draft-ietf-secsh-architecture-00.txt   draft-ietf-secsh-architecture-01.txt 
Network Working Group T. Ylonen Network Working Group T. Ylonen
INTERNET-DRAFT T. Kivinen INTERNET-DRAFT T. Kivinen
draft-ietf-secsh-architecture-00.txt M. Saarinen draft-ietf-secsh-architecture-01.txt M. Saarinen
Expires in six months SSH Expires in six months SSH
14 October 1997 7 November 1997
SSH Protocol Architecture SSH Protocol Architecture
Status of This memo Status of This memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
skipping to change at page 1, line 30 skipping to change at page 1, line 30
material or to cite them other than as ``work in progress.'' material or to cite them other than as ``work in progress.''
To learn the current status of any Internet-Draft, please check To learn the current status of any Internet-Draft, please check
the ``1id-abstracts.txt'' listing contained in the Internet-Drafts the ``1id-abstracts.txt'' listing contained in the Internet-Drafts
Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast),
or ftp.isi.edu (US West Coast). or ftp.isi.edu (US West Coast).
Abstract Abstract
SSH is a protocol for secure remote login and other secure network ser- SSH is a protocol for secure remote login and other secure network
vices over an insecure network. services over an insecure network.
This document describes the architecture of the SSH protocol, and the This document describes the architecture of the SSH protocol, and the
notation and terminology used in SSH protocol documents. It also notation and terminology used in SSH protocol documents. It also discusses
discusses the SSH algorithm naming system that allows local extensions. the SSH algorithm naming system that allows local extensions.
The SSH protocol consists of three major components: Transport layer The SSH protocol consists of three major components: Transport layer
protocol provides server authentication, confidentiality, and integrity protocol provides server authentication, confidentiality, and integrity
with perfect forward secrecy. User authentication protocol authenticates with perfect forward secrecy. User authentication protocol authenticates
the client to the server. Connection protocol multiplexes the encrypted the client to the server. Connection protocol multiplexes the encrypted
tunnel into several logical channels. Details of these protocols are tunnel into several logical channels. Details of these protocols are
described in separate documents. described in separate documents.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Specification of Requirements . . . . . . . . . . . . . . . . . 2 2. Specification of Requirements . . . . . . . . . . . . . . . . . 2
3. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Host Keys . . . . . . . . . . . . . . . . . . . . . . . . . 3 3.1. Host Keys . . . . . . . . . . . . . . . . . . . . . . . . . 3
3.2. Extensibility . . . . . . . . . . . . . . . . . . . . . . . 4 3.2. Extensibility . . . . . . . . . . . . . . . . . . . . . . . 4
3.3. Policy Issues . . . . . . . . . . . . . . . . . . . . . . . 4 3.3. Policy Issues . . . . . . . . . . . . . . . . . . . . . . . 4
3.4. Security Properties . . . . . . . . . . . . . . . . . . . . 5 3.4. Security Properties . . . . . . . . . . . . . . . . . . . . 5
3.5. Packet Size and Overhead . . . . . . . . . . . . . . . . . . 5 3.5. Packet Size and Overhead . . . . . . . . . . . . . . . . . . 5
3.6. Localization and Character Set Support . . . . . . . . . . . 6 3.6. Localization and Character Set Support . . . . . . . . . . . 6
4. Data Type Representations Used in the SSH Protocols . . . . . . 7 4. Data Type Representations Used in the SSH Protocols . . . . . . 7
4.1. Encoding of Network Addresses . . . . . . . . . . . . . . . 8
5. Algorithm Naming . . . . . . . . . . . . . . . . . . . . . . . . 8 5. Algorithm Naming . . . . . . . . . . . . . . . . . . . . . . . . 8
6. Message Numbers . . . . . . . . . . . . . . . . . . . . . . . . 8 6. Message Numbers . . . . . . . . . . . . . . . . . . . . . . . . 9
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 9 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 9
8. Security Considerations . . . . . . . . . . . . . . . . . . . . 9 8. Security Considerations . . . . . . . . . . . . . . . . . . . . 10
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 10 10. Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction 1. Introduction
SSH is a protocol for secure remote login and other secure network SSH is a protocol for secure remote login and other secure network
services over an insecure network. It consists of three major services over an insecure network. It consists of three major
components: components:
o Transport layer protocol [SSH-TRANS] provides server authentication, o Transport layer protocol [SSH-TRANS] provides server authentication,
confidentiality, and integrity. It may optionally also provide confidentiality, and integrity. It may optionally also provide
compression. The transport layer will typically be run over a TCP/IP compression. The transport layer will typically be run over a TCP/IP
connection, but might also be used on top of any other reliable data connection, but might also be used on top of any other reliable data
stream. stream.
