Key exchange method
Click on the red underlined text to get to the source
... Secure Shell protocol using the GSS-API.
To do this, it defines a family of key exchange methods, two user
authentication methods, and a new host key algorithm ...
...
This section defines a class of key exchange methods that combine the
Diffie-Hellman key exchange from Section 8 of [SSH-TRANSPORT ...
... certificates (K_S)
Since this key exchange method does not require the host key to be
used for any encryption ...
... MIME].
Each and every such key exchange method is implicitly registered by
this specification. The IESG is considered to be the owner of all
...
... this specification. The IESG is considered to be the owner of all
such key exchange methods; this does NOT imply that the IESG is
considered to be the owner of the underlying GSS-API mechanism ...
... MIME].
Each and every such key exchange method is implicitly registered by
this specification. The IESG is considered to be the owner of all
...
... this specification. The IESG is considered to be the owner of all
such key exchange methods; this does NOT imply that the IESG is
considered to be the owner of the underlying GSS-API mechanism ...
... MIME].
Each and every such key exchange method is implicitly registered by
this specification. The IESG is considered to be the owner of all
...
... this specification. The IESG is considered to be the owner of all
such key exchange methods; this does NOT imply that the IESG is
considered to be the owner of the underlying GSS-API mechanism ...
...
Key exchange method names starting with "gss-" are reserved for key
exchange methods that conform to this document; in particular, for
...
... Key exchange method names starting with "gss-" are reserved for key
exchange methods that conform to this document; in particular, for
those methods that use the GSS-API-authenticated ...
... signature nor encryption algorithms. Thus, it can
be used only with key exchange methods that do not require any
public-key operations and do not require the use of host ...
... host public key
material. The key exchange methods described in Section 2 are
examples of such methods.
...
... Kerberos
[KRB5], and thus the only permitted key exchange method is the
GSS-API-authenticated Diffie-Hellman exchange ...
... Kerberos.
Any implementation supporting at least one key exchange method that
conforms to Section 2 MUST also support the "null" host key
algorithm. Servers MUST NOT advertise the "null" host key algorithm ...
... SPNEGO] in conjunction with the authentication and key exchange
methods described in this document is both unnecessary and
undesirable. As a result, mechanisms conforming to this document
MUST NOT use SPNEGO ...
... SSH performs its own negotiation of authentication and key
exchange methods, the negotiation capability of SPNEGO alone does not
...
... client. In the case of key exchange, this
protection is not needed because the key exchange methods described
here already perform an equivalent operation; namely, they generate a
MIC ...
... negotiation
algorithm for key exchange methods as described in Section 7.1 of
[SSH-TRANSPORT] and/or the negotiation ...
... method names beginning with "gss-
group1-sha1-" and not containing the at-sign ('@'), to name the
key exchange methods defined in Section 2.3.
The family of SSH key ...
... SSH key exchange method names beginning with "gss-
gex-sha1-" and not containing the at-sign ('@'), to name the key
exchange methods defined in Section 2.5.
All other SSH key ...
... SSH key exchange method names beginning with "gss-" and
not containing the at-sign ('@'), to be reserved for future key
exchange methods defined in conformance with this document, as
noted in Section 2.6.
...
... security considerations.
The key exchange method described in Section 2 depends on the
underlying GSS-API mechanism to provide both mutual authentication ...