Show Contents / Index / Search

Client Authentication

Authentication is the process of reliably determining the identity of a communicating party. Identity can be proven by something you know (such as a password), something you have (such as a private key or token), or something intrinsic about you (such as a fingerprint).

Secure Shell connections require both server and client authentication. Several methods of client authentication are available, and both the client and server can be configured to determine which method or methods are used. The server can be configured to allow, require, or deny client authentication methods. During Secure Shell connection negotiations, the server presents a list of allowed and required methods from which the client and server negotiate one or more authentication methods.

Authentication attempts follow the order of preference set by the client. The connection uses the first authentication technique highest in the client order of preference that is also allowed by the server. If the server is configured to require more than one method, multiple authentication methods are needed to establish a connection.

Reflection for Secure IT supports the following client authentication methods:

  • Password (including keyboard interactive)
  • Public key
  • GSSAPI (using Kerberos V5)

In this Section

Client Authentication Methods

Authentication Pane

Configure Password User Authentication

Configure Keyboard Interactive User Authentication

Password Pane

Configure Public Key User Authentication: Reflection for Secure IT Windows Clients

Configure Public Key User Authentication: Reflection for Secure IT UNIX Clients

Public Key Pane

Use Cached Passwords with Public Key Authentication

Password Cache Pane

Manage Cached Passwords

Configure Client Authentication using Windows Credentials

GSSAPI / Kerberos V5 Pane