Skip to content

Client Authentication Methods

The Secure Shell Client supports the Public Key, Keyboard Interactive, and Password methods of user authentication. Use the Secure Shell Settings dialog box to configure your authentication preferences. You must select at least one authentication method. When more than one method is selected, the Secure Shell Client tries to authenticate in the order you specify. By default, the client attempts Public Key authentication first, followed by Keyboard Interactive, and then Password.


The Public Key and GSSAPI authentication methods require both server and client configuration.

Authentication method Description
Password Prompts the client user for the login password for that user on the Secure Shell server host.

The password is sent to the host through the encrypted channel.
Keyboard interactive Supports any procedure in which authentication data is entered using the keyboard, including simple password authentication, thereby enabling the Secure Shell client to support a range of authentication mechanisms, such as RSA SecurID tokens or RADIUS servers.

A client administrator could, for example, configure keyboard interactive authentication to handle situations in which multiple prompts are required, such as for password updates.

Keyboard data is sent to the host through the encrypted channel.
Public Key Relies upon public/private key pairs. To configure public key authentication, each client user needs to create a key pair and upload the public key to the server. If the key is protected by a passphrase, the client user is prompted to enter that passphrase to complete the connection using public key authentication.

More Information