Table of Contents
Advertisement
•
a small part of the OpenSSL project, see www.openssl.org.
•
a small part of the OpenSSH project, see www.openssh.com.
comForte has combined this standard code with its own source code targeted specifically for the NonStop platform and
has added additional functionality.
See the copyright statements in chapter "Appendix".
Authentication using User Names and Passwords
The SSH protocol allows for the authentication using user names and passwords. This mechanism is less secure than
Public Key Authentication (discussed in the next section) and that is why most implementations allow to disable
authentication using user names and passwords.
It is up to the SSH server to specify both the allowed and required means of authentication. comForte's SSH
implementation currently supports the following means of authentication:
•
When running as SSH client, the SSH2 package allows authentication using either a private key (configured
using the KEY entity in the SSH2 user database, see next section) or a password (to be entered interactively or
configured using the PASSWORD entity in the SSH2 user database)
•
When running as SSH daemon, the SSH2 package currently supports both password (verified against the
Guardian user password) and public key authentication (configured in the PUBLICKEY attribute of the USER
entity of the SSH2 database)
Public Key Authentication
Introduction to Public Key Authentication, Terminology
Public Key Authentication makes use of asymmetric cryptography. Without going too much into details, we explain and
define some terms here:
•
A key pair consists of a public and a private key. While it is possible to derive the public key from the private
key, the opposite is not possible.
•
The private key is normally kept secret and can only be accessed by the entity using it for authentication.
Among other things, a private key can be used for signing bits of information – without the private key nobody
else can do this for a given key pair.
•
The public key can be distributed freely as it contains only public information. Using the public key,
documents signed using the private key can be checked for authenticity. When distributing public keys, it is
important to make sure nobody has altered the public key during the distribution process.
•
A fingerprint is a cryptographic "shorthand" for a public key. A public key basically is a set of bytes, however
it is hard to compare a long stream of bytes. That is why fingerprints are used to verify public key. Two popular
formats for fingerprints are MD5 (32 bytes of hex characters) and bubble-babble (16 words out of the "bubble-
babble" word set).
The terms "key pair", "public key" and "private key" are all used to specify a key pair or a part of it.
Public Key Authentication and SSH
The SSH protocol uses public key cryptography for authentication both of the server (daemon) to the client as well as –
optionally - for authenticating the client. This implies that if the client uses a key pair to log on to the server, both the
client and the server will:
216 • SSH Protocol Reference
HP NonStop SSH Reference Manual
- Quick Links:
- The Ssh2 Solution
- Secure Sftp Transfer
Hide quick links:
Advertisement
Table of Contents
