SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server >>
    Getting Started >>
    Configuration >>
    Authentication >>
        Server Authentication with Public Keys >>
        Server Authentication with Certificates >>
        User Authentication with Passwords
        User Authentication with Public Keys >>
        User Authentication with Certificates >>
        Host-Based User Authentication >>
        User Authentication with Keyboard-Interactive >>
            Client Configuration
            Server Configuration
            Pluggable Authentication Module (PAM) Submethod
            RSA SecurID Submethod
            RADIUS Submethod
        User Authentication with GSSAPI >>
    Application Tunneling >>
    Troubleshooting >>
    Man Pages
    Advanced Options >>
    Log Messages >>

Server Configuration

Keyboard-Interactive is not enabled by default on the server. To set up Keyboard-Interactive authentication, do the following steps:

  1. Include the following line in the /etc/ssh2/sshd2_config file:
    AllowedAuthentications   keyboard-interactive
    
    Also other authentication methods can be listed.
  2. The submethods and policy for Keyboard-Interactive are configured as follows:
    AuthKbdInt.Required       plugin
    AuthKdbInt.Optional       pam,password,radius
    AuthKbdInt.NumOptional    1
    AuthKbdInt.FailureTimeout 2
    ...
    AuthKbdInt.Plugin         ssh-securidv5-plugin
    

    The default number of optional submethods that must be passed is 0, although if no required submethods are specified, the client must always pass at least one optional submethod.

    AuthKbdInt.Plugin is used to specify the program that is used by the plugin submethod in Keyboard-Interactive. SSH Tectia Client and Server converse with this program using a line-based protocol.

    See the sshd2_config man pages for more information on the keywords. See Sections PAM, SecurID, and RADIUS for specific instructions on setting up the different submethods.

  3. Restart the server as instructed in Section Starting the Server.

PreviousNextUp[Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2010 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice