Chapter 6 Authentication

Table of Contents

Server Authentication with Public Keys

Host Key Storage Formats
Using the System-Wide Host Key Storage
Using the OpenSSH known_hosts File

Server Authentication with Certificates

Using the Configuration File (Unix)
Using the GUI (Windows)

User Authentication with Passwords

Using the Configuration File (Unix)
Using the GUI (Windows)

User Authentication with Public Keys

Creating Keys with ssh-keygen-g3
Uploading the Public Key Manually
Creating Keys with the Key Generation Wizard (Windows)
Uploading the Public Key Automatically (Windows)
Using Keys Generated with OpenSSH
Special Considerations with Windows Servers

User Authentication with Certificates

Using the Configuration File (Unix)
Using the GUI (Windows)

Host-Based User Authentication (Unix)

User Authentication with Keyboard-Interactive

Using the Configuration File (Unix)
Using the GUI (Windows)

User Authentication with GSSAPI

Using the Configuration File (Unix)
Using the GUI (Windows)

The Secure Shell protocol used by the SSH Tectia client/server solution provides mutual authentication – the client authenticates the server and the server authenticates the client. Both parties are assured of the identity of the other party.

The remote Secure Shell server host can authenticate itself using either traditional public-key authentication or certificate authentication.

Different methods can be used to authenticate SSH Tectia Client users. These authentication methods can be combined or used separately, depending on the level of functionality and security you want.

User authentication methods used by the client by default are, in the following order: public-key, password, keyboard-interactive, and GSSAPI authentication. Public-key and certificate authentication are combined into the public-key authentication method.

Figure 6.1. User authentication methods