NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0032:  Update to FCS_SSH_EXT.1.2

Publication Date

Protection Profiles

Other References
PP_ND_V1.1, requirement FCS_SSH_EXT.1.2

Issue Description

FCS_SSH_EXT.1.2 requires the support of both password-based and public key-based authentication. A distributed TOE is likely to support communication between its components via SSH public key-based authentication only. This requirement prevents any CCTL from testing Test 2 of FCS_SSH_EXT.1.2 (configuring and using SSH password-based authentication) for TOE component-to-component communication that is public key-based only.


FCS_SSH_EXT.1.2 will be rewritten to conditionally require password-based authentication as shown below:

FCS_SSH_EXT.1.2 The TSF shall ensure that the SSH protocol implementation supports the following authentication methods as described in RFC 4252: public key-based, [selection: password-based, none].

Application Note: The ST author can choose "none" from the selection if the TOE uses SSH for FPT_ITT. The ST author must choose "password-based" from the selection if the TOE uses SSH for FTP_ITC or FTP_TRP.  ,

Assurance Activity:
The evaluator shall check to ensure that the TSS contains a description of the public key algorithms that are acceptable for use for authentication, that this list conforms to FCS_SSH_EXT.1.5, and ensure that password-based authentication methods are also allowed if SSH is selected for FTP_ITC and FTP_TRP.  The evaluator shall check to ensure that the operational guidance contains instructions to the administrator to configure SSH to support all uses identified in the ST (e.g., use to support distributed TOE functionality, use to support trusted path for administrators).

The evaluator shall also perform the following tests for each use of the SSH mechanism (e.g., if the SSH mechanism was used for distributed TOE support using certificates only as well as for administrator trusted path using either certificates or passwords, the evaluator would perform Test 1 twice and Test 2 once) :
  • Test 1: The evaluator shall, for each public key algorithm supported, show that the TOE supports the use of that public key algorithm to authenticate the connection. Any configuration activities required to support this test shall be performed according to instructions in the operational guidance.
  • Test 2 [conditional]: Using the operational guidance, the evaluator shall configure the TOE to accept password-based authentication, and demonstrate that a user can be successfully authenticated to the TOE over SSH using a password as an authenticator.

Implementations of SSH used to protect communication channels in a distributed TOE scenario generally do not support the use of passwords for authentication, so changes to the requirement have been made to allow for such implementations.

Site Map              Contact Us              Home