37 results ( Show 25 | All )
| Number | Files | Title | Authors | Date | More Info | Status |
|---|---|---|---|---|---|---|
| RFC 9519 | HTML, TEXT, PDF, XML | Update to the IANA SSH Protocol Parameters Registry Requirements | P. Yee | January 2024 | Updates RFC 4250, RFC 4716, RFC 4819, RFC 8308 | Proposed Standard |
| ABSTRACT | This specification updates the registration policies for adding new entries to registries within the IANA "Secure Shell (SSH) Protocol Parameters" group of registries. Previously, the registration policy was generally IETF Review, as defined in RFC 8126, although a few registries require Standards Action. This specification changes it from IETF Review to Expert Review. This document updates RFCs 4250, 4716, 4819, and 8308. | |||||
| RFC 9212 | HTML, TEXT, PDF, XML | Commercial National Security Algorithm (CNSA) Suite Cryptography for Secure Shell (SSH) | N. Gajcowski, M. Jenkins | March 2022 | Informational | |
| ABSTRACT | The United States Government has published the National Security Agency (NSA) Commercial National Security Algorithm (CNSA) Suite, which defines cryptographic algorithm policy for national security applications. This document specifies the conventions for using the United States National Security Agency's CNSA Suite algorithms with the Secure Shell Transport Layer Protocol and the Secure Shell Authentication Protocol. It applies to the capabilities, configuration, and operation of all components of US National Security Systems (described in NIST Special Publication 800-59) that employ Secure Shell (SSH). This document is also appropriate for all other US Government systems that process high-value information. It is made publicly available for use by developers and operators of these and any other system deployments. | |||||
| RFC 9142 | HTML, TEXT, PDF, XML, HTML with inline errata | Key Exchange (KEX) Method Updates and Recommendations for Secure Shell (SSH) | M. Baushke | January 2022 | Errata, Updates RFC 4250, RFC 4253, RFC 4432, RFC 4462 | Proposed Standard |
| ABSTRACT | This document updates the recommended set of key exchange methods for use in the Secure Shell (SSH) protocol to meet evolving needs for stronger security. It updates RFCs 4250, 4253, 4432, and 4462. | |||||
| RFC 8758 a.k.a. BCP 227 | HTML, TEXT, PDF, XML | Deprecating RC4 in Secure Shell (SSH) | L. Velvindron | April 2020 | Updates RFC 4253 | Best Current Practice |
| ABSTRACT | This document deprecates RC4 in Secure Shell (SSH). Therefore, this document formally moves RFC 4345 to Historic status. | |||||
| RFC 8732 | HTML, TEXT, PDF, XML | Generic Security Service Application Program Interface (GSS-API) Key Exchange with SHA-2 | S. Sorce, H. Kario | February 2020 | Updates RFC 4462 | Proposed Standard |
| ABSTRACT | This document specifies additions and amendments to RFC 4462. It defines a new key exchange method that uses SHA-2 for integrity and deprecates weak Diffie-Hellman (DH) groups. The purpose of this specification is to modernize the cryptographic primitives used by Generic Security Service (GSS) key exchanges. | |||||
| RFC 8731 | HTML, TEXT, PDF, XML | Secure Shell (SSH) Key Exchange Method Using Curve25519 and Curve448 | A. Adamantiadis, S. Josefsson, M. Baushke | February 2020 | Proposed Standard | |
| ABSTRACT | This document describes the specification for using Curve25519 and Curve448 key exchange methods in the Secure Shell (SSH) protocol. | |||||
| RFC 8709 | HTML, TEXT, PDF, XML, HTML with inline errata | Ed25519 and Ed448 Public Key Algorithms for the Secure Shell (SSH) Protocol | B. Harris, L. Velvindron | February 2020 | Errata, Updates RFC 4253 | Proposed Standard |
| ABSTRACT | This document describes the use of the Ed25519 and Ed448 digital signature algorithms in the Secure Shell (SSH) protocol. Accordingly, this RFC updates RFC 4253. | |||||
| RFC 8308 | ASCII, PDF, HTML | Extension Negotiation in the Secure Shell (SSH) Protocol | D. Bider | March 2018 | Updates RFC 4251, RFC 4252, RFC 4253, RFC 4254, Updated by RFC 9519 | Proposed Standard |
| ABSTRACT | This memo updates RFCs 4251, 4252, 4253, and 4254 by defining a mechanism for Secure Shell (SSH) clients and servers to exchange information about supported protocol extensions confidentially after SSH key exchange. | |||||
| RFC 8332 | ASCII, PDF, HTML | Use of RSA Keys with SHA-256 and SHA-512 in the Secure Shell (SSH) Protocol | D. Bider | March 2018 | Updates RFC 4252, RFC 4253 | Proposed Standard |
| ABSTRACT | This memo updates RFCs 4252 and 4253 to define new public key algorithms for use of RSA keys with SHA-256 and SHA-512 for server and client authentication in SSH connections. | |||||
| RFC 8268 | ASCII, PDF, HTML | More Modular Exponentiation (MODP) Diffie-Hellman (DH) Key Exchange (KEX) Groups for Secure Shell (SSH) | M. Baushke | December 2017 | Updates RFC 4250, RFC 4253 | Proposed Standard |
| ABSTRACT | This document defines added Modular Exponentiation (MODP) groups for the Secure Shell (SSH) protocol using SHA-2 hashes. This document updates RFC 4250. This document updates RFC 4253 by correcting an error regarding checking the Peer's DH Public Key. | |||||