o User authentication protocol [SSH-USERAUTH] authenticates the client o User authentication protocol [SSH-USERAUTH] authenticates the client-
side user to the server. It runs over the transport layer protocol. side user to the server. It runs over the transport layer protocol.
o Connection protocol [SSH-CONN] multiplexes the encrypted tunnel into o Connection protocol [SSH-CONN] multiplexes the encrypted tunnel into
several logical channels. It runs over the user authentication several logical channels. It runs over the user authentication
protocol. protocol.
The client sends a service request once a secure transport layer The client sends a service request once a secure transport layer
connection has been established. A second service request is sent after connection has been established. A second service request is sent after
user authentication is complete. This allows new protocols to be defined user authentication is complete. This allows new protocols to be defined
and coexist with the protocols listed above. and coexist with the protocols listed above.
skipping to change at page 5, line 28 skipping to change at page 5, line 28
run commands on the client machine, and MUST NOT allow connections to run commands on the client machine, and MUST NOT allow connections to
the authentication agent unless forwarding it has been requested. the authentication agent unless forwarding it has been requested.
Other issues, such as which TCP/IP ports can be forwarded and by Other issues, such as which TCP/IP ports can be forwarded and by
whom, are clear local policy issues. Many of these issues may whom, are clear local policy issues. Many of these issues may
involve traversing or bypassing firewalls, and are interrelated with involve traversing or bypassing firewalls, and are interrelated with
the local security policy. the local security policy.
3.4. Security Properties 3.4. Security Properties
The primary goal of the SSH protocols is improved security on the The primary goal of the SSH protocols is improved security on the
Internet. It attempts to do this in a way that is easy enough for users Internet. It attempts to do this in a way that is easy to deploy, even
to be taken into use, even at the cost of absolute security. at the cost of absolute security.
o All encryption, integrity, and public key algorithms used are well- o All encryption, integrity, and public key algorithms used are well-
known, well-established algorithms. known, well-established algorithms.
o All algorithms are used with cryptographically sound key sizes that o All algorithms are used with cryptographically sound key sizes that
are believed to provide protection against even the strongest are believed to provide protection against even the strongest
cryptanalytic attacks for decades. cryptanalytic attacks for decades.
o All algorithms are negotiated, and in case some algorithm is broken, o All algorithms are negotiated, and in case some algorithm is broken,
it is easy to switch to some other algorithm without modifying the it is easy to switch to some other algorithm without modifying the
skipping to change at page 6, line 55 skipping to change at page 6, line 55
type to determine what character set they use, or the character set is type to determine what character set they use, or the character set is
determined using some external means. The terminal emulation may also determined using some external means. The terminal emulation may also
allow configuring the default character set. In any case, character set allow configuring the default character set. In any case, character set
for the terminal session is considered primarily a client local issue. for the terminal session is considered primarily a client local issue.
Internal names used to identify algorithms or protocols are normally Internal names used to identify algorithms or protocols are normally
never displayed to users, and must be in US-ASCII. never displayed to users, and must be in US-ASCII.
