| rfc9987v1.txt | rfc9987.txt | |||
|---|---|---|---|---|
| skipping to change at line 247 ¶ | skipping to change at line 247 ¶ | |||
| Otherwise, an agent MAY refuse to load a key that has already been | Otherwise, an agent MAY refuse to load a key that has already been | |||
| loaded. | loaded. | |||
| An agent MAY support only a subset of the key types defined here and | An agent MAY support only a subset of the key types defined here and | |||
| MAY support additional key types as described below. If an agent | MAY support additional key types as described below. If an agent | |||
| does not recognise the type name in a request to add a key, then it | does not recognise the type name in a request to add a key, then it | |||
| MUST respond with an SSH_AGENT_FAILURE reply. | MUST respond with an SSH_AGENT_FAILURE reply. | |||
| 5.2.1. DSA Keys | 5.2.1. DSA Keys | |||
| Digital Signature Algorithm (DSA) keys have key type "ssh-dss" and | Digital Signature Algorithm (DSA) keys have key type name "ssh-dss" | |||
| are defined in [RFC4253]. They may be added to the agent using the | and are defined in [RFC4253]. They may be added to the agent using | |||
| following message. The "constraints" field is only present for the | the following message. The "constraints" field is only present for | |||
| SSH_AGENTC_ADD_ID_CONSTRAINED message. | the SSH_AGENTC_ADD_ID_CONSTRAINED message. | |||
| byte SSH_AGENTC_ADD_IDENTITY or | byte SSH_AGENTC_ADD_IDENTITY or | |||
| SSH_AGENTC_ADD_ID_CONSTRAINED | SSH_AGENTC_ADD_ID_CONSTRAINED | |||
| string "ssh-dss" | string "ssh-dss" | |||
| mpint p | mpint p | |||
| mpint q | mpint q | |||
| mpint g | mpint g | |||
| mpint y | mpint y | |||
| mpint x | mpint x | |||
| string comment | string comment | |||
| skipping to change at line 305 ¶ | skipping to change at line 305 ¶ | |||
| byte SSH_AGENTC_ADD_IDENTITY or | byte SSH_AGENTC_ADD_IDENTITY or | |||
| SSH_AGENTC_ADD_ID_CONSTRAINED | SSH_AGENTC_ADD_ID_CONSTRAINED | |||
| string "ssh-ed25519" or "ssh-ed448" | string "ssh-ed25519" or "ssh-ed448" | |||
| string ENC(A) | string ENC(A) | |||
| string k || ENC(A) | string k || ENC(A) | |||
| string comment | string comment | |||
| constraint[] constraints | constraint[] constraints | |||
| The first value is the EdDSA public key ENC(A). The second value is | The first value is the EdDSA public key ENC(A). The second value is | |||
| a concatenation of the private key k and the public ENC(A) key (this | a concatenation of the private key k and the public ENC(A) key (this | |||
| redundant repetition of the public key is to maintain compatibility | repetition of the public key is to maintain compatibility with widely | |||
| with widely deployed implementations). The contents and | deployed implementations). The contents and interpretation of the | |||
| interpretation of the ENC(A) and k values are defined by Section 3.2 | ENC(A) and k values are defined by Section 3.2 of [RFC8032]. | |||
| of [RFC8032]. | ||||
| 5.2.4. RSA Keys | 5.2.4. RSA Keys | |||
| RSA keys have key type "ssh-rsa" and are defined in [RFC4253]. They | RSA keys have key type name "ssh-rsa" and are defined in [RFC4253]. | |||
| may be added to the agent using the following message. The | They may be added to the agent using the following message. The | |||
| "constraints" field is only present for the | "constraints" field is only present for the | |||
| SSH_AGENTC_ADD_ID_CONSTRAINED message. | SSH_AGENTC_ADD_ID_CONSTRAINED message. | |||
| byte SSH_AGENTC_ADD_IDENTITY or | byte SSH_AGENTC_ADD_IDENTITY or | |||
| SSH_AGENTC_ADD_ID_CONSTRAINED | SSH_AGENTC_ADD_ID_CONSTRAINED | |||
| string "ssh-rsa" | string "ssh-rsa" | |||
| mpint n | mpint n | |||
| mpint e | mpint e | |||
| mpint d | mpint d | |||
| mpint iqmp | mpint iqmp | |||
| skipping to change at line 487 ¶ | skipping to change at line 486 ¶ | |||
| byte SSH_AGENTC_REMOVE_SMARTCARD_KEY | byte SSH_AGENTC_REMOVE_SMARTCARD_KEY | |||
| string token id | string token id | |||
| string PIN | string PIN | |||
| Where "token id" is an opaque identifier for the hardware token and | Where "token id" is an opaque identifier for the hardware token and | |||
