diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 76ea01f..d4a8351 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8)
 
 add_definitions(-fPIC)
 
-set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp) 
+set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp) 
 
 include_directories(${CMAKE_SOURCE_DIR}/inc)
 include_directories(/opt/MESA/include/MESA/)
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index f65f3eb..bb1644b 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -19,6 +19,7 @@
 #include "tsg_statistic.h"
 #include "tsg_send_log_internal.h"
 #include "tsg_ssl_utils.h"
+#include "tsg_ssh_utils.h"
 
 #ifdef __cplusplus
 extern "C"
@@ -229,6 +230,9 @@ static char *schema_index2string(tsg_protocol_t proto)
 		case	PROTO_QUIC:
 			schema_field_value=(char *)"QUIC";
 			break;
+		case	PROTO_SSH:
+			schema_field_value=(char *)"SSH";
+			break;
 		default:
 			break;
 	}
@@ -421,7 +425,7 @@ static struct Maat_rule_t *tsg_policy_decision_criteria(struct streaminfo *a_str
 static int identify_application_protocol(struct streaminfo *a_stream, struct _identify_info *identify_info, void *a_packet)
 {
 	int ret=0;
-
+                                      
 	identify_info->proto = PROTO_UNKONWN;
 	//http
 	char *host=NULL;
@@ -507,6 +511,13 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id
 		return 1;
 	}
 
+	ret = ssh_protocol_identify((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen,g_tsg_para.logger);
+	if(ret > 0)
+	{
+		identify_info->proto=PROTO_SSH;
+		return 1;
+	}
+	//ssh
 	//quic
 	ret=quic_protocol_identify(a_stream, a_packet, identify_info->domain, sizeof(identify_info->domain));
 	if(ret>0)
diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp
index 60fb148..b0e1a5d 100644
--- a/src/tsg_rule.cpp
+++ b/src/tsg_rule.cpp
@@ -52,6 +52,7 @@ const struct _str2index g_tsg_proto_string[PROTO_MAX+1]={{PROTO_UNKONWN, 0, (cha
 										 {PROTO_BGP, 4, (char *)"BGP."},
 										 {PROTO_STREAMING_MEDIA, 16, (char *)"STREAMING_MEDIA."},
 										 {PROTO_QUIC, 5, (char *)"QUIC."},
+										 {PROTO_SSH, 4, (char *)"SSH."},
 										 {PROTO_MAX, 0, (char *)""}
 };
 
diff --git a/src/tsg_ssh_utils.cpp b/src/tsg_ssh_utils.cpp
new file mode 100644
index 0000000..420cdd7
--- /dev/null
+++ b/src/tsg_ssh_utils.cpp
@@ -0,0 +1,22 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include "tsg_ssh_utils.h"
+
+
+#define SSH_PROTOCOL_FIELD "SSH"
+#define SSH_PROTOCOL_FIELD_LEN 3
+
+
+int ssh_protocol_identify(const unsigned char* buff, size_t buff_len, void* argp)
+{
+	void *logger=argp;
+	if(buff == NULL || buff_len < SSH_PROTOCOL_FIELD_LEN)
+	{
+		return -1;
+	}
+	if(memcmp((void *)buff,SSH_PROTOCOL_FIELD, SSH_PROTOCOL_FIELD_LEN) == 0)
+		return 1;
+	else
+		return 0;
+}
+
diff --git a/src/tsg_ssh_utils.h b/src/tsg_ssh_utils.h
new file mode 100644
index 0000000..9ff8705
--- /dev/null
+++ b/src/tsg_ssh_utils.h
@@ -0,0 +1,7 @@
+#ifndef	__TSG_SSH_UTILS_H__
+#define	__TSG_SSH_UTILS_H__
+#include <string.h>
+#include <MESA/MESA_handle_logger.h>
+int ssh_protocol_identify(const unsigned char* buff, size_t buff_len, void* argp);
+
+#endif