Using Kerberos as a key exchange method in Secure Shell

Document Type Expired Internet-Draft (individual)
Last updated 2000-09-05
Stream (None)
Intended RFC status (None)
Expired & archived
pdf htmlized (tools) htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This memo describes two methods for using Kerberos [KRB5] for authentication and key exchange in the Secure Shell protocol. The first method uses Kerberos as a means to authenticate the Diffie-Hellman exchange described in [SSH-TRANSPORT]. The second method uses Kerberos for authentication and key-exchange. This memo also defines a new user authentication method which allows an authorization name and optional credentials to build upon the underlying authenticated key exchange.


Joseph Salowey (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)