The Secure Shell (SSH) Authentication Protocol
E42557
The Secure Shell (SSH) Authentication Protocol is a standardized network protocol that defines methods for securely authenticating users and hosts in SSH connections using mechanisms such as passwords, public keys, and keyboard-interactive methods.
Aliases (3)
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
authentication protocol
→
network protocol → |
| allows |
client to attempt multiple authentication methods
→
server to advertise supported authentication methods → |
| defines |
methods for authenticating SSH clients to SSH servers
→
methods for authenticating SSH servers to SSH clients → |
| designedFor |
protection against eavesdropping
→
protection against man-in-the-middle attacks → protection against replay attacks → |
| follows |
SSH transport layer protocol
→
|
| goal |
securely authenticate users and hosts over untrusted networks
→
|
| layerInSSH |
authentication layer
→
|
| messageType |
SSH_MSG_USERAUTH_BANNER
→
SSH_MSG_USERAUTH_FAILURE → SSH_MSG_USERAUTH_INFO_REQUEST → SSH_MSG_USERAUTH_INFO_RESPONSE → SSH_MSG_USERAUTH_PK_OK → SSH_MSG_USERAUTH_REQUEST → SSH_MSG_USERAUTH_SUCCESS → |
| operatesOver |
encrypted SSH transport connection
→
|
| partOf |
Secure Shell (SSH) protocol suite
→
|
| precedes |
SSH connection protocol
→
|
| provides |
host authentication
→
server authentication → user authentication → |
| replaces |
SSH-1 authentication mechanisms
→
|
| requires |
established SSH transport session
→
|
| securityProperty |
binds authentication to the encrypted transport session
→
prevents password disclosure in clear text on the network → |
| standardizedBy |
IETF
→
|
| standardizedIn |
RFC 4252
→
|
| supportsAuthenticationMethod |
GSSAPI-based authentication
→
host-based authentication → keyboard-interactive authentication → password authentication → public key authentication → |
| supportsFeature |
method negotiation between client and server
→
multiple authentication methods per session → partial success and multi-step authentication → per-service authentication policies → per-user authentication policies → |
| usedIn |
remote login over SSH
→
secure file transfer over SSH → tunneling and port forwarding over SSH → |
| uses |
SSH transport layer protocol
→
challenge-response mechanisms → digital signatures → public key cryptography → |
| versionOf |
SSH-2 protocol
→
|