O'Reilly logo

SSH, The Secure Shell: The Definitive Guide, 2nd Edition by Robert G. Byrnes, Richard E. Silverman, Daniel J. Barrett

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Authentication: Verifying Identities

A large part of the SSH server’s job is to grant or deny connection requests from clients. This is done at two levels: authentication and access control (a.k.a. authorization). We discuss the former here and the latter in the section "Access Control: Letting People In.” [5.5] Authentication, as we’ve seen, means verifying the identity of the user requesting a connection.

5.4.1 Authentication Syntax

sshd supports several different techniques for authentication that may be enabled or disabled. [3.1.3] [3.4.3] For example, if you don’t trust password authentication, you can turn it off serverwide but still permit public-key authentication.

As SSH has evolved, the syntax for configuring authentication has changed several times, and OpenSSH and Tectia use entirely different syntaxes. In OpenSSH, different authentication techniques are turned on and off with keywords of the form:

<Name_Of_Technique>Authentication

For example, password authentication is controlled by the keyword PasswordAuthentication, public-key authentication by PubKeyAuthentication, and so forth, one keyword per technique. Values may be yes or no, as in:

    # OpenSSH
    PubKeyAuthentication yes

Table 5-1 lists all the authentication techniques supported by OpenSSH, and each is described in detail later.

Table 5-1. OpenSSH authentication keywords

Keyword

Meaning

ChallengeResponseAuthentication

One-time passwords.

GSSAPIAuthentication

Typically used for Kerberos.

HostbasedAuthentication

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required