Your browser does not allow storing cookies. We recommend enabling them.

SSH

Supplementing Authentication with an External Application

Tectia Server allows using an external application to supplement authentication. This also makes it possible to use information stored in an external database to allow access for specific users.

The external application, which may be written in any programming language suitable for the task, talks to Tectia Server using the Tectia Mapper Protocol. (For more information on the protocol, see Appendix E.)

The path to the external application is defined in the ssh-server-config.xml file within an authentication block, using the mapper element's command attribute.

[Caution]Caution
The external application will be launched under administrator (root) privileges.

Tectia Server sends data from its blackboard to the external application. For a detailed description of the data that the server sends, see mapper in ssh-server-config(5). The data that the external application sends back to Tectia Server will be stored in the server's blackboard.

For the authentication to succeed, the external application must return "success" and an exit status 0. For more information on the parameters allowed by Tectia Mapper Protocol, see Parameters.

Sample scripts written in Python are provided in /etc/ssh2/samples on Unix and <INSTALLDIR>\SSH Tectia AUX\samples on Windows.


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now