The client and server user names are inherently constrained by what the The client and server user names are inherently constrained by what the
server is prepared to accept. They might, however, occasionally be server is prepared to accept. They might, however, occasionally be
displayed in logs, reports, etc. They SHOULD be encoded using ISO 10646 displayed in logs, reports, etc. They MUST be encoded using ISO 10646
UTF-8, but other encodings may be required in some cases. It is up to UTF-8, but other encodings may be required in some cases. It is up to
the server to decide how to map user names to accepted user names. the server to decide how to map user names to accepted user names.
Straight bit-wise binary comparison is RECOMMENDED. Straight bit-wise binary comparison is RECOMMENDED.
For localization purposes, the protocol attempts to minimize the number For localization purposes, the protocol attempts to minimize the number
of textual messages transmitted. When present, such messages typically of textual messages transmitted. When present, such messages typically
relate to errors, debugging information, or some externally configured relate to errors, debugging information, or some externally configured
data. For data that is normally displayed, it SHOULD be possible to data. For data that is normally displayed, it SHOULD be possible to
fetch a localized message instead of the transmitted on using a numeric fetch a localized message instead of the transmitted by using a numeric
code. The remaining messages SHOULD be configurable. code. The remaining messages SHOULD be configurable.
4. Data Type Representations Used in the SSH Protocols 4. Data Type Representations Used in the SSH Protocols
byte byte
A byte represents an arbitrary 8-bit value (octet) [RFC1700]. A byte represents an arbitrary 8-bit value (octet) [RFC1700].
Fixed length data is sometimes represented as an array of bytes, Fixed length data is sometimes represented as an array of bytes,
written byte[n], where n is the number of bytes in the array. written byte[n], where n is the number of bytes in the array.
boolean boolean
skipping to change at page 8, line 9 skipping to change at page 8, line 9
stored as a string, 8 bits per byte, MSB first. Negative numbers stored as a string, 8 bits per byte, MSB first. Negative numbers
have one in the most significant bit of the first byte of the data have one in the most significant bit of the first byte of the data
partition of. If the most significant bit would be set for a partition of. If the most significant bit would be set for a
positive number, the number MUST be preceded by a zero byte. positive number, the number MUST be preceded by a zero byte.
Unnecessary leading zero or 255 bytes MUST NOT be included. The Unnecessary leading zero or 255 bytes MUST NOT be included. The
value zero MUST be stored as a string with zero bytes of data. value zero MUST be stored as a string with zero bytes of data.
By convention, a number that is used in modular computations in By convention, a number that is used in modular computations in
Z_n SHOULD be represented in the range 0 <= x < n. Z_n SHOULD be represented in the range 0 <= x < n.
For example, the value 694531781388612263 (0x9a378f9b2e332a7) is Examples:
represented as 00 00 00 08 09 a3 78 f9 b2 e3 32 a7.
value (hex) representation (hex)
---------------------------------------------------------------
0 00 00 00 00
9a378f9b2e332a7 00 00 00 08 09 a3 78 f9 b2 e3 32 a7
80 00 00 00 02 00 80
-1234 00 00 00 02 ed cc
-deadbeef 00 00 00 05 ff 21 52 41 11
4.1. Encoding of Network Addresses
Network addresses are encoded as strings. DNS names MUST NOT be used, as
DNS is an insecure protocol.
If an address contains a colon (':', ascii 58), it is interpreted as an
IPv6 address. The encoding of IPv6 addresses is described in RFC-1884.
IPv4 addresses are expressed in the standard dot-separated decimal
format (e.g. 127.0.0.1).
5. Algorithm Naming 5. Algorithm Naming
The SSH protocols refer to particular hash, encryption, integrity, The SSH protocols refer to particular hash, encryption, integrity,
compression, and key exchange algorithms or protocols by names. There compression, and key exchange algorithms or protocols by names. There
are some standard algorithms that all implementations MUST support. are some standard algorithms that all implementations MUST support.
There are also algorithms that are defined in the protocol specification There are also algorithms that are defined in the protocol specification
but are OPTIONAL. Furthermore, it is expected that some organizations but are OPTIONAL. Furthermore, it is expected that some organizations
will want to use their own algorithms. will want to use their own algorithms.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/