The Secure Shell (SSH) Authentication Protocol
RFC 4252
Document | Type | RFC - Proposed Standard (January 2006; Errata) | |
---|---|---|---|
Authors | Chris Lonvick , Tatu Ylonen | ||
Last updated | 2015-10-14 | ||
Stream | IETF | ||
Formats | plain text html pdf htmlized bibtex | ||
Stream | WG state | WG Document | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4252 (Proposed Standard) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | (None) |
Network Working Group T. Ylonen Request for Comments: 4252 SSH Communications Security Corp Category: Standards Track C. Lonvick, Ed. Cisco Systems, Inc. January 2006 The Secure Shell (SSH) Authentication Protocol Status of This Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2006). Abstract The Secure Shell Protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network. This document describes the SSH authentication protocol framework and public key, password, and host-based client authentication methods. Additional authentication methods are described in separate documents. The SSH authentication protocol runs on top of the SSH transport layer protocol and provides a single authenticated tunnel for the SSH connection protocol. Ylonen & Lonvick Standards Track [Page 1] RFC 4252 SSH Authentication Protocol January 2006 Table of Contents 1. Introduction ....................................................2 2. Contributors ....................................................3 3. Conventions Used in This Document ...............................3 4. The Authentication Protocol Framework ...........................4 5. Authentication Requests .........................................4 5.1. Responses to Authentication Requests .......................5 5.2. The "none" Authentication Request ..........................7 5.3. Completion of User Authentication ..........................7 5.4. Banner Message .............................................7 6. Authentication Protocol Message Numbers .........................8 7. Public Key Authentication Method: "publickey" ...................8 8. Password Authentication Method: "password" .....................10 9. Host-Based Authentication: "hostbased" .........................12 10. IANA Considerations ...........................................14 11. Security Considerations .......................................14 12. References ....................................................15 12.1. Normative References .....................................15 12.2. Informative References ...................................15 Authors' Addresses ................................................16 Trademark Notice ..................................................16 1. Introduction The SSH authentication protocol is a general-purpose user authentication protocol. It is intended to be run over the SSH transport layer protocol [SSH-TRANS]. This protocol assumes that the underlying protocols provide integrity and confidentiality protection. This document should be read only after reading the SSH architecture document [SSH-ARCH]. This document freely uses terminology and notation from the architecture document without reference or further explanation. The 'service name' for this protocol is "ssh-userauth". When this protocol starts, it receives the session identifier from the lower-level protocol (this is the exchange hash H from the first key exchange). The session identifier uniquely identifies this session and is suitable for signing in order to prove ownership of a private key. This protocol also needs to know whether the lower- level protocol provides confidentiality protection. Ylonen & Lonvick Standards Track [Page 2] RFC 4252 SSH Authentication Protocol January 2006 2. Contributors The major original contributors of this set of documents have been: Tatu Ylonen, Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH Communications Security Corp), and Markku-Juhani O. Saarinen (University of Jyvaskyla). Darren Moffat was the original editor of this set of documents and also made very substantial contributions. Many people contributed to the development of this document over the years. People who should be acknowledged include Mats Andersson, Ben Harris, Bill Sommerfeld, Brent McClure, Niels Moller, Damien Miller, Derek Fawcus, Frank Cusack, Heikki Nousiainen, Jakob Schlyter, Jeff Van Dyke, Jeffrey Altman, Jeffrey Hutzelman, Jon Bright, Joseph Galbraith, Ken Hornstein, Markus Friedl, Martin Forssen, Nicolas Williams, Niels Provos, Perry Metzger, Peter Gutmann, SimonShow full document text