%!PS-Adobe-3.0 %%BoundingBox: 75 0 595 747 %%Title: Enscript Output %%For: Magnus Thoang %%Creator: GNU enscript 1.6.1 %%CreationDate: Fri Oct 31 13:35:32 2003 %%Orientation: Portrait %%Pages: 8 0 %%DocumentMedia: A4 595 842 0 () () %%DocumentNeededResources: (atend) %%EndComments %%BeginProlog %%BeginProcSet: PStoPS 1 15 userdict begin [/showpage/erasepage/copypage]{dup where{pop dup load type/operatortype eq{1 array cvx dup 0 3 index cvx put bind def}{pop}ifelse}{pop}ifelse}forall [/letter/legal/executivepage/a4/a4small/b5/com10envelope /monarchenvelope/c5envelope/dlenvelope/lettersmall/note /folio/quarto/a5]{dup where{dup wcheck{exch{}put} {pop{}def}ifelse}{pop}ifelse}forall /setpagedevice {pop}bind 1 index where{dup wcheck{3 1 roll put} {pop def}ifelse}{def}ifelse /PStoPSmatrix matrix currentmatrix def /PStoPSxform matrix def/PStoPSclip{clippath}def /defaultmatrix{PStoPSmatrix exch PStoPSxform exch concatmatrix}bind def /initmatrix{matrix defaultmatrix setmatrix}bind def /initclip[{matrix currentmatrix PStoPSmatrix setmatrix [{currentpoint}stopped{$error/newerror false put{newpath}} {/newpath cvx 3 1 roll/moveto cvx 4 array astore cvx}ifelse] {[/newpath cvx{/moveto cvx}{/lineto cvx} {/curveto cvx}{/closepath cvx}pathforall]cvx exch pop} stopped{$error/errorname get/invalidaccess eq{cleartomark $error/newerror false put cvx exec}{stop}ifelse}if}bind aload pop /initclip dup load dup type dup/operatortype eq{pop exch pop} {dup/arraytype eq exch/packedarraytype eq or {dup xcheck{exch pop aload pop}{pop cvx}ifelse} {pop cvx}ifelse}ifelse {newpath PStoPSclip clip newpath exec setmatrix} bind aload pop]cvx def /initgraphics{initmatrix newpath initclip 1 setlinewidth 0 setlinecap 0 setlinejoin []0 setdash 0 setgray 10 setmiterlimit}bind def end %%EndProcSet %%BeginResource: procset Enscript-Prolog 1.6 1 % % Procedures. % /_S { % save current state /_s save def } def /_R { % restore from saved state _s restore } def /S { % showpage protecting gstate gsave showpage grestore } bind def /MF { % fontname newfontname -> - make a new encoded font /newfontname exch def /fontname exch def /fontdict fontname findfont def /newfont fontdict maxlength dict def fontdict { exch dup /FID eq { % skip FID pair pop pop } { % copy to the new font dictionary exch newfont 3 1 roll put } ifelse } forall newfont /FontName newfontname put % insert only valid encoding vectors encoding_vector length 256 eq { newfont /Encoding encoding_vector put } if newfontname newfont definefont pop } def /SF { % fontname width height -> - set a new font /height exch def /width exch def findfont [width 0 0 height 0 0] makefont setfont } def /SUF { % fontname width height -> - set a new user font /height exch def /width exch def /F-gs-user-font MF /F-gs-user-font width height SF } def /M {moveto} bind def /s {show} bind def /Box { % x y w h -> - define box path /d_h exch def /d_w exch def /d_y exch def /d_x exch def d_x d_y moveto d_w 0 rlineto 0 d_h rlineto d_w neg 0 rlineto closepath } def /bgs { % x y height blskip gray str -> - show string with bg color /str exch def /gray exch def /blskip exch def /height exch def /y exch def /x exch def gsave x y blskip sub str stringwidth pop height Box gray setgray fill grestore x y M str s } def % Highlight bars. /highlight_bars { % nlines lineheight output_y_margin gray -> - gsave setgray /ymarg exch def /lineheight exch def /nlines exch def % This 2 is just a magic number to sync highlight lines to text. 0 d_header_y ymarg sub 2 sub translate /cw d_output_w cols div def /nrows d_output_h ymarg 2 mul sub lineheight div cvi def % for each column 0 1 cols 1 sub { cw mul /xp exch def % for each rows 0 1 nrows 1 sub { /rn exch def rn lineheight mul neg /yp exch def rn nlines idiv 2 mod 0 eq { % Draw highlight bar. 4 is just a magic indentation. xp 4 add yp cw 8 sub lineheight neg Box fill } if } for } for grestore } def % Line highlight bar. /line_highlight { % x y width height gray -> - gsave /gray exch def Box gray setgray fill grestore } def % Column separator lines. /column_lines { gsave .1 setlinewidth 0 d_footer_h translate /cw d_output_w cols div def 1 1 cols 1 sub { cw mul 0 moveto 0 d_output_h rlineto stroke } for grestore } def % Column borders. /column_borders { gsave .1 setlinewidth 0 d_footer_h moveto 0 d_output_h rlineto d_output_w 0 rlineto 0 d_output_h neg rlineto closepath stroke grestore } def % Do the actual underlay drawing /draw_underlay { ul_style 0 eq { ul_str true charpath stroke } { ul_str show } ifelse } def % Underlay /underlay { % - -> - gsave 0 d_page_h translate d_page_h neg d_page_w atan rotate ul_gray setgray ul_font setfont /dw d_page_h dup mul d_page_w dup mul add sqrt def ul_str stringwidth pop dw exch sub 2 div ul_h_ptsize -2 div moveto draw_underlay grestore } def /user_underlay { % - -> - gsave ul_x ul_y translate ul_angle rotate ul_gray setgray ul_font setfont 0 0 ul_h_ptsize 2 div sub moveto draw_underlay grestore } def % Page prefeed /page_prefeed { % bool -> - statusdict /prefeed known { statusdict exch /prefeed exch put } { pop } ifelse } def % Wrapped line markers /wrapped_line_mark { % x y charwith charheight type -> - /type exch def /h exch def /w exch def /y exch def /x exch def type 2 eq { % Black boxes (like TeX does) gsave 0 setlinewidth x w 4 div add y M 0 h rlineto w 2 div 0 rlineto 0 h neg rlineto closepath fill grestore } { type 3 eq { % Small arrows gsave .2 setlinewidth x w 2 div add y h 2 div add M w 4 div 0 rlineto x w 4 div add y lineto stroke x w 4 div add w 8 div add y h 4 div add M x w 4 div add y lineto w 4 div h 8 div rlineto stroke grestore } { % do nothing } ifelse } ifelse } def % EPSF import. /BeginEPSF { /b4_Inc_state save def % Save state for cleanup /dict_count countdictstack def % Count objects on dict stack /op_count count 1 sub def % Count objects on operand stack