draft-ietf-secsh-userauth-18.txt   draft-ietf-secsh-userauth-19.txt 
Network Working Group T. Ylonen Network Working Group T. Ylonen
Internet-Draft SSH Communications Security Corp Internet-Draft SSH Communications Security Corp
Expires: March 2, 2003 D. Moffat, Ed. Expires: November 17, 2004 C. Lonvick, Ed.
Sun Microsystems, Inc Cisco Systems, Inc
September 2002 May 19, 2004
SSH Authentication Protocol SSH Authentication Protocol
draft-ietf-secsh-userauth-18.txt draft-ietf-secsh-userauth-19.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that
groups may also distribute working documents as Internet-Drafts. other groups may also distribute working documents as
Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at http:// The list of current Internet-Drafts can be accessed at
www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on March 2, 2003. This Internet-Draft will expire on November 17, 2004.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
Abstract Abstract
SSH is a protocol for secure remote login and other secure network SSH is a protocol for secure remote login and other secure network
services over an insecure network. This document describes the SSH services over an insecure network. This document describes the SSH
authentication protocol framework and public key, password, and authentication protocol framework and public key, password, and
host-based client authentication methods. Additional authentication host-based client authentication methods. Additional authentication
methods are described in separate documents. The SSH authentication methods are described in separate documents. The SSH authentication
protocol runs on top of the SSH transport layer protocol and provides protocol runs on top of the SSH transport layer protocol and provides
a single authenticated tunnel for the SSH connection protocol. a single authenticated tunnel for the SSH connection protocol.
Table of Contents Table of Contents
1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Conventions Used in This Document . . . . . . . . . . . . . 3 3. Conventions Used in This Document . . . . . . . . . . . . . . 3
3.1 The Authentication Protocol Framework . . . . . . . . . . . 3 3.1 The Authentication Protocol Framework . . . . . . . . . . 4
3.1.1 Authentication Requests . . . . . . . . . . . . . . . . . . 4 3.1.1 Authentication Requests . . . . . . . . . . . . . . . 4
3.1.2 Responses to Authentication Requests . . . . . . . . . . . . 5 3.1.2 Responses to Authentication Requests . . . . . . . . . 5
3.1.3 The "none" Authentication Request . . . . . . . . . . . . . 6 3.1.3 The "none" Authentication Request . . . . . . . . . . 6
3.1.4 Completion of User Authentication . . . . . . . . . . . . . 6 3.1.4 Completion of User Authentication . . . . . . . . . . 6
3.1.5 Banner Message . . . . . . . . . . . . . . . . . . . . . . . 7 3.1.5 Banner Message . . . . . . . . . . . . . . . . . . . . 7
3.2 Authentication Protocol Message Numbers . . . . . . . . . . 7 3.2 Authentication Protocol Message Numbers . . . . . . . . . 7
3.3 Public Key Authentication Method: publickey . . . . . . . . 8 3.3 Public Key Authentication Method: publickey . . . . . . . 8
3.4 Password Authentication Method: password . . . . . . . . . . 10 3.4 Password Authentication Method: password . . . . . . . . . 10
3.5 Host-Based Authentication: hostbased . . . . . . . . . . . . 11 3.5 Host-Based Authentication: hostbased . . . . . . . . . . . 11
4. Security Considerations . . . . . . . . . . . . . . . . . . 12 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13
Normative . . . . . . . . . . . . . . . . . . . . . . . . . 13 5. Security Considerations . . . . . . . . . . . . . . . . . . . 13
Informative . . . . . . . . . . . . . . . . . . . . . . . . 13 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 14 6.1 Normative . . . . . . . . . . . . . . . . . . . . . . . . . 13
Intellectual Property and Copyright Statements . . . . . . . 15 6.2 Informative . . . . . . . . . . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . 14
Intellectual Property and Copyright Statements . . . . . . . . 15
1. Contributors 1. Contributors
The major original contributors of this document were: Tatu Ylonen, The major original contributors of this document were: Tatu Ylonen,
Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH Communications Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH
Security Corp), and Markku-Juhani O. Saarinen (University of Communications Security Corp), and Markku-Juhani O. Saarinen
Jyvaskyla) (University of Jyvaskyla). Darren Moffit was the original editor of
this document and also made very substantial contributions.
