About
Authentication in Ssh
Method
The client tries to authenticate itself using:
- host-based authentication,
- challenge-response authentication,
- or password authentication.
If the client successfully authenticates itself, a dialog for preparing the session is entered.
At this time the client may request things like:
- allocating a pseudo-tty,
- forwarding X11 connections,
- forwarding TCP connections,
- or forwarding the authentication agent connection over the secure channel.
The two sides enters then in session mode.
Public Key Authentication
ssh supports public key authentication scheme that permits you to be authenticated op basis of:
- the private key file (the client got it)
- and the public key (the server got it in the authorized keys)
The private key known also as identity files can be specified:
- via a agent (background process)
- at the command line via prompt
- or on default location
Example with OpenSSH ssh
- Does openssh is configured to use public key authentication ?
ssh -G <hostname> | grep pubkey
# ssh -G [email protected] | grep pubkey
pubkeyauthentication yes
pubkeyacceptedkeytypes [email protected] ............
- What are the the location of the privates keys/identity file?
ssh -G <hostname> | grep identityfile
ssh -G [email protected] | grep identityfile
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_dsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ecdsa_sk
identityfile ~/.ssh/id_ed25519
identityfile ~/.ssh/id_ed25519_sk
identityfile ~/.ssh/id_xmss
Password
You cannot pass the password via stdin. This is by designed.
ssh uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user.