draft-ietf-secsh-auth-kbdinteract-03.txt   draft-ietf-secsh-auth-kbdinteract-04.txt 
Network Working Group F. Cusack Network Working Group F. Cusack
INTERNET-DRAFT Google, Inc. INTERNET-DRAFT Google, Inc.
Expires October 2, 2002 M. Forssen Expires April 2, 2003 M. Forssen
Appgate AB Appgate AB
April 2, 2002 October 2, 2002
Generic Message Exchange Authentication For SSH Generic Message Exchange Authentication For SSH
<draft-ietf-secsh-auth-kbdinteract-03.txt> <draft-ietf-secsh-auth-kbdinteract-04.txt>
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of Section 10 of RFC2026. of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
skipping to change at page 1, line 33 skipping to change at page 1, line 33
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
<http://www.ietf.org/ietf/1id-abstracts.txt>. <http://www.ietf.org/ietf/1id-abstracts.txt>.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
<http://www.ietf.org/shadow.html>. <http://www.ietf.org/shadow.html>.
This Internet-Draft will expire on October 2, 2002. This Internet-Draft will expire on April 2, 2003.
Abstract Abstract
SSH is a protocol for secure remote login and other secure network SSH is a protocol for secure remote login and other secure network
services over an insecure network. This document describes a general services over an insecure network. This document describes a general
purpose authentication method for the SSH protocol, suitable for purpose authentication method for the SSH protocol, suitable for
interactive authentications where the authentication data should be interactive authentications where the authentication data should be
entered via a keyboard. The major goal of this method is to allow entered via a keyboard. The major goal of this method is to allow
the SSH client to support a whole class of authentication the SSH client to support a whole class of authentication
mechanism(s) without knowing the specifics of the actual mechanism(s) without knowing the specifics of the actual
skipping to change at page 7, line 17 skipping to change at page 7, line 17
(e.g., ISO 8859-1), it MUST convert the responses to ISO-10646 UTF-8 (e.g., ISO 8859-1), it MUST convert the responses to ISO-10646 UTF-8
before transmitting. before transmitting.
If the num-responses field does not match the num-prompts field in If the num-responses field does not match the num-prompts field in
the request message, the server MUST send a failure message. the request message, the server MUST send a failure message.
In the case that the server sends a `0' num-prompts field in the In the case that the server sends a `0' num-prompts field in the
request message, the client MUST send a response message with a `0' request message, the client MUST send a response message with a `0'
num-responses field. num-responses field.
The responses must be ordered as the prompts were ordered. That is, The responses MUST be ordered as the prompts were ordered. That is,
response[n] must be the answer to prompt[n]. response[n] MUST be the answer to prompt[n].
After receiving the response, the server MUST send either a After receiving the response, the server MUST send either a
SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, or another SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, or another
SSH_MSG_USERAUTH_INFO_REQUEST message. SSH_MSG_USERAUTH_INFO_REQUEST message.
If the server fails to authenticate the user (through the underlying If the server fails to authenticate the user (through the underlying
authentication mechanism(s)), it SHOULD NOT send another request authentication mechanism(s)), it SHOULD NOT send another request
message(s) in an attempt to obtain new authentication data, instead message(s) in an attempt to obtain new authentication data, instead
it SHOULD send a failure message. The only time the server should it SHOULD send a failure message. The only time the server should
send multiple request messages is if additional authentication data send multiple request messages is if additional authentication data
skipping to change at page 10, line 15 skipping to change at page 10, line 15
Requirement Level", BCP 14, RFC 2119, March 1997. Requirement Level", BCP 14, RFC 2119, March 1997.
[RFC-2279] Yergeau, F., "UTF-8, a transformation format of [RFC-2279] Yergeau, F., "UTF-8, a transformation format of
Unicode and ISO 10646", RFC 2279, October 1996. Unicode and ISO 10646", RFC 2279, October 1996.
[RFC-3066] Alvestrand, H., "Tags for the Identification of [RFC-3066] Alvestrand, H., "Tags for the Identification of
Languages", BCP 47, RFC 3066, January 2001. Languages", BCP 47, RFC 3066, January 2001.
[SSH-ARCH] Ylonen, T., Kivinen, T, Saarinen, M., Rinne, T., and [SSH-ARCH] Ylonen, T., Kivinen, T, Saarinen, M., Rinne, T., and
Lehtinen, S., "SSH Protocol Architecture", work in Lehtinen, S., "SSH Protocol Architecture", work in
progress, draft-ietf-secsh-architecture-12.txt, progress, draft-ietf-secsh-architecture-13.txt,
January, 2002. September, 2002.
[SSH-CONNECT] Ylonen, T., Kivinen, T, Saarinen, M., Rinne, T., and [SSH-CONNECT] Ylonen, T., Kivinen, T, Saarinen, M., Rinne, T., and
Lehtinen, S., "SSH Connection Protocol", work in Lehtinen, S., "SSH Connection Protocol", work in
progress, draft-ietf-secsh-connect-15.txt, January, progress, draft-ietf-secsh-connect-16.txt, September,
2002. 2002.
[SSH-TRANS] Ylonen, T., Kivinen, T, Saarinen, M., Rinne, T., and [SSH-TRANS] Ylonen, T., Kivinen, T, Saarinen, M., Rinne, T., and
Lehtinen, S., "SSH Transport Layer Protocol", work in Lehtinen, S., "SSH Transport Layer Protocol", work in
progress, draft-ietf-secsh-transport-14.txt, March, progress, draft-ietf-secsh-transport-15.txt,
2002. September, 2002.
[SSH-USERAUTH] Ylonen, T., Kivinen, T, Saarinen, M., Rinne, T., and [SSH-USERAUTH] Ylonen, T., Kivinen, T, Saarinen, M., Rinne, T., and
Lehtinen, S., "SSH Authentication Protocol", work in Lehtinen, S., "SSH Authentication Protocol", work in
progress, draft-ietf-secsh-userauth-15.txt, February, progress, draft-ietf-secsh-userauth-16.txt,
2002. September, 2002.
7. Author's Addresses 7. Author's Addresses
Frank Cusack Frank Cusack
Google, Inc. Google, Inc.
2400 Bayshore Parkway 2400 Bayshore Parkway
Mountain View, CA 94043 Mountain View, CA 94043
Email: frank@google.com Email: frank@google.com
Martin Forssen Martin Forssen
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/