Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)
RFC 4256

Document Type RFC - Proposed Standard (January 2006; Errata)
Authors Martin Forssen  , Frank Cusack 
Last updated 2020-01-21
Stream IETF
Formats plain text html pdf htmlized with errata bibtex
Stream WG state WG Document
Document shepherd No shepherd assigned
IESG IESG state RFC 4256 (Proposed Standard)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to (None)
Network Working Group                                          F. Cusack
Request for Comments: 4256                        
Category: Standards Track                                     M. Forssen
                                             AppGate Network Security AB
                                                            January 2006

              Generic Message Exchange Authentication for
                    the Secure Shell Protocol (SSH)

Status of This Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2006).


   The Secure Shell Protocol (SSH) is a protocol for secure remote login
   and other secure network services over an insecure network.  This
   document describes a general purpose authentication method for the
   SSH protocol, suitable for interactive authentications where the
   authentication data should be entered via a keyboard (or equivalent
   alphanumeric input device).  The major goal of this method is to
   allow the SSH client to support a whole class of authentication
   mechanism(s) without knowing the specifics of the actual
   authentication mechanism(s).

1.  Introduction

   The SSH authentication protocol [SSH-USERAUTH] is a general-purpose
   user authentication protocol.  It is intended to be run over the SSH
   transport layer protocol [SSH-TRANS].  The authentication protocol
   assumes that the underlying protocols provide integrity and
   confidentiality protection.

   This document describes a general purpose authentication method for
   the SSH authentication protocol.  This method is suitable for
   interactive authentication methods that do not need any special
   software support on the client side.  Instead, all authentication
   data should be entered via the keyboard.  The major goal of this
   method is to allow the SSH client to have little or no knowledge of

Cusack & Forssen            Standards Track                     [Page 1]
RFC 4256         SSH Generic Interactive Authentication     January 2006

   the specifics of the underlying authentication mechanism(s) used by
   the SSH server.  This will allow the server to arbitrarily select or
   change the underlying authentication mechanism(s) without having to
   update client code.

   The name for this authentication method is "keyboard-interactive".

   This document should be read only after reading the SSH architecture
   document [SSH-ARCH] and the SSH authentication document
   [SSH-USERAUTH].  This document freely uses terminology and notation
   from both documents without reference or further explanation.

   This document also describes some of the client interaction with the
   user in obtaining the authentication information.  While this is
   somewhat out of the scope of a protocol specification, it is
   described here anyway because some aspects of the protocol are
   specifically designed based on user interface issues, and omitting
   this information may lead to incompatible or awkward implementations.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [RFC-2119].

2.  Rationale

   Currently defined authentication methods for SSH are tightly coupled
   with the underlying authentication mechanism.  This makes it
   difficult to add new mechanisms for authentication as all clients
   must be updated to support the new mechanism.  With the generic
   method defined here, clients will not require code changes to support
   new authentication mechanisms, and if a separate authentication layer
   is used, such as [PAM], then the server may not need any code changes

   This presents a significant advantage to other methods, such as the
   "password" method (defined in [SSH-USERAUTH]), as new (presumably
   stronger) methods may be added "at will" and system security can be
   transparently enhanced.

   Challenge-response and One Time Password mechanisms are also easily
   supported with this authentication method.

   However, this authentication method is limited to authentication
   mechanisms that do not require any special code, such as hardware
   drivers or password mangling, on the client.

Cusack & Forssen            Standards Track                     [Page 2]
RFC 4256         SSH Generic Interactive Authentication     January 2006

3.  Protocol Exchanges

   The client initiates the authentication with an
   SSH_MSG_USERAUTH_REQUEST message.  The server then requests
   authentication information from the client with an
Show full document text