SSH Tectia

Chapter 5 Authentication

Table of Contents

Server Authentication
Server Authentication with Public Keys
Server Authentication with Certificates
Server Authentication using External Host Keys
User Authentication
User Name Handling on Windows
User Authentication with Passwords
User Authentication with Public Keys
User Authentication with Certificates
Host-Based User Authentication
User Authentication with Keyboard-Interactive
User Authentication with GSSAPI
Reporting Login Failures
Configuring User Authentication Chains
Basic Example
Example with Selectors
Authentication Chain Example
Example of Using the Deny Action

The Secure Shell protocol used by the SSH Tectia client/server solution provides mutual authentication – the client authenticates the server and the server authenticates the client users. Both parties are assured of the identity of the other party.

The SSH Tectia Server host can authenticate itself to the client using either public-key authentication or certificate authentication.

Different methods can be used to authenticate Secure Shell client users. These authentication methods can be used separately or combined, depending on the level of functionality and security you want. The server defines what methods are allowed, and the client defines the order in which they will be tried. The least interactive methods should be tried first.

User authentication methods

Figure 5.1. User authentication methods

SSH Tectia Server allows GSSAPI, public-key, keyboard-interactive, and password in user authentication by default.