draft-ietf-secsh-transport-17.2.ps

来自「OTP是开放电信平台的简称」· PS 代码 · 共 2,068 行 · 第 1/5 页

 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 1 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 701 M
(Network Working Group                                          T. Ylonen) s
5 690 M
(Internet-Draft                          SSH Communications Security Corp) s
5 679 M
(Expires: March 31, 2004                           D. Moffat, Editor, Ed.) s
5 668 M
(                                                   Sun Microsystems, Inc) s
5 657 M
(                                                                Oct 2003) s
5 624 M
(                      SSH Transport Layer Protocol) s
5 613 M
(                   draft-ietf-secsh-transport-17.txt) s
5 591 M
(Status of this Memo) s
5 569 M
(   This document is an Internet-Draft and is in full conformance with) s
5 558 M
(   all provisions of Section 10 of RFC2026.) s
5 536 M
(   Internet-Drafts are working documents of the Internet Engineering) s
5 525 M
(   Task Force \(IETF\), its areas, and its working groups. Note that other) s
5 514 M
(   groups may also distribute working documents as Internet-Drafts.) s
5 492 M
(   Internet-Drafts are draft documents valid for a maximum of six months) s
5 481 M
(   and may be updated, replaced, or obsoleted by other documents at any) s
5 470 M
(   time. It is inappropriate to use Internet-Drafts as reference) s
5 459 M
(   material or to cite them other than as "work in progress.") s
5 437 M
(   The list of current Internet-Drafts can be accessed at http://) s
5 426 M
(   www.ietf.org/ietf/1id-abstracts.txt.) s
5 404 M
(   The list of Internet-Draft Shadow Directories can be accessed at) s
5 393 M
(   http://www.ietf.org/shadow.html.) s
5 371 M
(   This Internet-Draft will expire on March 31, 2004.) s
5 349 M
(Copyright Notice) s
5 327 M
(   Copyright \(C\) The Internet Society \(2003\). All Rights Reserved.) s
5 305 M
(Abstract) s
5 283 M
(   SSH is a protocol for secure remote login and other secure network) s
5 272 M
(   services over an insecure network.) s
5 250 M
(   This document describes the SSH transport layer protocol which) s
5 239 M
(   typically runs on top of TCP/IP. The protocol can be used as a basis) s
5 228 M
(   for a number of secure network services. It provides strong) s
5 217 M
(   encryption, server authentication, and integrity protection. It may) s
5 206 M
(   also provide compression.) s
5 184 M
(   Key exchange method, public key algorithm, symmetric encryption) s
5 173 M
(   algorithm, message authentication algorithm, and hash algorithm are) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004               [Page 1]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 2 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(   all negotiated.) s
5 668 M
(   This document also describes the Diffie-Hellman key exchange method) s
5 657 M
(   and the minimal set of algorithms that are needed to implement the) s
5 646 M
(   SSH transport layer protocol.) s
5 624 M
(Table of Contents) s
5 602 M
(   1.    Contributors . . . . . . . . . . . . . . . . . . . . . . . .  3) s
5 591 M
(   2.    Introduction . . . . . . . . . . . . . . . . . . . . . . . .  3) s
5 580 M
(   3.    Conventions Used in This Document  . . . . . . . . . . . . .  3) s
5 569 M
(   4.    Connection Setup . . . . . . . . . . . . . . . . . . . . . .  3) s
5 558 M
(   4.1   Use over TCP/IP  . . . . . . . . . . . . . . . . . . . . . .  4) s
5 547 M
(   4.2   Protocol Version Exchange  . . . . . . . . . . . . . . . . .  4) s
5 536 M
(   4.3   Compatibility With Old SSH Versions  . . . . . . . . . . . .  4) s
5 525 M
(   4.3.1 Old Client, New Server . . . . . . . . . . . . . . . . . . .  5) s
5 514 M
(   4.3.2 New Client, Old Server . . . . . . . . . . . . . . . . . . .  5) s
5 503 M
(   5.    Binary Packet Protocol . . . . . . . . . . . . . . . . . . .  5) s
5 492 M
(   5.1   Maximum Packet Length  . . . . . . . . . . . . . . . . . . .  6) s
5 481 M
(   5.2   Compression  . . . . . . . . . . . . . . . . . . . . . . . .  7) s
5 470 M
(   5.3   Encryption . . . . . . . . . . . . . . . . . . . . . . . . .  7) s
5 459 M
