action.skip

User Authentication for Secure Shell Sessions

User authentication enables the Secure Shell server to reliably confirm the identity of the Reflection X user.

Reflection X supports three methods of user authentication: public key (including X.509 certificates), keyboard interactive, and password. By default all three methods are allowed — new Secure Shell sessions first try to authenticate by public key method, then try the keyboard interactive method, and finally use a password prompt. To change the allowed authentication methods, use the Authentication tab of the Advanced Secure Shell Settings dialog box.

Password and Keyboard Interactive Authentication

Both of these authentication methods prompt the user for information during the connection process. With password authentication the prompt will always be for the user password. With keyboard Interactive authentication the prompts depend on the host and may include a simple password prompt or may ask for other information. Both of these authentication methods are available by default and require no additional configuration.

Public Key Authentication

With public key authentication, the user holds a public/private key pair and sends the public key to the host during the authentication process. You can create key pairs using Reflection X. You also need to upload your public key to the host and configure the server to use this key for user authentication. For more information, see Configure User Key Authentication.

Certificate Authentication

Like public key authentication, certificate authentication uses public/private key pairs to verify the host identity. However, with certificate authentication, public keys are contained within digital certificates. Reflection X supports user certificate authentication. To configure this, you need access to a personal certificate and its corresponding private key.

You can configure Reflection X to authenticate using any of the following:

  • Certificates you have imported into the Reflection X database.

  • Personal certificates in the Windows Certificate Store.

  • Certificates stored on PKCS#11-compliant hardware devices such as smart cards or USB tokens.

note

PKCS (Public Key Cryptography Standards) is a set of standards devised and published by RSA laboratories that enable compatibility among public key cryptography implementations. Different PKCS standards identify specifications for particular cryptographic uses. Reflection X uses the following PKCS standards:

  • PKCS#5 is used to provide password-based encryption for private keys stored in the Reflection X database.

  • PKCS#11 provides support for authentication using hardware devices, such as smart cards or USB tokens.

  • PKCS#12 is used for storage and transportation of certificates and associated private keys. Files in this format typically use a *.pfx or *.p12 extension.

To use certificate authentication, you need to configure both Reflection X and the Secure Shell server on the host computer. For more information, see Configure User Certificate Authentication.

More information