| "PIN" is an optional password or PIN (not typically used), both | "PIN" is an optional password or PIN (not typically used), both | |||
| encoded using UTF-8. Requesting deletion of token-hosted keys SHOULD | encoded using UTF-8. Requesting deletion of token-hosted keys SHOULD | |||
| cause the agent to remove all keys it loaded from the device matching | cause the agent to remove all keys it loaded from the device matching | |||
| "token id". Similarly to SSH_AGENTC_REMOVE_ALL_IDENTITIES, agents | "token id". Similarly to SSH_AGENTC_REMOVE_ALL_IDENTITIES, agents | |||
| SHOULD honour this request regardless of local policy to allow fast | SHOULD honour this request regardless of local policy to allow fast | |||
| and complete removal of keys. Note: this operation affects the agent | and complete removal of keys. Removing a token-hosted key affects | |||
| only; it SHOULD NOT cause the keys be deleted from the token itself. | the agent only; it SHOULD NOT cause the keys be deleted from the | |||
| token itself. | ||||
| An agent MUST reply with SSH_AGENT_SUCCESS if the keys were deleted | An agent MUST reply with SSH_AGENT_SUCCESS if the keys were deleted | |||
| or SSH_AGENT_FAILURE if none were found. | or SSH_AGENT_FAILURE if none were found. | |||
| 5.5. Requesting a List of Keys | 5.5. Requesting a List of Keys | |||
| A client may request a list of keys from an agent using the following | A client may request a list of keys from an agent using the following | |||
| message: | message: | |||
| byte SSH_AGENTC_REQUEST_IDENTITIES | byte SSH_AGENTC_REQUEST_IDENTITIES | |||
| skipping to change at line 654 ¶ | skipping to change at line 654 ¶ | |||
| In both cases, it is common to expose the name or address of the | In both cases, it is common to expose the name or address of the | |||
| listening endpoint via an environment variable named "SSH_AUTH_SOCK". | listening endpoint via an environment variable named "SSH_AUTH_SOCK". | |||
| Clients of an agent will use this variable to locate and connect to | Clients of an agent will use this variable to locate and connect to | |||
| the listening agent. Alternatively, agents MAY use an implicit | the listening agent. Alternatively, agents MAY use an implicit | |||
| mechanism for clients to locate their endpoint, such as a default | mechanism for clients to locate their endpoint, such as a default | |||
| per-user location. | per-user location. | |||
| 7. Forwarding Access to an Agent | 7. Forwarding Access to an Agent | |||
| The agent protocol may be forwarded over an SSH connection, using the | Using the connection protocol described in [RFC4254], the agent | |||
| [RFC4254] connection protocol, allowing agent forwarding to be | protocol may be forwarded over an SSH connection. This allows agent | |||
| requested for any session channel, using a model that is similar to | forwarding to be requested for any session channel using a model that | |||
| the connection protocol's support for X11 Forwarding (Section 6.3 of | is similar to the connection protocol's support for X11 Forwarding | |||
| [RFC4254]). This feature is OPTIONAL for the SSH protocol and agent | (Section 6.3 of [RFC4254]). This feature is OPTIONAL for the SSH | |||
| implementations. | protocol and agent implementations. | |||
| 7.1. Advertising Agent Forwarding Support | 7.1. Advertising Agent Forwarding Support | |||
| Support for agent forwarding may be advertised by an SSH server using | Support for agent forwarding may be advertised by an SSH server using | |||
| the extension mechanism described in [RFC8308] using the name "agent- | the extension mechanism described in [RFC8308] using the name "agent- | |||
| forward" in the SSH_MSG_EXT_INFO message. | forward" in the SSH_MSG_EXT_INFO message. | |||
| string "agent-forward" | string "agent-forward" | |||
| string "0" (version) | string "0" (version) | |||
| skipping to change at line 734 ¶ | skipping to change at line 734 ¶ | |||
| As above, the "agent-connect" open type name SHOULD only be used if | As above, the "agent-connect" open type name SHOULD only be used if | |||
