Your browser does not allow storing cookies. We recommend enabling them.


User Authentication Methods

The automating of file transfer functions requires that authentication is done without user interaction. For non-interactive but secure authentication we have the following possibilities:

X.509 certificates

Tectia MFT Events supports X.509v3 certificates for advanced security and scalability in large and dynamic network environments. Comprehensive support for IETF PKIX and PKCS standards ensures seamless interoperability with third-party PKI products.

Public keys with null passphrase

Public-key authentication (without certificates) provides an easy-to-deploy and secure means of authenticating the users without the need to deploy and maintain a full public-key infrastructure (PKI). The keys can be stored with empty passphrases, so they do not require user attendance after creation.

Tectia MFT Events provides a Public-key Authentication Wizard that helps the user to create key pairs and to upload the public keys to remote servers.

Windows domain authentication

Tectia MFT Events can be integrated with Windows domain authentication by using Kerberos/GSSAPI for fully transparent user authentication. Once the users are logged on to the domain, there is no need for additional interaction for Secure Shell user authentication.


Tectia MFT Events supports secure password-based authentication. Unlike in plain-text protocols such as Telnet and FTP, passwords are never sent in plain-text format over the network, thus eliminating the risk of password exposure to unauthorized parties. Passwords can be stored into files per profile or defined in the connection profile settings.

Host-based authentication on Unix

Host-based authentication is a form of delegated-trust authentication, where the Secure Shell server trusts the Secure Shell client host to authenticate the user. The user is verified by a suid binary (ssh-signer) on the client host which then confirms the user identity to the server in a communication signed with a root-owned host key. The client host is authenticated strongly with public key cryptography, thus the authentication does not rely solely on a host IP address or domain name. The Secure Shell host-based authentication utilizes strong cryptography for host identity verification.

LDAP integration

Tectia MFT Events can utilize standards-based third-party LDAP directories as centralized user repositories. The keyboard-interactive method and third-party PAM modules for LDAP can be used for integrating Tectia Server on Unix with LDAP directories.

GSSAPI authentication (Kerberos)

Kerberos/GSSAPI authentication enables transparent, single-sign-on-like authentication of Tectia MFT Events users. Once the user has logged on to the network and received the logon credentials, there is no need to type in the authentication credentials again through the Tectia MFT Events Management Console when accessing Secure Shell servers. Specifically, Kerberos/GSSAPI authentication enables the use of Windows domain authentication and Active Directory accounts with Tectia (SSPI in Windows).




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now