SSH Tectia
Home Prev Up Next  

User Authentication with Public Keys

Public-key authentication is based on the use of digital signatures. Each user creates a pair of key files. One of these key files is the user's public key, and the other is the user's private key. The server knows the user's public key, and only the user has the private key.

When the user tries to authenticate, the server checks for matching public keys and sends a challenge to the user. The users are authenticated by signing the challenge using their private keys.

Remember that your private key file is used to authenticate you. If anyone else can access your private key file, they can attempt to log in to the remote host computer as you. Keep your private key file in a secure place and make sure that no one else has access to it.

[Caution]Caution

Do not use public-key authentication on a computer that is shared with other users. Generate keys only on your personal computer that no one else can access!

Also note that if you are using the Windows roaming profiles functionality, your personal settings will be replicated with the roaming profile server. If you store your private keys in the default location (under the profile folder of your Windows user account) your private keys may be susceptible to a malicious user listening to the network traffic. Therefore the User Settings folder should not be a directory that is used in profile roaming.

To use public-key authentication, do the following:

  1. Generate a key pair. You can generate your own key files with the help of a built-in Key Generation wizard on Windows (see Creating Keys with the Key Generation Wizard (Windows)), or with ssh-keygen-g3 on Unix or Windows command line (see Creating Keys with ssh-keygen-g3).

    On Windows, you can also import existing keys on the Keys and Certificates page of the SSH Tectia Configuration tool. See Managing Keys and Certificates.

  2. Upload you public key to the remote host computer. On Windows, you can do this automatically (see Uploading the Public Key Automatically (Windows)). On Unix and Windows, you can also copy the public key manually (see Uploading the Public Key Manually).

In the following instructions, Server is the SSH Tectia Server to which you are trying to connect. ServerUser is the username on the server that you are logging into. Client is the machine running an SSH Tectia Client. ClientUser is the username on the client machine that should be allowed to log in to Server as ServerUser. See Figure 6.3.

User public-key authentication

Figure 6.3. User public-key authentication

The instructions assume that ClientUser is allowed to log in to Server as ServerUser using some other authentication method (usually password).

Home Prev Up Next  

Copyright 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information