| support was explicitly advertised as per Section 7.1. | support was explicitly advertised as per Section 7.1. | |||
| An SSH client SHOULD be prepared to handle multiple concurrent | An SSH client SHOULD be prepared to handle multiple concurrent | |||
| forwarded connections to a client-side agent; otherwise, requests to | forwarded connections to a client-side agent; otherwise, requests to | |||
| access the agent from the remote side that happen to overlap prior | access the agent from the remote side that happen to overlap prior | |||
| requests may fail. Overlapping requests may occur because the SSH | requests may fail. Overlapping requests may occur because the SSH | |||
| connection protocol [RFC4254] allows multiple user sessions over a | connection protocol [RFC4254] allows multiple user sessions over a | |||
| single transport (see [RFC4253]), which may each request use of the | single transport (see [RFC4253]), which may each request use of the | |||
| agentcw independently and potentially concurrently. | agent independently and potentially concurrently. | |||
| An SSH client MAY accept agent connection requests (subject to | An SSH client MAY accept agent connection requests (subject to | |||
| authorisation) without a prior agent forwarding request having been | authorisation) without a prior agent forwarding request having been | |||
| made to support the situation where agent forwarding without opening | made to support the situation where agent forwarding without opening | |||
| a session is desired. Similarly, an SSH client MAY continue to | a session is desired. Similarly, an SSH client MAY continue to | |||
| accept agent connection requests after the session for which agent | accept agent connection requests after the session for which agent | |||
| forwarding was requested has closed. | forwarding was requested has closed. | |||
| An SSH client MUST refuse unauthorised agent connection requests, | An SSH client MUST refuse unauthorised agent connection requests, | |||
| when agent forwarding is neither requested nor desired by the SSH | when agent forwarding is neither requested nor desired by the SSH | |||
| skipping to change at line 1167 ¶ | skipping to change at line 1167 ¶ | |||
| Forwarding access to a local agent over an SSH connection (Section 7) | Forwarding access to a local agent over an SSH connection (Section 7) | |||
| inherently creates a transitive trust relationship. SSH | inherently creates a transitive trust relationship. SSH | |||
| implementations SHOULD NOT forward use of an agent by default, and | implementations SHOULD NOT forward use of an agent by default, and | |||
| users SHOULD NOT forward use of an agent to hosts that are not fully | users SHOULD NOT forward use of an agent to hosts that are not fully | |||
| trusted, as doing so could expose access to the user's keys to | trusted, as doing so could expose access to the user's keys to | |||
| attackers on remote hosts. Agents SHOULD implement additional | attackers on remote hosts. Agents SHOULD implement additional | |||
| controls over key visibility and use for forwarded agent connections; | controls over key visibility and use for forwarded agent connections; | |||
| otherwise, the user has only an all-or-nothing choice about whether | otherwise, the user has only an all-or-nothing choice about whether | |||
| to forward an agent. | to forward an agent. | |||
| Implementation of token/smartcard-hosted keys requires some care, | Implementation of keys hosted by a token or smartcard requires some | |||
| too. On some systems, tokens may be invoked by providing a path to a | care, too. On some systems, tokens may be invoked by providing a | |||
| shared library that must be loaded to make use of keys hosted on the | path to a shared library that must be loaded to make use of keys | |||
| device (a path to a library for a particular PKCS#11 module, for | hosted on the device (a path to a library for a particular PKCS#11 | |||
