Generic Security Service Application Program Interface Authentication and Key Exchange for the Secure Shell Protocol
RFC 4462, “Generic Security Service Application Program Interface Authentication and Key Exchange for the Secure Shell Protocol”, is a Proposed Standard document published in May 2006 by J. Hutzelman, J. Salowey, J. Galbraith, V. Welch. It has since been updated by RFC 8732, RFC 9142. The canonical text is published by the RFC Editor.
Abstract
The Secure Shell protocol (SSH) is a protocol for secure remote login and other secure network services over an insecure network.
The Generic Security Service Application Program Interface (GSS-API) provides security services to callers in a mechanism-independent fashion.
This memo describes methods for using the GSS-API for authentication and key exchange in SSH. It defines an SSH user authentication method that uses a specified GSS-API mechanism to authenticate a user, and a family of SSH key exchange methods that use GSS-API to authenticate a Diffie-Hellman key exchange.
This memo also defines a new host public key algorithm that can be used when no operations are needed using a host's public key, and a new user authentication method that allows an authorization name to be used in conjunction with any authentication that has already occurred as a side-effect of GSS-API-based key exchange. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 4462 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4461 Signaling Requirements for Point-to-Multipoint Traffic-Engineered MPLS Label Switched Paths
- RFC 4463 A Media Resource Control Protocol Developed by Cisco, Nuance, and Speechworks
- RFC 4460 Stream Control Transmission Protocol Specification Errata and Issues
- RFC 4464 Signaling Compression Users' Guide
- RFC 4459 MTU and Fragmentation Issues with In-the-Network Tunneling
- RFC 4465 Signaling Compression Torture Tests
- RFC 4458 Session Initiation Protocol URIs for Applications such as Voicemail and Interactive Voice Response
- RFC 4466 Collected Extensions to IMAP4 ABNF