| RFC 8270 | ASCII, PDF, HTML | Increase the Secure Shell Minimum Recommended Diffie-Hellman Modulus Size to 2048 Bits | L. Velvindron, M. Baushke | December 2017 | Errata, Updates RFC 4419 | Proposed Standard |
| ABSTRACT | The Diffie-Hellman (DH) Group Exchange for the Secure Shell (SSH) transport-layer protocol specifies that servers and clients should support groups with a minimum modulus group size of 1024 bits. Recent security research has shown that the minimum value of 1024 bits is insufficient to protect against state-sponsored actors and any organization with enough computing resources. This RFC updates RFC 4419, which allowed for DH moduli less than 2048 bits; now, 2048 bits is the minimum acceptable group size. | |||||
| RFC 8160 | ASCII, PDF, HTML | IUTF8 Terminal Mode in Secure Shell (SSH) | S. Tatham, D. Tucker | April 2017 | Proposed Standard | |
| ABSTRACT | This document specifies a new opcode in the Secure Shell terminal modes encoding. The new opcode describes the widely used IUTF8 terminal mode bit, which indicates that terminal I/O uses UTF-8 character encoding. | |||||
| RFC 7479 | ASCII, PDF, HTML, HTML with inline errata | Using Ed25519 in SSHFP Resource Records | S. Moonesamy | March 2015 | Errata | Informational |
| ABSTRACT | The Ed25519 signature algorithm has been implemented in OpenSSH. This document updates the IANA "SSHFP RR Types for public key algorithms" registry by adding an algorithm number for Ed25519. | |||||
| RFC 6668 | ASCII, PDF, HTML | SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol | D. Bider, M. Baushke | July 2012 | Updates RFC 4253 | Proposed Standard |
| ABSTRACT | This memo defines algorithm names and parameters for use in some of the SHA-2 family of secure hash algorithms for data integrity verification in the Secure Shell (SSH) protocol. It also updates RFC 4253 by specifying a new RECOMMENDED data integrity algorithm. [STANDARDS-TRACK] | |||||
| RFC 6594 | ASCII, PDF, HTML | Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records | O. Sury | April 2012 | Errata | Proposed Standard |
| ABSTRACT | This document updates the IANA registries in RFC 4255, which defines SSHFP, a DNS Resource Record (RR) that contains a standard Secure Shell (SSH) key fingerprint used to verify SSH host keys using DNS Security Extensions (DNSSEC). This document defines additional options supporting SSH public keys applying the Elliptic Curve Digital Signature Algorithm (ECDSA) and the implementation of fingerprints computed using the SHA-256 message digest algorithm in SSHFP Resource Records. [STANDARDS-TRACK] | |||||
| RFC 6242 | ASCII, PDF, HTML | Using the NETCONF Protocol over Secure Shell (SSH) | M. Wasserman | June 2011 | Errata, Obsoletes RFC 4742 | Proposed Standard |
| ABSTRACT | This document describes a method for invoking and running the Network Configuration Protocol (NETCONF) within a Secure Shell (SSH) session as an SSH subsystem. This document obsoletes RFC 4742. [STANDARDS-TRACK] | |||||
| RFC 6239 | ASCII, PDF, HTML | Suite B Cryptographic Suites for Secure Shell (SSH) | K. Igoe | May 2011 | Errata | Historic (changed from Informational July 2018) |
| ABSTRACT | This document describes the architecture of a Suite B compliant implementation of the Secure Shell Transport Layer Protocol and the Secure Shell Authentication Protocol. Suite B Secure Shell makes use of the elliptic curve Diffie-Hellman (ECDH) key agreement, the elliptic curve digital signature algorithm (ECDSA), the Advanced Encryption Standard running in Galois/Counter Mode (AES-GCM), two members of the SHA-2 family of hashes (SHA-256 and SHA-384), and X.509 certificates. This document is not an Internet Standards Track specification; it is published for informational purposes. | |||||
| RFC 5647 | ASCII, PDF, HTML | AES Galois Counter Mode for the Secure Shell Transport Layer Protocol | K. Igoe, J. Solinas | August 2009 | Informational | |
| ABSTRACT | Secure shell (SSH) is a secure remote-login protocol. SSH provides for algorithms that provide authentication, key agreement, confidentiality, and data-integrity services. The purpose of this document is to show how the AES Galois Counter Mode can be used to provide both confidentiality and data integrity to the SSH Transport Layer Protocol. This memo provides information for the Internet community. | |||||
| RFC 5608 | ASCII, PDF, HTML, HTML with inline errata | Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models | K. Narayan, D. Nelson | August 2009 | Errata | Proposed Standard |
| ABSTRACT | This memo describes the use of a Remote Authentication Dial-In User Service (RADIUS) authentication and authorization service with Simple Network Management Protocol (SNMP) secure Transport Models to authenticate users and authorize creation of secure transport sessions. While the recommendations of this memo are generally applicable to a broad class of SNMP Transport Models, the examples focus on the Secure Shell (SSH) Transport Model. [STANDARDS-TRACK] | |||||
