draft-ietf-secsh-userauth-26.txt   draft-ietf-secsh-userauth-27.txt 
Network Working Group C. Lonvick, Ed. Network Working Group T. Ylonen
Internet-Draft Cisco Systems, Inc. Internet-Draft SSH Communications Security Corp
Expires: August 21, 2005 February 17, 2005 Expires: September 15, 2005 C. Lonvick, Ed.
Cisco Systems, Inc.
March 14, 2005
SSH Authentication Protocol SSH Authentication Protocol
draft-ietf-secsh-userauth-26.txt draft-ietf-secsh-userauth-27.txt
Status of this Memo Status of this Memo
This document is an Internet-Draft and is subject to all provisions This document is an Internet-Draft and is subject to all provisions
of Section 3 of RFC 3667. By submitting this Internet-Draft, each of Section 3 of RFC 3667. By submitting this Internet-Draft, each
author represents that any applicable patent or other IPR claims of author represents that any applicable patent or other IPR claims of
which he or she is aware have been or will be disclosed, and any of which he or she is aware have been or will be disclosed, and any of
which he or she become aware will be disclosed, in accordance with which he or she become aware will be disclosed, in accordance with
RFC 3668. RFC 3668.
skipping to change at page 1, line 35 skipping to change at page 1, line 37
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 21, 2005. This Internet-Draft will expire on September 15, 2005.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2005). Copyright (C) The Internet Society (2005).
Abstract Abstract
SSH is a protocol for secure remote login and other secure network SSH is a protocol for secure remote login and other secure network
services over an insecure network. This document describes the SSH services over an insecure network. This document describes the SSH
authentication protocol framework and public key, password, and authentication protocol framework and public key, password, and
skipping to change at page 2, line 25 skipping to change at page 2, line 27
5.4 Banner Message . . . . . . . . . . . . . . . . . . . . . . 7 5.4 Banner Message . . . . . . . . . . . . . . . . . . . . . . 7
6. Authentication Protocol Message Numbers . . . . . . . . . . 8 6. Authentication Protocol Message Numbers . . . . . . . . . . 8
7. Public Key Authentication Method: publickey . . . . . . . . 8 7. Public Key Authentication Method: publickey . . . . . . . . 8
8. Password Authentication Method: password . . . . . . . . . . 10 8. Password Authentication Method: password . . . . . . . . . . 10
9. Host-Based Authentication: hostbased . . . . . . . . . . . . 12 9. Host-Based Authentication: hostbased . . . . . . . . . . . . 12
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . 13 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . 13
11. Security Considerations . . . . . . . . . . . . . . . . . . 14 11. Security Considerations . . . . . . . . . . . . . . . . . . 14
12. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
12.1 Normative . . . . . . . . . . . . . . . . . . . . . . . 14 12.1 Normative . . . . . . . . . . . . . . . . . . . . . . . 14
12.2 Informative . . . . . . . . . . . . . . . . . . . . . . 15 12.2 Informative . . . . . . . . . . . . . . . . . . . . . . 15
Author's Address . . . . . . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 15
A. Trademark Notice . . . . . . . . . . . . . . . . . . . . . . 15
Intellectual Property and Copyright Statements . . . . . . . 16 Intellectual Property and Copyright Statements . . . . . . . 16
1. Contributors 1. Contributors
The major original contributors of this set of documents have been: The major original contributors of this set of documents have been:
Tatu Ylonen, Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH Tatu Ylonen, Tero Kivinen, Timo J. Rinne, Sami Lehtinen (all of SSH
Communications Security Corp), and Markku-Juhani O. Saarinen Communications Security Corp), and Markku-Juhani O. Saarinen
(University of Jyvaskyla). Darren Moffit was the original editor of (University of Jyvaskyla). Darren Moffit was the original editor of
this set of documents and also made very substantial contributions. this set of documents and also made very substantial contributions.
Additional contributors to this document include [need list]. Many people contributed to the development of this document over the
Listing their names here does not mean that they endorse this years. People who should be acknowledged include Mats Andersson, Ben
document, but that they have contributed to it. Harris, Brent McClure, Niels Moller, Damien Miller, Derek Fawcus,
Frank Cusack, Heikki Nousiainen, Jakob Schlyter, Jeff Van Dyke,
Comments on this internet draft should be sent to the IETF SECSH Jeffrey Altman, Jeffrey Hutzelman, Jon Bright, Joseph Galbraith, Ken
working group, details at: Hornstein, Markus Friedl, Martin Forssen, Nicolas Williams, Niels
http://ietf.org/html.charters/secsh-charter.html Note: This paragraph Provos, Perry Metzger, Peter Gutmann, Simon Josefsson, Simon Tatham,
will be removed before this document progresses to become an RFC. Wei Dai, Denis Bider, der Mouse, and Tadayoshi Kohno. Listing their
names here does not mean that they endorse this document, but that
they have contributed to it.
