%!PS-Adobe-3.0
%%BoundingBox: 75 0 595 747
%%Title: Enscript Output
%%For: Magnus Thoang
%%Creator: GNU enscript 1.6.1
%%CreationDate: Fri Oct 31 13:35:32 2003
%%Orientation: Portrait
%%Pages: 8 0
%%DocumentMedia: A4 595 842 0 () ()
%%DocumentNeededResources: (atend)
%%EndComments
%%BeginProlog
%%BeginProcSet: PStoPS 1 15
userdict begin
[/showpage/erasepage/copypage]{dup where{pop dup load
type/operatortype eq{1 array cvx dup 0 3 index cvx put
bind def}{pop}ifelse}{pop}ifelse}forall
[/letter/legal/executivepage/a4/a4small/b5/com10envelope
/monarchenvelope/c5envelope/dlenvelope/lettersmall/note
/folio/quarto/a5]{dup where{dup wcheck{exch{}put}
{pop{}def}ifelse}{pop}ifelse}forall
/setpagedevice {pop}bind 1 index where{dup wcheck{3 1 roll put}
{pop def}ifelse}{def}ifelse
/PStoPSmatrix matrix currentmatrix def
/PStoPSxform matrix def/PStoPSclip{clippath}def
/defaultmatrix{PStoPSmatrix exch PStoPSxform exch concatmatrix}bind def
/initmatrix{matrix defaultmatrix setmatrix}bind def
/initclip[{matrix currentmatrix PStoPSmatrix setmatrix
[{currentpoint}stopped{$error/newerror false put{newpath}}
{/newpath cvx 3 1 roll/moveto cvx 4 array astore cvx}ifelse]
{[/newpath cvx{/moveto cvx}{/lineto cvx}
{/curveto cvx}{/closepath cvx}pathforall]cvx exch pop}
stopped{$error/errorname get/invalidaccess eq{cleartomark
$error/newerror false put cvx exec}{stop}ifelse}if}bind aload pop
/initclip dup load dup type dup/operatortype eq{pop exch pop}
{dup/arraytype eq exch/packedarraytype eq or
{dup xcheck{exch pop aload pop}{pop cvx}ifelse}
{pop cvx}ifelse}ifelse
{newpath PStoPSclip clip newpath exec setmatrix} bind aload pop]cvx def
/initgraphics{initmatrix newpath initclip 1 setlinewidth
0 setlinecap 0 setlinejoin []0 setdash 0 setgray
10 setmiterlimit}bind def
end
%%EndProcSet
%%BeginResource: procset Enscript-Prolog 1.6 1
%
% Procedures.
%
/_S { % save current state
/_s save def
} def
/_R { % restore from saved state
_s restore
} def
/S { % showpage protecting gstate
gsave
showpage
grestore
} bind def
/MF { % fontname newfontname -> - make a new encoded font
/newfontname exch def
/fontname exch def
/fontdict fontname findfont def
/newfont fontdict maxlength dict def
fontdict {
exch
dup /FID eq {
% skip FID pair
pop pop
} {
% copy to the new font dictionary
exch newfont 3 1 roll put
} ifelse
} forall
newfont /FontName newfontname put
% insert only valid encoding vectors
encoding_vector length 256 eq {
newfont /Encoding encoding_vector put
} if
newfontname newfont definefont pop
} def
/SF { % fontname width height -> - set a new font
/height exch def
/width exch def
findfont
[width 0 0 height 0 0] makefont setfont
} def
/SUF { % fontname width height -> - set a new user font
/height exch def
/width exch def
/F-gs-user-font MF
/F-gs-user-font width height SF
} def
/M {moveto} bind def
/s {show} bind def
/Box { % x y w h -> - define box path
/d_h exch def /d_w exch def /d_y exch def /d_x exch def
d_x d_y moveto
d_w 0 rlineto
0 d_h rlineto
d_w neg 0 rlineto
closepath
} def
/bgs { % x y height blskip gray str -> - show string with bg color
/str exch def
/gray exch def
/blskip exch def
/height exch def
/y exch def
/x exch def
gsave
x y blskip sub str stringwidth pop height Box
gray setgray
fill
grestore
x y M str s
} def
% Highlight bars.
/highlight_bars { % nlines lineheight output_y_margin gray -> -
gsave
setgray
/ymarg exch def
/lineheight exch def
/nlines exch def
% This 2 is just a magic number to sync highlight lines to text.
0 d_header_y ymarg sub 2 sub translate
/cw d_output_w cols div def
/nrows d_output_h ymarg 2 mul sub lineheight div cvi def
% for each column
0 1 cols 1 sub {
cw mul /xp exch def
% for each rows
0 1 nrows 1 sub {
/rn exch def
rn lineheight mul neg /yp exch def
rn nlines idiv 2 mod 0 eq {
% Draw highlight bar. 4 is just a magic indentation.
xp 4 add yp cw 8 sub lineheight neg Box fill
} if
} for
} for
grestore
} def
% Line highlight bar.
/line_highlight { % x y width height gray -> -
gsave
/gray exch def
Box gray setgray fill
grestore
} def
% Column separator lines.
/column_lines {
gsave
.1 setlinewidth
0 d_footer_h translate
/cw d_output_w cols div def
1 1 cols 1 sub {
cw mul 0 moveto
0 d_output_h rlineto stroke
} for
grestore
} def
% Column borders.