(   5.4   Data Integrity . . . . . . . . . . . . . . . . . . . . . . .  9) s
5 448 M
(   5.5   Key Exchange Methods . . . . . . . . . . . . . . . . . . . . 10) s
5 437 M
(   5.6   Public Key Algorithms  . . . . . . . . . . . . . . . . . . . 11) s
5 426 M
(   6.    Key Exchange . . . . . . . . . . . . . . . . . . . . . . . . 13) s
5 415 M
(   6.1   Algorithm Negotiation  . . . . . . . . . . . . . . . . . . . 13) s
5 404 M
(   6.2   Output from Key Exchange . . . . . . . . . . . . . . . . . . 16) s
5 393 M
(   6.3   Taking Keys Into Use . . . . . . . . . . . . . . . . . . . . 17) s
5 382 M
(   7.    Diffie-Hellman Key Exchange  . . . . . . . . . . . . . . . . 18) s
5 371 M
(   7.1   diffie-hellman-group1-sha1 . . . . . . . . . . . . . . . . . 19) s
5 360 M
(   8.    Key Re-Exchange  . . . . . . . . . . . . . . . . . . . . . . 20) s
5 349 M
(   9.    Service Request  . . . . . . . . . . . . . . . . . . . . . . 21) s
5 338 M
(   10.   Additional Messages  . . . . . . . . . . . . . . . . . . . . 21) s
5 327 M
(   10.1  Disconnection Message  . . . . . . . . . . . . . . . . . . . 22) s
5 316 M
(   10.2  Ignored Data Message . . . . . . . . . . . . . . . . . . . . 22) s
5 305 M
(   10.3  Debug Message  . . . . . . . . . . . . . . . . . . . . . . . 23) s
5 294 M
(   10.4  Reserved Messages  . . . . . . . . . . . . . . . . . . . . . 23) s
5 283 M
(   11.   Summary of Message Numbers . . . . . . . . . . . . . . . . . 23) s
5 272 M
(   12.   IANA Considerations  . . . . . . . . . . . . . . . . . . . . 24) s
5 261 M
(   13.   Security Considerations  . . . . . . . . . . . . . . . . . . 24) s
5 250 M
(   14.   Intellectual Property  . . . . . . . . . . . . . . . . . . . 24) s
5 239 M
(   15.   Additional Information . . . . . . . . . . . . . . . . . . . 24) s
5 228 M
(         Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 26) s
5 217 M
(         Normative  . . . . . . . . . . . . . . . . . . . . . . . . . 25) s
5 206 M
(         Informative  . . . . . . . . . . . . . . . . . . . . . . . . 25) s
5 195 M
(   A.    Contibutors  . . . . . . . . . . . . . . . . . . . . . . . . 27) s
5 184 M
(         Intellectual Property and Copyright Statements . . . . . . . 28) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004               [Page 2]) s
_R
S
PStoPSsaved restore
%%Page: (2,3) 2
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 3 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(1. Contributors) s
5 668 M
(   The major original contributors of this document were: Tatu Ylonen,) s
5 657 M
(   Tero Kivinen, Timo J. Rinne, Sami Lehtinen \(all of SSH Communications) s
5 646 M
(   Security Corp\), and Markku-Juhani O. Saarinen \(University of) s
5 635 M
(   Jyvaskyla\)) s
5 613 M
(   The document editor is: Darren.Moffat@Sun.COM.  Comments on this) s
5 602 M
(   internet draft should be sent to the IETF SECSH working group,) s
5 591 M
(   details at: http://ietf.org/html.charters/secsh-charter.html) s
5 569 M
(2. Introduction) s
5 547 M
(   The SSH transport layer is a secure low level transport protocol. It) s
5 536 M
(   provides strong encryption, cryptographic host authentication, and) s
5 525 M
(   integrity protection.) s
5 503 M
(   Authentication in this protocol level is host-based; this protocol) s
5 492 M
(   does not perform user authentication. A higher level protocol for) s
5 481 M
(   user authentication can be designed on top of this protocol.) s
5 459 M
(   The protocol has been designed to be simple, flexible, to allow) s
5 448 M
(   parameter negotiation, and to minimize the number of round-trips.) s
5 437 M
(   Key exchange method, public key algorithm, symmetric encryption) s
5 426 M
(   algorithm, message authentication algorithm, and hash algorithm are) s
5 415 M
(   all negotiated.  It is expected that in most environments, only 2) s
5 404 M
(   round-trips will be needed for full key exchange, server) s
5 393 M
(   authentication, service request, and acceptance notification of) s
5 382 M
(   service request.  The worst case is 3 round-trips.) s
5 360 M
(3. Conventions Used in This Document) s
5 338 M
(   The keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",) s
5 327 M
(   and "MAY" that appear in this document are to be interpreted as) s
