Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Advantages and Disadvantages of Password Authentication

The Secure Shell protocol contains numerous features to avoid some of the vulnerabilities with password authentication. Passwords are sent as encrypted over the network, thus making it impossible to obtain the password by capturing network traffic. Also, passwords are never stored on the client. Empty passwords are not permitted by default (and they are strongly discouraged).

On the server side, the Secure Shell protocol relies on the operating system to provide confidentiality of the user passwords. SSH Tectia Server also supports limiting the number of password retries, thereby making brute-force and dictionary attacks difficult.

However, Secure Shell does not protect against weak passwords. If a malicious user is able to guess or obtain the password of a legitimate user, the malicious user can authenticate and pose as the legitimate user. Weak passwords can also be discovered by dictionary attacks from a remote machine.

Password authentication can also be used as a generic authentication method. This is the case with SSH Tectia Connector when all users use the same credentials. In this case only data encryption and data integrity services are provided. The responsibility for user authentication is left to the tunneled third-party application.

The following lists sum up the advantages and disadvantages of using password authentication with SSH Tectia.

Advantages

  • Simple to use

  • Simple to deploy—since the operating system provides the user accounts and password, almost no extra configuration is needed.

  • Generic password use with SSH Tectia Connector

Disadvantages

  • Security is entirely based on confidentiality and the strength of the password.

  • Does not provide strong identity check (only based on password).


 

 
PrivX
 

 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now