method
Click on the red underlined text to get to the source
... Secure Shell protocol using the GSS-API.
To do this, it defines a family of key exchange methods, two user
authentication methods, and a new host key algorithm ...
... To do this, it defines a family of key exchange methods, two user
authentication methods, and a new host key algorithm. These
definitions allow any GSS-API mechanism ...
...
This section defines a class of key exchange methods that combine the
Diffie-Hellman key exchange from Section 8 of [SSH-TRANSPORT ...
... GSS-API.
Since the GSS-API key exchange methods described in this section do
not require the use of public key signature or encryption algorithms ...
... If the client does not support the "gssapi-keyex" user
authentication method described in Section 4, or does not intend
to use that method in conjunction ...
... user
authentication method described in Section 4, or does not intend
to use that method in conjunction with the GSS-API context ...
... security policy
to obscure information about the precise nature of the error; thus,
it is RECOMMENDED that implementations provide a method to suppress
these messages as a matter of policy.
...
... hash algorithm
for computing the exchange hash is defined by the method name, and is
called HASH. The group ...
... Diffie-Hellman key exchange and the
underlying GSS-API mechanism are also defined by the method name.
After the client ...
... certificates (K_S)
Since this key exchange method does not require the host key to be
used for any encryption ...
... negotiation of
the group to be used, using a method based on that described in
[GROUP-EXCHANGE].
...
...
Each of these methods specifies GSS-API-authenticated Diffie-Hellman
key exchange as described in Section 2.1 with SHA-1 ...
... group defined in Section 8.1 of [SSH-TRANSPORT]. The method name for
each method is the concatenation ...
... SSH-TRANSPORT]. The method name for
each method is the concatenation of the string "gss-group1-sha1-"
with the Base64 encoding ...
... MIME].
Each and every such key exchange method is implicitly registered by
this specification. The IESG is considered to be the owner of all
...
... this specification. The IESG is considered to be the owner of all
such key exchange methods; this does NOT imply that the IESG is
considered to be the owner of the underlying GSS-API mechanism ...
... group defined in Section 8.2 of [SSH-TRANSPORT]. The method name for
each method is the concatenation ...
... SSH-TRANSPORT]. The method name for
each method is the concatenation of the string "gss-group14-sha1-"
with the Base64 encoding ...
... MIME].
Each and every such key exchange method is implicitly registered by
this specification. The IESG is considered to be the owner of all
...
... this specification. The IESG is considered to be the owner of all
such key exchange methods; this does NOT imply that the IESG is
considered to be the owner of the underlying GSS-API mechanism ...
...
Each of these methods specifies GSS-API-authenticated Diffie-Hellman
key exchange as described in Section 2.2 with SHA-1 ...
... HASH. The
method name for each method is the concatenation of the string "gss-
gex-sha1-" with the Base64 encoding ...
... MIME].
Each and every such key exchange method is implicitly registered by
this specification. The IESG is considered to be the owner of all
...
... this specification. The IESG is considered to be the owner of all
such key exchange methods; this does NOT imply that the IESG is
considered to be the owner of the underlying GSS-API mechanism ...
... Other GSS-API Key Exchange Methods ...
...
Key exchange method names starting with "gss-" are reserved for key
exchange methods that conform to this document; in particular, for
...
... Key exchange method names starting with "gss-" are reserved for key
exchange methods that conform to this document; in particular, for
those methods that use the GSS-API-authenticated ...
... starting with "gss-" are reserved for key
exchange methods that conform to this document; in particular, for
those methods that use the GSS-API-authenticated Diffie-Hellman key
...
... exchange algorithm described in Section 2.1, including any future
methods that use different groups and/or hash functions. The intent
...
... groups and/or hash functions. The intent
is that the names for any such future methods be defined in a similar
manner to that used in Section 2.3.
...
...
This section describes a general-purpose user authentication method
based on [GSSAPI]. It is intended to be run over the SSH ...
... SSH-USERAUTH].
The authentication method name for this protocol is "gssapi-with-
mic".
...
