draft-ietf-secsh-userauth-15.txt   draft-ietf-secsh-userauth-16.txt 
Network Working Group T. Ylonen Network Working Group T. Ylonen
Internet-Draft T. Kivinen Internet-Draft T. Kivinen
Expires: August 29, 2002 SSH Communications Security Corp Expires: March 21, 2003 SSH Communications Security Corp
M. Saarinen M. Saarinen
University of Jyvaskyla University of Jyvaskyla
T. Rinne T. Rinne
S. Lehtinen S. Lehtinen
SSH Communications Security Corp SSH Communications Security Corp
February 28, 2002 September 20, 2002
SSH Authentication Protocol SSH Authentication Protocol
draft-ietf-secsh-userauth-15.txt draft-ietf-secsh-userauth-16.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 37 skipping to change at page 1, line 37
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 29, 2002. This Internet-Draft will expire on March 21, 2003.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved. Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract Abstract
SSH is a protocol for secure remote login and other secure network SSH is a protocol for secure remote login and other secure network
services over an insecure network. This document describes the SSH services over an insecure network. This document describes the SSH
authentication protocol framework and public key, password, and host- authentication protocol framework and public key, password, and host-
skipping to change at page 2, line 20 skipping to change at page 2, line 20
2.1 Authentication Requests . . . . . . . . . . . . . . . . . . . 4 2.1 Authentication Requests . . . . . . . . . . . . . . . . . . . 4
2.2 Responses to Authentication Requests . . . . . . . . . . . . . 4 2.2 Responses to Authentication Requests . . . . . . . . . . . . . 4
2.3 The "none" Authentication Request . . . . . . . . . . . . . . 6 2.3 The "none" Authentication Request . . . . . . . . . . . . . . 6
2.4 Completion of User Authentication . . . . . . . . . . . . . . 6 2.4 Completion of User Authentication . . . . . . . . . . . . . . 6
2.5 Banner Message . . . . . . . . . . . . . . . . . . . . . . . . 6 2.5 Banner Message . . . . . . . . . . . . . . . . . . . . . . . . 6
3. Authentication Protocol Message Numbers . . . . . . . . . . . 7 3. Authentication Protocol Message Numbers . . . . . . . . . . . 7
4. Public Key Authentication Method: publickey . . . . . . . . . 7 4. Public Key Authentication Method: publickey . . . . . . . . . 7
5. Password Authentication Method: password . . . . . . . . . . . 9 5. Password Authentication Method: password . . . . . . . . . . . 9
6. Host-Based Authentication: hostbased . . . . . . . . . . . . . 11 6. Host-Based Authentication: hostbased . . . . . . . . . . . . . 11
7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12
8. Trademark Issues . . . . . . . . . . . . . . . . . . . . . . . 13 8. Intellectual Property . . . . . . . . . . . . . . . . . . . . 13
9. Additional Information . . . . . . . . . . . . . . . . . . . . 13 9. Additional Information . . . . . . . . . . . . . . . . . . . . 13
References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 13 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 14
Full Copyright Statement . . . . . . . . . . . . . . . . . . . 15 Full Copyright Statement . . . . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
The SSH authentication protocol is a general-purpose user The SSH authentication protocol is a general-purpose user
authentication protocol. It is intended to be run over the SSH authentication protocol. It is intended to be run over the SSH
transport layer protocol [SSH-TRANS]. This protocol assumes that the transport layer protocol [SSH-TRANS]. This protocol assumes that the
underlying protocols provide integrity and confidentiality underlying protocols provide integrity and confidentiality
protection. protection.
skipping to change at page 13, line 6 skipping to change at page 13, line 6
characteristics are allowed. It is up to the server's local policy characteristics are allowed. It is up to the server's local policy
to decide which methods (or combinations of methods) it is willing to to decide which methods (or combinations of methods) it is willing to
accept for each user. Authentication is no stronger than the weakest accept for each user. Authentication is no stronger than the weakest
combination allowed. combination allowed.
Special care should be taken when designing debug messages. These Special care should be taken when designing debug messages. These
messages may reveal surprising amounts of information about the host messages may reveal surprising amounts of information about the host
if not properly designed. Debug messages can be disabled (during if not properly designed. Debug messages can be disabled (during
user authentication phase) if high security is required. user authentication phase) if high security is required.
8. Trademark Issues 8. Intellectual Property
As of this writing, SSH Communications Security Oy claims ssh as its The IETF takes no position regarding the validity or scope of any
trademark. As with all IPR claims the IETF takes no position intellectual property or other rights that might be claimed to
regarding the validity or scope of this trademark claim. pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. Copies of
claims of rights made available for publication and any assurances of
licenses to be made available, or the result of an attempt made to
obtain a general license or permission for the use of such
proprietary rights by implementers or users of this specification can
be obtained from the IETF Secretariat.
The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this
document. For more information consult the online list of claimed
rights.
9. Additional Information 9. Additional Information
The current document editor is: Darren.Moffat@Sun.COM. Comments on The current document editor is: Darren.Moffat@Sun.COM. Comments on
this internet draft should be sent to the IETF SECSH working group, this internet draft should be sent to the IETF SECSH working group,
details at: http://ietf.org/html.charters/secsh-charter.html details at: http://ietf.org/html.charters/secsh-charter.html
References References
[RFC1766] Alvestrand, H., "Tags for the Identification of [RFC1766] Alvestrand, H., "Tags for the Identification of
Languages", RFC 1766, March 1995. Languages", RFC 1766, March 1995.
[RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO
10646", RFC 2279, January 1998. 10646", RFC 2279, January 1998.
[SSH-ARCH] Ylonen, T., "SSH Protocol Architecture", I-D draft- [SSH-ARCH] Ylonen, T., "SSH Protocol Architecture", I-D draft-
ietf-architecture-12.txt, July 2001. ietf-architecture-13.txt, September 2002.
[SSH-TRANS] Ylonen, T., "SSH Transport Layer Protocol", I-D [SSH-TRANS] Ylonen, T., "SSH Transport Layer Protocol", I-D
draft-ietf-transport-13.txt, July 2001. draft-ietf-transport-15.txt, September 2002.
[SSH-USERAUTH] Ylonen, T., "SSH Authentication Protocol", I-D draft- [SSH-USERAUTH] Ylonen, T., "SSH Authentication Protocol", I-D draft-
ietf-userauth-15.txt, July 2001. ietf-userauth-16.txt, September 2002.
[SSH-CONNECT] Ylonen, T., "SSH Connection Protocol", I-D draft- [SSH-CONNECT] Ylonen, T., "SSH Connection Protocol", I-D draft-
ietf-connect-15.txt, July 2001. ietf-connect-16.txt, September 2002.
Authors' Addresses Authors' Addresses
Tatu Ylonen Tatu Ylonen
SSH Communications Security Corp SSH Communications Security Corp
Fredrikinkatu 42 Fredrikinkatu 42
HELSINKI FIN-00100 HELSINKI FIN-00100
Finland Finland
EMail: ylo@ssh.com EMail: ylo@ssh.com
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/