37 results ( Show 25 | All )
| Number | Files | Title | Authors | Date | More Info | Status |
|---|---|---|---|---|---|---|
| RFC 4250 | ASCII, PDF, HTML | The Secure Shell (SSH) Protocol Assigned Numbers | S. Lehtinen, C. Lonvick, Ed. | January 2006 | Updated by RFC 8268, RFC 9142, RFC 9519 | Proposed Standard |
| ABSTRACT | This document defines the instructions to the IANA and the initial state of the IANA assigned numbers for the Secure Shell (SSH) protocol. It is intended only for the initialization of the IANA registries referenced in the set of SSH documents. [STANDARDS-TRACK] | |||||
| RFC 4251 | ASCII, PDF, HTML | The Secure Shell (SSH) Protocol Architecture | T. Ylonen, C. Lonvick, Ed. | January 2006 | Updated by RFC 8308, RFC 9141 | Proposed Standard |
| ABSTRACT | The Secure Shell (SSH) Protocol is a protocol for secure remote login and other secure network services over an insecure network. This document describes the architecture of the SSH protocol, as well as the notation and terminology used in SSH protocol documents. It also discusses the SSH algorithm naming system that allows local extensions. The SSH protocol consists of three major components: The Transport Layer Protocol provides server authentication, confidentiality, and integrity with perfect forward secrecy. The User Authentication Protocol authenticates the client to the server. The Connection Protocol multiplexes the encrypted tunnel into several logical channels. Details of these protocols are described in separate documents. [STANDARDS-TRACK] | |||||
| RFC 4252 | ASCII, PDF, HTML, HTML with inline errata | The Secure Shell (SSH) Authentication Protocol | T. Ylonen, C. Lonvick, Ed. | January 2006 | Errata, Updated by RFC 8308, RFC 8332 | Proposed Standard |
| ABSTRACT | The Secure Shell Protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network. This document describes the SSH authentication protocol framework and public key, password, and host-based client authentication methods. Additional authentication methods are described in separate documents. The SSH authentication protocol runs on top of the SSH transport layer protocol and provides a single authenticated tunnel for the SSH connection protocol. [STANDARDS-TRACK] | |||||
| RFC 4253 | ASCII, PDF, HTML, HTML with inline errata | The Secure Shell (SSH) Transport Layer Protocol | T. Ylonen, C. Lonvick, Ed. | January 2006 | Errata, Updated by RFC 6668, RFC 8268, RFC 8308, RFC 8332, RFC 8709, RFC 8758, RFC 9142 | Proposed Standard |
| ABSTRACT | The Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. This document describes the SSH transport layer protocol, which typically runs on top of TCP/IP. The protocol can be used as a basis for a number of secure network services. It provides strong encryption, server authentication, and integrity protection. It may also provide compression. Key exchange method, public key algorithm, symmetric encryption algorithm, message authentication algorithm, and hash algorithm are all negotiated. This document also describes the Diffie-Hellman key exchange method and the minimal set of algorithms that are needed to implement the SSH transport layer protocol. [STANDARDS-TRACK] | |||||
| RFC 4254 | ASCII, PDF, HTML, HTML with inline errata | The Secure Shell (SSH) Connection Protocol | T. Ylonen, C. Lonvick, Ed. | January 2006 | Errata, Updated by RFC 8308 | Proposed Standard |
| ABSTRACT | Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network. This document describes the SSH Connection Protocol. It provides interactive login sessions, remote execution of commands, forwarded TCP/IP connections, and forwarded X11 connections. All of these channels are multiplexed into a single encrypted tunnel. The SSH Connection Protocol has been designed to run on top of the SSH transport layer and user authentication protocols. [STANDARDS-TRACK] | |||||
| RFC 4255 | ASCII, PDF, HTML, HTML with inline errata | Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints | J. Schlyter, W. Griffin | January 2006 | Errata | Proposed Standard |
