2021-12-19 22:15:21 +00:00
|
|
|
The SSH agent protocol is described in
|
2020-10-06 07:12:04 +00:00
|
|
|
https://tools.ietf.org/html/draft-miller-ssh-agent-04
|
2017-09-30 22:58:24 +00:00
|
|
|
|
2022-05-09 08:25:27 +00:00
|
|
|
This file documents OpenSSH's extensions to the agent protocol.
|
2021-12-19 22:15:21 +00:00
|
|
|
|
|
|
|
1. session-bind@openssh.com extension
|
|
|
|
|
|
|
|
This extension allows a ssh client to bind an agent connection to a
|
|
|
|
particular SSH session identifier as derived from the initial key
|
|
|
|
exchange (as per RFC4253 section 7.2) and the host key used for that
|
|
|
|
exchange. This binding is verifiable at the agent by including the
|
|
|
|
initial KEX signature made by the host key.
|
|
|
|
|
|
|
|
The message format is:
|
|
|
|
|
|
|
|
byte SSH_AGENTC_EXTENSION (0x1b)
|
|
|
|
string session-bind@openssh.com
|
|
|
|
string hostkey
|
|
|
|
string session identifier
|
|
|
|
string signature
|
|
|
|
bool is_forwarding
|
|
|
|
|
|
|
|
Where 'hostkey' is the encoded server host public key, 'session
|
2022-01-01 01:55:30 +00:00
|
|
|
identifier' is the exchange hash derived from the initial key
|
2021-12-19 22:15:21 +00:00
|
|
|
exchange, 'signature' is the server's signature of the session
|
|
|
|
identifier using the private hostkey, as sent in the final
|
|
|
|
SSH2_MSG_KEXDH_REPLY/SSH2_MSG_KEXECDH_REPLY message of the initial key
|
|
|
|
exchange. 'is_forwarding' is a flag indicating whether this connection
|
|
|
|
should be bound for user authentication or forwarding.
|
|
|
|
|
|
|
|
When an agent received this message, it will verify the signature and
|
|
|
|
check the consistency of its contents, including refusing to accept
|
|
|
|
a duplicate session identifier, or any attempt to bind a connection
|
|
|
|
previously bound for authentication. It will then then record the
|
|
|
|
binding for the life of the connection for use later in testing per-key
|
|
|
|
destination constraints.
|
|
|
|
|
|
|
|
2. restrict-destination-v00@openssh.com key constraint extension
|
|
|
|
|
|
|
|
The key constraint extension supports destination- and forwarding path-
|
|
|
|
restricted keys. It may be attached as a constraint when keys or
|
|
|
|
smartcard keys are added to an agent.
|
|
|
|
|
|
|
|
byte SSH_AGENT_CONSTRAIN_EXTENSION (0xff)
|
|
|
|
string restrict-destination-v00@openssh.com
|
|
|
|
constraint[] constraints
|
|
|
|
|
|
|
|
Where a constraint consists of:
|
|
|
|
|
|
|
|
string from_username (must be empty)
|
|
|
|
string from_hostname
|
|
|
|
keyspec[] from_hostkeys
|
|
|
|
string to_username
|
|
|
|
string to_hostname
|
|
|
|
keyspec[] to_hostkeys
|
|
|
|
|
2022-09-21 22:26:50 +00:00
|
|
|
And a keyspec consists of:
|
2021-12-19 22:15:21 +00:00
|
|
|
|
|
|
|
string keyblob
|
|
|
|
bool is_ca
|
|
|
|
|
|
|
|
When receiving this message, the agent will ensure that the
|
|
|
|
'from_username' field is empty, and that 'to_hostname' and 'to_hostkeys'
|
|
|
|
have been supplied (empty 'from_hostname' and 'from_hostkeys' are valid
|
2022-01-01 01:55:30 +00:00
|
|
|
and signify the initial hop from the host running ssh-agent). The agent
|
2021-12-19 22:15:21 +00:00
|
|
|
will then record the constraint against the key.
|
|
|
|
|
|
|
|
Subsequent operations on this key including add/remove/request
|
|
|
|
identities and, in particular, signature requests will check the key
|
2022-01-01 01:55:30 +00:00
|
|
|
constraints against the session-bind@openssh.com bindings recorded for
|
2021-12-19 22:15:21 +00:00
|
|
|
the agent connection over which they were received.
|
|
|
|
|
|
|
|
3. SSH_AGENT_CONSTRAIN_MAXSIGN key constraint
|
|
|
|
|
|
|
|
This key constraint allows communication to an agent of the maximum
|
|
|
|
number of signatures that may be made with an XMSS key. The format of
|
|
|
|
the constraint is:
|
|
|
|
|
|
|
|
byte SSH_AGENT_CONSTRAIN_MAXSIGN (0x03)
|
|
|
|
uint32 max_signatures
|
|
|
|
|
|
|
|
This option is only valid for XMSS keys.
|
|
|
|
|
2022-09-21 22:26:50 +00:00
|
|
|
$OpenBSD: PROTOCOL.agent,v 1.18 2022/09/21 22:26:50 dtucker Exp $
|