Manual Chapter : Authenticate SSH proxy traffic

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.10, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
Manual Chapter

Authenticate SSH proxy traffic

What SSH authentication methods are supported?

SSH security supports public key authentication, password authentication, and keyboard-interactive authentication.

Keyboard-interactive authentication

Keyboard-interactive authentication is a more complex form of password authentication, aimed specifically at the human operator as a client. During keyboard authentication prompts or questions are presented to the user. The user answers each prompt or question. The number and contents of the questions are virtually unlimited, so certain types of automated logins are also possible.
SSH client components support keyboard authentication via the
OnAuthenticationKeyboard
event. The client application should fill in the
Responses
parameter of the mentioned event with replies to questions contained in the
Prompts
parameter. Use
echo parameter
to specify whether the response is displayed on the screen, or masked. The number of responses must match the number of prompts or questions.

Password authentication

Password authentication is the simplest authentication method. The user specifies a username and password. This authentication method requires only one set of credentials for the user.

Public key authentication

Public key authentication requires that both the SSH client and the SSH server must implement the security keys. With this method, each client must have a key pair generated using a supported encryption algorithm. When authentication occurs, the client sends a public key to the server. If the server finds the key in the list of allowed keys, the client encrypts data using the private key and sends the packet to the server with the public key.