1ee116499SAntonio Huete JimenezThe SSH agent protocol is described in 2*ba1276acSMatthew Dillonhttps://tools.ietf.org/html/draft-miller-ssh-agent 318de8d7fSPeter Avalos 4ee116499SAntonio Huete JimenezThis file documents OpenSSH's extensions to the agent protocol. 5ee116499SAntonio Huete Jimenez 6ee116499SAntonio Huete Jimenez1. session-bind@openssh.com extension 7ee116499SAntonio Huete Jimenez 8ee116499SAntonio Huete JimenezThis extension allows a ssh client to bind an agent connection to a 9ee116499SAntonio Huete Jimenezparticular SSH session identifier as derived from the initial key 10ee116499SAntonio Huete Jimenezexchange (as per RFC4253 section 7.2) and the host key used for that 11ee116499SAntonio Huete Jimenezexchange. This binding is verifiable at the agent by including the 12ee116499SAntonio Huete Jimenezinitial KEX signature made by the host key. 13ee116499SAntonio Huete Jimenez 14ee116499SAntonio Huete JimenezThe message format is: 15ee116499SAntonio Huete Jimenez 16ee116499SAntonio Huete Jimenez byte SSH_AGENTC_EXTENSION (0x1b) 17ee116499SAntonio Huete Jimenez string session-bind@openssh.com 18ee116499SAntonio Huete Jimenez string hostkey 19ee116499SAntonio Huete Jimenez string session identifier 20ee116499SAntonio Huete Jimenez string signature 21ee116499SAntonio Huete Jimenez bool is_forwarding 22ee116499SAntonio Huete Jimenez 23ee116499SAntonio Huete JimenezWhere 'hostkey' is the encoded server host public key, 'session 24ee116499SAntonio Huete Jimenezidentifier' is the exchange hash derived from the initial key 25ee116499SAntonio Huete Jimenezexchange, 'signature' is the server's signature of the session 26ee116499SAntonio Huete Jimenezidentifier using the private hostkey, as sent in the final 27ee116499SAntonio Huete JimenezSSH2_MSG_KEXDH_REPLY/SSH2_MSG_KEXECDH_REPLY message of the initial key 28ee116499SAntonio Huete Jimenezexchange. 'is_forwarding' is a flag indicating whether this connection 29ee116499SAntonio Huete Jimenezshould be bound for user authentication or forwarding. 30ee116499SAntonio Huete Jimenez 31ee116499SAntonio Huete JimenezWhen an agent received this message, it will verify the signature and 32ee116499SAntonio Huete Jimenezcheck the consistency of its contents, including refusing to accept 33ee116499SAntonio Huete Jimeneza duplicate session identifier, or any attempt to bind a connection 34*ba1276acSMatthew Dillonpreviously bound for authentication. It will then record the 35ee116499SAntonio Huete Jimenezbinding for the life of the connection for use later in testing per-key 36ee116499SAntonio Huete Jimenezdestination constraints. 37ee116499SAntonio Huete Jimenez 38ee116499SAntonio Huete Jimenez2. restrict-destination-v00@openssh.com key constraint extension 39ee116499SAntonio Huete Jimenez 40ee116499SAntonio Huete JimenezThe key constraint extension supports destination- and forwarding path- 41ee116499SAntonio Huete Jimenezrestricted keys. It may be attached as a constraint when keys or 42ee116499SAntonio Huete Jimenezsmartcard keys are added to an agent. 43ee116499SAntonio Huete Jimenez 44ee116499SAntonio Huete Jimenez byte SSH_AGENT_CONSTRAIN_EXTENSION (0xff) 45ee116499SAntonio Huete Jimenez string restrict-destination-v00@openssh.com 46ee116499SAntonio Huete Jimenez constraint[] constraints 47ee116499SAntonio Huete Jimenez 48ee116499SAntonio Huete JimenezWhere a constraint consists of: 49ee116499SAntonio Huete Jimenez 50ee116499SAntonio Huete Jimenez string from_username (must be empty) 51ee116499SAntonio Huete Jimenez string from_hostname 52*ba1276acSMatthew Dillon string reserved 53ee116499SAntonio Huete Jimenez keyspec[] from_hostkeys 54ee116499SAntonio Huete Jimenez string to_username 55ee116499SAntonio Huete Jimenez string to_hostname 56*ba1276acSMatthew Dillon string reserved 57ee116499SAntonio Huete Jimenez keyspec[] to_hostkeys 58*ba1276acSMatthew Dillon string reserved 59ee116499SAntonio Huete Jimenez 60ee116499SAntonio Huete JimenezAnd a keyspec