Network Working Group J. Galbraith Request for Comments: 4335 VanDyke Software Category: Standards Track P. Remaker Cisco Systems, Inc January 2006
Network Working Group J. Galbraith Request for Comments: 4335 VanDyke Software Category: Standards Track P. Remaker Cisco Systems, Inc January 2006
The Secure Shell (SSH) Session Channel Break Extension
Secure Shell(SSH)会话通道中断扩展
Status of This Memo
关于下段备忘
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
Abstract
摘要
The Session Channel Break Extension provides a means to send a BREAK signal over a Secure Shell (SSH) terminal session.
会话通道中断扩展提供了通过安全外壳(SSH)终端会话发送中断信号的方法。
Table of Contents
目录
1. Introduction ....................................................2 2. Conventions Used in This Document ...............................2 3. The Break Request ...............................................3 4. Security Considerations .........................................4 5. IANA Considerations .............................................4 6. References ......................................................4 6.1. Normative References .......................................4 6.2. Informative References .....................................5
1. Introduction ....................................................2 2. Conventions Used in This Document ...............................2 3. The Break Request ...............................................3 4. Security Considerations .........................................4 5. IANA Considerations .............................................4 6. References ......................................................4 6.1. Normative References .......................................4 6.2. Informative References .....................................5
The Secure Shell (SSH) [5] session channel provides a mechanism for the client-user to interactively enter commands and receive output from a remote host while taking advantage of the SSH transport's privacy and integrity features. SSH is increasingly being used to replace Telnet for terminal access applications.
Secure Shell(SSH)[5]会话通道为客户端用户提供了一种机制,在利用SSH传输的隐私和完整性功能的同时,可以交互地输入命令并从远程主机接收输出。SSH越来越多地被用于替代终端访问应用程序的Telnet。
A common application of the Telnet protocol is the "Console Server" [7] whereby a Telnet Network Virtual Terminal (NVT) can be connected to a physical RS-232/V.24 asynchronous port, making the Telnet NVT appear as a locally attached terminal to that port, and making that physical port appear as a network-addressable device. A number of major computer equipment vendors provide high-level administrative functions through an asynchronous serial port and generally expect the attached terminal to be capable of sending a BREAK signal.
Telnet协议的一个常见应用是“控制台服务器”[7],通过该服务器,Telnet网络虚拟终端(NVT)可以连接到物理RS-232/V.24异步端口,使Telnet NVT显示为该端口的本地连接终端,并使该物理端口显示为网络可寻址设备。许多主要的计算机设备供应商通过异步串行端口提供高级管理功能,并且通常期望连接的终端能够发送中断信号。
A BREAK signal is defined as the TxD signal being held in a SPACE ("0") state for a time greater than a whole character time. In practice, a BREAK signal is typically 250 to 500 ms in length.
中断信号被定义为TxD信号在空间(“0”)状态中保持的时间大于整个字符时间。实际上,中断信号的长度通常为250至500毫秒。
The Telnet protocol furnishes a means to send a "BREAK" signal, which RFC 854 [1] defines as "a signal outside the USASCII set which is currently given local meaning within many systems". Console Server vendors interpret the TELNET BREAK signal as a physical BREAK signal, which can then allow access to the full range of administrative functions available on an asynchronous serial console port.
Telnet协议提供了一种发送“中断”信号的方法,RFC 854[1]将其定义为“USASCII集合之外的信号,目前在许多系统中具有本地含义”。控制台服务器供应商将TELNET中断信号解释为物理中断信号,从而允许访问异步串行控制台端口上可用的全部管理功能。
The lack of a similar facility in the SSH session channel has forced users to continue the use of Telnet for the "Console Server" function.
SSH会话通道中缺少类似的功能,这迫使用户继续使用Telnet实现“控制台服务器”功能。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [2].
本文件中的关键词“必须”、“不得”、“要求”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[2]中所述进行解释。
The "byte", "boolean", "uint32", and "string" data types are defined in [3].
