diff --git a/inc/tsg_rule.h b/inc/tsg_rule.h
index 5accc0a..d7d22a2 100644
--- a/inc/tsg_rule.h
+++ b/inc/tsg_rule.h
@@ -37,6 +37,7 @@ typedef enum _tsg_protocol
    PROTO_SIP,
    PROTO_BGP,
    PROTO_STREAMING_MEDIA,
+   PROTO_SSH,
    PROTO_MAX
 }tsg_protocol_t;
 
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index b512e58..70bdd6f 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -2,7 +2,7 @@ cmake_minimum_required(VERSION 2.8)
 
 add_definitions(-fPIC)
 
-set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp) 
+set(SRC tsg_entry.cpp tsg_rule.cpp tsg_ssl_utils.cpp tsg_send_log.cpp tsg_statistic.cpp tsg_ssh_utils.cpp) 
 
 include_directories(${CMAKE_SOURCE_DIR}/inc)
 include_directories(/opt/MESA/include/MESA/)
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 0306e2d..5df1cde 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -16,6 +16,7 @@
 #include "tsg_statistic.h"
 #include "tsg_send_log_internal.h"
 #include "tsg_ssl_utils.h"
+#include "tsg_ssh_utils.h"
 
 #ifdef __cplusplus
 extern "C"
@@ -247,6 +248,9 @@ static char *schema_index2string(tsg_protocol_t proto)
 		case	PROTO_STREAMING_MEDIA:
 			schema_field_value=(char *)"STREAMING_MEDIA";
 			break;
+		case	PROTO_SSH:
+			schema_field_value=(char *)"SSH";
+			break;
 		default:
 			break;
 	}
@@ -323,7 +327,7 @@ static struct Maat_rule_t *tsg_policy_decision_criteria(Maat_rule_t *result, int
 static int identify_application_protocol(struct streaminfo *a_stream, struct _identify_info *identify_info)
 {
 	int ret=0;
-
+                                      
 	identify_info->proto = PROTO_UNKONWN;
 	//http
 	char *host = NULL;
@@ -402,7 +406,13 @@ static int identify_application_protocol(struct streaminfo *a_stream, struct _id
 	}
 
 	//mail
-	
+	ret = ssh_protocol_identify((unsigned char *)a_stream->ptcpdetail->pdata, (unsigned int)a_stream->ptcpdetail->datalen,g_tsg_para.logger);
+	if(ret > 0)
+	{
+		identify_info->proto=PROTO_SSH;
+		return 1;
+	}
+	//ssh
 	return ret;
 }
 
diff --git a/src/tsg_rule.cpp b/src/tsg_rule.cpp
index e4d96a6..3bb614c 100644
--- a/src/tsg_rule.cpp
+++ b/src/tsg_rule.cpp
@@ -50,6 +50,7 @@ const struct _str2index g_tsg_proto_string[PROTO_MAX+1]={{PROTO_UNKONWN, 0, (cha
 										 {PROTO_SIP, 4, (char *)"SIP."},
 										 {PROTO_BGP, 4, (char *)"BGP."},
 										 {PROTO_STREAMING_MEDIA, 16, (char *)"STREAMING_MEDIA."},
+										 {PROTO_SSH, 4, (char *)"SSH."},
 										 {PROTO_MAX, 0, (char *)""}
 };
 
diff --git a/src/tsg_ssh_utils.cpp b/src/tsg_ssh_utils.cpp
new file mode 100644
index 0000000..420cdd7
--- /dev/null
+++ b/src/tsg_ssh_utils.cpp
@@ -0,0 +1,22 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include "tsg_ssh_utils.h"
+
+
+#define SSH_PROTOCOL_FIELD "SSH"
+#define SSH_PROTOCOL_FIELD_LEN 3
+
+
+int ssh_protocol_identify(const unsigned char* buff, size_t buff_len, void* argp)
+{
+	void *logger=argp;
+	if(buff == NULL || buff_len < SSH_PROTOCOL_FIELD_LEN)
+	{
+		return -1;
+	}
+	if(memcmp((void *)buff,SSH_PROTOCOL_FIELD, SSH_PROTOCOL_FIELD_LEN) == 0)
+		return 1;
+	else
+		return 0;
+}
+
diff --git a/src/tsg_ssh_utils.h b/src/tsg_ssh_utils.h
new file mode 100644
index 0000000..9ff8705
--- /dev/null
+++ b/src/tsg_ssh_utils.h
@@ -0,0 +1,7 @@
+#ifndef	__TSG_SSH_UTILS_H__
+#define	__TSG_SSH_UTILS_H__
+#include <string.h>
+#include <MESA/MESA_handle_logger.h>
+int ssh_protocol_identify(const unsigned char* buff, size_t buff_len, void* argp);
+
+#endif