Authentication method

Description

Password

Prompts the client user for the login password for that user on the Secure Shell server host.

The password is sent to the host through the encrypted channel. For more information, see Password User Authentication.

Keyboard interactive

Supports any procedure in which authentication data is entered using the keyboard, including simple password authentication, thereby enabling the Secure Shell client to support a range of authentication mechanisms.

A client administrator could, for example, configure keyboard interactive authentication to handle situations in which multiple prompts are required, such as for password updates. Keyboard interactive authentication is also used if you are configuring PAM.

Keyboard data is sent to the host through the encrypted channel. For more information, see Configure Keyboard Interactive User Authentication.

Public Key

Relies upon public/private key pairs. To configure public key authentication, each client user needs to create a key pair and upload the public key to the server. If the key is protected by a passphrase, the client user is prompted to enter that passphrase to complete the connection using public key authentication. For more information, see Configure Public Key User Authentication.

GSSAPI (Kerberos V5)

Kerberos is a security protocol that provides an alternate mechanism for both client and server authentication. Kerberos authentication relies on a trusted third party called the KDC (Key Distribution Center). The Secure Shell protocol supports Kerberos authentication via GSSAPI (Generic Security Services Application Programming Interface). For more information, see Configure Kerberos Server and Client Authentication.