Network Working Group                                      M. Stapelberg
Internet-Draft
Intended status: Standards Track                            S. Josefsson
Expires: August 21, 2015                                          Yubico
                                                       February 17, 2015


    Universal 2nd Factor (U2F) Authentication for Secure Shell (SSH)
                      draft-josefsson-secsh-u2f-00

Abstract

   Universal 2nd Factor (U2F) is an authentication factor intended to
   strengthen other authentication mechanisms.  This document describe
   how U2F can be used to strengthen Secure Shell authentication
   mechanisms.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 21, 2015.

Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.



Stapelberg & Josefsson   Expires August 21, 2015                [Page 1]

Internet-Draft         U2F Authentication for SSH          February 2015


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Terminology . . . . . . . . . . . . . . . . . . . . . . . . .   2
   3.  U2F Authentication Method: "u2f"  . . . . . . . . . . . . . .   2
     3.1.  Registration  . . . . . . . . . . . . . . . . . . . . . .   3
     3.2.  Authentication  . . . . . . . . . . . . . . . . . . . . .   3
   4.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .   4
   5.  Security Considerations . . . . . . . . . . . . . . . . . . .   4
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   4
   7.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   4
     7.1.  Normative References  . . . . . . . . . . . . . . . . . .   4
     7.2.  Informative References  . . . . . . . . . . . . . . . . .   4
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . .   5

1.  Introduction

   Universal 2nd Factor (U2F) [U2F-Overview] is an authentication factor
   intended to strengthen other authentication mechanisms.  This
   document describe how U2F can be used to strengthen Secure Shell
   [RFC4251] (SSH) authentication mechanisms.

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

   The reader is assumed to be familiar with the U2F and SSH
   terminology.

3.  U2F Authentication Method: "u2f"

   This section is modeled after the authentication methods described in
   [RFC4252].

   When the client starts the U2F authentication, it sends:


      byte      SSH_MSG_USERAUTH_REQUEST
      string    user name in ISO-10646 UTF-8 encoding [RFC3629]
      string    service name in US-ASCII
      string    method name in US-ASCII
      uint32    U2F mode (authentication or registration)


   The U2F mode integer value dictate how the protocol proceeds.  Value
   0 mean U2F registration and 1 means authentication.



Stapelberg & Josefsson   Expires August 21, 2015                [Page 2]

Internet-Draft         U2F Authentication for SSH          February 2015


3.1.  Registration

   In case the client requests registration (U2F mode 0), the server
   replies with:


      byte      SSH2_MSG_USERAUTH_INFO_REQUEST
      string    RegisterRequest


   Where "RegisterRequest" is specified in section 4.1.1 of
   [U2F-JavaScript].  The values for the "origin" (facet id) and "appId"
   (application id) fields MUST both be "ssh://localhost" (XXX).

   After sending "RegisterRequest" to the U2F Security Key and receiving
   a response, the client sends back a RegisterResponse message (see
   section 4.1.2 of [U2F-JavaScript]).


      byte      SSH2_MSG_USERAUTH_INFO_RESPONSE
      string    RegisterResponse


   Once the server verified the "RegisterResponse" indeed signed the
   original challenge, it extracts the user's U2F public key and sends
   back a ssh-u2f key line which the user should add to her
   authorized_keys file:


      byte      SSH2_MSG_USERAUTH_INFO_REQUEST
      string    authorizedKey


3.2.  Authentication

   In case the client requests authentication (U2F mode 1), the server
   replies with:


      byte      SSH2_MSG_USERAUTH_INFO_REQUEST
      string    SignRequest


   In the "SignRequest" (see section 4.2.1 of [U2F-JavaScript]), the
   values for the "origin" (facet id) and "appId" (application id)
   fields MUST both be "ssh://localhost" (XXX).





Stapelberg & Josefsson   Expires August 21, 2015                [Page 3]

Internet-Draft         U2F Authentication for SSH          February 2015


   After sending "SignRequest" to the U2F security key, the client sends
   back the security key's response:


      byte      SSH2_MSG_USERAUTH_INFO_RESPONSE
      string    SignResponse


   The authentication is successful if the server successfully verifies
   that the signature on the "SignResponse" (see section 4.2.2 of
   [U2F-JavaScript]) was created with the formerly registered public
   key.

4.  Acknowledgments

   TBA

5.  Security Considerations

   TBA

6.  IANA Considerations

   None.

7.  References

7.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC4252]  Ylonen, T. and C. Lonvick, "The Secure Shell (SSH)
              Authentication Protocol", RFC 4252, January 2006.

   [U2F-JavaScript]
              Balfanz, D., Birgisson, A., and J. Lang, "FIDO U2F
              Javascript API", WWW http://fidoalliance.org/specs/
              fido-u2f-v1.0-ps-20141009/
              fido-u2f-javascript-api-ps-20141009.html, October 2014.

7.2.  Informative References

   [RFC4251]  Ylonen, T. and C. Lonvick, "The Secure Shell (SSH)
              Protocol Architecture", RFC 4251, January 2006.






Stapelberg & Josefsson   Expires August 21, 2015                [Page 4]

Internet-Draft         U2F Authentication for SSH          February 2015


   [U2F-Overview]
              Srinivas, S., Balfanz, D., and E. Tiffany, "FIDO U2F
              Javascript API", WWW http://fidoalliance.org/specs/
              fido-u2f-v1.0-ps-20141009/
              fido-u2f-overview-ps-20141009.html, October 2014.

Authors' Addresses

   Michael Stapelberg

   Email: michael+mindrot@stapelberg.de


   Simon Josefsson
   Yubico

   Email: simon@josefsson.org


































Stapelberg & Josefsson   Expires August 21, 2015                [Page 5]