The document editor is: Darren.Moffat@Sun.COM. Comments on this Additional contributors to this document include [need list].
internet draft should be sent to the IETF SECSH working group, Listing their names here does not mean that they endorse this
details at: http://ietf.org/html.charters/secsh-charter.html document, but that they have contributed to it.
Comments on this internet draft should be sent to the IETF SECSH
working group, details at:
http://ietf.org/html.charters/secsh-charter.html Note: This paragraph
will be removed before this document progresses to become an RFC.
2. Introduction 2. Introduction
The SSH authentication protocol is a general-purpose user The SSH authentication protocol is a general-purpose user
authentication protocol. It is intended to be run over the SSH authentication protocol. It is intended to be run over the SSH
transport layer protocol [SSH-TRANS]. This protocol assumes that the transport layer protocol [SSH-TRANS]. This protocol assumes that the
underlying protocols provide integrity and confidentiality underlying protocols provide integrity and confidentiality
protection. protection.
This document should be read only after reading the SSH architecture This document should be read only after reading the SSH architecture
document [SSH-ARCH]. This document freely uses terminology and document [SSH-ARCH]. This document freely uses terminology and
notation from the architecture document without reference or further notation from the architecture document without reference or further
explanation. explanation.
The service name for this protocol is "ssh-userauth". The service name for this protocol is "ssh-userauth".
When this protocol starts, it receives the session identifier from When this protocol starts, it receives the session identifier from
the lower-level protocol (this is the exchange hash H from the first the lower-level protocol (this is the exchange hash H from the first
key exchange). The session identifier uniquely identifies this key exchange). The session identifier uniquely identifies this
session and is suitable for signing in order to prove ownership of a session and is suitable for signing in order to prove ownership of a
private key. This protocol also needs to know whether the lower-level private key. This protocol also needs to know whether the
protocol provides confidentiality protection. lower-level protocol provides confidentiality protection.
3. Conventions Used in This Document 3. Conventions Used in This Document
The keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", The keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
and "MAY" that appear in this document are to be interpreted as and "MAY" that appear in this document are to be interpreted as
described in [RFC2119] described in [RFC2119]
The used data types and terminology are specified in the architecture The used data types and terminology are specified in the architecture
document [SSH-ARCH] document [SSH-ARCH]
The architecture document also discusses the algorithm naming The architecture document also discusses the algorithm naming
conventions that MUST be used with the SSH protocols. conventions that MUST be used with the SSH protocols.
3.1 The Authentication Protocol Framework 3.1 The Authentication Protocol Framework
The server drives the authentication by telling the client which The server drives the authentication by telling the client which
authentication methods can be used to continue the exchange at any authentication methods can be used to continue the exchange at any
given time. The client has the freedom to try the methods listed by given time. The client has the freedom to try the methods listed by
the server in any order. This gives the server complete control over the server in any order. This gives the server complete control over
the authentication process if desired, but also gives enough the authentication process if desired, but also gives enough
skipping to change at page 12, line 48 skipping to change at page 13, line 6
appropriate value by the given host key. The server MAY ignore the appropriate value by the given host key. The server MAY ignore the
client user name, if it wants to authenticate only the client host. client user name, if it wants to authenticate only the client host.
It is RECOMMENDED that whenever possible, the server perform It is RECOMMENDED that whenever possible, the server perform
additional checks to verify that the network address obtained from additional checks to verify that the network address obtained from
the (untrusted) network matches the given client host name. This the (untrusted) network matches the given client host name. This
makes exploiting compromised host keys more difficult. Note that makes exploiting compromised host keys more difficult. Note that
this may require special handling for connections coming through a this may require special handling for connections coming through a
firewall. firewall.
4. Security Considerations 4. IANA Considerations
This document is part of a set, the IANA considerations for the SSH
protocol as defined in [SSH-ARCH], [SSH-TRANS], [SSH-CONNECT], and
this document, are detailed in [SSH-NUMBERS].
