Secure Shell (secsh) Internet Drafts
| Secure Shell Public-Key Subsystem | |||||||||||||||||
|
Secure Shell defines a user authentication mechanism that is based on public keys, but does not define any mechanism for key distribution. No common key management solution exists in current implementations. This document describes a protocol that can be used to configure public keys in an implementation-independent fashion, allowing client software to take on the burden of this configuration. The public-key subsystem provides a server-independent mechanism for clients to add public keys, remove public keys, and list the current public keys known by the server. Rights to manage public keys are specific and limited to the authenticated user. A public key may also be associated with various restrictions, including a mandatory command or subsystem. | ||||||||||||||||
 |
 |
 |
 |
|
 |
|
 |
|
 |
|
 |
Secure Shell (secsh)
Last Modified: 2005-09-08
Additional information is available at tools.ietf.org/wg/secsh
Chair(s):
Security Area Director(s):
Security Area Advisor:
Mailing Lists:
General Discussion: ietf-ssh@netbsd.orgTo Subscribe: majordomo@netbsd.org
In Body: subscribe ietf-ssh
Archive: ftp://ftp.ietf.org/ietf-mail-archive/secsh/
Description of Working Group:
The goal of the working group is to update and standardize the popularSSH protocol. SSH provides support for secure remote login, secure file
transfer, and secure TCP/IP and X11 forwardings. It can automatically
encrypt, authenticate, and compress transmitted data. The working
group will attempt to assure that the SSH protocol
o provides strong security against cryptanalysis and protocol
attacks,
o can work reasonably well without a global key management or
certificate infrastructure,
o can utilize existing certificate infrastructures (e.g., DNSSEC,
SPKI, X.509) when available,
o can be made easy to deploy and take into use,
o requires minimum or no manual interaction from users,
o is reasonably clean and simple to implement.
The resulting protocol will operate over TCP/IP or other reliable but
insecure transport. It is intended to be implemented at the application
level.
Goals and Milestones:
| Done | Submit Internet-Draft on SSH-2.0 protocol | |
| Done | Decide on Transport Layer protocol at Memphis IETF. | |
| Done | Post revised core secsh drafts | |
| Done | Submit core drafts to IESG for publication as proposed standard | |
| Done | Post extensions drafts for review | |
| Done | Start sending extensions drafts to Last Call | |
| Done | Publish draft on new crypto modes | |
| Done | GSSAPI draft ready for last call | |
| Done | Publish draft on X.509v3/pkix support (or subsume into gssapi draft) | |
| Done | Publish draft on terminal server support | |
| Done | IESG approval of core drafts | |
| Aug 2005 | Public key subsystem ready for last call | |
| Done | Publickeyfile ready for last call as Informational | |
| Sep 2005 | URI draft ready for last call | |
| Oct 2005 | File transfer draft ready for last call | |
| Oct 2005 | X.509v3/pkix draft ready for last call | |
| Nov 2005 | Investigate Draft Standard status for secure shell |
Internet-Drafts:
SSH File Transfer Protocol (120970 bytes)SSH Public Key File Format (20200 bytes)
Secure Shell Public-Key Subsystem (34346 bytes)
Request For Comments:
The Secure Shell (SSH) Protocol Assigned Numbers (RFC 4250) (44010 bytes)Generic Message Exchange Authentication For The Secure Shell Protocol (SSH) (RFC 4256) (24728 bytes)
Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints (RFC 4255) (18399 bytes)
The Secure Shell (SSH) Connection Protocol (RFC 4254) (50338 bytes)
The Secure Shell (SSH) Transport Layer Protocol (RFC 4253) (68263 bytes)
The Secure Shell (SSH) Authentication Protocol (RFC 4252) (34268 bytes)
The Secure Shell (SSH) Protocol Architecture (RFC 4251) (71750 bytes)
The Secure Shell (SSH) Transport Layer Encryption Modes (RFC 4344) (27521 bytes)
Secure Shell (SSH) Session Channel Break Extension (RFC 4335) (11370 bytes)
Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol (RFC 4419) (18356 bytes)
Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell Protocol (RFC 4462) (65280 bytes)
IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org.
Return to working group directory. 
