Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Keyboard-Interactive Authentication

The Keyboard-interactive authentication method is defined in RFC 4256. Keyboard-interactive is not an authentication method in itself, but more like a common interface to various other authentication methods that are based on keyboard input. Password authentication, RSA SecurID, PAM (Pluggable Authentication Module), and RADIUS are examples of authentication methods that can be used over keyboard-interactive. Currently, binary messages in PAM are rarely used.

When using keyboard-interactive, the Secure Shell client application (SSH Tectia Client) does not have to know which specific authentication method is being used, but only that it is a "keyboard-interactive" authentication method. For users authenticating themselves there is little or no difference in usage, and using keyboard-interactive itself does not add any extra security.

The primary advantage of keyboard-interactive is that it makes adding support for new authentication methods much easier, since the SSH Tectia Client software does not have to be modified. This will significantly ease upgrading to new and more secure authentication methods when they become available, provided that they rely on keyboard input.

The principle in keyboard-interactive can be seen in Figure 6.3.

The principle of keyboard-interactive

Figure 6.3. The principle of keyboard-interactive




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now