version 1.26, 2015/02/16 22:13:32 |
version 1.27, 2015/02/20 22:17:21 |
|
|
boolean FALSE |
boolean FALSE |
string socket path |
string socket path |
|
|
2.5. connection: hostkey update and rotation "hostkeys@openssh.com" |
2.5. connection: hostkey update and rotation "hostkeys-00@openssh.com" |
and "hostkeys-prove@openssh.com" |
and "hostkeys-prove-00@openssh.com" |
|
|
OpenSSH supports a protocol extension allowing a server to inform |
OpenSSH supports a protocol extension allowing a server to inform |
a client of all its protocol v.2 host keys after user-authentication |
a client of all its protocol v.2 host keys after user-authentication |
has completed. |
has completed. |
|
|
byte SSH_MSG_GLOBAL_REQUEST |
byte SSH_MSG_GLOBAL_REQUEST |
string "hostkeys@openssh.com" |
string "hostkeys-00@openssh.com" |
string[] hostkeys |
string[] hostkeys |
|
|
Upon receiving this message, a client should check which of the |
Upon receiving this message, a client should check which of the |
|
|
key. |
key. |
|
|
byte SSH_MSG_GLOBAL_REQUEST |
byte SSH_MSG_GLOBAL_REQUEST |
string "hostkeys-prove@openssh.com" |
string "hostkeys-prove-00@openssh.com" |
char 1 /* want-reply */ |
char 1 /* want-reply */ |
string[] hostkeys |
string[] hostkeys |
|
|
When a server receives this message, it should generate a signature |
When a server receives this message, it should generate a signature |
using each requested key over the following: |
using each requested key over the following: |
|
|
|
string "hostkeys-prove-00@openssh.com" |
string session identifier |
string session identifier |
string "hostkeys-prove@openssh.com" |
|
string hostkey |
string hostkey |
|
|
These signatures should be included in the reply, in the order matching |
These signatures should be included in the reply, in the order matching |