Table of Contents
- Supported User Authentication Methods
- Server Authentication with Public Keys in File
- Server Authentication with Certificates
- User Authentication with Passwords
- User Authentication with Public Keys in a File
- User Authentication with Certificates
- Host-Based User Authentication
- User Authentication with Keyboard-Interactive
- Distributing Public Keys Using the Key Distribution Tool
The Secure Shell protocol used by the Tectia client/server solution provides mutual authentication – the client authenticates the server and the server authenticates the client user. Both parties are assured of the identity of the other party.
The remote Secure Shell server host can authenticate itself using either traditional public-key authentication or certificate authentication.
Different methods can be used to authenticate Secure Shell client users. These authentication methods can be combined or used separately, depending on the level of functionality and security you want.
User authentication methods used by the Tectia client on z/OS by default are: public-key, keyboard-interactive, and password authentication. In addition, the client supports host-based authentication.
When several interactive authentication methods are defined as allowed, Tectia client tools for z/OS will alternate between the methods and offers each of them in turn to the server in case the previous method failed. This makes it possible to define different authentication methods for different users, and they can be handled with the same server configuration.