SSH Communications Security
Previous Next Up [Contents] [Index]

    Introduction >>
    Configuration >>
        Saving Settings >>
        Loading Settings
        Profile Settings >>
            Connection
            Cipher List
            Authentication
            Colors
            Keyboard
            Keymap Editor
            Tunneling
            File Transfer
            Favorites
        Global Settings >>
        Customize
    Connecting >>
    Terminal Window >>
    File Transfer >>
    Toolbar Reference >>
    Menu Reference >>
    Advanced Information >>
    Troubleshooting >>
    Appendices >>

Authentication

With the Authentication page of the Settings dialog, you can define customized authentication methods. Two lists are displayed on the page, the upper list for general authentication, and the lower list for authentication methods user for public-key authentication.

The icons displayed above the list can be used to add a new authentication method, delete an existing authentication method and move the authentication methods upwards or downwards in the preference list. Authentication methods higher up in the list will be attempted first. Usually authentication methods that require user interaction should be attempted last.

authentication-page-5.gif
Figure : Defining the authentication settings

Authentication Methods

Possible methods for general authentication are the following:

  • Public Key

    Use public-key authentication.

  • Password

    Use password for authentication.

  • Keyboard-Interactive

    Keyboard-Interactive is designed to allow the Secure Shell client to support several different types of authentication methods. For more information on Keyboard-Interactive, see Section Keyboard-Interactive Authentication.

  • SecurID

    Using SecurID authentication requires that you have a SecurID device that generates the numeric codes that are needed to login.

  • PAM

    Use Pluggable Authentication Modules (PAM) for authentication. PAM is an authentication method that has gained wide popularity especially on UNIX platforms.

The default authentication methods are public-key authentication, Keyboard-Interactive and password authentication.

Public-Key Authentication Methods

Possible methods for public-key authentication are the following:

  • SSH Accession Certificates

    Use SSH Accession certificates for authentication. SSH Accession is a separate software product by SSH Communications Security that offers an easy method for accessing authentication credentials on smart cards and other hardware tokens. It can be also used as an authentication agent. For more information, see http://www.ssh.com/products/accession/.

  • SSH Accession Keys

    Use SSH Accession keys for authentication. SSH Accession is a separate software product by SSH Communications Security that offers an easy method for accessing authentication credentials on smart cards and other hardware tokens. It can be also used as an authentication agent. For more information, see http://www.ssh.com/products/accession/.

  • PKCS #11 Certificates

    Authenticate by using PKCS #11 certificates (certificates stored for example on a smart card or a USB token). For more information on using PKCS #11 certificates, see section PKCS 11.

  • PKCS #11 Keys

    Authenticate by using PKCS #11 keys (keys stored for example on a smart card or a USB token). For more information on using PKCS #11 keys, see section PKCS 11.

  • User Certificates

    Use user certificates for authentication. For more information on using certificates, see section Certificates.

  • User Keys

    Use user keys for authentication. For more information on using user keys, see section User Keys.

Note: The automatically handled authentication methods should always be listed first, i.e. public-key authentication should preceed password authentication. This way the automatically handled method will be used whenever possible.

Authentication Agent Forwarding

Authentication agent is a program to automatize the use of authentication private keys. SSH Accession can provide agent functionality for SSH Secure Shell for Workstations.

When you use the agent, it will be automatically used for public-key authentication. This way, you only have to type the passphrase of your private key once to the agent. Furthermore, authentication data does not have to be stored on any other machine than the local machine, and authentication passphrases or private keys never go over the network.

Agent forwarding can be enabled or disabled based on the Secure Shell protocol used. Select the checkbox for any of the options you want to use:

  • Enable SSH2 connections

    Select this checkbox to allow authentication agent forwarding to be used for connections using the SSH protocol version 2.

  • Enable SSH1 agent forwarding for SSH2 connections

    Select this checkbox to allow authentication agent forwarding with the SSH protocol version 1 to be used for connections that use the SSH protocol version 2.

  • Enable for SSH1 connections

    Select this checkbox to allow authentication agent forwarding to be used for connections using the SSH protocol version 1.

Previous Next Up [Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2003 SSH Communications Security Corp.
All rights reserved.
Copyright Notice