| example). Loading a shared library on most platforms implies | module, for example). Loading a shared library on most platforms | |||
| automatic execution of code in that library in the address space of | implies automatic execution of code in that library in the address | |||
| the process that loads it. To avoid the loading of potentially | space of the process that loads it. To avoid the loading of | |||
| hostile code, agents that support loading token-hosted keys via a | potentially hostile code, agents that support loading token-hosted | |||
| library path SHOULD ensure that only trusted token provider libraries | keys via a library path SHOULD ensure that only trusted token | |||
| are loadable. Additionally, agents SHOULD ensure that loaded token | provider libraries are loadable. Additionally, agents SHOULD ensure | |||
| library code cannot gain access to other keys loaded in the agent and | that loaded token library code cannot gain access to other keys | |||
| MAY disallow remote clients from loading token keys entirely. | loaded in the agent and MAY disallow remote clients from loading | |||
| Protection for existing keys from a token library code may be | token keys entirely. Protection for existing keys from a token | |||
| achieved by loading the token library into a separate process to the | library code may be achieved by loading the token library into a | |||
| agent and arranging for the agent to invoke token operations to this | separate process to the agent and arranging for the agent to invoke | |||
| process via IPC. | token operations to this process via IPC. | |||
| Finally, with respect to the agent locking functionality in | Finally, with respect to the agent locking functionality in | |||
| Section 5.7, an agent SHOULD take countermeasures against brute-force | Section 5.7, an agent SHOULD take countermeasures against brute-force | |||
| guessing attacks on the passphrase. This may take the form of | guessing attacks on the passphrase. This may take the form of | |||
| enforced delays when an unlock attempt is made with an incorrect | enforced delays when an unlock attempt is made with an incorrect | |||
| password (potentially increasing for subsequent failures), a lockout | password (potentially increasing for subsequent failures), a lockout | |||
| period where the agent refuses to accept further requests after some | period where the agent refuses to accept further requests after some | |||
| threshold of failed unlock attempts has been made, and/or deletion of | threshold of failed unlock attempts has been made, and/or deletion of | |||
| all keys held by the agent after a threshold of failed unlock | all keys held by the agent after a threshold of failed unlock | |||
| attempts. | attempts. | |||
| 11. References | 11. References | |||
| 11.1. Normative References | 11.1. Normative References | |||
| [FIPS.186-4] | ||||
| NIST, "Digital Signature Standard (DSS)", NIST FIPS 186-4, | ||||
| DOI 10.6028/NIST.FIPS.186-4, June 2013, | ||||
| <https://doi.org/10.6028/NIST.FIPS.186-4>. | ||||
| [FIPS.186-5] | ||||
| NIST, "Digital Signature Standard (DSS)", NIST FIPS 186-5, | ||||
| DOI 10.6028/NIST.FIPS.186-5, February 2023, | ||||
| <https://doi.org/10.6028/NIST.FIPS.186-5>. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC4251] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | [RFC4251] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | |||
| Protocol Architecture", RFC 4251, DOI 10.17487/RFC4251, | Protocol Architecture", RFC 4251, DOI 10.17487/RFC4251, | |||
| January 2006, <https://www.rfc-editor.org/info/rfc4251>. | January 2006, <https://www.rfc-editor.org/info/rfc4251>. | |||
| [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | [RFC4253] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | |||
| skipping to change at line 1243 ¶ | skipping to change at line 1253 ¶ | |||
| [RFC8332] Bider, D., "Use of RSA Keys with SHA-256 and SHA-512 in | [RFC8332] Bider, D., "Use of RSA Keys with SHA-256 and SHA-512 in | |||
| the Secure Shell (SSH) Protocol", RFC 8332, | the Secure Shell (SSH) Protocol", RFC 8332, | |||