userdict begin /showpage { } def 0 setgray 0 setlinecap 1 setlinewidth 0 setlinejoin 10 setmiterlimit [ ] 0 setdash newpath /languagelevel where { pop languagelevel 1 ne { false setstrokeadjust false setoverprint } if } if } bind def /EndEPSF { count op_count sub { pos } repeat % Clean up stacks countdictstack dict_count sub { end } repeat b4_Inc_state restore } bind def % Check PostScript language level. /languagelevel where { pop /gs_languagelevel languagelevel def } { /gs_languagelevel 1 def } ifelse %%EndResource %%BeginResource: procset Enscript-Encoding-88591 1.6 1 /encoding_vector [ /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash /zero /one /two /three /four /five /six /seven /eight /nine /colon /semicolon /less /equal /greater /question /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore /quoteleft /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright /tilde /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /space /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright /ordfeminine /guillemotleft /logicalnot /hyphen /registered /macron /degree /plusminus /twosuperior /threesuperior /acute /mu /paragraph /bullet /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf /threequarters /questiondown /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla /Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis /Eth /Ntilde /Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls /agrave /aacute /acircumflex /atilde /adieresis /aring /ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis /eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave /uacute /ucircumflex /udieresis /yacute /thorn /ydieresis ] def %%EndResource %%EndProlog %%BeginSetup %%IncludeResource: font Courier-Bold %%IncludeResource: font Courier /HFpt_w 10 def /HFpt_h 10 def /Courier-Bold /HF-gs-font MF /HF /HF-gs-font findfont [HFpt_w 0 0 HFpt_h 0 0] makefont def /Courier /F-gs-font MF /F-gs-font 10 10 SF /#copies 1 def /d_page_w 520 def /d_page_h 747 def /d_header_x 0 def /d_header_y 747 def /d_header_w 520 def /d_header_h 0 def /d_footer_x 0 def /d_footer_y 0 def /d_footer_w 520 def /d_footer_h 0 def /d_output_w 520 def /d_output_h 747 def /cols 1 def userdict/PStoPSxform PStoPSmatrix matrix currentmatrix matrix invertmatrix matrix concatmatrix matrix invertmatrix put %%EndSetup %%Page: (0,1) 1 userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 0.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip /showpage{}def/copypage{}def/erasepage{}def PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 1 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 701 M (Network Working Group T. Ylonen) s 5 690 M (Internet-Draft SSH Communications Security Corp) s 5 679 M (Expires: March 2, 2003 D. Moffat, Ed.) s 5 668 M ( Sun Microsystems, Inc) s 5 657 M ( September 2002) s 5 624 M ( SSH Authentication Protocol) s 5 613 M ( draft-ietf-secsh-userauth-18.txt) s 5 591 M (Status of this Memo) s 5 569 M ( This document is an Internet-Draft and is in full conformance with) s 5 558 M ( all provisions of Section 10 of RFC2026.) s 5 536 M ( Internet-Drafts are working documents of the Internet Engineering) s 5 525 M ( Task Force \(IETF\), its areas, and its working groups. Note that other) s 5 514 M ( groups may also distribute working documents as Internet-Drafts.) s 5 492 M ( Internet-Drafts are draft documents valid for a maximum of six months) s 5 481 M ( and may be updated, replaced, or obsoleted by other documents at any) s 5 470 M ( time. It is inappropriate to use Internet-Drafts as reference) s 5 459 M ( material or to cite them other than as "work in progress.") s 5 437 M ( The list of current Internet-Drafts can be accessed at http://) s 5 426 M ( www.ietf.org/ietf/1id-abstracts.txt.) s 5 404 M ( The list of Internet-Draft Shadow Directories can be accessed at) s 5 393 M ( http://www.ietf.org/shadow.html.) s 5 371 M ( This Internet-Draft will expire on March 2, 2003.) s 5 349 M (Copyright Notice) s 5 327 M ( Copyright \(C\) The Internet Society \(2002\). All Rights Reserved.) s 5 305 M (Abstract) s 5 283 M ( SSH is a protocol for secure remote login and other secure network) s 5 272 M ( services over an insecure network. This document describes the SSH) s 5 261 M ( authentication protocol framework and public key, password, and) s 5 250 M ( host-based client authentication methods. Additional authentication) s 5 239 M ( methods are described in separate documents. The SSH authentication) s 5 228 M ( protocol runs on top of the SSH transport layer protocol and provides) s 5 217 M ( a single authenticated tunnel for the SSH connection protocol.) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 1]) s _R S PStoPSsaved restore userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 421.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 2 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M (Table of Contents) s 5 668 M ( 1. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 3) s 5 657 M ( 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3) s 5 646 M ( 3. Conventions Used in This Document . . . . . . . . . . . . . 3) s 5 635 M ( 3.1 The Authentication Protocol Framework . . . . . . . . . . . 3) s 5 624 M ( 3.1.1 Authentication Requests . . . . . . . . . . . . . . . . . . 4) s 5 613 M ( 3.1.2 Responses to Authentication Requests . . . . . . . . . . . . 5) s 5 602 M ( 3.1.3 The "none" Authentication Request . . . . . . . . . . . . . 6) s 5 591 M ( 3.1.4 Completion of User Authentication . . . . . . . . . . . . . 6) s 5 580 M ( 3.1.5 Banner Message . . . . . . . . . . . . . . . . . . . . . . . 7) s 5 569 M ( 3.2 Authentication Protocol Message Numbers . . . . . . . . . . 7) s 5 558 M ( 3.3 Public Key Authentication Method: publickey . . . . . . . . 8) s 5 547 M ( 3.4 Password Authentication Method: password . . . . . . . . . . 