Manual Chapter :
Authenticate SSH proxy traffic
Applies To:
Show Versions
BIG-IP AFM
- 17.1.2, 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Authenticate SSH proxy traffic
What SSH authentication methods are supported?
SSH security supports public
key authentication, password authentication, and keyboard-interactive authentication. Keyboard-interactive
authentication
Keyboard-interactive authentication is a more complex form of password
authentication, aimed specifically at the human operator as a client. During keyboard
authentication prompts or questions are presented to the user. The user answers each prompt or
question. The number and contents of the questions are virtually unlimited, so certain types of
automated logins are also possible.
SSH client components support keyboard authentication via the
OnAuthenticationKeyboard
event. The client
application should fill in the Responses
parameter of the mentioned event with replies to questions contained in
the Prompts
parameter. Use echo parameter
to specify whether the response
is displayed on the screen, or masked. The number of responses must match the number of prompts
or questions. Password
authentication
Password authentication is the simplest authentication method. The user
specifies a username and password. This authentication method requires only one set of
credentials for the user.
Public key authentication
Public key authentication requires that both the SSH client and the SSH server must implement
the security keys. With this method, each client must have a key pair generated using a
supported encryption algorithm. When authentication occurs, the client sends a public key to the
server. If the server finds the key in the list of allowed keys, the client encrypts data using
the private key and sends the packet to the server with the public key.