| DOI 10.17487/RFC8332, March 2018, | DOI 10.17487/RFC8332, March 2018, | |||
| <https://www.rfc-editor.org/info/rfc8332>. | <https://www.rfc-editor.org/info/rfc8332>. | |||
| [RFC8709] Harris, B. and L. Velvindron, "Ed25519 and Ed448 Public | [RFC8709] Harris, B. and L. Velvindron, "Ed25519 and Ed448 Public | |||
| Key Algorithms for the Secure Shell (SSH) Protocol", | Key Algorithms for the Secure Shell (SSH) Protocol", | |||
| RFC 8709, DOI 10.17487/RFC8709, February 2020, | RFC 8709, DOI 10.17487/RFC8709, February 2020, | |||
| <https://www.rfc-editor.org/info/rfc8709>. | <https://www.rfc-editor.org/info/rfc8709>. | |||
| [FIPS.186-4] | ||||
| NIST, "Digital Signature Standard (DSS)", NIST FIPS 186-4, | ||||
| DOI 10.6028/NIST.FIPS.186-4, June 2013, | ||||
| <https://doi.org/10.6028/NIST.FIPS.186-4>. | ||||
| [FIPS.186-5] | ||||
| NIST, "Digital Signature Standard (DSS)", NIST FIPS 186-5, | ||||
| DOI 10.6028/NIST.FIPS.186-5, February 2023, | ||||
| <https://doi.org/10.6028/NIST.FIPS.186-5>. | ||||
| 11.2. Informative References | 11.2. Informative References | |||
| [RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | [IANA-PUBKEYS] | |||
| Authentication Protocol", RFC 4252, DOI 10.17487/RFC4252, | IANA, "Public Key Algorithm Names", | |||
| January 2006, <https://www.rfc-editor.org/info/rfc4252>. | <https://www.iana.org/assignments/ssh-parameters/>. | |||
| [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | [IANA-SSH] IANA, "Secure Shell (SSH) Protocol Parameters", | |||
| Writing an IANA Considerations Section in RFCs", BCP 26, | <https://www.iana.org/assignments/ssh-parameters/>. | |||
| RFC 8126, DOI 10.17487/RFC8126, June 2017, | ||||
| <https://www.rfc-editor.org/info/rfc8126>. | ||||
| [IANA-SSH-CHANREQ] | [IANA-SSH-CHANREQ] | |||
| IANA, "Connection Protocol Channel Types", | IANA, "Connection Protocol Channel Types", | |||
| <https://www.iana.org/assignments/ssh-parameters/>. | <https://www.iana.org/assignments/ssh-parameters/>. | |||
| [IANA-SSH] IANA, "Secure Shell (SSH) Protocol Parameters", | ||||
| <https://www.iana.org/assignments/ssh-parameters/>. | ||||
| [IANA-SSH-CHANTYPE] | [IANA-SSH-CHANTYPE] | |||
| IANA, "Extension Names", | IANA, "Extension Names", | |||
| <https://www.iana.org/assignments/ssh-parameters/>. | <https://www.iana.org/assignments/ssh-parameters/>. | |||
| [IANA-SSH-EXT] | [IANA-SSH-EXT] | |||
| IANA, "Connection Protocol Channel Request Names", | IANA, "Connection Protocol Channel Request Names", | |||
| <https://www.iana.org/assignments/ssh-parameters/>. | <https://www.iana.org/assignments/ssh-parameters/>. | |||
| [IANA-PUBKEYS] | [RFC4252] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) | |||
| IANA, "Public Key Algorithm Names", | Authentication Protocol", RFC 4252, DOI 10.17487/RFC4252, | |||
| <https://www.iana.org/assignments/ssh-parameters/>. | January 2006, <https://www.rfc-editor.org/info/rfc4252>. | |||
| [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for | ||||
| Writing an IANA Considerations Section in RFCs", BCP 26, | ||||
| RFC 8126, DOI 10.17487/RFC8126, June 2017, | ||||
| <https://www.rfc-editor.org/info/rfc8126>. | ||||
| Acknowledgments | Acknowledgments | |||
| This protocol was designed and first implemented by Markus Friedl, | This protocol was designed and first implemented by Markus Friedl, | |||
| based on a similar protocol for an agent to support the legacy SSH | based on a similar protocol for an agent to support the legacy SSH | |||
| version 1 by Tatu Ylonen. | version 1 by Tatu Ylonen. | |||
| Thanks to Simon Tatham, Niels Möller, James Spencer, Simon Josefsson, | Thanks to Simon Tatham, Niels Möller, James Spencer, Simon Josefsson, | |||
| Matt Johnston, Jakub Jelen, Rich Salz, Caspar Schutijser, Florian | Matt Johnston, Jakub Jelen, Rich Salz, Caspar Schutijser, Florian | |||
| Obser, Martin Thomson, Deb Cooley, and Tero Kivinen who reviewed and | Obser, Martin Thomson, Deb Cooley, and Tero Kivinen who reviewed and | |||
| End of changes. 13 change blocks. | ||||
| 58 lines changed or deleted | 58 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||