Public-key authentication is based on the use of digital signatures
and provides very good authentication security. To use public-key
authentication, the user must first create a key pair on the client, and
upload the public key to the server. The default directory for the user's
public keys is $HOME/.ssh2/authorized_keys
on Unix and
%USERPROFILE%\.ssh2\authorized_keys
on Windows. The default
location can be changed with the authorized-keys-directory
attribute in the ssh-server-config.xml
file.
See auth-publickey.
To enable public-key authentication on the server, the
authentication-methods
element of the
ssh-server-config.xml
file must contain an
auth-publickey
element. For example:
<authentication-methods> <authentication action="allow"> <auth-publickey authorized-keys-directory="%D/.ssh2/authorized_keys" /> ... </authentication> </authentication-methods>
Also other authentication methods can be allowed.
By using selectors, it is possible to allow or require public-key authentication only for a specified group of users. See the section called “Selectors” for more information.
On Windows, using the SSH Tectia Server Configuration tool, public-key authentication can be allowed on the Authentication page. See Authentication.