5. Security Considerations
The purpose of this protocol is to perform client user The purpose of this protocol is to perform client user
authentication. It assumed that this runs over a secure transport authentication. It assumed that this runs over a secure transport
layer protocol, which has already authenticated the server machine, layer protocol, which has already authenticated the server machine,
established an encrypted communications channel, and computed a established an encrypted communications channel, and computed a
unique session identifier for this session. The transport layer unique session identifier for this session. The transport layer
provides forward secrecy for password authentication and other provides forward secrecy for password authentication and other
methods that rely on secret data. methods that rely on secret data.
Full security considerations for this protocol are provided in Full security considerations for this protocol are provided in
Section 8 of [SSH-ARCH] Section 8 of [SSH-ARCH]
Normative 6. References
[SSH-ARCH]
Ylonen, T., "SSH Protocol Architecture", I-D
draft-ietf-architecture-15.txt, Oct 2003.
[SSH-TRANS] 6.1 Normative
Ylonen, T., "SSH Transport Layer Protocol", I-D
draft-ietf-transport-17.txt, Oct 2003.
[SSH-USERAUTH] [SSH-ARCH]
Ylonen, T., "SSH Authentication Protocol", I-D Ylonen, T. and C. Lonvick, "SSH Protocol Architecture",
draft-ietf-userauth-18.txt, Oct 2003. I-D draft-ietf-architecture-16.txt, May 2004.
[SSH-CONNECT] [SSH-CONNECT]
Ylonen, T., "SSH Connection Protocol", I-D Ylonen, T. and C. Lonvick, "SSH Connection Protocol", I-D
draft-ietf-connect-18.txt, Oct 2003. draft-ietf-connect-19.txt, May 2004.
[SSH-TRANS]
Ylonen, T. and C. Lonvick, "SSH Transport Layer Protocol",
I-D draft-ietf-transport-18.txt, May 2004.
[SSH-NUMBERS] [SSH-NUMBERS]
Lehtinen, S. and D. Moffat, "SSH Protocol Assigned Ylonen, T. and C. Lonvick, "SSH Protocol Assigned
Numbers", I-D draft-ietf-secsh-assignednumbers-05.txt, Oct Numbers", I-D draft-ietf-assignednumbers-06.txt, May 2004.
2003.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
Informative 6.2 Informative
[RFC3066] Alvestrand, H., "Tags for the Identification of [RFC3066] Alvestrand, H., "Tags for the Identification of
Languages", BCP 47, RFC 3066, January 2001. Languages", BCP 47, RFC 3066, January 2001.
[RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO
10646", RFC 2279, January 1998. 10646", RFC 2279, January 1998.
Authors' Addresses Authors' Addresses
Tatu Ylonen Tatu Ylonen
SSH Communications Security Corp SSH Communications Security Corp
Fredrikinkatu 42 Fredrikinkatu 42
HELSINKI FIN-00100 HELSINKI FIN-00100
Finland Finland
EMail: ylo@ssh.com EMail: ylo@ssh.com
Darren J. Moffat (editor) Chris Lonvick (editor)
Sun Microsystems, Inc Cisco Systems, Inc
17 Network Circle 12515 Research Blvd.
Menlo Park 95025 Austin 78759
USA USA
EMail: Darren.Moffat@Sun.COM EMail: clonvick@cisco.com
Intellectual Property Statement Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and IETF's procedures with respect to rights in standards-track and
skipping to change at page 15, line 34 skipping to change at page 15, line 34
this standard. Please address the information to the IETF Executive this standard. Please address the information to the IETF Executive
Director. Director.
The IETF has been notified of intellectual property rights claimed in The IETF has been notified of intellectual property rights claimed in
regard to some or all of the specification contained in this regard to some or all of the specification contained in this
document. For more information consult the online list of claimed document. For more information consult the online list of claimed
rights. rights.
Full Copyright Statement Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved. Copyright (C) The Internet Society (2004). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
the copyright notice or references to the Internet Society or other the copyright notice or references to the Internet Society or other
Internet organizations, except as needed for the purpose of Internet organizations, except as needed for the purpose of
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/