Public-key authentication is based on the use of digital signatures and provides very good authentication security. To use public-key authentication, the user must first create a key pair on the client, and upload the public key to the server. The default directory for the user's public keys is
$HOME/.ssh2/authorized_keys on Unix and
%USERPROFILE%\.ssh2\authorized_keys on Windows. The default location can be changed with the authorized-keys-directory attribute in the
ssh-server-config.xml file. See auth-publickey.
To enable public-key authentication on the server, the
authentication-methods element of the
ssh-server-config.xml file must contain an
auth-publickey element. For example:
<authentication-methods> <authentication action="allow"> <auth-publickey authorized-keys-directory="%D/.ssh2/authorized_keys" /> ... </authentication> </authentication-methods>
Also other authentication methods can be allowed.
By using selectors, it is possible to allow or require public-key authentication only for a specified group of users. See the section called “Selectors” for more information.
On Windows, using the SSH Tectia Server Configuration tool, public-key authentication can be allowed on the Authentication page. See Authentication.