... US-ASCII)
string "gssapi-with-mic" (US-ASCII method name)
uint32 n, the number of mechanism OIDs ...
... that are of the same priority, compared to non-GSS-API authentication
methods. Otherwise, authentication methods may be executed out of
order. Thus, the client ...
... priority, compared to non-GSS-API authentication
methods. Otherwise, authentication methods may be executed out of
order. Thus, the client could first send an SSH ...
... If an error occurs during this exchange on server side, the server
can terminate the method by sending an SSH_MSG_USERAUTH_FAILURE
packet. If an error occurs on client side ...
... client side, the client can terminate
the method by sending a new SSH_MSG_USERAUTH_REQUEST packet.
...
... authentication
service, it is possible that the client would fail to complete the
authentication method, but not be able to retry other methods because
the server had already moved on. To protect against this, a final
...
... client would fail to complete the
authentication method, but not be able to retry other methods because
the server had already moved on. To protect against this, a final
message is sent by the client ...
...
As with all SSH authentication methods, successful completion is
indicated by an SSH_MSG_USERAUTH_SUCCESS if no other authentication ...
...
This section describes a user authentication method building on the
framework described in [SSH-USERAUTH ...
... framework described in [SSH-USERAUTH]. This method performs user
authentication by making use of an existing GSS-API context ...
... key exchange.
The authentication method name for this protocol is "gssapi-keyex".
This method ...
... authentication method name for this protocol is "gssapi-keyex".
This method may be used only if the initial key exchange was
performed using a GSS-API-based key exchange ...
... key exchange was
performed using a GSS-API-based key exchange method defined in
accordance with Section 2. The GSS-API context ...
... accordance with Section 2. The GSS-API context used with this method
is always that established during an initial GSS-API-based key
exchange. Any context ...
... key exchange for the
purpose of rekeying MUST NOT be used with this method.
The server SHOULD include this user authentication ...
...
The server SHOULD include this user authentication method in the list
of methods that can continue (in an SSH ...
... user authentication method in the list
of methods that can continue (in an SSH_MSG_USERAUTH_FAILURE) if the
initial key exchange ...
... key exchange was performed using a GSS-API-based key exchange
method and provides information about the user's identity that is
useful to the server. It MUST NOT include this method ...
... method and provides information about the user's identity that is
useful to the server. It MUST NOT include this method if the initial
key exchange was not performed using a GSS-API-based key exchange ...
... key exchange was not performed using a GSS-API-based key exchange
method defined in accordance with Section 2.
The client ...
...
The client SHOULD attempt to use this method if it is advertised by
the server, initial key exchange was performed using a GSS-API-based
key exchange ...
... by
the server, initial key exchange was performed using a GSS-API-based
key exchange method, and this method has not already been tried. The
client ...
... key exchange was performed using a GSS-API-based
key exchange method, and this method has not already been tried. The
client SHOULD NOT try this method ...
... method has not already been tried. The
client SHOULD NOT try this method more than once per session. It
MUST NOT try this method ...
... method more than once per session. It
MUST NOT try this method if initial key exchange was not performed
using a GSS-API-based key exchange ...
... key exchange was not performed
using a GSS-API-based key exchange method defined in accordance with
Section 2.
...
... Section 2.
If a server receives a request for this method when initial key
exchange was not performed using a GSS-API-based key exchange method ...
... method when initial key
exchange was not performed using a GSS-API-based key exchange method
defined in accordance with Section 2, it MUST return
SSH ...
... key exchange was performed
using a GSS-API-based key exchange method, the server uses
GSS_VerifyMIC() to verify that the MIC ...
... signature nor encryption algorithms. Thus, it can
be used only with key exchange methods that do not require any
public-key operations and do not require the use of host ...
... host public key
material. The key exchange methods described in Section 2 are
examples of such methods.
...
... material. The key exchange methods described in Section 2 are
examples of such methods.
This algorithm ...
... Kerberos
[KRB5], and thus the only permitted key exchange method is the
GSS-API-authenticated Diffie-Hellman exchange ...