/column_borders {
gsave
.1 setlinewidth
0 d_footer_h moveto
0 d_output_h rlineto
d_output_w 0 rlineto
0 d_output_h neg rlineto
closepath stroke
grestore
} def
% Do the actual underlay drawing
/draw_underlay {
ul_style 0 eq {
ul_str true charpath stroke
} {
ul_str show
} ifelse
} def
% Underlay
/underlay { % - -> -
gsave
0 d_page_h translate
d_page_h neg d_page_w atan rotate
ul_gray setgray
ul_font setfont
/dw d_page_h dup mul d_page_w dup mul add sqrt def
ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto
draw_underlay
grestore
} def
/user_underlay { % - -> -
gsave
ul_x ul_y translate
ul_angle rotate
ul_gray setgray
ul_font setfont
0 0 ul_h_ptsize 2 div sub moveto
draw_underlay
grestore
} def
% Page prefeed
/page_prefeed { % bool -> -
statusdict /prefeed known {
statusdict exch /prefeed exch put
} {
pop
} ifelse
} def
% Wrapped line markers
/wrapped_line_mark { % x y charwith charheight type -> -
/type exch def
/h exch def
/w exch def
/y exch def
/x exch def
type 2 eq {
% Black boxes (like TeX does)
gsave
0 setlinewidth
x w 4 div add y M
0 h rlineto w 2 div 0 rlineto 0 h neg rlineto
closepath fill
grestore
} {
type 3 eq {
% Small arrows
gsave
.2 setlinewidth
x w 2 div add y h 2 div add M
w 4 div 0 rlineto
x w 4 div add y lineto stroke
x w 4 div add w 8 div add y h 4 div add M
x w 4 div add y lineto
w 4 div h 8 div rlineto stroke
grestore
} {
% do nothing
} ifelse
} ifelse
} def
% EPSF import.
/BeginEPSF {
/b4_Inc_state save def % Save state for cleanup
/dict_count countdictstack def % Count objects on dict stack
/op_count count 1 sub def % Count objects on operand stack
userdict begin
/showpage { } def
0 setgray 0 setlinecap
1 setlinewidth 0 setlinejoin
10 setmiterlimit [ ] 0 setdash newpath
/languagelevel where {
pop languagelevel
1 ne {
false setstrokeadjust false setoverprint
} if
} if
} bind def
/EndEPSF {
count op_count sub { pos } repeat % Clean up stacks
countdictstack dict_count sub { end } repeat
b4_Inc_state restore
} bind def
% Check PostScript language level.
/languagelevel where {
pop /gs_languagelevel languagelevel def
} {
/gs_languagelevel 1 def
} ifelse
%%EndResource
%%BeginResource: procset Enscript-Encoding-88591 1.6 1
/encoding_vector [
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/space /exclam /quotedbl /numbersign
/dollar /percent /ampersand /quoteright
/parenleft /parenright /asterisk /plus
/comma /hyphen /period /slash
/zero /one /two /three
/four /five /six /seven
/eight /nine /colon /semicolon
/less /equal /greater /question
/at /A /B /C
/D /E /F /G
/H /I /J /K
/L /M /N /O
/P /Q /R /S
/T /U /V /W
/X /Y /Z /bracketleft
/backslash /bracketright /asciicircum /underscore
/quoteleft /a /b /c
/d /e /f /g
/h /i /j /k
/l /m /n /o
/p /q /r /s
/t /u /v /w
/x /y /z /braceleft
/bar /braceright /tilde /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/.notdef /.notdef /.notdef /.notdef
/space /exclamdown /cent /sterling
/currency /yen /brokenbar /section
/dieresis /copyright /ordfeminine /guillemotleft
/logicalnot /hyphen /registered /macron
/degree /plusminus /twosuperior /threesuperior
/acute /mu /paragraph /bullet
/cedilla /onesuperior /ordmasculine /guillemotright
/onequarter /onehalf /threequarters /questiondown
/Agrave /Aacute /Acircumflex /Atilde
/Adieresis /Aring /AE /Ccedilla
/Egrave /Eacute /Ecircumflex /Edieresis
/Igrave /Iacute /Icircumflex /Idieresis
/Eth /Ntilde /Ograve /Oacute
/Ocircumflex /Otilde /Odieresis /multiply
/Oslash /Ugrave /Uacute /Ucircumflex
/Udieresis /Yacute /Thorn /germandbls
/agrave /aacute /acircumflex /atilde
/adieresis /aring /ae /ccedilla
/egrave /eacute /ecircumflex /edieresis
/igrave /iacute /icircumflex /idieresis
/eth /ntilde /ograve /oacute
/ocircumflex /otilde /odieresis /divide
/oslash /ugrave /uacute /ucircumflex
/udieresis /yacute /thorn /ydieresis
] def
%%EndResource
%%EndProlog
%%BeginSetup
%%IncludeResource: font Courier-Bold
%%IncludeResource: font Courier
/HFpt_w 10 def
/HFpt_h 10 def
/Courier-Bold /HF-gs-font MF
/HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def
/Courier /F-gs-font MF
/F-gs-font 10 10 SF
/#copies 1 def
/d_page_w 520 def
/d_page_h 747 def
/d_header_x 0 def
/d_header_y 747 def
/d_header_w 520 def
/d_header_h 0 def
/d_footer_x 0 def
/d_footer_y 0 def
/d_footer_w 520 def
/d_footer_h 0 def
/d_output_w 520 def
/d_output_h 747 def
/cols 1 def
userdict/PStoPSxform PStoPSmatrix matrix currentmatrix
matrix invertmatrix matrix concatmatrix
matrix invertmatrix put
%%EndSetup
%%Page: (0,1) 1
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 1 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 701 M
(Network Working Group T. Ylonen) s
5 690 M
(Internet-Draft SSH Communications Security Corp) s
5 679 M
(Expires: March 2, 2003 D. Moffat, Ed.) s
5 668 M
( Sun Microsystems, Inc) s
5 657 M
( September 2002) s
5 624 M
( SSH Authentication Protocol) s
5 613 M
( draft-ietf-secsh-userauth-18.txt) s
5 591 M
(Status of this Memo) s
5 569 M
( This document is an Internet-Draft and is in full conformance with) s
5 558 M
( all provisions of Section 10 of RFC2026.) s
5 536 M
( Internet-Drafts are working documents of the Internet Engineering) s
5 525 M
( Task Force \(IETF\), its areas, and its working groups. Note that other) s
5 514 M
( groups may also distribute working documents as Internet-Drafts.) s
5 492 M
( Internet-Drafts are draft documents valid for a maximum of six months) s
5 481 M
( and may be updated, replaced, or obsoleted by other documents at any) s
5 470 M
( time. It is inappropriate to use Internet-Drafts as reference) s
5 459 M
( material or to cite them other than as "work in progress.") s
5 437 M
( The list of current Internet-Drafts can be accessed at http://) s
5 426 M
( www.ietf.org/ietf/1id-abstracts.txt.) s
5 404 M
( The list of Internet-Draft Shadow Directories can be accessed at) s
5 393 M