10) s 5 536 M ( 3.5 Host-Based Authentication: hostbased . . . . . . . . . . . . 11) s 5 525 M ( 4. Security Considerations . . . . . . . . . . . . . . . . . . 12) s 5 514 M ( Normative . . . . . . . . . . . . . . . . . . . . . . . . . 13) s 5 503 M ( Informative . . . . . . . . . . . . . . . . . . . . . . . . 13) s 5 492 M ( Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 14) s 5 481 M ( Intellectual Property and Copyright Statements . . . . . . . 15) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 2]) s _R S PStoPSsaved restore %%Page: (2,3) 2 userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 0.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip /showpage{}def/copypage{}def/erasepage{}def PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 3 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M (1. Contributors) s 5 668 M ( The major original contributors of this document were: Tatu Ylonen,) s 5 657 M ( Tero Kivinen, Timo J. Rinne, Sami Lehtinen \(all of SSH Communications) s 5 646 M ( Security Corp\), and Markku-Juhani O. Saarinen \(University of) s 5 635 M ( Jyvaskyla\)) s 5 613 M ( The document editor is: Darren.Moffat@Sun.COM. Comments on this) s 5 602 M ( internet draft should be sent to the IETF SECSH working group,) s 5 591 M ( details at: http://ietf.org/html.charters/secsh-charter.html) s 5 569 M (2. Introduction) s 5 547 M ( The SSH authentication protocol is a general-purpose user) s 5 536 M ( authentication protocol. It is intended to be run over the SSH) s 5 525 M ( transport layer protocol [SSH-TRANS]. This protocol assumes that the) s 5 514 M ( underlying protocols provide integrity and confidentiality) s 5 503 M ( protection.) s 5 481 M ( This document should be read only after reading the SSH architecture) s 5 470 M ( document [SSH-ARCH]. This document freely uses terminology and) s 5 459 M ( notation from the architecture document without reference or further) s 5 448 M ( explanation.) s 5 426 M ( The service name for this protocol is "ssh-userauth".) s 5 404 M ( When this protocol starts, it receives the session identifier from) s 5 393 M ( the lower-level protocol \(this is the exchange hash H from the first) s 5 382 M ( key exchange\). The session identifier uniquely identifies this) s 5 371 M ( session and is suitable for signing in order to prove ownership of a) s 5 360 M ( private key. This protocol also needs to know whether the lower-level) s 5 349 M ( protocol provides confidentiality protection.) s 5 327 M (3. Conventions Used in This Document) s 5 305 M ( The keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",) s 5 294 M ( and "MAY" that appear in this document are to be interpreted as) s 5 283 M ( described in [RFC2119]) s 5 261 M ( The used data types and terminology are specified in the architecture) s 5 250 M ( document [SSH-ARCH]) s 5 228 M ( The architecture document also discusses the algorithm naming) s 5 217 M ( conventions that MUST be used with the SSH protocols.) s 5 195 M (3.1 The Authentication Protocol Framework) s 5 173 M ( The server drives the authentication by telling the client which) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 3]) s _R S PStoPSsaved restore userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 421.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 4 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M ( authentication methods can be used to continue the exchange at any) s 5 679 M ( given time. The client has the freedom to try the methods listed by) s 5 668 M ( the server in any order. This gives the server complete control over) s 5 657 M ( the authentication process if desired, but also gives enough) s 5 646 M ( flexibility for the client to use the methods it supports or that are) s 5 635 M ( most convenient for the user, when multiple methods are offered by) s 5 624 M ( the server.) s 5 602 M ( Authentication methods are identified by their name, as defined in) s 5 591 M ( [SSH-ARCH]. The "none" method is reserved, and MUST NOT be listed as) s 5 580 M ( supported. However, it MAY be sent by the client. The server MUST) s 5 569 M ( always reject this request, unless the client is to be allowed in) s 5 558 M ( without any authentication, in which case the server MUST accept this) s 5 547 M ( request. The main purpose of sending this request is to get the list) s 5 536 M ( of supported methods from the server.) s 5 514 M ( The server SHOULD have a timeout for authentication, and disconnect) s 5 503 M ( if the authentication has not been accepted within the timeout) s 5 492 M ( period. The RECOMMENDED timeout period is 10 minutes. Additionally,) s 5 481 M ( the implementation SHOULD limit the number of failed authentication) s 5 470 M ( attempts a client may perform in a single session \(the RECOMMENDED) s 5 459 M ( limit is 20 attempts\). If the threshold is exceeded, the server) s 5 448 M ( SHOULD disconnect.) s 5 426 M (3.1.1 Authentication Requests) s 5 404 M ( All authentication requests MUST use the following message format.) s 5 393 M ( Only the first few fields are defined; the remaining fields depend on) s 5 382 M ( the authentication method.) s 5 360 M ( byte SSH_MSG_USERAUTH_REQUEST) s 5 349 M ( string user name \(in ISO-10646 UTF-8 encoding [RFC2279]\)) s 5 338 M ( string service name \(in US-ASCII\)) s 5 327 M ( string method name \(US-ASCII\)) s 5 316 M ( The rest of the packet is method-specific.) s 5 294 M ( The user name and service are repeated in every new authentication) s 5 283 M ( attempt, and MAY change. The server implementation MUST carefully) s 5 272 M ( check them in every message, and MUST flush any accumulated) s 5 261 M ( authentication states if they change. If it is unable to flush some) s 5 250 M ( authentication state, it MUST disconnect if the user or service name) s 5 239 M ( changes.) s 5 217 M ( The service name specifies the service to start after authentication.) s 5 206 M ( There may be several different authenticated services provided. If) s 5 195 M ( the requested service is not available, the server MAY disconnect) s 5 184 M ( immediately or at any later time. Sending a proper disconnect) s 5 173 M ( message is RECOMMENDED. In any case, if the service does not exist,) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 4]) s _R S PStoPSsaved restore %%Page: (4,5) 3 userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 0.