RFC 4462
Generic Security Service Application Program Interface (GSS-API) Authentication and Key Exchange for the Secure Shell (SSH) Protocol, May 2006
- File formats:
- Status:
- PROPOSED STANDARD
- Updated by:
- RFC 8732, RFC 9142
- Authors:
- J. Hutzelman
J. Salowey
J. Galbraith
V. Welch - Stream:
- IETF
- Source:
- secsh (sec)
Cite this RFC: TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC4462
Discuss this RFC: Send questions or comments to the mailing list iesg@ietf.org
Other actions: View Errata | Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 4462
Abstract
The Secure Shell protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network.
The Generic Security Service Application Program Interface (GSS-API) provides security services to callers in a mechanism-independent fashion.
This memo describes methods for using the GSS-API for authentication and key exchange in SSH. It defines an SSH user authentication method that uses a specified GSS-API mechanism to authenticate a user, and a family of SSH key exchange methods that use GSS-API to authenticate a Diffie-Hellman key exchange.
This memo also defines a new host public key algorithm that can be used when no operations are needed using a host's public key, and a new user authentication method that allows an authorization name to be used in conjunction with any authentication that has already occurred as a side-effect of GSS-API-based key exchange. [STANDARDS-TRACK]
For the definition of Status, see RFC 2026.
For the definition of Stream, see RFC 8729.