The Secure Shell protocol used by the SSH Tectia client/server solution provides mutual authentication – the client authenticates the server and the server authenticates the client. Both parties are assured of the identity of the other party.
The remote SSH Tectia Server host can authenticate itself using either traditional public-key authentication or certificate authentication.
Different methods can be used to authenticate SSH Tectia Client users. These authentication methods can be combined or used separately, depending on the level of functionality and security you want.
Figure : Secure Shell user authentication methods. Note that all of the methods are not available on z/OS.
User authentication methods used by the SSH Tectia client on z/OS by default are, in the following order: public-key, keyboard-interactive, and password authentication. In addition, the client supports host-based authentication.
The SSH Tectia server on z/OS allows public-key and password authentication by default. In addition, the server supports keyboard-interactive and host-based authentication.
Note: In the example commands in this chapter, the backslash character (\) at the end of a line denotes that the command should be entered on a single line (without the backslash character).