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip /showpage{}def/copypage{}def/erasepage{}def PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 5 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M ( authentication MUST NOT be accepted.) s 5 668 M ( If the requested user does not exist, the server MAY disconnect, or) s 5 657 M ( MAY send a bogus list of acceptable authentication methods, but never) s 5 646 M ( accept any. This makes it possible for the server to avoid) s 5 635 M ( disclosing information on which accounts exist. In any case, if the) s 5 624 M ( user does not exist, the authentication request MUST NOT be accepted.) s 5 602 M ( While there is usually little point for clients to send requests that) s 5 591 M ( the server does not list as acceptable, sending such requests is not) s 5 580 M ( an error, and the server SHOULD simply reject requests that it does) s 5 569 M ( not recognize.) s 5 547 M ( An authentication request MAY result in a further exchange of) s 5 536 M ( messages. All such messages depend on the authentication method) s 5 525 M ( used, and the client MAY at any time continue with a new) s 5 514 M ( SSH_MSG_USERAUTH_REQUEST message, in which case the server MUST) s 5 503 M ( abandon the previous authentication attempt and continue with the new) s 5 492 M ( one.) s 5 470 M (3.1.2 Responses to Authentication Requests) s 5 448 M ( If the server rejects the authentication request, it MUST respond) s 5 437 M ( with the following:) s 5 415 M ( byte SSH_MSG_USERAUTH_FAILURE) s 5 404 M ( string authentications that can continue) s 5 393 M ( boolean partial success) s 5 371 M ( "Authentications that can continue" is a comma-separated list of) s 5 360 M ( authentication method names that may productively continue the) s 5 349 M ( authentication dialog.) s 5 327 M ( It is RECOMMENDED that servers only include those methods in the list) s 5 316 M ( that are actually useful. However, it is not illegal to include) s 5 305 M ( methods that cannot be used to authenticate the user.) s 5 283 M ( Already successfully completed authentications SHOULD NOT be included) s 5 272 M ( in the list, unless they really should be performed again for some) s 5 261 M ( reason.) s 5 239 M ( "Partial success" MUST be TRUE if the authentication request to which) s 5 228 M ( this is a response was successful. It MUST be FALSE if the request) s 5 217 M ( was not successfully processed.) s 5 195 M ( When the server accepts authentication, it MUST respond with the) s 5 184 M ( following:) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 5]) s _R S PStoPSsaved restore userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 421.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 6 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M ( byte SSH_MSG_USERAUTH_SUCCESS) s 5 668 M ( Note that this is not sent after each step in a multi-method) s 5 657 M ( authentication sequence, but only when the authentication is) s 5 646 M ( complete.) s 5 624 M ( The client MAY send several authentication requests without waiting) s 5 613 M ( for responses from previous requests. The server MUST process each) s 5 602 M ( request completely and acknowledge any failed requests with a) s 5 591 M ( SSH_MSG_USERAUTH_FAILURE message before processing the next request.) s 5 569 M ( A request that results in further exchange of messages will be) s 5 558 M ( aborted by a second request. It is not possible to send a second) s 5 547 M ( request without waiting for a response from the server, if the first) s 5 536 M ( request will result in further exchange of messages. No) s 5 525 M ( SSH_MSG_USERAUTH_FAILURE message will be sent for the aborted method.) s 5 503 M ( SSH_MSG_USERAUTH_SUCCESS MUST be sent only once. When) s 5 492 M ( SSH_MSG_USERAUTH_SUCCESS has been sent, any further authentication) s 5 481 M ( requests received after that SHOULD be silently ignored.) s 5 459 M ( Any non-authentication messages sent by the client after the request) s 5 448 M ( that resulted in SSH_MSG_USERAUTH_SUCCESS being sent MUST be passed) s 5 437 M ( to the service being run on top of this protocol. Such messages can) s 5 426 M ( be identified by their message numbers \(see Section Message Numbers) s 5 415 M ( \(Section 3.2\)\).) s 5 393 M (3.1.3 The "none" Authentication Request) s 5 371 M ( A client may request a list of authentication methods that may) s 5 360 M ( continue by using the "none" authentication method.) s 5 338 M ( If no authentication at all is needed for the user, the server MUST) s 5 327 M ( return SSH_MSG_USERAUTH_SUCCESS. Otherwise, the server MUST return) s 5 316 M ( SSH_MSG_USERAUTH_FAILURE and MAY return with it a list of) s 5 305 M ( authentication methods that can continue.) s 5 283 M ( This method MUST NOT be listed as supported by the server.) s 5 261 M (3.1.4 Completion of User Authentication) s 5 239 M ( Authentication is complete when the server has responded with) s 5 228 M ( SSH_MSG_USERAUTH_SUCCESS; all authentication related messages) s 5 217 M ( received after sending this message SHOULD be silently ignored.) s 5 195 M ( After sending SSH_MSG_USERAUTH_SUCCESS, the server starts the) s 5 184 M ( requested service.) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 6]) s _R S PStoPSsaved restore %%Page: (6,7) 4 userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 0.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip /showpage{}def/copypage{}def/erasepage{}def PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 7 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M (3.1.5 Banner Message) s 5 668 M ( In some jurisdictions, sending a warning message before) s 5 657 M ( authentication may be relevant for getting legal protection. Many) s 5 646 M ( UNIX machines, for example, normally display text from `/etc/issue',) s 5 635 M ( or use "tcp wrappers" or similar software to display a banner before) s 5 624 M ( issuing a login prompt.) s 5 602 M ( The SSH server may send a SSH_MSG_USERAUTH_BANNER message at any time) s 5 591 M ( before authentication is successful. This message contains text to) s 5 580 M ( be displayed to the client user before authentication is attempted.) s 5 569 M ( The format is as follows:) s 5 547 M ( byte SSH_MSG_USERAUTH_BANNER) s 5 536 M ( string message \(ISO-10646 UTF-8\)) s 5 525 M ( string language tag \(as defined in [RFC3066]\)) s 5 503 M ( The client SHOULD by default display the message on the screen.) s 5 492 M ( However, since the message is likely to be sent for every login) s 5 481 M ( attempt, and since some client software will need to open a separate) s 5 470 M ( window for this warning, the client software may allow the user to) s 5 459 M ( explicitly disable the display of banners from the server. The) s 5 448 M ( message may consist of multiple lines.) s 5 426 M ( If the message string is displayed, control character filtering) s 5 415 M ( discussed in [SSH-ARCH] SHOULD be used to avoid attacks by sending) s 5 404 M ( terminal control characters.) s 5 382 M (3.2 Authentication Protocol Message Numbers) s 5 360 M ( All message numbers used by this authentication protocol are in the) s 5 349 M ( range from 50 to 79, which is part of the range reserved for) s 5 338 M ( protocols running on top of the SSH transport layer protocol.) s 5 316 M ( Message numbers of 80 and higher are reserved for protocols running) s 5 305 M ( after this authentication protocol, so receiving one of them before) s 5 294 M ( authentication is complete is an error, to which the server MUST) s 5 283 M ( respond by disconnecting \(preferably with a proper disconnect message) s 5 272 M ( sent first to ease troubleshooting\).) s 5 250 M ( After successful authentication, such messages are passed to the) s 5 239 M ( higher-level service.) s 5 217 M ( These are the general authentication message codes:) s 5 195 M ( #define SSH_MSG_USERAUTH_REQUEST 50) s 5 184 M ( #define SSH_MSG_USERAUTH_FAILURE 51) s 5 173 M ( #define SSH_MSG_USERAUTH_SUCCESS 52) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 7]) s _R S PStoPSsaved restore userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 421.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 8 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M ( #define SSH_MSG_USERAUTH_BANNER 53) s 5 668 M ( In addition to the above, there is a range of message numbers) s 5 657 M ( \(60..79\) reserved for method-specific messages. These messages are) s 5 646 M ( only sent by the server \(client sends only SSH_MSG_USERAUTH_REQUEST) s 5 635 M ( messages\). Different authentication methods reuse the same message) s 5 624 M ( numbers.) s 5 602 M (3.3 Public Key Authentication Method: publickey) s 5 580 M ( The only REQUIRED authentication method is public key authentication.) s 5 569 M ( All implementations MUST support this method; however, not all users) s 5 558 M ( need to have public keys, and most local policies are not likely to) s 5 547 M ( require public key authentication for all users in the near future.) s 5 525 M ( With this method, the possession of a private key serves as) s 5 514 M ( authentication. This method works by sending a signature created) s 5 503 M ( with a private key of the user. The server MUST check that the key) s 5 492 M ( is a valid authenticator for the user, and MUST check that the) s 5 481 M ( signature is valid. If both hold, the authentication request MUST be) s 5 470 M ( accepted; otherwise it MUST be rejected. \(Note that the server MAY) s 5 459 M ( require additional authentications after successful authentication.\)) s 5 437 M ( Private keys are often stored in an encrypted form at the client) s 5 426 M ( host, and the user must supply a passphrase before the signature can) s 5 415 M ( be generated. Even if they are not, the signing operation involves) s 5 404 M ( some expensive computation. To avoid unnecessary processing and user) s 5 393 M ( interaction, the following message is provided for querying whether) s 5 382 M ( authentication using the key would be acceptable.) s 5 360 M ( byte SSH_MSG_USERAUTH_REQUEST) s 5 349 M ( string user name) s 5 338 M ( string service) s 5 327 M ( string "publickey") s 5 316 M ( boolean FALSE) s 5 305 M ( string public key algorithm name) s 5 294 M ( string public key blob) s 5 272 M ( Public key algorithms are defined in the transport layer) s 5 261 M ( specification [SSH-TRANS]. The public key blob may contain) s 5 250 M ( certificates.) s 5 228 M ( Any public key algorithm may be offered for use in authentication.) s 5 217 M ( In particular, the list is not constrained by what was negotiated) s 5 206 M ( during key exchange. If the server does not support some algorithm,) s 5 195 M ( it MUST simply reject the request.) s 5 173 M ( The server MUST respond to this message with either) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 8]) s _R S PStoPSsaved restore %%Page: (8,9) 5 userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 0.