2. Introduction 2. Introduction
The SSH authentication protocol is a general-purpose user The SSH authentication protocol is a general-purpose user
authentication protocol. It is intended to be run over the SSH authentication protocol. It is intended to be run over the SSH
transport layer protocol [SSH-TRANS]. This protocol assumes that the transport layer protocol [SSH-TRANS]. This protocol assumes that the
underlying protocols provide integrity and confidentiality underlying protocols provide integrity and confidentiality
protection. protection.
This document should be read only after reading the SSH architecture This document should be read only after reading the SSH architecture
skipping to change at page 14, line 24 skipping to change at page 14, line 24
Full security considerations for this protocol are provided in Full security considerations for this protocol are provided in
[SSH-ARCH]. [SSH-ARCH].
12. References 12. References
12.1 Normative 12.1 Normative
[SSH-ARCH] [SSH-ARCH]
Lonvick, C., "SSH Protocol Architecture", Lonvick, C., "SSH Protocol Architecture",
I-D draft-ietf-secsh-architecture-21.txt, February 2005. I-D draft-ietf-secsh-architecture-22.txt, March 2005.
[SSH-CONNECT] [SSH-CONNECT]
Lonvick, C., "SSH Connection Protocol", Lonvick, C., "SSH Connection Protocol",
I-D draft-ietf-secsh-connect-24.txt, February 2005. I-D draft-ietf-secsh-connect-25.txt, March 2005.
[SSH-TRANS] [SSH-TRANS]
Lonvick, C., "SSH Transport Layer Protocol", Lonvick, C., "SSH Transport Layer Protocol",
I-D draft-ietf-secsh-transport-23.txt, February 2005. I-D draft-ietf-secsh-transport-24.txt, March 2005.
[SSH-NUMBERS] [SSH-NUMBERS]
Lonvick, C., "SSH Protocol Assigned Numbers", Lonvick, C., "SSH Protocol Assigned Numbers",
I-D draft-ietf-secsh-assignednumbers-11.txt, February I-D draft-ietf-secsh-assignednumbers-12.txt, March 2005.
2005.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC2434] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 2434, IANA Considerations Section in RFCs", BCP 26, RFC 2434,
October 1998. October 1998.
[RFC3066] Alvestrand, H., "Tags for the Identification of [RFC3066] Alvestrand, H., "Tags for the Identification of
Languages", BCP 47, RFC 3066, January 2001. Languages", BCP 47, RFC 3066, January 2001.
skipping to change at page 15, line 15 skipping to change at page 15, line 14
and passwords", and passwords",
Internet-Draft draft-ietf-sasl-saslprep-10, July 2004. Internet-Draft draft-ietf-sasl-saslprep-10, July 2004.
12.2 Informative 12.2 Informative
[ssh-1.2.30] [ssh-1.2.30]
Ylonen, T., "ssh-1.2.30/RFC", File within compressed Ylonen, T., "ssh-1.2.30/RFC", File within compressed
tarball ftp://ftp.funet.fi/pub/unix/security/login/ssh/ tarball ftp://ftp.funet.fi/pub/unix/security/login/ssh/
ssh-1.2.30.tar.gz, November 1995. ssh-1.2.30.tar.gz, November 1995.
Author's Address Authors' Addresses
Tatu Ylonen
SSH Communications Security Corp
Fredrikinkatu 42
HELSINKI FIN-00100
Finland
Email: ylo@ssh.com
Chris Lonvick (editor) Chris Lonvick (editor)
Cisco Systems, Inc. Cisco Systems, Inc.
12515 Research Blvd. 12515 Research Blvd.
Austin 78759 Austin 78759
USA USA
Email: clonvick@cisco.com Email: clonvick@cisco.com
Appendix A. Trademark Notice
"ssh" is a registered trademark in the United States and/or other
countries.
Note to the RFC Editor: This should be a separate section like the
subsequent ones, and not an appendix. This paragraph to be removed
before publication.
Intellectual Property Statement Intellectual Property Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/