Your browser does not allow storing cookies. We recommend enabling them.

SSH

Supplementing Authentication with an External Application

Tectia Server allows using an external application to supplement authentication. This also makes it possible to use information stored in an external database to allow access for specific users.

The external application, which may be written in any programming language suitable for the task, talks to Tectia Server using the Tectia Mapper Protocol. (For more information on the protocol, see Appendix E.)

The path to the external application is defined in the ssh-server-config.xml file within an authentication block, using the mapper element's command attribute.

[Caution]Caution
The external application will be launched under administrator (root) privileges.

Tectia Server sends data from its blackboard to the external application. For a detailed description of the data that the server sends, see mapper in ssh-server-config(5). The data that the external application sends back to Tectia Server will be stored in the server's blackboard.

For the authentication to succeed, the external application must return "success" and an exit status 0. For more information on the parameters allowed by Tectia Mapper Protocol, see Parameters.

Sample scripts written in Python are provided in /etc/ssh2/samples on Unix and <INSTALLDIR>\SSH Tectia AUX\samples on Windows.


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more