[Contents] [Index]

About This Document>>     Introduction to SSH Secure Shell >>     Configuring SSH Secure Shell >>     Authentication >>         Server Authentication>>         User Authentication>>         Keyboard-Interactive Authentication >>             Overview             Configuring the Server and Client             Adding New Authentication Methods >>     Log Messages >>     Using SSH Secure Shell >>     Tool Syntax>>     Technical Specifications >>

Overview

What Is Keyboard-Interactive?

Keyboard-interactive is a relatively new authentication method, designed in the Secure Shell Working Group of the Internet Engineering Task Force (IETF). The Working Group's abstract contains the following introduction to the subject:

This document describes a general-purpose authentication method for the SSH protocol, suitable for interactive authentications where the authentication data should be entered via a keyboard. The major goal of this method is to allow the SSH client to support a whole class of authentication mechanism(s) without knowing the specifics of the actual authentication mechanism(s)

What Can Be Done with It?

Basically, any currently supported authentication method that requires only the user's input, can be performed with Keyboard-Interactive.

Currently, the following methods are supported:

• password
• SecurID
• PAM (but see Section What Cannot Be Done With It?).

What Cannot Be Done with It?

If passing of some binary information is required (as in public-key authentication), keyboard-interactive cannot be used.

PAM has support for binary messages and client-side agents, and those cannot be supported with keyboard-interactive. However, currently there are no implementations that take advantage of the binary messages in PAM, and the specification may not be cast in stone yet.