| ABSTRACT | This document describes a method of verifying Secure Shell (SSH) host keys using Domain Name System Security (DNSSEC). The document defines a new DNS resource record that contains a standard SSH key fingerprint. [STANDARDS-TRACK] | |||||
| RFC 4256 | ASCII, PDF, HTML, HTML with inline errata | Generic Message Exchange Authentication for the Secure Shell Protocol (SSH) | F. Cusack, M. Forssen | January 2006 | Errata | Proposed Standard |
| ABSTRACT | The Secure Shell Protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network. This document describes a general purpose authentication method for the SSH protocol, suitable for interactive authentications where the authentication data should be entered via a keyboard (or equivalent alphanumeric input device). The major goal of this method is to allow the SSH client to support a whole class of authentication mechanism(s) without knowing the specifics of the actual authentication mechanism(s). [STANDARDS-TRACK] | |||||
| RFC 4335 | ASCII, PDF, HTML | The Secure Shell (SSH) Session Channel Break Extension | J. Galbraith, P. Remaker | January 2006 | Errata | Proposed Standard |
| ABSTRACT | The Session Channel Break Extension provides a means to send a BREAK signal over a Secure Shell (SSH) terminal session. [STANDARDS-TRACK] | |||||
| RFC 4344 | ASCII, PDF, HTML | The Secure Shell (SSH) Transport Layer Encryption Modes | M. Bellare, T. Kohno, C. Namprempre | January 2006 | Proposed Standard | |
| ABSTRACT | Researchers have discovered that the authenticated encryption portion of the current SSH Transport Protocol is vulnerable to several attacks. This document describes new symmetric encryption methods for the Secure Shell (SSH) Transport Protocol and gives specific recommendations on how frequently SSH implementations should rekey. [STANDARDS-TRACK] | |||||
| RFC 4345 | ASCII, PDF, HTML | Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol | B. Harris | January 2006 | Errata | Proposed Standard |
| ABSTRACT | This document specifies methods of using the Arcfour cipher in the Secure Shell (SSH) protocol that mitigate the weakness of the cipher's key-scheduling algorithm. [STANDARDS-TRACK] | |||||
| RFC 4419 | ASCII, PDF, HTML, HTML with inline errata | Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol | M. Friedl, N. Provos, W. Simpson | March 2006 | Errata, Updated by RFC 8270 | Proposed Standard |
| ABSTRACT | This memo describes a new key exchange method for the Secure Shell (SSH) protocol. It allows the SSH server to propose new groups on which to perform the Diffie-Hellman key exchange to the client. The proposed groups need not be fixed and can change with time. [STANDARDS-TRACK] | |||||
| RFC 4432 | ASCII, PDF, HTML | RSA Key Exchange for the Secure Shell (SSH) Transport Layer Protocol | B. Harris | March 2006 | Updated by RFC 9142 | Proposed Standard |
| ABSTRACT | This memo describes a key-exchange method for the Secure Shell (SSH) protocol based on Rivest-Shamir-Adleman (RSA) public-key encryption. It uses much less client CPU time than the Diffie-Hellman algorithm specified as part of the core protocol, and hence is particularly suitable for slow client systems. [STANDARDS-TRACK] | |||||
| RFC 4462 | ASCII, PDF, HTML, HTML with inline errata | Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol | J. Hutzelman, J. Salowey, J. Galbraith, V. Welch | May 2006 | Errata, Updated by RFC 8732, RFC 9142 | Proposed Standard |
| ABSTRACT | The Secure Shell protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network. The Generic Security Service Application Program Interface (GSS-API) provides security services to callers in a mechanism-independent fashion. This memo describes methods for using the GSS-API for authentication and key exchange in SSH. It defines an SSH user authentication method that uses a specified GSS-API mechanism to authenticate a user, and a family of SSH key exchange methods that use GSS-API to authenticate a Diffie-Hellman key exchange. This memo also defines a new host public key algorithm that can be used when no operations are needed using a host's public key, and a new user authentication method that allows an authorization name to be used in conjunction with any authentication that has already occurred as a side-effect of GSS-API-based key exchange. [STANDARDS-TRACK] | |||||
