Archived TD0200: NIT Technical Decision for Password authentication for SSH clients
ND SD v1.0, FCS_SSHC_EXT.1.2
The NIT has issued a Technical Decision for password authentication for SSH clients.
To align with NIT interpretation # 201612rev2, FCS_SSHC_EXT.1.2 shall therefore be modified as follows:
FCS_SSHC_EXT.1.2 The TSF shall ensure that the SSH protocol implementation supports the following authentication methods as described in RFC 4252: public key-based, [selection: password-based, no other method].
The TSS section in the Supporting Document for FCS_SSHC_EXT.1.2 shall be replaced by the following:
The evaluator shall check to ensure that the TSS contains a description of the public key algorithms that are acceptable for use for authentication and that this list conforms to FCS_SSHC_EXT.1.5. and ensure that if password-based authentication methods have been selected in the ST then these are also described.
Test 1 in the Tests section in the Supporting Document for FCS_SSHC_EXT.1.2 remains unchanged.
Test 2 in the Tests section in the Supporting Document for FCS_SSHC_EXT.1.2 shall be replaced by the following:
Test 2: This test is only applicable if password-based authentication has been selected in FCS_SSHC_EXT.1.2 in the ST. Otherwise this test shall be omitted. Using the guidance documentation, the evaluator shall configure the TOE to perform password-based authentication to an SSH server, and demonstrate that a user can be successfully authenticated by the TOE to an SSH server using a password as an authenticator.
For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201612rev2.pdf
See issue description.