The password authentication method is set up by default, so it is easy to implement and requires no configuring. Since all communication is encrypted, passwords are not available for eavesdroppers.
On Windows, SSH Tectia Server does not need a user management program of its own – the user accounts are created with the standard Windows User Manager.
SSH Tectia Server will record a login failure for each failed password authentication attempt.
On Windows, password authentication uses the Windows password to authenticate the user at login time.
On a Unix system, password authentication uses the
/etc/passwd
or /etc/shadow
file, depending on how
the passwords are set up. The shadow password files can be used on Linux and
Solaris servers, but not on HP-UX or AIX servers.
To enable password authentication on the server, the
authentication-methods
element of the
ssh-server-config.xml
file must contain an
auth-password
element. For example:
<authentication-methods> <authentication action="allow"> <auth-password failure-delay="2" max-tries="3" /> ... </authentication> </authentication-methods>
Also other authentication methods can be allowed.
By using selectors, it is possible to allow or require password authentication only for a specified group of users. For more information, see Using Selectors in Configuration File.
On Windows, using the SSH Tectia Server Configuration tool, password authentication can be allowed on the Authentication page. See Authentication.
Note | |
---|---|
Passwords can also be used as a submethod in keyboard-interactive authentication. For more information, see Password Submethod. |
User login requires the rights to log on
locally and access this computer from the
network. On domain controllers, these rights are disabled by
default. If SSH Tectia Server has been installed on a domain controller, the
log on locally and the access this computer from the network
permissions must be enabled on the domain controller
for the Domain Users
group.
SSH Tectia Server allows defining locally the user logon types that are allowed on
the host. By default, the Windows-set logon types are used, but for
password-based authentication methods you can define
windows-logon-type
.
For XML configuration instructions, see settings.
For SSH Tectia Server Configuration GUI instructions, see General.
For example, in case you need to enable accounts that do
NOT
have the right to log on locally, use setting
windows-logon-type="network"
.