( http://www.ietf.org/shadow.html.) s
5 371 M
( This Internet-Draft will expire on March 2, 2003.) s
5 349 M
(Copyright Notice) s
5 327 M
( Copyright \(C\) The Internet Society \(2002\). All Rights Reserved.) s
5 305 M
(Abstract) s
5 283 M
( SSH is a protocol for secure remote login and other secure network) s
5 272 M
( services over an insecure network. This document describes the SSH) s
5 261 M
( authentication protocol framework and public key, password, and) s
5 250 M
( host-based client authentication methods. Additional authentication) s
5 239 M
( methods are described in separate documents. The SSH authentication) s
5 228 M
( protocol runs on top of the SSH transport layer protocol and provides) s
5 217 M
( a single authenticated tunnel for the SSH connection protocol.) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 1]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 2 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
(Table of Contents) s
5 668 M
( 1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3) s
5 657 M
( 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3) s
5 646 M
( 3. Conventions Used in This Document . . . . . . . . . . . . . 3) s
5 635 M
( 3.1 The Authentication Protocol Framework . . . . . . . . . . . 3) s
5 624 M
( 3.1.1 Authentication Requests . . . . . . . . . . . . . . . . . . 4) s
5 613 M
( 3.1.2 Responses to Authentication Requests . . . . . . . . . . . . 5) s
5 602 M
( 3.1.3 The "none" Authentication Request . . . . . . . . . . . . . 6) s
5 591 M
( 3.1.4 Completion of User Authentication . . . . . . . . . . . . . 6) s
5 580 M
( 3.1.5 Banner Message . . . . . . . . . . . . . . . . . . . . . . . 7) s
5 569 M
( 3.2 Authentication Protocol Message Numbers . . . . . . . . . . 7) s
5 558 M
( 3.3 Public Key Authentication Method: publickey . . . . . . . . 8) s
5 547 M
( 3.4 Password Authentication Method: password . . . . . . . . . . 10) s
5 536 M
( 3.5 Host-Based Authentication: hostbased . . . . . . . . . . . . 11) s
5 525 M
( 4. Security Considerations . . . . . . . . . . . . . . . . . . 12) s
5 514 M
( Normative . . . . . . . . . . . . . . . . . . . . . . . . . 13) s
5 503 M
( Informative . . . . . . . . . . . . . . . . . . . . . . . . 13) s
5 492 M
( Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 14) s
5 481 M
( Intellectual Property and Copyright Statements . . . . . . . 15) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 2]) s
_R
S
PStoPSsaved restore
%%Page: (2,3) 2
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 3 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
(1. Contributors) s
5 668 M
( The major original contributors of this document were: Tatu Ylonen,) s
5 657 M
( Tero Kivinen, Timo J. Rinne, Sami Lehtinen \(all of SSH Communications) s
5 646 M
( Security Corp\), and Markku-Juhani O. Saarinen \(University of) s
5 635 M
( Jyvaskyla\)) s
5 613 M
( The document editor is: [email protected]. Comments on this) s
5 602 M
( internet draft should be sent to the IETF SECSH working group,) s
5 591 M
( details at: http://ietf.org/html.charters/secsh-charter.html) s
5 569 M
(2. Introduction) s
5 547 M
( The SSH authentication protocol is a general-purpose user) s
5 536 M
( authentication protocol. It is intended to be run over the SSH) s
5 525 M
( transport layer protocol [SSH-TRANS]. This protocol assumes that the) s
5 514 M
( underlying protocols provide integrity and confidentiality) s
5 503 M
( protection.) s
5 481 M
( This document should be read only after reading the SSH architecture) s
5 470 M
( document [SSH-ARCH]. This document freely uses terminology and) s
5 459 M
( notation from the architecture document without reference or further) s
5 448 M
( explanation.) s
5 426 M
( The service name for this protocol is "ssh-userauth".) s
5 404 M
( When this protocol starts, it receives the session identifier from) s
5 393 M
( the lower-level protocol \(this is the exchange hash H from the first) s
5 382 M
( key exchange\). The session identifier uniquely identifies this) s
5 371 M
( session and is suitable for signing in order to prove ownership of a) s
5 360 M
( private key. This protocol also needs to know whether the lower-level) s
5 349 M
( protocol provides confidentiality protection.) s
5 327 M
(3. Conventions Used in This Document) s
5 305 M
( The keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",) s
5 294 M
( and "MAY" that appear in this document are to be interpreted as) s
5 283 M
( described in [RFC2119]) s
5 261 M
( The used data types and terminology are specified in the architecture) s
5 250 M
( document [SSH-ARCH]) s
5 228 M
( The architecture document also discusses the algorithm naming) s
5 217 M
( conventions that MUST be used with the SSH protocols.) s
5 195 M
(3.1 The Authentication Protocol Framework) s
5 173 M
( The server drives the authentication by telling the client which) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 3]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 4 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
( authentication methods can be used to continue the exchange at any) s
5 679 M
( given time. The client has the freedom to try the methods listed by) s
5 668 M
( the server in any order. This gives the server complete control over) s
5 657 M
( the authentication process if desired, but also gives enough) s
5 646 M
( flexibility for the client to use the methods it supports or that are) s
5 635 M
( most convenient for the user, when multiple methods are offered by) s
5 624 M
( the server.) s
5 602 M
( Authentication methods are identified by their name, as defined in) s
5 591 M
( [SSH-ARCH]. The "none" method is reserved, and MUST NOT be listed as) s
5 580 M
( supported. However, it MAY be sent by the client. The server MUST) s
5 569 M
( always reject this request, unless the client is to be allowed in) s