consists of: 61ee116499SAntonio Huete Jimenez 62ee116499SAntonio Huete Jimenez string keyblob 63ee116499SAntonio Huete Jimenez bool is_ca 64ee116499SAntonio Huete Jimenez 65ee116499SAntonio Huete JimenezWhen receiving this message, the agent will ensure that the 66ee116499SAntonio Huete Jimenez'from_username' field is empty, and that 'to_hostname' and 'to_hostkeys' 67ee116499SAntonio Huete Jimenezhave been supplied (empty 'from_hostname' and 'from_hostkeys' are valid 68ee116499SAntonio Huete Jimenezand signify the initial hop from the host running ssh-agent). The agent 69ee116499SAntonio Huete Jimenezwill then record the constraint against the key. 70ee116499SAntonio Huete Jimenez 71ee116499SAntonio Huete JimenezSubsequent operations on this key including add/remove/request 72ee116499SAntonio Huete Jimenezidentities and, in particular, signature requests will check the key 73ee116499SAntonio Huete Jimenezconstraints against the session-bind@openssh.com bindings recorded for 74ee116499SAntonio Huete Jimenezthe agent connection over which they were received. 75ee116499SAntonio Huete Jimenez 76ee116499SAntonio Huete Jimenez3. SSH_AGENT_CONSTRAIN_MAXSIGN key constraint 77ee116499SAntonio Huete Jimenez 78ee116499SAntonio Huete JimenezThis key constraint allows communication to an agent of the maximum 79ee116499SAntonio Huete Jimeneznumber of signatures that may be made with an XMSS key. The format of 80ee116499SAntonio Huete Jimenezthe constraint is: 81ee116499SAntonio Huete Jimenez 82ee116499SAntonio Huete Jimenez byte SSH_AGENT_CONSTRAIN_MAXSIGN (0x03) 83ee116499SAntonio Huete Jimenez uint32 max_signatures 84ee116499SAntonio Huete Jimenez 85ee116499SAntonio Huete JimenezThis option is only valid for XMSS keys. 86ee116499SAntonio Huete Jimenez 87*ba1276acSMatthew Dillon3. associated-certs-v00@openssh.com key constraint extension 88*ba1276acSMatthew Dillon 89*ba1276acSMatthew DillonThe key constraint extension allows certificates to be associated 90*ba1276acSMatthew Dillonwith private keys as they are loaded from a PKCS#11 token. 91*ba1276acSMatthew Dillon 92*ba1276acSMatthew Dillon byte SSH_AGENT_CONSTRAIN_EXTENSION (0xff) 93*ba1276acSMatthew Dillon string associated-certs-v00@openssh.com 94*ba1276acSMatthew Dillon bool certs_only 95*ba1276acSMatthew Dillon string certsblob 96*ba1276acSMatthew Dillon 97*ba1276acSMatthew DillonWhere "certsblob" consists of one or more certificates encoded as public 98*ba1276acSMatthew Dillonkey blobs: 99*ba1276acSMatthew Dillon 100*ba1276acSMatthew Dillon string[] certificates 101*ba1276acSMatthew Dillon 102*ba1276acSMatthew DillonThis extension is only valid for SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 103*ba1276acSMatthew Dillonrequests. When an agent receives this extension, it will attempt to match 104*ba1276acSMatthew Dilloneach certificate in the request with a corresponding private key loaded 105*ba1276acSMatthew Dillonfrom the requested PKCS#11 token. When a matching key is found, the 106*ba1276acSMatthew Dillonagent will graft the certificate contents to the token-hosted private key 107*ba1276acSMatthew Dillonand store the result for subsequent use by regular agent operations. 108*ba1276acSMatthew Dillon 109*ba1276acSMatthew DillonIf the "certs_only" flag is set, then this extension will cause ONLY 110*ba1276acSMatthew Dillonthe resultant certificates to be loaded to the agent. The default 111*ba1276acSMatthew Dillonbehaviour is to load the PKCS#11-hosted private key as well as the 112*ba1276acSMatthew Dillonresultant certificate. 113*ba1276acSMatthew Dillon 114*ba1276acSMatthew DillonA SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED will return SSH_AGENT_SUCCESS 115*ba1276acSMatthew Dillonif any key (plain private or certificate) was successfully loaded, or 116*ba1276acSMatthew DillonSSH_AGENT_FAILURE if no key was loaded. 117*ba1276acSMatthew Dillon 118*ba1276acSMatthew Dillon$OpenBSD: PROTOCOL.agent,v 1.23 2024/04/30 05:45:56 djm Exp $ 119