NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0334:  NIT Technical Decision for Testing SSH when password-based authentication is not supported

Publication Date
2018.08.01

Protection Profiles
CPP_ND_V2.0E

Other References
ND SD V2.0, FCS_SSHC_EXT.1.9

Issue Description

The NIT has issued a technical decision for testing SSH when password-based authentication is not supported.

Resolution

In ND SD Test 2 for FCS_SSHC_EXT.1.9 shall be replaced by

<new>"The evaluator shall add an entry associating a host name with a public key into the TOE’s local database. The evaluator shall replace, on the corresponding SSH server, the server’s host key with a different host key. If 'password-based' is selected for the TOE in FCS_SSHC_EXT.1.2, the evaluator shall initiate a connection from the TOE to the SSH server using password-based authentication, shall ensure that the TOE rejects the connection, and shall ensure that the password was not transmitted to the SSH server (for example, by instrumenting the SSH server with a debugging capability to output received passwords). If 'password-based' is not selected for the TOE in FCS_SSHC_EXT.1.2, the evaluator shall initiate a connection from the TOE to the SSH server using public key-based authentication, and shall ensure that the TOE rejects the connection." </new>

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201803.pdf

Justification

See issue description.

 
 
Site Map              Contact Us              Home