5 558 M
( without any authentication, in which case the server MUST accept this) s
5 547 M
( request. The main purpose of sending this request is to get the list) s
5 536 M
( of supported methods from the server.) s
5 514 M
( The server SHOULD have a timeout for authentication, and disconnect) s
5 503 M
( if the authentication has not been accepted within the timeout) s
5 492 M
( period. The RECOMMENDED timeout period is 10 minutes. Additionally,) s
5 481 M
( the implementation SHOULD limit the number of failed authentication) s
5 470 M
( attempts a client may perform in a single session \(the RECOMMENDED) s
5 459 M
( limit is 20 attempts\). If the threshold is exceeded, the server) s
5 448 M
( SHOULD disconnect.) s
5 426 M
(3.1.1 Authentication Requests) s
5 404 M
( All authentication requests MUST use the following message format.) s
5 393 M
( Only the first few fields are defined; the remaining fields depend on) s
5 382 M
( the authentication method.) s
5 360 M
( byte SSH_MSG_USERAUTH_REQUEST) s
5 349 M
( string user name \(in ISO-10646 UTF-8 encoding [RFC2279]\)) s
5 338 M
( string service name \(in US-ASCII\)) s
5 327 M
( string method name \(US-ASCII\)) s
5 316 M
( The rest of the packet is method-specific.) s
5 294 M
( The user name and service are repeated in every new authentication) s
5 283 M
( attempt, and MAY change. The server implementation MUST carefully) s
5 272 M
( check them in every message, and MUST flush any accumulated) s
5 261 M
( authentication states if they change. If it is unable to flush some) s
5 250 M
( authentication state, it MUST disconnect if the user or service name) s
5 239 M
( changes.) s
5 217 M
( The service name specifies the service to start after authentication.) s
5 206 M
( There may be several different authenticated services provided. If) s
5 195 M
( the requested service is not available, the server MAY disconnect) s
5 184 M
( immediately or at any later time. Sending a proper disconnect) s
5 173 M
( message is RECOMMENDED. In any case, if the service does not exist,) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 4]) s
_R
S
PStoPSsaved restore
%%Page: (4,5) 3
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 5 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
( authentication MUST NOT be accepted.) s
5 668 M
( If the requested user does not exist, the server MAY disconnect, or) s
5 657 M
( MAY send a bogus list of acceptable authentication methods, but never) s
5 646 M
( accept any. This makes it possible for the server to avoid) s
5 635 M
( disclosing information on which accounts exist. In any case, if the) s
5 624 M
( user does not exist, the authentication request MUST NOT be accepted.) s
5 602 M
( While there is usually little point for clients to send requests that) s
5 591 M
( the server does not list as acceptable, sending such requests is not) s
5 580 M
( an error, and the server SHOULD simply reject requests that it does) s
5 569 M
( not recognize.) s
5 547 M
( An authentication request MAY result in a further exchange of) s
5 536 M
( messages. All such messages depend on the authentication method) s
5 525 M
( used, and the client MAY at any time continue with a new) s
5 514 M
( SSH_MSG_USERAUTH_REQUEST message, in which case the server MUST) s
5 503 M
( abandon the previous authentication attempt and continue with the new) s
5 492 M
( one.) s
5 470 M
(3.1.2 Responses to Authentication Requests) s
5 448 M
( If the server rejects the authentication request, it MUST respond) s
5 437 M
( with the following:) s
5 415 M
( byte SSH_MSG_USERAUTH_FAILURE) s
5 404 M
( string authentications that can continue) s
5 393 M
( boolean partial success) s
5 371 M
( "Authentications that can continue" is a comma-separated list of) s
5 360 M
( authentication method names that may productively continue the) s
5 349 M
( authentication dialog.) s
5 327 M
( It is RECOMMENDED that servers only include those methods in the list) s
5 316 M
( that are actually useful. However, it is not illegal to include) s
5 305 M
( methods that cannot be used to authenticate the user.) s
5 283 M
( Already successfully completed authentications SHOULD NOT be included) s
5 272 M
( in the list, unless they really should be performed again for some) s
5 261 M
( reason.) s
5 239 M
( "Partial success" MUST be TRUE if the authentication request to which) s
5 228 M
( this is a response was successful. It MUST be FALSE if the request) s
5 217 M
( was not successfully processed.) s
5 195 M
( When the server accepts authentication, it MUST respond with the) s
5 184 M
( following:) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 5]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 6 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
( byte SSH_MSG_USERAUTH_SUCCESS) s
5 668 M
( Note that this is not sent after each step in a multi-method) s
5 657 M
( authentication sequence, but only when the authentication is) s
5 646 M
( complete.) s
5 624 M
( The client MAY send several authentication requests without waiting) s
5 613 M
( for responses from previous requests. The server MUST process each) s
5 602 M
( request completely and acknowledge any failed requests with a) s
5 591 M
( SSH_MSG_USERAUTH_FAILURE message before processing the next request.) s
5 569 M
( A request that results in further exchange of messages will be) s
5 558 M
( aborted by a second request. It is not possible to send a second) s
5 547 M
( request without waiting for a response from the server, if the first) s
5 536 M
( request will result in further exchange of messages. No) s
5 525 M
( SSH_MSG_USERAUTH_FAILURE message will be sent for the aborted method.) s
5 503 M
( SSH_MSG_USERAUTH_SUCCESS MUST be sent only once. When) s
5 492 M
( SSH_MSG_USERAUTH_SUCCESS has been sent, any further authentication) s
