HP-UX Secure Shell Getting Started Guide
3 HP-UX Secure Shell Authentication Methods
This chapter describes the authentication methods supported by HP-UX Secure Shell.
This chapter addresses the following topics:
• “Overview” (page 27)
• “Password Authentication” (page 28)
• “Public-Key Authentication” (page 29)
• “Kerberos Authentication” (page 31)
• “Keyboard-Interactive Authentication” (page 33)
• “Host-Based Authentication” (page 33)
Overview
Authentication is a means of verifying the identity of a server or client using certain parameters
such as user name, password, and passphrase.
Every HP-UX Secure Shell connection includes server authentication, where the server verifies
the identity of the user requesting access, and client authentication, where the client verifies the
identity of the server.
Server authentication ensures that the HP-UX Secure Shell server is genuine and not an imposter.
Server authentication also guards against a hacker redirecting your network connection to a
different system.
A server authenticates itself to the client using the public-key authentication method. The server
requires the passphrase from the client in order to establish a successful connection.
When a client attempts to connect to a server, the client selects an authentication method and
either presents the appropriate credentials as part of the connection request, or responds to a
prompt sent back by the server. All authentication methods work this way.
HP-UX Secure Shell supports the following authentication methods:
• “Password Authentication” (page 28)
• “Public-Key Authentication” (page 29)
• “Kerberos Authentication” (page 31)
• “Keyboard-Interactive Authentication” (page 33)
• “Host-Based Authentication” (page 33)
Table 3-1 describes the advantages and disadvantages of the authentication methods supported
by HP-UX Secure Shell.
Table 3-1 Advantages and Disadvantages of HP-UX Secure Shell Authentication Methods
DisadvantagesAdvantagesAuthentication Method
Users must type passwords every time
they connect to the server. Less secure
because the password is transmitted from
the client to the server over the network
in clear text. The password is protected
from snooping while on the network;
however, it becomes vulnerable if server
security is compromised.
Requires little or no setup.
Convenient for users who travel a lot and
do not like to carry private keys.
Password
Large management overhead, such as
creating key pairs and sharing public-key
information with clients.
Secure authentication method that does
not require a password for authentication.
Convenient for users who run remote test
scripts, secured automated file transfers,
and run test suite from remote systems.
Public-key
Overview 27