draft-ietf-secsh-userauth-03.txt   draft-ietf-secsh-userauth-04.txt 
Network Working Group T. Ylonen Network Working Group T. Ylonen
INTERNET-DRAFT T. Kivinen INTERNET-DRAFT T. Kivinen
draft-ietf-secsh-userauth-03.txt M. Saarinen draft-ietf-secsh-userauth-04.txt M. Saarinen
Expires in six months SSH Expires in six months T. Rinne
7 November 1997 S. Lehtinen
SSH
6 August 1998
SSH Authentication Protocol SSH Authentication Protocol
Status of This memo Status of This memo
This document is an Internet-Draft. Internet-Drafts are working This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its areas, documents of the Internet Engineering Task Force (IETF), its areas,
and its working groups. Note that other groups may also distribute and its working groups. Note that other groups may also distribute
working documents as Internet-Drafts. working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as reference at any time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as ``work in progress.'' material or to cite them other than as ``work in progress.''
To learn the current status of any Internet-Draft, please check To learn the current status of any Internet-Draft, please check
the ``1id-abstracts.txt'' listing contained in the Internet-Drafts the ``1id-abstracts.txt'' listing contained in the Internet-Drafts
Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe), Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net (Europe),
munnari.oz.au (Pacific Rim), ds.internic.net (US East Coast), munnari.oz.au (Pacific Rim), ftp.ietf.org (US East Coast),
or ftp.isi.edu (US West Coast). or ftp.isi.edu (US West Coast).
Abstract Abstract
SSH is a protocol for secure remote login and other secure network SSH is a protocol for secure remote login and other secure network ser-
services over an insecure network. vices over an insecure network. This document describes the SSH authen-
tication protocol framework and public key, password, and host-based
This document describes the SSH authentication protocol framework and client authentication methods. Additional authentication methods are
public key, password, and host-based client authentication methods. deferred to separate documents. The SSH authentication protocol runs on
Additional authentication methods are deferred to separate documents. top the SSH transport layer protocol and provides a single authenticated
tunnel for the SSH connection protocol.
The SSH authentication protocol runs on top the SSH transport layer
protocol and provides a single authenticated tunnel for the SSH
connection protocol.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2. The Authentication Protocol Framework . . . . . . . . . . . . . 2 2. The Authentication Protocol Framework . . . . . . . . . . . . . 2
2.1. Authentication Requests . . . . . . . . . . . . . . . . . . 3 2.1. Authentication Requests . . . . . . . . . . . . . . . . . . 3
2.2. Responses to Authentication Requests . . . . . . . . . . . . 3 2.2. Responses to Authentication Requests . . . . . . . . . . . . 3
2.3. The none Authentication Request . . . . . . . . . . . . . . 4 2.3. The none Authentication Request . . . . . . . . . . . . . . 4
2.4. Completion of User Authentication . . . . . . . . . . . . . 5 2.4. Completion of User Authentication . . . . . . . . . . . . . 5
2.5. Banner Message . . . . . . . . . . . . . . . . . . . . . . . 5 2.5. Banner Message . . . . . . . . . . . . . . . . . . . . . . . 5
skipping to change at page 2, line 25 skipping to change at page 2, line 25
4. Public Key Authentication Method: publickey . . . . . . . . . . 6 4. Public Key Authentication Method: publickey . . . . . . . . . . 6
5. Password Authentication Method: password . . . . . . . . . . . . 7 5. Password Authentication Method: password . . . . . . . . . . . . 7
6. Host-Based Authentication: hostbased . . . . . . . . . . . . . . 9 6. Host-Based Authentication: hostbased . . . . . . . . . . . . . . 9
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 10 7. Security Considerations . . . . . . . . . . . . . . . . . . . . 10
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
9. Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11 9. Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 11
1. Introduction 1. Introduction
The SSH authentication protocol is a general-purpose user authentication The SSH authentication protocol is a general-purpose user authentication
protocol. It is intended to be run over the SSH transport layer protocol. It is intended to be run over the SSH transport layer protocol
protocol [SSH-TRANS]. This protocol assumes that the underlying [SSH-TRANS]. This protocol assumes that the underlying protocols provide
protocols provide integrity and confidentiality protection. integrity and confidentiality protection.
This document should be read only after reading the SSH architecture This document should be read only after reading the SSH architecture
document [SSH-ARCH]. This document freely uses terminology and notation document [SSH-ARCH]. This document freely uses terminology and notation
from the architecture document without reference or further explanation. from the architecture document without reference or further explanation.
The service name for this protocol is "ssh-userauth". The service name for this protocol is "ssh-userauth".
When this protocol starts, it receives the session identifier from the When this protocol starts, it receives the session identifier from the
lower-level protocol. The session identifier uniquely identifies this lower-level protocol. The session identifier uniquely identifies this
session and is suitable for signing to prove ownership of a private key. session and is suitable for signing to prove ownership of a private key.
skipping to change at line 543 skipping to change at page 11, line 29
FIN-02150 ESPOO FIN-02150 ESPOO
Finland Finland
E-mail: kivinen@ssh.fi E-mail: kivinen@ssh.fi
Markku-Juhani O. Saarinen Markku-Juhani O. Saarinen
SSH Communications Security Ltd. SSH Communications Security Ltd.
Tekniikantie 12 Tekniikantie 12
FIN-02150 ESPOO FIN-02150 ESPOO
Finland Finland
E-mail: mjos@ssh.fi E-mail: mjos@ssh.fi
Timo J. Rinne
SSH Communications Security Ltd.
Tekniikantie 12
FIN-02150 ESPOO
Finland
E-mail: tri@ssh.fi
Sami Lehtinen
SSH Communications Security Ltd.
Tekniikantie 12
FIN-02150 ESPOO
Finland
E-mail: sjl@ssh.fi
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/