5 481 M
( requests received after that SHOULD be silently ignored.) s
5 459 M
( Any non-authentication messages sent by the client after the request) s
5 448 M
( that resulted in SSH_MSG_USERAUTH_SUCCESS being sent MUST be passed) s
5 437 M
( to the service being run on top of this protocol. Such messages can) s
5 426 M
( be identified by their message numbers \(see Section Message Numbers) s
5 415 M
( \(Section 3.2\)\).) s
5 393 M
(3.1.3 The "none" Authentication Request) s
5 371 M
( A client may request a list of authentication methods that may) s
5 360 M
( continue by using the "none" authentication method.) s
5 338 M
( If no authentication at all is needed for the user, the server MUST) s
5 327 M
( return SSH_MSG_USERAUTH_SUCCESS. Otherwise, the server MUST return) s
5 316 M
( SSH_MSG_USERAUTH_FAILURE and MAY return with it a list of) s
5 305 M
( authentication methods that can continue.) s
5 283 M
( This method MUST NOT be listed as supported by the server.) s
5 261 M
(3.1.4 Completion of User Authentication) s
5 239 M
( Authentication is complete when the server has responded with) s
5 228 M
( SSH_MSG_USERAUTH_SUCCESS; all authentication related messages) s
5 217 M
( received after sending this message SHOULD be silently ignored.) s
5 195 M
( After sending SSH_MSG_USERAUTH_SUCCESS, the server starts the) s
5 184 M
( requested service.) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 6]) s
_R
S
PStoPSsaved restore
%%Page: (6,7) 4
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 7 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
(3.1.5 Banner Message) s
5 668 M
( In some jurisdictions, sending a warning message before) s
5 657 M
( authentication may be relevant for getting legal protection. Many) s
5 646 M
( UNIX machines, for example, normally display text from `/etc/issue',) s
5 635 M
( or use "tcp wrappers" or similar software to display a banner before) s
5 624 M
( issuing a login prompt.) s
5 602 M
( The SSH server may send a SSH_MSG_USERAUTH_BANNER message at any time) s
5 591 M
( before authentication is successful. This message contains text to) s
5 580 M
( be displayed to the client user before authentication is attempted.) s
5 569 M
( The format is as follows:) s
5 547 M
( byte SSH_MSG_USERAUTH_BANNER) s
5 536 M
( string message \(ISO-10646 UTF-8\)) s
5 525 M
( string language tag \(as defined in [RFC3066]\)) s
5 503 M
( The client SHOULD by default display the message on the screen.) s
5 492 M
( However, since the message is likely to be sent for every login) s
5 481 M
( attempt, and since some client software will need to open a separate) s
5 470 M
( window for this warning, the client software may allow the user to) s
5 459 M
( explicitly disable the display of banners from the server. The) s
5 448 M
( message may consist of multiple lines.) s
5 426 M
( If the message string is displayed, control character filtering) s
5 415 M
( discussed in [SSH-ARCH] SHOULD be used to avoid attacks by sending) s
5 404 M
( terminal control characters.) s
5 382 M
(3.2 Authentication Protocol Message Numbers) s
5 360 M
( All message numbers used by this authentication protocol are in the) s
5 349 M
( range from 50 to 79, which is part of the range reserved for) s
5 338 M
( protocols running on top of the SSH transport layer protocol.) s
5 316 M
( Message numbers of 80 and higher are reserved for protocols running) s
5 305 M
( after this authentication protocol, so receiving one of them before) s
5 294 M
( authentication is complete is an error, to which the server MUST) s
5 283 M
( respond by disconnecting \(preferably with a proper disconnect message) s
5 272 M
( sent first to ease troubleshooting\).) s
5 250 M
( After successful authentication, such messages are passed to the) s
5 239 M
( higher-level service.) s
5 217 M
( These are the general authentication message codes:) s
5 195 M
( #define SSH_MSG_USERAUTH_REQUEST 50) s
5 184 M
( #define SSH_MSG_USERAUTH_FAILURE 51) s
5 173 M
( #define SSH_MSG_USERAUTH_SUCCESS 52) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 7]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 8 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
( #define SSH_MSG_USERAUTH_BANNER 53) s
5 668 M
( In addition to the above, there is a range of message numbers) s
5 657 M
( \(60..79\) reserved for method-specific messages. These messages are) s
5 646 M
( only sent by the server \(client sends only SSH_MSG_USERAUTH_REQUEST) s
5 635 M
( messages\). Different authentication methods reuse the same message) s
5 624 M
( numbers.) s
5 602 M
(3.3 Public Key Authentication Method: publickey) s
5 580 M
( The only REQUIRED authentication method is public key authentication.) s
5 569 M
( All implementations MUST support this method; however, not all users) s
5 558 M
( need to have public keys, and most local policies are not likely to) s
5 547 M
( require public key authentication for all users in the near future.) s
5 525 M
( With this method, the possession of a private key serves as) s
5 514 M
( authentication. This method works by sending a signature created) s
5 503 M
( with a private key of the user. The server MUST check that the key) s
5 492 M
( is a valid authenticator for the user, and MUST check that the) s
5 481 M
( signature is valid. If both hold, the authentication request MUST be) s
5 470 M
( accepted; otherwise it MUST be rejected. \(Note that the server MAY) s
5 459 M
( require additional authentications after successful authentication.\)) s
5 437 M
( Private keys are often stored in an encrypted form at the client) s
5 426 M
( host, and the user must supply a passphrase before the signature can) s
5 415 M
( be generated. Even if they are not, the signing operation involves) s
5 404 M
( some expensive computation. To avoid unnecessary processing and user) s
