A large part of the SSH server’s job is to grant or deny connection requests from clients. This is done at two levels: authentication and access control (a.k.a. authorization). We discuss the former here and the latter in the section "Access Control: Letting People In.” [5.5] Authentication, as we’ve seen, means verifying the identity of the user requesting a connection.
sshd supports several different techniques for authentication that may be enabled or disabled. [3.1.3] [3.4.3] For example, if you don’t trust password authentication, you can turn it off serverwide but still permit public-key authentication.
As SSH has evolved, the syntax for configuring authentication has changed several times, and OpenSSH and Tectia use entirely different syntaxes. In OpenSSH, different authentication techniques are turned on and off with keywords of the form:
For example, password authentication is controlled by the
public-key authentication by
PubKeyAuthentication, and so forth, one
keyword per technique. Values may be
no, as in:
# OpenSSH PubKeyAuthentication yes
Table 5-1 lists all the authentication techniques supported by OpenSSH, and each is described in detail later.
Table 5-1. OpenSSH authentication keywords
Typically used for Kerberos.