| RFC 4716 | ASCII, PDF, HTML | The Secure Shell (SSH) Public Key File Format | J. Galbraith, R. Thayer | November 2006 | Updated by RFC 9519 | Informational |
| ABSTRACT | This document formally documents an existing public key file format in use for exchanging public keys between different Secure Shell (SSH) implementations. In addition, this document defines a standard textual representation for SSH public key fingerprints. This memo provides information for the Internet community. | |||||
| RFC 4742 | ASCII, PDF, HTML, HTML with inline errata | Using the NETCONF Configuration Protocol over Secure SHell (SSH) | M. Wasserman, T. Goddard | December 2006 | Errata, Obsoleted by RFC 6242 | Proposed Standard |
| ABSTRACT | This document describes a method for invoking and running the Network Configuration Protocol (NETCONF) within a Secure Shell (SSH) session as an SSH subsystem. [STANDARDS-TRACK] | |||||
| RFC 4819 | ASCII, PDF, HTML | Secure Shell Public Key Subsystem | J. Galbraith, J. Van Dyke, J. Bright | March 2007 | Updated by RFC 9519 | Proposed Standard |
| ABSTRACT | Secure Shell defines a user authentication mechanism that is based on public keys, but does not define any mechanism for key distribution. No common key management solution exists in current implementations. This document describes a protocol that can be used to configure public keys in an implementation-independent fashion, allowing client software to take on the burden of this configuration. The Public Key Subsystem provides a server-independent mechanism for clients to add public keys, remove public keys, and list the current public keys known by the server. Rights to manage public keys are specific and limited to the authenticated user. A public key may also be associated with various restrictions, including a mandatory command or subsystem. [STANDARDS-TRACK] | |||||
| RFC 5114 | ASCII, PDF, HTML | Additional Diffie-Hellman Groups for Use with IETF Standards | M. Lepinski, S. Kent | January 2008 | Informational | |
| ABSTRACT | This document describes eight Diffie-Hellman groups that can be used in conjunction with IETF protocols to provide security for Internet communications. The groups allow implementers to use the same groups with a variety of security protocols, e.g., SMIME, Secure SHell (SSH), Transport Layer Security (TLS), and Internet Key Exchange (IKE). All of these groups comply in form and structure with relevant standards from ISO, ANSI, NIST, and the IEEE. These groups are compatible with all IETF standards that make use of Diffie-Hellman or Elliptic Curve Diffie-Hellman cryptography. These groups and the associated test data are defined by NIST on their web site [EX80056A], but have not yet (as of this writing) been published in a formal NIST document. Publication of these groups and associated test data, as well as describing how to use Diffie-Hellman and Elliptic Curve Diffie-Hellman for key agreement in all of the protocols cited below, in one RFC, will facilitate development of interoperable implementations and support the Federal Information Processing Standard (FIPS) validation of implementations that make use of these groups. This memo provides information for the Internet community. | |||||
| RFC 5592 | ASCII, PDF, HTML | Secure Shell Transport Model for the Simple Network Management Protocol (SNMP) | D. Harrington, J. Salowey, W. Hardaker | June 2009 | Proposed Standard | |
| ABSTRACT | This memo describes a Transport Model for the Simple Network Management Protocol (SNMP), using the Secure Shell (SSH) protocol. This memo also defines a portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP-based internets. In particular, it defines objects for monitoring and managing the Secure Shell Transport Model for SNMP. [STANDARDS-TRACK] | |||||