5 393 M
( interaction, the following message is provided for querying whether) s
5 382 M
( authentication using the key would be acceptable.) s
5 360 M
( byte SSH_MSG_USERAUTH_REQUEST) s
5 349 M
( string user name) s
5 338 M
( string service) s
5 327 M
( string "publickey") s
5 316 M
( boolean FALSE) s
5 305 M
( string public key algorithm name) s
5 294 M
( string public key blob) s
5 272 M
( Public key algorithms are defined in the transport layer) s
5 261 M
( specification [SSH-TRANS]. The public key blob may contain) s
5 250 M
( certificates.) s
5 228 M
( Any public key algorithm may be offered for use in authentication.) s
5 217 M
( In particular, the list is not constrained by what was negotiated) s
5 206 M
( during key exchange. If the server does not support some algorithm,) s
5 195 M
( it MUST simply reject the request.) s
5 173 M
( The server MUST respond to this message with either) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 8]) s
_R
S
PStoPSsaved restore
%%Page: (8,9) 5
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 9 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
( SSH_MSG_USERAUTH_FAILURE or with the following:) s
5 668 M
( byte SSH_MSG_USERAUTH_PK_OK) s
5 657 M
( string public key algorithm name from the request) s
5 646 M
( string public key blob from the request) s
5 624 M
( To perform actual authentication, the client MAY then send a) s
5 613 M
( signature generated using the private key. The client MAY send the) s
5 602 M
( signature directly without first verifying whether the key is) s
5 591 M
( acceptable. The signature is sent using the following packet:) s
5 569 M
( byte SSH_MSG_USERAUTH_REQUEST) s
5 558 M
( string user name) s
5 547 M
( string service) s
5 536 M
( string "publickey") s
5 525 M
( boolean TRUE) s
5 514 M
( string public key algorithm name) s
5 503 M
( string public key to be used for authentication) s
5 492 M
( string signature) s
5 470 M
( Signature is a signature by the corresponding private key over the) s
5 459 M
( following data, in the following order:) s
5 437 M
( string session identifier) s
5 426 M
( byte SSH_MSG_USERAUTH_REQUEST) s
5 415 M
( string user name) s
5 404 M
( string service) s
5 393 M
( string "publickey") s
5 382 M
( boolean TRUE) s
5 371 M
( string public key algorithm name) s
5 360 M
( string public key to be used for authentication) s
5 338 M
( When the server receives this message, it MUST check whether the) s
5 327 M
( supplied key is acceptable for authentication, and if so, it MUST) s
5 316 M
( check whether the signature is correct.) s
5 294 M
( If both checks succeed, this method is successful. Note that the) s
5 283 M
( server may require additional authentications. The server MUST) s
5 272 M
( respond with SSH_MSG_USERAUTH_SUCCESS \(if no more authentications are) s
5 261 M
( needed\), or SSH_MSG_USERAUTH_FAILURE \(if the request failed, or more) s
5 250 M
( authentications are needed\).) s
5 228 M
( The following method-specific message numbers are used by the) s
5 217 M
( publickey authentication method.) s
5 195 M
( /* Key-based */) s
5 184 M
( #define SSH_MSG_USERAUTH_PK_OK 60) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 9]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 10 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
(3.4 Password Authentication Method: password) s
5 668 M
( Password authentication uses the following packets. Note that a) s
5 657 M
( server MAY request the user to change the password. All) s
5 646 M
( implementations SHOULD support password authentication.) s
5 624 M
( byte SSH_MSG_USERAUTH_REQUEST) s
5 613 M
( string user name) s
5 602 M
( string service) s
5 591 M
( string "password") s
5 580 M
( boolean FALSE) s
5 569 M
( string plaintext password \(ISO-10646 UTF-8\)) s
5 547 M
( Note that the password is encoded in ISO-10646 UTF-8. It is up to) s
5 536 M
( the server how it interprets the password and validates it against) s
5 525 M
( the password database. However, if the client reads the password in) s
5 514 M
( some other encoding \(e.g., ISO 8859-1 \(ISO Latin1\)\), it MUST convert) s
5 503 M
( the password to ISO-10646 UTF-8 before transmitting, and the server) s
5 492 M
( MUST convert the password to the encoding used on that system for) s
5 481 M
( passwords.) s
5 459 M
( Note that even though the cleartext password is transmitted in the) s
5 448 M
( packet, the entire packet is encrypted by the transport layer. Both) s
5 437 M
( the server and the client should check whether the underlying) s
5 426 M
( transport layer provides confidentiality \(i.e., if encryption is) s
5 415 M
( being used\). If no confidentiality is provided \(none cipher\),) s
5 404 M
( password authentication SHOULD be disabled. If there is no) s
5 393 M
( confidentiality or no MAC, password change SHOULD be disabled.) s
5 371 M
( Normally, the server responds to this message with success or) s
5 360 M
( failure. However, if the password has expired the server SHOULD) s
5 349 M
( indicate this by responding with SSH_MSG_USERAUTH_PASSWD_CHANGEREQ.) s
5 338 M
( In anycase the server MUST NOT allow an expired password to be used) s
5 327 M
( for authentication.) s
5 305 M
( byte SSH_MSG_USERAUTH_PASSWD_CHANGEREQ) s
5 294 M
( string prompt \(ISO-10646 UTF-8\)) s
5 283 M
( string language tag \(as defined in [RFC3066]\)) s
5 261 M
( In this case, the client MAY continue with a different authentication) s
5 250 M
( method, or request a new password from the user and retry password) s
5 239 M
( authentication using the following message. The client MAY also send) s
5 228 M
( this message instead of the normal password authentication request) s
5 217 M
( without the server asking for it.) s
5 195 M
( byte SSH_MSG_USERAUTH_REQUEST) s
5 184 M
( string user name) s
5 173 M
