RFC 7076

P6R's Secure Shell Public Key Subsystem, November 2013

File formats:
icon for text file icon for PDF icon for HTML
Status:
INFORMATIONAL
Authors:
M. Joseph
J. Susoy
Stream:
INDEPENDENT

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC7076

Discuss this RFC: Send questions or comments to the mailing list rfc-ise@rfc-editor.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 7076


Abstract

The Secure Shell (SSH) Public Key Subsystem protocol defines a key distribution protocol that is limited to provisioning an SSH server with a user's public keys. This document describes a new protocol that builds on the protocol defined in RFC 4819 to allow the provisioning of keys and certificates to a server using the SSH transport.

The new protocol allows the calling client to organize keys and certificates in different namespaces on a server. These namespaces can be used by the server to allow a client to configure any application running on the server (e.g., SSH, Key Management Interoperability Protocol (KMIP), Simple Network Management Protocol (SNMP)).

The new protocol provides a server-independent mechanism for clients to add public keys, remove public keys, add certificates, remove certificates, and list the current set of keys and certificates known by the server by namespace (e.g., list all public keys in the SSH namespace).

Rights to manage keys and certificates in a particular namespace are specific and limited to the authorized user and are defined as part of the server's implementation. The described protocol is backward compatible to version 2 defined by RFC 4819.


For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.




Advanced Search