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip /showpage{}def/copypage{}def/erasepage{}def PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 9 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M ( SSH_MSG_USERAUTH_FAILURE or with the following:) s 5 668 M ( byte SSH_MSG_USERAUTH_PK_OK) s 5 657 M ( string public key algorithm name from the request) s 5 646 M ( string public key blob from the request) s 5 624 M ( To perform actual authentication, the client MAY then send a) s 5 613 M ( signature generated using the private key. The client MAY send the) s 5 602 M ( signature directly without first verifying whether the key is) s 5 591 M ( acceptable. The signature is sent using the following packet:) s 5 569 M ( byte SSH_MSG_USERAUTH_REQUEST) s 5 558 M ( string user name) s 5 547 M ( string service) s 5 536 M ( string "publickey") s 5 525 M ( boolean TRUE) s 5 514 M ( string public key algorithm name) s 5 503 M ( string public key to be used for authentication) s 5 492 M ( string signature) s 5 470 M ( Signature is a signature by the corresponding private key over the) s 5 459 M ( following data, in the following order:) s 5 437 M ( string session identifier) s 5 426 M ( byte SSH_MSG_USERAUTH_REQUEST) s 5 415 M ( string user name) s 5 404 M ( string service) s 5 393 M ( string "publickey") s 5 382 M ( boolean TRUE) s 5 371 M ( string public key algorithm name) s 5 360 M ( string public key to be used for authentication) s 5 338 M ( When the server receives this message, it MUST check whether the) s 5 327 M ( supplied key is acceptable for authentication, and if so, it MUST) s 5 316 M ( check whether the signature is correct.) s 5 294 M ( If both checks succeed, this method is successful. Note that the) s 5 283 M ( server may require additional authentications. The server MUST) s 5 272 M ( respond with SSH_MSG_USERAUTH_SUCCESS \(if no more authentications are) s 5 261 M ( needed\), or SSH_MSG_USERAUTH_FAILURE \(if the request failed, or more) s 5 250 M ( authentications are needed\).) s 5 228 M ( The following method-specific message numbers are used by the) s 5 217 M ( publickey authentication method.) s 5 195 M ( /* Key-based */) s 5 184 M ( #define SSH_MSG_USERAUTH_PK_OK 60) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 9]) s _R S PStoPSsaved restore userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 421.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 10 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M (3.4 Password Authentication Method: password) s 5 668 M ( Password authentication uses the following packets. Note that a) s 5 657 M ( server MAY request the user to change the password. All) s 5 646 M ( implementations SHOULD support password authentication.) s 5 624 M ( byte SSH_MSG_USERAUTH_REQUEST) s 5 613 M ( string user name) s 5 602 M ( string service) s 5 591 M ( string "password") s 5 580 M ( boolean FALSE) s 5 569 M ( string plaintext password \(ISO-10646 UTF-8\)) s 5 547 M ( Note that the password is encoded in ISO-10646 UTF-8. It is up to) s 5 536 M ( the server how it interprets the password and validates it against) s 5 525 M ( the password database. However, if the client reads the password in) s 5 514 M ( some other encoding \(e.g., ISO 8859-1 \(ISO Latin1\)\), it MUST convert) s 5 503 M ( the password to ISO-10646 UTF-8 before transmitting, and the server) s 5 492 M ( MUST convert the password to the encoding used on that system for) s 5 481 M ( passwords.) s 5 459 M ( Note that even though the cleartext password is transmitted in the) s 5 448 M ( packet, the entire packet is encrypted by the transport layer. Both) s 5 437 M ( the server and the client should check whether the underlying) s 5 426 M ( transport layer provides confidentiality \(i.e., if encryption is) s 5 415 M ( being used\). If no confidentiality is provided \(none cipher\),) s 5 404 M ( password authentication SHOULD be disabled. If there is no) s 5 393 M ( confidentiality or no MAC, password change SHOULD be disabled.) s 5 371 M ( Normally, the server responds to this message with success or) s 5 360 M ( failure. However, if the password has expired the server SHOULD) s 5 349 M ( indicate this by responding with SSH_MSG_USERAUTH_PASSWD_CHANGEREQ.) s 5 338 M ( In anycase the server MUST NOT allow an expired password to be used) s 5 327 M ( for authentication.) s 5 305 M ( byte SSH_MSG_USERAUTH_PASSWD_CHANGEREQ) s 5 294 M ( string prompt \(ISO-10646 UTF-8\)) s 5 283 M ( string language tag \(as defined in [RFC3066]\)) s 5 261 M ( In this case, the client MAY continue with a different authentication) s 5 250 M ( method, or request a new password from the user and retry password) s 5 239 M ( authentication using the following message. The client MAY also send) s 5 228 M ( this message instead of the normal password authentication request) s 5 217 M ( without the server asking for it.) s 5 195 M ( byte SSH_MSG_USERAUTH_REQUEST) s 5 184 M ( string user name) s 5 173 M ( string service) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 10]) s _R S PStoPSsaved restore %%Page: (10,11) 6 userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 0.