| RFC 5592 | ASCII, PDF, HTML | Secure Shell Transport Model for the Simple Network Management Protocol (SNMP) | D. Harrington, J. Salowey, W. Hardaker | June 2009 | Proposed Standard | |
| ABSTRACT | This memo describes a Transport Model for the Simple Network Management Protocol (SNMP), using the Secure Shell (SSH) protocol. This memo also defines a portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP-based internets. In particular, it defines objects for monitoring and managing the Secure Shell Transport Model for SNMP. [STANDARDS-TRACK] | |||||
| RFC 5114 | ASCII, PDF, HTML | Additional Diffie-Hellman Groups for Use with IETF Standards | M. Lepinski, S. Kent | January 2008 | Informational | |
| ABSTRACT | This document describes eight Diffie-Hellman groups that can be used in conjunction with IETF protocols to provide security for Internet communications. The groups allow implementers to use the same groups with a variety of security protocols, e.g., SMIME, Secure SHell (SSH), Transport Layer Security (TLS), and Internet Key Exchange (IKE). All of these groups comply in form and structure with relevant standards from ISO, ANSI, NIST, and the IEEE. These groups are compatible with all IETF standards that make use of Diffie-Hellman or Elliptic Curve Diffie-Hellman cryptography. These groups and the associated test data are defined by NIST on their web site [EX80056A], but have not yet (as of this writing) been published in a formal NIST document. Publication of these groups and associated test data, as well as describing how to use Diffie-Hellman and Elliptic Curve Diffie-Hellman for key agreement in all of the protocols cited below, in one RFC, will facilitate development of interoperable implementations and support the Federal Information Processing Standard (FIPS) validation of implementations that make use of these groups. This memo provides information for the Internet community. | |||||
| RFC 4819 | ASCII, PDF, HTML | Secure Shell Public Key Subsystem | J. Galbraith, J. Van Dyke, J. Bright | March 2007 | Updated by RFC 9519 | Proposed Standard |
| ABSTRACT | Secure Shell defines a user authentication mechanism that is based on public keys, but does not define any mechanism for key distribution. No common key management solution exists in current implementations. This document describes a protocol that can be used to configure public keys in an implementation-independent fashion, allowing client software to take on the burden of this configuration. The Public Key Subsystem provides a server-independent mechanism for clients to add public keys, remove public keys, and list the current public keys known by the server. Rights to manage public keys are specific and limited to the authenticated user. A public key may also be associated with various restrictions, including a mandatory command or subsystem. [STANDARDS-TRACK] | |||||
| RFC 4742 | ASCII, PDF, HTML, HTML with inline errata | Using the NETCONF Configuration Protocol over Secure SHell (SSH) | M. Wasserman, T. Goddard | December 2006 | Errata, Obsoleted by RFC 6242 | Proposed Standard |
| ABSTRACT | This document describes a method for invoking and running the Network Configuration Protocol (NETCONF) within a Secure Shell (SSH) session as an SSH subsystem. [STANDARDS-TRACK] | |||||
| RFC 4716 | ASCII, PDF, HTML | The Secure Shell (SSH) Public Key File Format | J. Galbraith, R. Thayer | November 2006 | Updated by RFC 9519 | Informational |
| ABSTRACT | This document formally documents an existing public key file format in use for exchanging public keys between different Secure Shell (SSH) implementations. In addition, this document defines a standard textual representation for SSH public key fingerprints. This memo provides information for the Internet community. | |||||
| RFC 4462 | ASCII, PDF, HTML, HTML with inline errata | Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol | J. Hutzelman, J. Salowey, J. Galbraith, V. Welch | May 2006 | Errata, Updated by RFC 8732, RFC 9142 | Proposed Standard |
| ABSTRACT | The Secure Shell protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network. The Generic Security Service Application Program Interface (GSS-API) provides security services to callers in a mechanism-independent fashion. This memo describes methods for using the GSS-API for authentication and key exchange in SSH. It defines an SSH user authentication method that uses a specified GSS-API mechanism to authenticate a user, and a family of SSH key exchange methods that use GSS-API to authenticate a Diffie-Hellman key exchange. This memo also defines a new host public key algorithm that can be used when no operations are needed using a host's public key, and a new user authentication method that allows an authorization name to be used in conjunction with any authentication that has already occurred as a side-effect of GSS-API-based key exchange. [STANDARDS-TRACK] | |||||