Package agent implements the ssh-agent protocol, and provides both a client and a server.

Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files.

Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.

Package test contains integration tests for the golang.org/x/crypto/ssh package.

BannerDisplayStderr returns a function that can be used for ClientConfig.BannerCallback to display banners on os.Stderr.

Dial starts a client connection to the given SSH server.

DiscardRequests consumes and rejects all requests from the passed-in channel.

FingerprintLegacyMD5 returns the user presentation of the key's fingerprint as described by RFC 4716 section 4.

FingerprintSHA256 returns the user presentation of the key's fingerprint as unpadded base64 encoded sha256 hash.

FixedHostKey returns a function for use in ClientConfig.HostKeyCallback to accept only a specific host key.

GSSAPIWithMICAuthMethod is an AuthMethod with "gssapi-with-mic" authentication.

InsecureIgnoreHostKey returns a function that can be used for ClientConfig.HostKeyCallback to accept any host key.

KeyboardInteractive returns an AuthMethod using a prompt/response sequence controlled by the server.

Marshal serializes the message in msg to SSH wire format.

MarshalAuthorizedKey serializes key for inclusion in an OpenSSH authorized_keys file.

MarshalPrivateKey returns a PEM block with the private key serialized in the OpenSSH format.

MarshalPrivateKeyWithPassphrase returns a PEM block holding the encrypted private key serialized in the OpenSSH format.

NewCertSigner returns a Signer that signs with the given Certificate, whose private key is held by signer.

NewClient creates a Client on top of the given connection.

NewClientConn establishes an authenticated SSH connection using c as the underlying transport.

NewPublicKey takes an *rsa.PublicKey, *dsa.PublicKey, *ecdsa.PublicKey, or ed25519.PublicKey returns a corresponding PublicKey instance.

NewServerConn starts a new SSH server with c as the underlying transport.

NewSignerFromKey takes an *rsa.PrivateKey, *dsa.PrivateKey, *ecdsa.PrivateKey or any other crypto.Signer and returns a corresponding Signer instance.

NewSignerFromSigner takes any crypto.Signer implementation and returns a corresponding Signer interface.

NewSignerWithAlgorithms returns a signer restricted to the specified algorithms.

ParseAuthorizedKey parses a public key from an authorized_keys file used in OpenSSH according to the sshd(8) manual page.

ParseDSAPrivateKey returns a DSA private key from its ASN.1 DER encoding, as specified by the OpenSSL DSA man page.

ParseKnownHosts parses an entry in the format of the known_hosts file.

ParsePrivateKey returns a Signer from a PEM encoded private key.

ParsePrivateKeyWithPassphrase returns a Signer from a PEM encoded private key and passphrase.

ParsePublicKey parses an SSH public key formatted for use in the SSH wire protocol according to RFC 4253, section 6.6.

ParseRawPrivateKey returns a private key from a PEM encoded private key.

ParseRawPrivateKeyWithPassphrase returns a private key decrypted with passphrase from a PEM encoded private key.

Password returns an AuthMethod using the given password.

PasswordCallback returns an AuthMethod that uses a callback for fetching a password.

PublicKeys returns an AuthMethod that uses the given key pairs.

PublicKeysCallback returns an AuthMethod that runs the given function to obtain a list of key pairs.

RetryableAuthMethod is a decorator for other auth methods enabling them to be retried up to maxTries before considering that AuthMethod itself failed.

Unmarshal parses data in SSH wire format into a structure.

Certificate algorithm names from [PROTOCOL.certkeys].

Certificate algorithm names from [PROTOCOL.certkeys].

Certificate algorithm names from [PROTOCOL.certkeys].

Certificate algorithm names from [PROTOCOL.certkeys].

Certificate algorithm names from [PROTOCOL.certkeys].

CertAlgoRSASHA256v01 and CertAlgoRSASHA512v01 can't appear as a Certificate.Type (or PublicKey.Type), but only in ClientConfig.HostKeyAlgorithms.

Certificate algorithm names from [PROTOCOL.certkeys].