| RFC 5608 | ASCII, PDF, HTML, HTML with inline errata | Remote Authentication Dial-In User Service (RADIUS) Usage for Simple Network Management Protocol (SNMP) Transport Models | K. Narayan, D. Nelson | August 2009 | Errata | Proposed Standard |
| ABSTRACT | This memo describes the use of a Remote Authentication Dial-In User Service (RADIUS) authentication and authorization service with Simple Network Management Protocol (SNMP) secure Transport Models to authenticate users and authorize creation of secure transport sessions. While the recommendations of this memo are generally applicable to a broad class of SNMP Transport Models, the examples focus on the Secure Shell (SSH) Transport Model. [STANDARDS-TRACK] | |||||
| RFC 5647 | ASCII, PDF, HTML | AES Galois Counter Mode for the Secure Shell Transport Layer Protocol | K. Igoe, J. Solinas | August 2009 | Informational | |
| ABSTRACT | Secure shell (SSH) is a secure remote-login protocol. SSH provides for algorithms that provide authentication, key agreement, confidentiality, and data-integrity services. The purpose of this document is to show how the AES Galois Counter Mode can be used to provide both confidentiality and data integrity to the SSH Transport Layer Protocol. This memo provides information for the Internet community. | |||||
| RFC 6239 | ASCII, PDF, HTML | Suite B Cryptographic Suites for Secure Shell (SSH) | K. Igoe | May 2011 | Errata | Historic (changed from Informational July 2018) |
| ABSTRACT | This document describes the architecture of a Suite B compliant implementation of the Secure Shell Transport Layer Protocol and the Secure Shell Authentication Protocol. Suite B Secure Shell makes use of the elliptic curve Diffie-Hellman (ECDH) key agreement, the elliptic curve digital signature algorithm (ECDSA), the Advanced Encryption Standard running in Galois/Counter Mode (AES-GCM), two members of the SHA-2 family of hashes (SHA-256 and SHA-384), and X.509 certificates. This document is not an Internet Standards Track specification; it is published for informational purposes. | |||||
| RFC 6242 | ASCII, PDF, HTML | Using the NETCONF Protocol over Secure Shell (SSH) | M. Wasserman | June 2011 | Errata, Obsoletes RFC 4742 | Proposed Standard |
| ABSTRACT | This document describes a method for invoking and running the Network Configuration Protocol (NETCONF) within a Secure Shell (SSH) session as an SSH subsystem. This document obsoletes RFC 4742. [STANDARDS-TRACK] | |||||
| RFC 6594 | ASCII, PDF, HTML | Use of the SHA-256 Algorithm with RSA, Digital Signature Algorithm (DSA), and Elliptic Curve DSA (ECDSA) in SSHFP Resource Records | O. Sury | April 2012 | Errata | Proposed Standard |
| ABSTRACT | This document updates the IANA registries in RFC 4255, which defines SSHFP, a DNS Resource Record (RR) that contains a standard Secure Shell (SSH) key fingerprint used to verify SSH host keys using DNS Security Extensions (DNSSEC). This document defines additional options supporting SSH public keys applying the Elliptic Curve Digital Signature Algorithm (ECDSA) and the implementation of fingerprints computed using the SHA-256 message digest algorithm in SSHFP Resource Records. [STANDARDS-TRACK] | |||||
| RFC 6668 | ASCII, PDF, HTML | SHA-2 Data Integrity Verification for the Secure Shell (SSH) Transport Layer Protocol | D. Bider, M. Baushke | July 2012 | Updates RFC 4253 | Proposed Standard |
| ABSTRACT | This memo defines algorithm names and parameters for use in some of the SHA-2 family of secure hash algorithms for data integrity verification in the Secure Shell (SSH) protocol. It also updates RFC 4253 by specifying a new RECOMMENDED data integrity algorithm. [STANDARDS-TRACK] | |||||
| RFC 7479 | ASCII, PDF, HTML, HTML with inline errata | Using Ed25519 in SSHFP Resource Records | S. Moonesamy | March 2015 | Errata | Informational |
| ABSTRACT | The Ed25519 signature algorithm has been implemented in OpenSSH. This document updates the IANA "SSHFP RR Types for public key algorithms" registry by adding an algorithm number for Ed25519. | |||||