-ext-info"></a>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/rfc8308">RFC 8308</a></span>, Extension Negotiation in the Secure Shell (SSH) Protocol.
<p>Implemented are:</p>
<ul>
<li>The Extension Negotiation Mechanism</li>
<li>The extension <span class="code">server-sig-algs</span>
</li>
</ul>
<p></p>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-curves">Secure Shell (SSH) Key Exchange Method using Curve25519 and Curve448 (work in progress)</a></span>
</li>
<li>
<span class="bold_code bc-20"><a href="https://tools.ietf.org/html/draft-ietf-curdle-ssh-ed25519-ed448">Ed25519 and Ed448 public key algorithms for the Secure Shell (SSH) protocol (work in progress)</a></span>
</li>
</ul>
</div>
<h3><span onMouseOver="document.getElementById('ghlink-see-also-idm281472003302376').style.visibility = 'visible';" onMouseOut="document.getElementById('ghlink-see-also-idm281472003302376').style.visibility = 'hidden';"><span id="ghlink-see-also-idm281472003302376" class="ghlink"><a href="https://github.com/erlang/otp/edit/maint/lib/ssh/doc/src/ssh_app.xml#L392" title="Found an issue with the documentation? Fix it by clicking here!"><span class="pencil"></span></a></span><a class="title_link" name="see-also" href="#see-also">SEE ALSO</a></span></h3>
<div class="REFBODY rb-3">
<p><span class="bold_code bc-18"><a href="javascript:erlhref('../../../../doc/../','kernel','application.html');">application(3)</a></span></p>
</div>
</div>
<div class="footer">
<hr>
<p>Copyright © 2005-2019 Ericsson AB. All Rights Reserved.</p>
</div>
</div>
</div>
<script type="text/javascript">window.__otpTopDocDir = '../../../../doc/js/';</script><script type="text/javascript" src="../../../../doc/js/highlight.js"></script>
</body>
</html>
