Search RFCs
RFC 7076
P6R's Secure Shell Public Key Subsystem,November 2013
- File formats:
- Status:
- INFORMATIONAL
- Authors:
- M. Joseph
J. Susoy - Stream:
- INDEPENDENT
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC7076
Discuss this RFC: Send questions or comments to the mailing listrfc-ise@rfc-editor.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 7076
Abstract
The Secure Shell (SSH) Public Key Subsystem protocol defines a keydistribution protocol that is limited to provisioning an SSH server with auser's public keys. This document describes a new protocol that builds on theprotocol defined in RFC 4819 to allow the provisioning of keys andcertificates to a server using the SSH transport.
The new protocol allows the calling client to organizekeys and certificates in different namespaces on a server. Thesenamespaces can be used by the server to allow a client to configureany application running on the server (e.g., SSH, Key ManagementInteroperability Protocol (KMIP), Simple Network Management Protocol (SNMP)).
The new protocol provides a server-independent mechanism for clientsto add public keys, remove public keys, add certificates, removecertificates, and list the current set of keys and certificates known bythe server by namespace (e.g., list all public keys in the SSHnamespace).
Rights to manage keys and certificates in a particular namespace arespecific and limited to the authorized user and are defined as part ofthe server's implementation. The described protocol is backwardcompatible to version 2 defined by RFC 4819.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.