Table of Contents

About

Authentication in Ssh

Method

The client tries to authenticate itself using:

If the client successfully authenticates itself, a dialog for preparing the session is entered.

At this time the client may request things like:

  • allocating a pseudo-tty,
  • forwarding X11 connections,
  • forwarding TCP connections,
  • or forwarding the authentication agent connection over the secure channel.

The two sides enters then in session mode.

Public Key Authentication

ssh supports public key authentication scheme that permits you to be authenticated op basis of:

  • the private key file (the client got it)
  • and the public key (the server got it in the authorized keys)

The private key known also as identity files can be specified:

  • via a agent (background process)
  • at the command line via prompt
  • or on default location

Example with OpenSSH ssh

  • Does openssh is configured to use public key authentication ?
ssh -G <hostname> | grep pubkey
# ssh -G [email protected] | grep pubkey

pubkeyauthentication yes
pubkeyacceptedkeytypes [email protected] ............
  • What are the the location of the privates keys/identity file?
ssh -G <hostname> | grep identityfile
ssh -G [email protected] | grep identityfile

identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_dsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ecdsa_sk
identityfile ~/.ssh/id_ed25519
identityfile ~/.ssh/id_ed25519_sk
identityfile ~/.ssh/id_xmss

Password

You cannot pass the password via stdin. This is by designed.

ssh uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user.