GM/T 0129-2023 SSH 密码协议规范

ICS35.030

CCSL80

中华人民共和国密码行业标准

GM/T0129—2023

SSH密码协议规范

Secureshellcryptographyprotocolspecification

2023⁃12⁃04发布2024⁃06⁃01实施

国家密码管理局发布

GM/T0129—2023

目次

前言··························································································································Ⅲ

引言··························································································································Ⅳ

1范围·······················································································································1

2规范性引用文件········································································································1

3术语和定义··············································································································1

4缩略语····················································································································1

5协议框架·················································································································1

5.1协议概述···········································································································1

5.2传输层协议········································································································2

5.3鉴别协议···········································································································2

5.4连接协议···········································································································2

6密码算法和密钥种类··································································································2

6.1密码算法···········································································································2

6.2密钥种类···········································································································2

7数据类型定义···········································································································3

7.1算法标识···········································································································3

7.2基本数据类型·····································································································3

8传输层协议··············································································································3

8.1协议概述···········································································································3

8.2协议流程···········································································································4

8.3协议版本···········································································································4

8.4数据包··············································································································4

8.5密钥协商···········································································································7

8.6服务请求···········································································································9

8.7断开连接···········································································································9

9鉴别协议···············································································································10

9.1协议概述··········································································································10

9.2协议流程··········································································································11

9.3数据包·············································································································11

9.4基于口令的鉴别方法···························································································13

9.5基于非对称密钥的鉴别方法··················································································13

9.6基于数字证书的鉴别方法·····················································································14

Ⅰ

GM/T0129—2023

10连接协议··············································································································15

10.1协议概述········································································································15

10.2连接信道········································································································15

10.3数据包···········································································································16

参考文献····················································································································18

Ⅱ

GM/T0129—2023

前言

本文件按照GB/T1.1—2020《标准化工作导则第1部分：标准化文件的结构和起草规则》的规

定起草。

请注意本文件的某些内容可能涉及专利。本文件的发布机构不承担识别专利的责任。

本文件由密码行业标准化技术委员会提出并归口。

本文件起草单位：北京小雷科技有限公司、北京海泰方圆科技股份有限公司、北京数字认证股份有

限公司、格尔软件股份有限公司、中电科网络安全科技股份有限公司、兴唐通信科技有限公司、北京信

安世纪科技股份有限公司、长春吉大正元信息技术股份有限公司、北京数盾信息科技有限公司。

本文件主要起草人：曾宇波、柳增寿、蒋红宇、傅大鹏、郑强、罗俊、王妮娜、汪宗斌、赵丽丽、张国庆。

Ⅲ

GM/T0129—2023

引言

本文件的协议内容参考TheSecureShell安全协议（RFC4251，RFC4252，RFC4253，RFC4254），

按照我国相关密码政策和法规，基于我国密码技术体系，使用SM2、SM3、SM4密码算法和数字证书机

制形成SSH传输层协议、鉴别协议和连接协议。

Ⅳ

GM/T0129—2023

SSH密码协议规范

1范围

本文件规定了SSH的安全交互密码协议，规定了交互通道的加密传输协议、鉴别协议与连接协

议，规定了密码算法在协议中的使用方法。

本文件适用于SSH服务端和SSH客户端产品的研发和检测。

2规范性引用文件

下列文件中的内容通过文中的规范性引用而构成本文件必不可少的条款。其中，注日期的引用文

件，仅该日期对应的版本适用于本文件；不注日期的引用文件，其最新版本（包括所有的修改单）适用于

本文件。

GB/T15852.1信息技术安全技术消息鉴别码第1部分：采用分组密码的机制

GB/T15852.2信息技术安全技术消息鉴别码第2部分：采用专用杂凑函数的机制

GB/T33560信息安全技术密码应用标识规范

GB/T35275信息安全技术SM2密码算法加密签名消息语法规范

GB/T35276信息安全技术SM2密码算法使用规范

GM/T0015基于SM2密码算法的数字证书格式规范

GM/Z4001密码术语

3术语和定义

GM/Z4001界定的术语和定义适用于本文件。

4缩略语

下列缩略语适用于本文件。

CR：回车（Carriage⁃Return）

LF：换行（Line⁃Feed）

SP：空格（Space）

SSH：安全交互（SecureShell）

5协议框架

5.1协议概述

SSH密码协议是由传输层协议、鉴别协议和连接协议组成的协议族，用于在不安全的网络上进行

安全远程登录和安全网络服务。传输层协议、鉴别协议也可和其他服务共同组成sftp、scp等安全应用

服务。

SSH密码协议的建立过程中，首先由传输层协议建立安全的通信信道；然后在此安全通信信道上

1