Package agent implements the ssh-agent protocol, and provides both a client and a server.

Package knownhosts implements a parser for the OpenSSH known_hosts host key database, and provides utility functions for writing OpenSSH compliant known_hosts files.

Package terminal provides support functions for dealing with terminals, as commonly found on UNIX systems.

Package test contains integration tests for the golang.org/x/crypto/ssh package.

BannerDisplayStderr returns a function that can be used for ClientConfig.BannerCallback to display banners on os.Stderr.

Dial starts a client connection to the given SSH server.

DiscardRequests consumes and rejects all requests from the passed-in channel.

FingerprintLegacyMD5 returns the user presentation of the key's fingerprint as described by RFC 4716 section 4.

FingerprintSHA256 returns the user presentation of the key's fingerprint as unpadded base64 encoded sha256 hash.

FixedHostKey returns a function for use in ClientConfig.HostKeyCallback to accept only a specific host key.

InsecureIgnoreHostKey returns a function that can be used for ClientConfig.HostKeyCallback to accept any host key.

KeyboardInteractive returns an AuthMethod using a prompt/response sequence controlled by the server.

Marshal serializes the message in msg to SSH wire format.

MarshalAuthorizedKey serializes key for inclusion in an OpenSSH authorized_keys file.

NewCertSigner returns a Signer that signs with the given Certificate, whose private key is held by signer.

NewClient creates a Client on top of the given connection.

NewClientConn establishes an authenticated SSH connection using c as the underlying transport.

NewPublicKey takes an *rsa.PublicKey, *dsa.PublicKey, *ecdsa.PublicKey, or ed25519.PublicKey returns a corresponding PublicKey instance.

NewServerConn starts a new SSH server with c as the underlying transport.

NewSignerFromKey takes an *rsa.PrivateKey, *dsa.PrivateKey, *ecdsa.PrivateKey or any other crypto.Signer and returns a corresponding Signer instance.

NewSignerFromSigner takes any crypto.Signer implementation and returns a corresponding Signer interface.

ParseAuthorizedKeys parses a public key from an authorized_keys file used in OpenSSH according to the sshd(8) manual page.

ParseDSAPrivateKey returns a DSA private key from its ASN.1 DER encoding, as specified by the OpenSSL DSA man page.

ParseKnownHosts parses an entry in the format of the known_hosts file.

ParsePrivateKey returns a Signer from a PEM encoded private key.

ParsePrivateKeyWithPassphrase returns a Signer from a PEM encoded private key and passphrase.

ParsePublicKey parses an SSH public key formatted for use in the SSH wire protocol according to RFC 4253, section 6.6.

ParseRawPrivateKey returns a private key from a PEM encoded private key.

ParseRawPrivateKeyWithPassphrase returns a private key decrypted with passphrase from a PEM encoded private key.

Password returns an AuthMethod using the given password.

PasswordCallback returns an AuthMethod that uses a callback for fetching a password.

PublicKeys returns an AuthMethod that uses the given key pairs.

PublicKeysCallback returns an AuthMethod that runs the given function to obtain a list of key pairs.

RetryableAuthMethod is a decorator for other auth methods enabling them to be retried up to maxTries before considering that AuthMethod itself failed.

Unmarshal parses data in SSH wire format into a structure.

These constants from [PROTOCOL.certkeys] represent the algorithm names for certificate types supported by this package.

These constants from [PROTOCOL.certkeys] represent the algorithm names for certificate types supported by this package.

These constants from [PROTOCOL.certkeys] represent the algorithm names for certificate types supported by this package.

These constants from [PROTOCOL.certkeys] represent the algorithm names for certificate types supported by this package.

These constants from [PROTOCOL.certkeys] represent the algorithm names for certificate types supported by this package.

These constants from [PROTOCOL.certkeys] represent the algorithm names for certificate types supported by this package.

CertTimeInfinity can be used for OpenSSHCertV01.ValidBefore to indicate that a certificate does not expire.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

Certificate types distinguish between host and user certificates.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

These constants represent the algorithm names for key types supported by this package.

These constants represent the algorithm names for key types supported by this package.

These constants represent the algorithm names for key types supported by this package.

These constants represent the algorithm names for key types supported by this package.

These constants represent the algorithm names for key types supported by this package.

These constants represent the algorithm names for key types supported by this package.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX signals as listed in RFC 4254 Section 6.10.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

Certificate types distinguish between host and user certificates.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

POSIX terminal mode flags as listed in RFC 4254 Section 8.

ErrNoAuth is the error value returned if no authentication method has been passed yet.

CertChecker does the work of verifying a certificate.

An Certificate represents an OpenSSH certificate as defined in [PROTOCOL.certkeys]?rev=1.8.

Client implements a traditional SSH client that supports shells, subprocesses, TCP port/streamlocal forwarding and tunneled dialing.

A ClientConfig structure is used to configure a Client.

Config contains configuration data common to both ServerConfig and ClientConfig.

An ExitError reports unsuccessful completion of a remote command.

ExitMissingError is returned if a session is torn down cleanly, but the server sends no confirmation of the exit status.

OpenChannelError is returned if the other side rejects an OpenChannel request.

The Permissions type holds fine-grained permissions that are specific to a user or a specific authentication method for a user.

Request is a request sent outside of the normal stream of data.

ServerAuthError represents server authentication errors and is sometimes returned by NewServerConn.

ServerConfig holds server specific configuration data.

ServerConn is an authenticated SSH connection, as seen from the server.

A Session represents a connection to a remote command or shell.

Signature represents a cryptographic signature.

Waitmsg stores the information about an exited remote command as reported by Wait.

An AuthMethod represents an instance of an RFC 4252 authentication method.

A Channel is an ordered, reliable, flow-controlled, duplex stream that is multiplexed over an SSH connection.

Conn represents an SSH connection for both server and client roles.

ConnMetadata holds metadata for the connection.

CryptoPublicKey, if implemented by a PublicKey, returns the underlying crypto.PublicKey form of the key.

NewChannel represents an incoming request to a channel.

PublicKey is an abstraction of different types of public keys.

A Signer can create signatures that verify against a public key.

BannerCallback is the function type used for treat the banner sent by the server.

HostKeyCallback is the function type used for verifying server keys.

KeyboardInteractiveChallenge should print questions, optionally disabling echoing (e.g.

RejectionReason is an enumeration used when rejecting channel creation requests.