Secure Shell Public Key Subsystem
RFC 4819, “Secure Shell Public Key Subsystem”, is a Proposed Standard document published in March 2007 by J. Galbraith, J. Van Dyke, J. Bright. It has since been updated by RFC 9519. The canonical text is published by the RFC Editor.
Abstract
Secure Shell defines a user authentication mechanism that is based on public keys, but does not define any mechanism for key distribution. No common key management solution exists in current implementations. This document describes a protocol that can be used to configure public keys in an implementation-independent fashion, allowing client software to take on the burden of this configuration.
The Public Key Subsystem provides a server-independent mechanism for clients to add public keys, remove public keys, and list the current public keys known by the server. Rights to manage public keys are specific and limited to the authenticated user.
A public key may also be associated with various restrictions, including a mandatory command or subsystem. [STANDARDS-TRACK]
What “Proposed Standard” means
An entry-level standards-track specification: stable, peer-reviewed and a solid basis for implementation, though it may still evolve before becoming an Internet Standard.
The canonical text of RFC 4819 is hosted at rfc-editor.org. Available in TXT,HTML.
- RFC 4818 RADIUS Delegated-IPv6-Prefix Attribute
- RFC 4820 Padding Chunk and Parameter for the Stream Control Transmission Protocol
- RFC 4817 Encapsulation of MPLS over Layer 2 Tunneling Protocol Version 3
- RFC 4821 Packetization Layer Path MTU Discovery
- RFC 4816 Pseudowire Emulation Edge-to-Edge Asynchronous Transfer Mode Transparent Cell Transport Service
- RFC 4822 RIPv2 Cryptographic Authentication
- RFC 4815 RObust Header Compression : Corrections and Clarifications to RFC 3095
- RFC 4823 FTP Transport for Secure Peer-to-Peer Business Data Interchange over the Internet