[3]中定义了“byte”、“boolean”、“uint32”和“string”数据类型。
The following channel-specific request can be sent over a session channel (as described in [4]) to request that the remote host perform a BREAK operation.
可以通过会话通道(如[4]中所述)发送以下特定于通道的请求,以请求远程主机执行中断操作。
byte SSH_MSG_CHANNEL_REQUEST uint32 recipient channel string "break" boolean want_reply uint32 break-length in milliseconds
字节SSH\u MSG\u CHANNEL\u REQUEST uint32接收方通道字符串“break”布尔值want\u reply uint32 break长度(毫秒)
If the BREAK length cannot be controlled by the application receiving this request, the BREAK length parameter SHOULD be ignored and the default BREAK signal length of the chipset or underlying chipset driver SHOULD be sent.
如果接收此请求的应用程序无法控制中断长度,则应忽略中断长度参数,并发送芯片组或底层芯片组驱动程序的默认中断信号长度。
If the application receiving this request can control the BREAK length, the following suggestions are made regarding BREAK duration. If a BREAK duration request of greater than 3000 ms is received, it SHOULD be interpreted as a request for a 3000 ms BREAK. This safeguard prevents an unreasonably long BREAK request from causing a port to become unavailable for as long as 49.7 days while executing the BREAK. Applications that require a longer BREAK may choose to ignore this suggestion. If BREAK duration request of less than 500 ms is received, it SHOULD be interpreted as a 500 ms BREAK since most devices will recognize a BREAK of that length. Applications that require a shorter BREAK may choose to ignore this suggestion. If the BREAK length parameter is 0, the BREAK SHOULD be interpreted as the default BREAK signal length of the chipset or underlying chipset driver. If no default exists, 500 ms can be used as the BREAK length.
如果接收此请求的应用程序可以控制中断长度,则针对中断持续时间提出以下建议。如果收到大于3000 ms的中断持续时间请求,则应将其解释为3000 ms中断请求。此保护措施可防止不合理的长中断请求在执行中断时导致端口不可用长达49.7天。需要较长休息时间的应用程序可以选择忽略此建议。如果收到小于500 ms的中断持续时间请求,则应将其解释为500 ms中断,因为大多数设备将识别该长度的中断。需要较短休息时间的应用程序可以选择忽略此建议。如果中断长度参数为0,则中断应解释为芯片组或底层芯片组驱动程序的默认中断信号长度。如果不存在默认值,则可以使用500 ms作为中断长度。
If the SSH connection does not terminate on a physical serial port, the BREAK indication SHOULD be handled in a manner consistent with the general use of BREAK as an attention/interrupt signal; for instance, a service processor that requires an out-of-band facility to get the attention of a system it manages.
如果SSH连接未在物理串行端口上终止,则中断指示的处理方式应与一般使用中断作为注意/中断信号的方式一致;例如,一个服务处理器需要一个带外设施来引起它所管理的系统的注意。
In a case where an SSH connection cascades to another connection, the BREAK SHOULD be passed along the cascaded connection. For example, a Telnet session from an SSH shell should carry along an SSH-initiated BREAK, and an SSH client initiated from a Telnet connection SHOULD pass a BREAK indication from the Telnet connection.
在SSH连接级联到另一个连接的情况下,中断应该沿着级联连接传递。例如,来自SSH shell的Telnet会话应该带有SSH启动的中断,而从Telnet连接启动的SSH客户端应该传递来自Telnet连接的中断指示。
If the 'want_reply' boolean is set, the server MUST reply using an SSH_MSG_CHANNEL_SUCCESS or SSH_MSG_CHANNEL_FAILURE [5] message. If a BREAK of any kind was preformed, SSH_MSG_CHANNEL_SUCCESS MUST be sent. If no BREAK was preformed, SSH_MSG_CHANNEL_FAILURE MUST be sent.
如果设置了'want_reply'布尔值,服务器必须使用SSH_MSG_CHANNEL_SUCCESS或SSH_MSG_CHANNEL_FAILURE[5]消息进行回复。如果执行了任何类型的中断,则必须发送SSH\u MSG\u CHANNEL\u SUCCESS。如果未执行中断,则必须发送SSH\u MSG\u通道\u故障。
This operation SHOULD be supported by any general purpose SSH client.
