Show Contents / Index / Search

Client Authentication Methods

By default, the Reflection for Secure IT server supports the Password and Keyboard interactive client user authentication methods. In addition, Reflection for Secure IT supports Public Key and GSSAPI / Kerberos V5 user authentication.

Note: The Public Key and GSSAPI / Kerberos V5 authentication methods require both server and client configuration.

Authentication method

Description

Password

Prompts the client user for the login password for that user on the Secure Shell server host.

The password is sent to the host through the encrypted channel.

Keyboard interactive

Supports any procedure in which authentication data is entered using the keyboard, including simple password authentication, thereby enabling the Secure Shell client to support a range of authentication mechanisms, such as RSA SecurID tokens or RADIUS servers.

A client administrator could, for example, configure keyboard interactive authentication to handle situations in which multiple prompts are required, such as for password updates.

Keyboard data is sent to the host through the encrypted channel.

 

Note: Configure this method from the Password pane.

Public Key

Relies upon public/private key pairs. To configure public key authentication, each client user needs to create a key pair and upload the public key to the server. If the key is protected by a passphrase, the client user is prompted to enter that passphrase to complete the connection using public key authentication.

GSSAPI / Kerberos V5

Supports client authentication using Kerberos V5, a common GSSAPI implementation. No password is required, nor is it necessary to distribute keys or certificates. Windows uses Kerberos for network authentication, and Reflection for Secure IT integrates with the Windows Kerberos implementation.

When this method is enabled, both the client and server can obtain user tickets automatically from the Windows credential cache, and use these tickets for authentication.

 

Note: When GSSAPI is enabled for client authentication, it is also possible to configure the Secure Shell connection to use Kerberos server authentication.

Related Topics

Client Authentication