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip /showpage{}def/copypage{}def/erasepage{}def PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 11 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M ( string "password") s 5 679 M ( boolean TRUE) s 5 668 M ( string plaintext old password \(ISO-10646 UTF-8\)) s 5 657 M ( string plaintext new password \(ISO-10646 UTF-8\)) s 5 635 M ( The server must reply to request message with) s 5 624 M ( SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, or another) s 5 613 M ( SSH_MSG_USERAUTH_PASSWD_CHANGEREQ. The meaning of these is as) s 5 602 M ( follows:) s 5 580 M ( SSH_MSG_USERAUTH_SUCCESS The password has been changed, and) s 5 569 M ( authentication has been successfully completed.) s 5 547 M ( SSH_MSG_USERAUTH_FAILURE with partial success The password has) s 5 536 M ( been changed, but more authentications are needed.) s 5 514 M ( SSH_MSG_USERAUTH_FAILURE without partial success The password has) s 5 503 M ( not been changed. Either password changing was not supported, or) s 5 492 M ( the old password was bad. Note that if the server has already) s 5 481 M ( sent SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, we know that it supports) s 5 470 M ( changing the password.) s 5 448 M ( SSH_MSG_USERAUTH_CHANGEREQ The password was not changed because) s 5 437 M ( the new password was not acceptable \(e.g. too easy to guess\).) s 5 415 M ( The following method-specific message numbers are used by the) s 5 404 M ( password authentication method.) s 5 382 M ( #define SSH_MSG_USERAUTH_PASSWD_CHANGEREQ 60) s 5 349 M (3.5 Host-Based Authentication: hostbased) s 5 327 M ( Some sites wish to allow authentication based on the host where the) s 5 316 M ( user is coming from, and the user name on the remote host. While) s 5 305 M ( this form of authentication is not suitable for high-security sites,) s 5 294 M ( it can be very convenient in many environments. This form of) s 5 283 M ( authentication is OPTIONAL. When used, special care SHOULD be taken) s 5 272 M ( to prevent a regular user from obtaining the private host key.) s 5 250 M ( The client requests this form of authentication by sending the) s 5 239 M ( following message. It is similar to the UNIX "rhosts" and) s 5 228 M ( "hosts.equiv" styles of authentication, except that the identity of) s 5 217 M ( the client host is checked more rigorously.) s 5 195 M ( This method works by having the client send a signature created with) s 5 184 M ( the private key of the client host, which the server checks with that) s 5 173 M ( host's public key. Once the client host's identity is established,) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 11]) s _R S PStoPSsaved restore userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 421.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 12 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M ( authorization \(but no further authentication\) is performed based on) s 5 679 M ( the user names on the server and the client, and the client host) s 5 668 M ( name.) s 5 646 M ( byte SSH_MSG_USERAUTH_REQUEST) s 5 635 M ( string user name) s 5 624 M ( string service) s 5 613 M ( string "hostbased") s 5 602 M ( string public key algorithm for host key) s 5 591 M ( string public host key and certificates for client host) s 5 580 M ( string client host name \(FQDN; US-ASCII\)) s 5 569 M ( string user name on the client host \(ISO-10646 UTF-8\)) s 5 558 M ( string signature) s 5 536 M ( Public key algorithm names for use in "public key algorithm for host) s 5 525 M ( key" are defined in the transport layer specification. The "public) s 5 514 M ( host key for client host" may include certificates.) s 5 492 M ( Signature is a signature with the private host key of the following) s 5 481 M ( data, in this order:) s 5 459 M ( string session identifier) s 5 448 M ( byte SSH_MSG_USERAUTH_REQUEST) s 5 437 M ( string user name) s 5 426 M ( string service) s 5 415 M ( string "hostbased") s 5 404 M ( string public key algorithm for host key) s 5 393 M ( string public host key and certificates for client host) s 5 382 M ( string client host name \(FQDN; US-ASCII\)) s 5 371 M ( string user name on the client host\(ISO-10646 UTF-8\)) s 5 349 M ( The server MUST verify that the host key actually belongs to the) s 5 338 M ( client host named in the message, that the given user on that host is) s 5 327 M ( allowed to log in, and that the signature is a valid signature on the) s 5 316 M ( appropriate value by the given host key. The server MAY ignore the) s 5 305 M ( client user name, if it wants to authenticate only the client host.) s 5 283 M ( It is RECOMMENDED that whenever possible, the server perform) s 5 272 M ( additional checks to verify that the network address obtained from) s 5 261 M ( the \(untrusted\) network matches the given client host name. This) s 5 250 M ( makes exploiting compromised host keys more difficult. Note that) s 5 239 M ( this may require special handling for connections coming through a) s 5 228 M ( firewall.) s 5 206 M (4. Security Considerations) s 5 184 M ( The purpose of this protocol is to perform client user) s 5 173 M ( authentication. It assumed that this runs over a secure transport) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 12]) s _R S PStoPSsaved restore %%Page: (12,13) 7 userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 0.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip /showpage{}def/copypage{}def/erasepage{}def PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 13 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M ( layer protocol, which has already authenticated the server machine,) s 5 679 M ( established an encrypted communications channel, and computed a) s 5 668 M ( unique session identifier for this session. The transport layer) s 5 657 M ( provides forward secrecy for password authentication and other) s 5 646 M ( methods that rely on secret data.) s 5 624 M ( Full security considerations for this protocol are provided in) s 5 613 M ( Section 8 of [SSH-ARCH]) s 5 591 M (Normative) s 5 569 M ( [SSH-ARCH]) s 5 558 M ( Ylonen, T., "SSH Protocol Architecture", I-D) s 5 547 M ( draft-ietf-architecture-15.txt, Oct 2003.) s 5 525 M ( [SSH-TRANS]) s 5 514 M ( Ylonen, T., "SSH Transport Layer Protocol", I-D) s 5 503 M ( draft-ietf-transport-17.txt, Oct 2003.) s 5 481 M ( [SSH-USERAUTH]) s 5 470 M ( Ylonen, T., "SSH Authentication Protocol", I-D) s 5 459 M ( draft-ietf-userauth-18.txt, Oct 2003.) s 5 437 M ( [SSH-CONNECT]) s 5 426 M ( Ylonen, T., "SSH Connection Protocol", I-D) s 5 415 M ( draft-ietf-connect-18.txt, Oct 2003.) s 5 393 M ( [SSH-NUMBERS]) s 5 382 M ( Lehtinen, S. and D. Moffat, "SSH Protocol Assigned) s 5 371 M ( Numbers", I-D draft-ietf-secsh-assignednumbers-05.txt, Oct) s 5 360 M ( 2003.) s 5 338 M ( [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate) s 5 327 M ( Requirement Levels", BCP 14, RFC 2119, March 1997.) s 5 305 M (Informative) s 5 283 M ( [RFC3066] Alvestrand, H., "Tags for the Identification of) s 5 272 M ( Languages", BCP 47, RFC 3066, January 2001.) s 5 250 M ( [RFC2279] Yergeau, F., "UTF-8, a transformation format of ISO) s 5 239 M ( 10646", RFC 2279, January 1998.) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 13]) s _R S PStoPSsaved restore userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 421.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 14 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M (Authors' Addresses) s 5 668 M ( Tatu Ylonen) s 5 657 M ( SSH Communications Security Corp) s 5 646 M ( Fredrikinkatu 42) s 5 635 M ( HELSINKI FIN-00100) s 5 624 M ( Finland) s 5 602 M ( EMail: ylo@ssh.com) s 5 569 M ( Darren J. Moffat \(editor\)) s 5 558 M ( Sun Microsystems, Inc) s 5 547 M ( 17 Network Circle) s 5 536 M ( Menlo Park 95025) s 5 525 M ( USA) s 5 503 M ( EMail: Darren.Moffat@Sun.COM) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 14]) s _R S PStoPSsaved restore %%Page: (14,15) 8 userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 0.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip /showpage{}def/copypage{}def/erasepage{}def PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 15 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M (Intellectual Property Statement) s 5 668 M ( The IETF takes no position regarding the validity or scope of any) s 5 657 M ( intellectual property or other rights that might be claimed to) s 5 646 M ( pertain to the implementation or use of the technology described in) s 5 635 M ( this document or the extent to which any license under such rights) s 5 624 M ( might or might not be available; neither does it represent that it) s 5 613 M ( has made any effort to identify any such rights. Information on the) s 5 602 M ( IETF's procedures with respect to rights in standards-track and) s 5 591 M ( standards-related documentation can be found in BCP-11. Copies of) s 5 580 M ( claims of rights made available for publication and any assurances of) s 5 569 M ( licenses to be made available, or the result of an attempt made to) s 5 558 M ( obtain a general license or permission for the use of such) s 5 547 M ( proprietary rights by implementors or users of this specification can) s 5 536 M ( be obtained from the IETF Secretariat.) s 5 514 M ( The IETF invites any interested party to bring to its attention any) s 5 503 M ( copyrights, patents or patent applications, or other proprietary) s 5 492 M ( rights which may cover technology that may be required to practice) s 5 481 M ( this standard. Please address the information to the IETF Executive) s 5 470 M ( Director.) s 5 448 M ( The IETF has been notified of intellectual property rights claimed in) s 5 437 M ( regard to some or all of the specification contained in this) s 5 426 M ( document. For more information consult the online list of claimed) s 5 415 M ( rights.) s 5 382 M (Full Copyright Statement) s 5 360 M ( Copyright \(C\) The Internet Society \(2002\). All Rights Reserved.) s 5 338 M ( This document and translations of it may be copied and furnished to) s 5 327 M ( others, and derivative works that comment on or otherwise explain it) s 5 316 M ( or assist in its implementation may be prepared, copied, published) s 5 305 M ( and distributed, in whole or in part, without restriction of any) s 5 294 M ( kind, provided that the above copyright notice and this paragraph are) s 5 283 M ( included on all such copies and derivative works. However, this) s 5 272 M ( document itself may not be modified in any way, such as by removing) s 5 261 M ( the copyright notice or references to the Internet Society or other) s 5 250 M ( Internet organizations, except as needed for the purpose of) s 5 239 M ( developing Internet standards in which case the procedures for) s 5 228 M ( copyrights defined in the Internet Standards process must be) s 5 217 M ( followed, or as required to translate it into languages other than) s 5 206 M ( English.) s 5 184 M ( The limited permissions granted above are perpetual and will not be) s 5 173 M ( revoked by the Internet Society or its successors or assignees.) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 15]) s _R S PStoPSsaved restore userdict/PStoPSsaved save put PStoPSmatrix setmatrix 595.000000 421.271378 translate 90 rotate 0.706651 dup scale userdict/PStoPSmatrix matrix currentmatrix put userdict/PStoPSclip{0 0 moveto 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto closepath}put initclip PStoPSxform concat %%BeginPageSetup _S 75 0 translate /pagenum 16 def /fname () def /fdir () def /ftail () def /user_header_p false def %%EndPageSetup 5 723 M (Internet-Draft SSH Authentication Protocol September 2002) s 5 690 M ( This document and the information contained herein is provided on an) s 5 679 M ( "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING) s 5 668 M ( TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING) s 5 657 M ( BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION) s 5 646 M ( HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF) s 5 635 M ( MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.) s 5 602 M (Acknowledgment) s 5 580 M ( Funding for the RFC Editor function is currently provided by the) s 5 569 M ( Internet Society.) s 5 129 M (Ylonen & Moffat Expires March 2, 2003 [Page 16]) s _R S PStoPSsaved restore %%Trailer %%Pages: 16 %%DocumentNeededResources: font Courier-Bold Courier %%EOF