Authentication: Verifying Identities
A large part of the SSH server’s job is to grant or deny connection requests from clients. This is done at two levels: authentication and access control (a.k.a. authorization). We discuss the former here and the latter in the section "Access Control: Letting People In.” [5.5] Authentication, as we’ve seen, means verifying the identity of the user requesting a connection.
5.4.1 Authentication Syntax
sshd supports several different techniques for authentication that may be enabled or disabled. [3.1.3] [3.4.3] For example, if you don’t trust password authentication, you can turn it off serverwide but still permit public-key authentication.
As SSH has evolved, the syntax for configuring authentication has changed several times, and OpenSSH and Tectia use entirely different syntaxes. In OpenSSH, different authentication techniques are turned on and off with keywords of the form:
<Name_Of_Technique>AuthenticationFor example, password authentication is controlled by the
keyword PasswordAuthentication,
public-key authentication by PubKeyAuthentication, and so forth, one
keyword per technique. Values may be yes or no, as in:
# OpenSSH
PubKeyAuthentication yesTable 5-1 lists all the authentication techniques supported by OpenSSH, and each is described in detail later.
Table 5-1. OpenSSH authentication keywords
Keyword | Meaning |
|---|---|
| One-time passwords. |
| Typically used for Kerberos. |
|
Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
