Network Working Group F. Cusack
Request for Comments: 4256 savecore.net
Category: Standards Track M. Forssen
AppGate Network Security AB
Generic Message Exchange Authentication for
the Secure Shell Protocol (SSH)
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright (C) The Internet Society (2006).
The Secure Shell Protocol (SSH) is a protocol for secure remote login
and other secure network services over an insecure network. This
document describes a general purpose authentication method for the
SSH protocol, suitable for interactive authentications where the
authentication data should be entered via a keyboard (or equivalent
alphanumeric input device). The major goal of this method is to
allow the SSH client to support a whole class of authentication
mechanism(s) without knowing the specifics of the actual
The SSH authentication protocol [SSH-USERAUTH] is a general-purpose
user authentication protocol. It is intended to be run over the SSH
transport layer protocol [SSH-TRANS]. The authentication protocol
assumes that the underlying protocols provide integrity and
This document describes a general purpose authentication method for
the SSH authentication protocol. This method is suitable for
interactive authentication methods that do not need any special
software support on the client side. Instead, all authentication
data should be entered via the keyboard. The major goal of this
method is to allow the SSH client to have little or no knowledge of
Cusack & Forssen Standards Track [Page 1]RFC 4256 SSH Generic Interactive Authentication January 2006
the specifics of the underlying authentication mechanism(s) used by
the SSH server. This will allow the server to arbitrarily select or
change the underlying authentication mechanism(s) without having to
update client code.
The name for this authentication method is "keyboard-interactive".
This document should be read only after reading the SSH architecture
document [SSH-ARCH] and the SSH authentication document
[SSH-USERAUTH]. This document freely uses terminology and notation
from both documents without reference or further explanation.
This document also describes some of the client interaction with the
user in obtaining the authentication information. While this is
somewhat out of the scope of a protocol specification, it is
described here anyway because some aspects of the protocol are
specifically designed based on user interface issues, and omitting
this information may lead to incompatible or awkward implementations.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC-2119].
Currently defined authentication methods for SSH are tightly coupled
with the underlying authentication mechanism. This makes it
difficult to add new mechanisms for authentication as all clients
must be updated to support the new mechanism. With the generic
method defined here, clients will not require code changes to support
new authentication mechanisms, and if a separate authentication layer
is used, such as [PAM], then the server may not need any code changes
This presents a significant advantage to other methods, such as the
"password" method (defined in [SSH-USERAUTH]), as new (presumably
stronger) methods may be added "at will" and system security can be
Challenge-response and One Time Password mechanisms are also easily
supported with this authentication method.
However, this authentication method is limited to authentication
mechanisms that do not require any special code, such as hardware
drivers or password mangling, on the client.
Cusack & Forssen Standards Track [Page 2]