5 316 M
(   described in [RFC2119].) s
5 294 M
(   The used data types and terminology are specified in the architecture) s
5 283 M
(   document [SSH-ARCH].) s
5 261 M
(   The architecture document also discusses the algorithm naming) s
5 250 M
(   conventions that MUST be used with the SSH protocols.) s
5 228 M
(4. Connection Setup) s
5 206 M
(   SSH works over any 8-bit clean, binary-transparent transport.  The) s
5 195 M
(   underlying transport SHOULD protect against transmission errors as) s
5 184 M
(   such errors cause the SSH connection to terminate.) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004               [Page 3]) s
_R
S
PStoPSsaved restore
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 421.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 4 def
/fname () def
/fdir () def
/ftail () def
/user_header_p false def
%%EndPageSetup
5 723 M
(Internet-Draft        SSH Transport Layer Protocol              Oct 2003) s
5 690 M
(   The client initiates the connection.) s
5 668 M
(4.1 Use over TCP/IP) s
5 646 M
(   When used over TCP/IP, the server normally listens for connections on) s
5 635 M
(   port 22.  This port number has been registered with the IANA, and has) s
5 624 M
(   been officially assigned for SSH.) s
5 602 M
(4.2 Protocol Version Exchange) s
5 580 M
(   When the connection has been established, both sides MUST send an) s
5 569 M
(   identification string of the form "SSH-protoversion-softwareversion) s
5 558 M
(   comments", followed by carriage return and newline characters \(ASCII) s
5 547 M
(   13 and 10, respectively\).  Both sides MUST be able to process) s
5 536 M
(   identification strings without carriage return character.  No null) s
5 525 M
(   character is sent.  The maximum length of the string is 255) s
5 514 M
(   characters, including the carriage return and newline.) s
5 492 M
(   The part of the identification string preceding carriage return and) s
5 481 M
(   newline is used in the Diffie-Hellman key exchange \(see Section) s
5 470 M
(   Section 7\).) s
5 448 M
(   The server MAY send other lines of data before sending the version) s
5 437 M
(   string.  Each line SHOULD be terminated by a carriage return and) s
5 426 M
(   newline.  Such lines MUST NOT begin with "SSH-", and SHOULD be) s
5 415 M
(   encoded in ISO-10646 UTF-8 [RFC2279] \(language is not specified\).) s
5 404 M
(   Clients MUST be able to process such lines; they MAY be silently) s
5 393 M
(   ignored, or MAY be displayed to the client user; if they are) s
5 382 M
(   displayed, control character filtering discussed in [SSH-ARCH] SHOULD) s
5 371 M
(   be used.  The primary use of this feature is to allow TCP-wrappers to) s
5 360 M
(   display an error message before disconnecting.) s
5 338 M
(   Version strings MUST consist of printable US-ASCII characters, not) s
5 327 M
(   including whitespaces or a minus sign \(-\).  The version string is) s
5 316 M
(   primarily used to trigger compatibility extensions and to indicate) s
5 305 M
(   the capabilities of an implementation. The comment string should) s
5 294 M
(   contain additional information that might be useful in solving user) s
5 283 M
(   problems.) s
5 261 M
(   The protocol version described in this document is 2.0.) s
5 239 M
(   Key exchange will begin immediately after sending this identifier.) s
5 228 M
(   All packets following the identification string SHALL use the binary) s
5 217 M
(   packet protocol, to be described below.) s
5 195 M
(4.3 Compatibility With Old SSH Versions) s
5 173 M
(   During the transition period, it is important to be able to work in a) s
5 129 M
(Ylonen & Moffat, Editor    Expires March 31, 2004               [Page 4]) s
_R
S
PStoPSsaved restore
%%Page: (4,5) 3
userdict/PStoPSsaved save put
PStoPSmatrix setmatrix
595.000000 0.271378 translate
90 rotate
0.706651 dup scale
userdict/PStoPSmatrix matrix currentmatrix put
userdict/PStoPSclip{0 0 moveto
 595.000000 0 rlineto 0 842.000000 rlineto -595.000000 0 rlineto
 closepath}put initclip
/showpage{}def/copypage{}def/erasepage{}def
PStoPSxform concat
%%BeginPageSetup
_S
75 0 translate
/pagenum 5 def
/fname () def