RADIUS Extension for Certificate-based SSH Authentication

The information below is for an old version of the document
Document Type Expired Internet-Draft (individual)
Authors Devendra Vishwakarma  , Prakash Suthar  , Vivek Agarwal  , Anil Jangam 
Last updated 2021-05-21 (latest revision 2020-11-17)
Stream (None)
Expired & archived
pdf htmlized bibtex
Additional Resources
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


A scalable and centralized mechanism is required for a certificate- based administrative access to multitude of virtualized and physical network functions. While there are mechanisms that exist today to provide secure administrative command-line and API-based access, there are certain management and maintenance overheads as well as certain scalability challenges related to it. In this draft we discuss these challenges and propose a standardized, centralized server-based mechanism to authenticate a user over an SSH session using its client certificate.


Devendra Vishwakarma (dvishwak@cisco.com)
Prakash Suthar (psuthar@google.com)
Vivek Agarwal (vivagarw@cisco.com)
Anil Jangam (anjangam@cisco.com)

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)