任何通用SSH客户端都应该支持此操作。
Many computer systems treat serial consoles as local and secured, and interpret a BREAK signal as an instruction to halt execution of the operating system or to enter privileged configuration modes. Because of this, extra care should be taken to ensure that SSH access to BREAK-enabled ports are limited to users with appropriate privileges to execute such functions. Alternatively, support for the BREAK facility MAY be implemented as configurable on a per-port or per-server basis.
许多计算机系统将串行控制台视为本地和安全的,并将中断信号解释为停止操作系统执行或进入特权配置模式的指令。因此,应特别注意确保对启用中断的端口的SSH访问仅限于具有执行此类功能的适当权限的用户。或者,对中断设施的支持可以在每个端口或每个服务器的基础上实现为可配置的。
Implementations that literally interpret the BREAK length parameter without imposing the suggested BREAK time limit may cause a denial of service to or unexpected results from attached devices receiving the very long BREAK signal.
在不施加建议的中断时间限制的情况下逐字解释中断长度参数的实现可能会导致拒绝服务或接收超长中断信号的连接设备产生意外结果。
IANA has assigned the Connection Protocol Channel Request Name "break" in accordance with [6].
IANA已根据[6]分配连接协议信道请求名称“中断”。
[1] Postel, J. and J. Reynolds, "Telnet Protocol Specification", STD 8, RFC 854, May 1983.
[1] Postel,J.和J.Reynolds,“Telnet协议规范”,STD 8,RFC 854,1983年5月。
[2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[2] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[3] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) Protocol Architecture", RFC 4251, January 2006.
[3] Ylonen,T.和C.Lonvick,Ed.,“安全外壳(SSH)协议架构”,RFC 4251,2006年1月。
[4] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) Transport Layer Protocol", RFC 4253, January 2006.
[4] 《安全外壳(SSH)传输层协议》,RFC 4253,2006年1月。
[5] Ylonen, T. and C. Lonvick, Ed., "The Secure Shell (SSH) Connection Protocol", RFC 4254, January 2006.
[5] 《安全外壳(SSH)连接协议》,RFC 4254,2006年1月。
[6] Lehtinen, S. and C. Lonvick, Ed., "The Secure Shell (SSH) Protocol Assigned Numbers", RFC 4250, January 2006.
[6] Lehtinen,S.和C.Lonvick,Ed.,“安全外壳(SSH)协议分配编号”,RFC 4250,2006年1月。
[7] Harris, D., "Greater Scroll of Console Knowledge", March 2004, <http://www.conserver.com/consoles/>.
[7] Harris,D.,“控制台知识的大卷轴”,2004年3月<http://www.conserver.com/consoles/>.
Authors' Addresses
作者地址
Joseph Galbraith VanDyke Software 4848 Tramway Ridge Blvd Suite 101 Albuquerque, NM 87111 US
Joseph Galbraith VanDyke Software 4848美国新墨西哥州阿尔伯克基索道桥大道101号套房,邮编87111
Phone: +1 505 332 5700 EMail: galb-list@vandyke.com
Phone: +1 505 332 5700 EMail: galb-list@vandyke.com
Phillip Remaker Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95120 US
美国加利福尼亚州圣何塞市西塔斯曼大道170号,Phillip改造商思科系统公司,邮编95120
Phone: +1 408 526 8614 EMail: remaker@cisco.com
Phone: +1 408 526 8614 EMail: remaker@cisco.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2006).
版权所有(C)互联网协会(2006年)。
This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.
本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。
This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件及其包含的信息是按“原样”提供的,贡献者、他/她所代表或赞助的组织(如有)、互联网协会和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Intellectual Property
知识产权
The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。
Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.
向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.
Acknowledgement
确认
Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA).
RFC编辑器功能的资金由IETF行政支持活动(IASA)提供。