Certificate algorithm names from [PROTOCOL.certkeys].

Certificate algorithm names from [PROTOCOL.certkeys].

Certificate algorithm names from [PROTOCOL.certkeys].

Deprecated: use CertAlgoRSASHA256v01.

Deprecated: use CertAlgoRSASHA512v01.

Deprecated: use CertAlgoRSAv01.

CertTimeInfinity can be used for OpenSSHCertV01.ValidBefore to indicate that a certificate does not expire.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

Certificate types distinguish between host and user certificates.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

RFC 8160.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

Public key algorithms names.

Public key algorithms names.

Public key algorithms names.

Public key algorithms names.

Public key algorithms names.

Public key algorithms names.

KeyAlgoRSASHA256 and KeyAlgoRSASHA512 are only public key algorithms, not public key formats, so they can't appear as a PublicKey.Type.

Public key algorithms names.

Public key algorithms names.

Public key algorithms names.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX signals as listed in RFC 4254 Section 6.10.

Deprecated: use KeyAlgoRSA.

Deprecated: use KeyAlgoRSASHA256.

Deprecated: use KeyAlgoRSASHA512.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

Certificate types distinguish between host and user certificates.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

ErrNoAuth is the error value returned if no authentication method has been passed yet.

BannerError is an error that can be returned by authentication handlers in ServerConfig to send a banner message to the client.

CertChecker does the work of verifying a certificate.

An Certificate represents an OpenSSH certificate as defined in [PROTOCOL.certkeys]?rev=1.8.

ChangeAuthMethodsError can be returned by any of the [ServerConfig] authentication callbacks to change the allowed authentication methods.

Client implements a traditional SSH client that supports shells, subprocesses, TCP port/streamlocal forwarding and tunneled dialing.

A ClientConfig structure is used to configure a Client.

Config contains configuration data common to both ServerConfig and ClientConfig.

An ExitError reports unsuccessful completion of a remote command.

ExitMissingError is returned if a session is torn down cleanly, but the server sends no confirmation of the exit status.

OpenChannelError is returned if the other side rejects an OpenChannel request.

PartialSuccessError can be returned by any of the [ServerConfig] authentication callbacks to indicate to the client that authentication has partially succeeded, but further steps are required.

A PassphraseMissingError indicates that parsing this private key requires a passphrase.

The Permissions type holds fine-grained permissions that are specific to a user or a specific authentication method for a user.

Request is a request sent outside of the normal stream of data.

ServerAuthCallbacks defines server-side authentication callbacks.

ServerAuthError represents server authentication errors and is sometimes returned by NewServerConn.

ServerConfig holds server specific configuration data.

ServerConn is an authenticated SSH connection, as seen from the server.

A Session represents a connection to a remote command or shell.

Signature represents a cryptographic signature.

Waitmsg stores the information about an exited remote command as reported by Wait.

An AlgorithmSigner is a Signer that also supports specifying an algorithm to use for signing.

An AuthMethod represents an instance of an RFC 4252 authentication method.

A Channel is an ordered, reliable, flow-controlled, duplex stream that is multiplexed over an SSH connection.

Conn represents an SSH connection for both server and client roles.

ConnMetadata holds metadata for the connection.

CryptoPublicKey, if implemented by a PublicKey, returns the underlying crypto.PublicKey form of the key.

GSSAPIClient provides the API to plug-in GSSAPI authentication for client logins.

GSSAPIServer provides the API to plug in GSSAPI authentication for server logins.

MultiAlgorithmSigner is an AlgorithmSigner that also reports the algorithms supported by that signer.

NewChannel represents an incoming request to a channel.

PublicKey represents a public key using an unspecified algorithm.

A Signer can create signatures that verify against a public key.

BannerCallback is the function type used for treat the banner sent by the server.

HostKeyCallback is the function type used for verifying server keys.

KeyboardInteractiveChallenge should print questions, optionally disabling echoing (e.g.

RejectionReason is an enumeration used when rejecting channel creation requests.