... Kerberos.
Any implementation supporting at least one key exchange method that
conforms to Section 2 MUST also support the "null" host key
algorithm. Servers MUST NOT advertise the "null" host key algorithm ...
... The numbers 30-49 are specific to key exchange and may be redefined
by other kex methods.
The following message numbers ...
... message numbers have been defined for use with the
'gssapi-with-mic' user authentication method:
#define SSH ...
... The numbers 60-79 are specific to user authentication and may be
redefined by other user auth methods. Note that in the method
described in this document, message number ...
... user authentication and may be
redefined by other user auth methods. Note that in the method
described in this document, message number 62 is unused.
...
... canonical hostname. Thus, implementers may wish to use other
methods, but should take care to ensure they are secure. For
example, one should not rely on an unprotected DNS record to map a
...
... SPNEGO] in conjunction with the authentication and key exchange
methods described in this document is both unnecessary and
undesirable. As a result, mechanisms conforming to this document
MUST NOT use SPNEGO ...
... SSH performs its own negotiation of authentication and key
exchange methods, the negotiation capability of SPNEGO alone does not
...
... SPNEGO alone does not
provide any added benefit. In fact, as described below, it has the
potential to result in the use of a weaker method than desired.
Normally, SPNEGO ...
... client. In the case of key exchange, this
protection is not needed because the key exchange methods described
here already perform an equivalent operation; namely, they generate a
MIC ...
... client's policy is to first prefer GSS-API-based key exchange
method X, then non-GSS-API method Y, then GSS-API ...
... GSS-API method Y, then GSS-API-based method Z, and
if a server supports mechanisms Y and Z but not X, then an attempt to
use SPNEGO ...
... SPNEGO to negotiate a GSS-API mechanism might result in the use
of method Z when method Y would have been preferable. As a result,
the use of SPNEGO ...
... GSS-API mechanism might result in the use
of method Z when method Y would have been preferable. As a result,
the use of SPNEGO could result in the subversion of the negotiation ...
... negotiation
algorithm for key exchange methods as described in Section 7.1 of
[SSH-TRANSPORT] and/or the negotiation ...
...
The family of SSH key exchange method names beginning with "gss-
group1-sha1-" and not containing the at-sign ('@'), to name the
key exchange methods ...
... method names beginning with "gss-
group1-sha1-" and not containing the at-sign ('@'), to name the
key exchange methods defined in Section 2.3.
The family of SSH key ...
...
The family of SSH key exchange method names beginning with "gss-
gex-sha1-" and not containing the at-sign ('@'), to name the key
exchange methods defined in Section 2.5.
...
... SSH key exchange method names beginning with "gss-
gex-sha1-" and not containing the at-sign ('@'), to name the key
exchange methods defined in Section 2.5.
All other SSH key ...
...
All other SSH key exchange method names beginning with "gss-" and
not containing the at-sign ('@'), to be reserved for future key
exchange methods defined in conformance with this document, as
...
... SSH key exchange method names beginning with "gss-" and
not containing the at-sign ('@'), to be reserved for future key
exchange methods defined in conformance with this document, as
noted in Section 2.6.
...
... The SSH user authentication method name "gssapi-with-mic", to name
the GSS-API user authentication method ...
... method name "gssapi-with-mic", to name
the GSS-API user authentication method defined in Section 3.
The SSH ...
... The SSH user authentication method name "gssapi-keyex", to name
the GSS-API user authentication method ...
... method name "gssapi-keyex", to name
the GSS-API user authentication method defined in Section 4.
The SSH ...
... The SSH user authentication method name "gssapi" is to be
reserved, in order to avoid conflicts with implementations
supporting an earlier version ...
... The SSH user authentication method name "external-keyx" is to be
reserved, in order to avoid conflicts with implementations
supporting an earlier version ...
... security considerations.
The key exchange method described in Section 2 depends on the
underlying GSS-API mechanism to provide both mutual authentication ...
...
In order for the "external-keyx" user authentication method to be
used, it MUST have access to user authentication information obtained
...