( string service) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 10]) s
_R
S
PStoPSsaved restore
%%Page: (10,11) 6
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 11 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
( string "password") s
5 679 M
( boolean TRUE) s
5 668 M
( string plaintext old password \(ISO-10646 UTF-8\)) s
5 657 M
( string plaintext new password \(ISO-10646 UTF-8\)) s
5 635 M
( The server must reply to request message with) s
5 624 M
( SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, or another) s
5 613 M
( SSH_MSG_USERAUTH_PASSWD_CHANGEREQ. The meaning of these is as) s
5 602 M
( follows:) s
5 580 M
( SSH_MSG_USERAUTH_SUCCESS The password has been changed, and) s
5 569 M
( authentication has been successfully completed.) s
5 547 M
( SSH_MSG_USERAUTH_FAILURE with partial success The password has) s
5 536 M
( been changed, but more authentications are needed.) s
5 514 M
( SSH_MSG_USERAUTH_FAILURE without partial success The password has) s
5 503 M
( not been changed. Either password changing was not supported, or) s
5 492 M
( the old password was bad. Note that if the server has already) s
5 481 M
( sent SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, we know that it supports) s
5 470 M
( changing the password.) s
5 448 M
( SSH_MSG_USERAUTH_CHANGEREQ The password was not changed because) s
5 437 M
( the new password was not acceptable \(e.g. too easy to guess\).) s
5 415 M
( The following method-specific message numbers are used by the) s
5 404 M
( password authentication method.) s
5 382 M
( #define SSH_MSG_USERAUTH_PASSWD_CHANGEREQ 60) s
5 349 M
(3.5 Host-Based Authentication: hostbased) s
5 327 M
( Some sites wish to allow authentication based on the host where the) s
5 316 M
( user is coming from, and the user name on the remote host. While) s
5 305 M
( this form of authentication is not suitable for high-security sites,) s
5 294 M
( it can be very convenient in many environments. This form of) s
5 283 M
( authentication is OPTIONAL. When used, special care SHOULD be taken) s
5 272 M
( to prevent a regular user from obtaining the private host key.) s
5 250 M
( The client requests this form of authentication by sending the) s
5 239 M
( following message. It is similar to the UNIX "rhosts" and) s
5 228 M
( "hosts.equiv" styles of authentication, except that the identity of) s
5 217 M
( the client host is checked more rigorously.) s
5 195 M
( This method works by having the client send a signature created with) s
5 184 M
( the private key of the client host, which the server checks with that) s
5 173 M
( host's public key. Once the client host's identity is established,) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 11]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 12 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
( authorization \(but no further authentication\) is performed based on) s
5 679 M
( the user names on the server and the client, and the client host) s
5 668 M
( name.) s
5 646 M
( byte SSH_MSG_USERAUTH_REQUEST) s
5 635 M
( string user name) s
5 624 M
( string service) s
5 613 M
( string "hostbased") s
5 602 M
( string public key algorithm for host key) s
5 591 M
( string public host key and certificates for client host) s
5 580 M
( string client host name \(FQDN; US-ASCII\)) s
5 569 M
( string user name on the client host \(ISO-10646 UTF-8\)) s
5 558 M
( string signature) s
5 536 M
( Public key algorithm names for use in "public key algorithm for host) s
5 525 M
( key" are defined in the transport layer specification. The "public) s
5 514 M
( host key for client host" may include certificates.) s
5 492 M
( Signature is a signature with the private host key of the following) s
5 481 M
( data, in this order:) s
5 459 M
( string session identifier) s
5 448 M
( byte SSH_MSG_USERAUTH_REQUEST) s
5 437 M
( string user name) s
5 426 M
( string service) s
5 415 M
( string "hostbased") s
5 404 M
( string public key algorithm for host key) s
5 393 M
( string public host key and certificates for client host) s
5 382 M
( string client host name \(FQDN; US-ASCII\)) s
5 371 M
( string user name on the client host\(ISO-10646 UTF-8\)) s
5 349 M
( The server MUST verify that the host key actually belongs to the) s
5 338 M
( client host named in the message, that the given user on that host is) s
5 327 M
( allowed to log in, and that the signature is a valid signature on the) s
5 316 M
( appropriate value by the given host key. The server MAY ignore the) s
5 305 M
( client user name, if it wants to authenticate only the client host.) s
5 283 M
( It is RECOMMENDED that whenever possible, the server perform) s
5 272 M
( additional checks to verify that the network address obtained from) s
5 261 M
( the \(untrusted\) network matches the given client host name. This) s
5 250 M
( makes exploiting compromised host keys more difficult. Note that) s
5 239 M
( this may require special handling for connections coming through a) s
5 228 M
( firewall.) s
5 206 M
(4. Security Considerations) s
5 184 M
( The purpose of this protocol is to perform client user) s
5 173 M
( authentication. It assumed that this runs over a secure transport) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 12]) s
_R
S
PStoPSsaved restore
%%Page: (12,13) 7
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 13 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
( layer protocol, which has already authenticated the server machine,) s
5 679 M
( established an encrypted communications channel, and computed a) s
5 668 M
( unique session identifier for this session. The transport layer) s
5 657 M
( provides forward secrecy for password authentication and other) s
5 646 M
( methods that rely on secret data.) s
5 624 M
( Full security considerations for this protocol are provided in) s
