User Authentication

Authentication is the process of reliably determining the identity of a communicating party. Identity can be proven by something you know (such as a password), something you have (such as a private key or token), or something intrinsic about you (such as a fingerprint).

Secure Shell connections require both server and client authentication. Several methods of client authentication are available, and both the client and server can be configured to determine which method — or methods — are used. The server can be configured to allow, require, or deny client authentication methods. During Secure Shell connection negotiations, the server presents a list of allowed and required methods from which the client and server negotiate one or more authentication methods.

Authentication attempts follow the order of preference set by the client. The connection uses the first authentication technique highest in the client order of preference that is also allowed by the server. If the server is configured to require more than one method, multiple authentication methods are needed to establish a connection.

Note: If you are using FileXpress Gateway, you can require users to use the FileXpress Transfer Client by disabling all available authentication methods (password, public key, RSA SecurID, and GSSAPI/Kerberos). The FileXpress Transfer Client uses a proprietary authentication method ("secure-token@attachmate.com"), which is supported only for users connecting from the FileXpress client. Connections made using this method do not require any other authentication methods to be enabled.

In this Section

Authentication Pane

Password and Keyboard Interactive Authentication

Public Key Authentication for Users

Certificate Authentication for Users

RSA SecurID Authentication

RADIUS Authentication

GSSAPI (Kerberos) Authentication