5 613 M
( Section 8 of [SSH-ARCH]) s
5 591 M
(Normative) s
5 569 M
( [SSH-ARCH]) s
5 558 M
( Ylonen, T., "SSH Protocol Architecture", I-D) s
5 547 M
( draft-ietf-architecture-15.txt, Oct 2003.) s
5 525 M
( [SSH-TRANS]) s
5 514 M
( Ylonen, T., "SSH Transport Layer Protocol", I-D) s
5 503 M
( draft-ietf-transport-17.txt, Oct 2003.) s
5 481 M
( [SSH-USERAUTH]) s
5 470 M
( Ylonen, T., "SSH Authentication Protocol", I-D) s
5 459 M
( draft-ietf-userauth-18.txt, Oct 2003.) s
5 437 M
( [SSH-CONNECT]) s
5 426 M
( Ylonen, T., "SSH Connection Protocol", I-D) s
5 415 M
( draft-ietf-connect-18.txt, Oct 2003.) s
5 393 M
( [SSH-NUMBERS]) s
5 382 M
( Lehtinen, S. and D. Moffat, "SSH Protocol Assigned) s
5 371 M
( Numbers", I-D draft-ietf-secsh-assignednumbers-05.txt, Oct) s
5 360 M
( 2003.) s
5 338 M
( [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate) s
5 327 M
( Requirement Levels", BCP 14, RFC 2119, March 1997.) s
5 305 M
(Informative) s
5 283 M
( [RFC3066] Alvestrand, H., "Tags for the Identification of) s
5 272 M
( Languages", BCP 47, RFC 3066, January 2001.) s
5 250 M
( [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO) s
5 239 M
( 10646", RFC 2279, January 1998.) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 13]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 14 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
(Authors' Addresses) s
5 668 M
( Tatu Ylonen) s
5 657 M
( SSH Communications Security Corp) s
5 646 M
( Fredrikinkatu 42) s
5 635 M
( HELSINKI FIN-00100) s
5 624 M
( Finland) s
5 602 M
( EMail: [email protected]) s
5 569 M
( Darren J. Moffat \(editor\)) s
5 558 M
( Sun Microsystems, Inc) s
5 547 M
( 17 Network Circle) s
5 536 M
( Menlo Park 95025) s
5 525 M
( USA) s
5 503 M
( EMail: [email protected]) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 14]) s
_R
S
PStoPSsaved restore
%%Page: (14,15) 8
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 15 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
(Intellectual Property Statement) s
5 668 M
( The IETF takes no position regarding the validity or scope of any) s
5 657 M
( intellectual property or other rights that might be claimed to) s
5 646 M
( pertain to the implementation or use of the technology described in) s
5 635 M
( this document or the extent to which any license under such rights) s
5 624 M
( might or might not be available; neither does it represent that it) s
5 613 M
( has made any effort to identify any such rights. Information on the) s
5 602 M
( IETF's procedures with respect to rights in standards-track and) s
5 591 M
( standards-related documentation can be found in BCP-11. Copies of) s
5 580 M
( claims of rights made available for publication and any assurances of) s
5 569 M
( licenses to be made available, or the result of an attempt made to) s
5 558 M
( obtain a general license or permission for the use of such) s
5 547 M
( proprietary rights by implementors or users of this specification can) s
5 536 M
( be obtained from the IETF Secretariat.) s
5 514 M
( The IETF invites any interested party to bring to its attention any) s
5 503 M
( copyrights, patents or patent applications, or other proprietary) s
5 492 M
( rights which may cover technology that may be required to practice) s
5 481 M
( this standard. Please address the information to the IETF Executive) s
5 470 M
( Director.) s
5 448 M
( The IETF has been notified of intellectual property rights claimed in) s
5 437 M
( regard to some or all of the specification contained in this) s
5 426 M
( document. For more information consult the online list of claimed) s
5 415 M
( rights.) s
5 382 M
(Full Copyright Statement) s
5 360 M
( Copyright \(C\) The Internet Society \(2002\). All Rights Reserved.) s
5 338 M
( This document and translations of it may be copied and furnished to) s
5 327 M
( others, and derivative works that comment on or otherwise explain it) s
5 316 M
( or assist in its implementation may be prepared, copied, published) s
5 305 M
( and distributed, in whole or in part, without restriction of any) s
5 294 M
( kind, provided that the above copyright notice and this paragraph are) s
5 283 M
( included on all such copies and derivative works. However, this) s
5 272 M
( document itself may not be modified in any way, such as by removing) s
5 261 M
( the copyright notice or references to the Internet Society or other) s
5 250 M
( Internet organizations, except as needed for the purpose of) s
5 239 M
( developing Internet standards in which case the procedures for) s
5 228 M
( copyrights defined in the Internet Standards process must be) s
5 217 M
( followed, or as required to translate it into languages other than) s
5 206 M
( English.) s
5 184 M
( The limited permissions granted above are perpetual and will not be) s
5 173 M
( revoked by the Internet Society or its successors or assignees.) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 15]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 16 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft SSH Authentication Protocol September 2002) s
5 690 M
( This document and the information contained herein is provided on an) s
5 679 M
( "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING) s
5 668 M
( TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING) s
5 657 M
( BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION) s
5 646 M
( HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF) s
5 635 M
( MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.) s
5 602 M
(Acknowledgment) s
5 580 M
( Funding for the RFC Editor function is currently provided by the) s
5 569 M
( Internet Society.) s
5 129 M
(Ylonen & Moffat Expires March 2, 2003 [Page 16]) s
_R
S
PStoPSsaved restore
%%Trailer
%%Pages: 16
%%DocumentNeededResources: font Courier-Bold Courier
%%EOF
