Client Authentication Methods

The Reflection Secure Shell Client supports four methods of user authentication: Kerberos (GSSAPI), Public Key, Keyboard Interactive, and Password. Use the Reflection Secure Shell Settings dialog box to configure your authentication preferences. You must select at least one authentication method. When more than one method is selected, the Secure Shell Client tries to authenticate in the order you specify. By default, Reflection attempts Public Key authentication first, followed by Keyboard Interactive, and then Password.

NOTE:The Public Key and GSSAPI / Kerberos V5 authentication methods require both server and client configuration.

Authentication method



Prompts the client user for the login password for that user on the Secure Shell server host.

The password is sent to the host through the encrypted channel.

Keyboard interactive

Supports any procedure in which authentication data is entered using the keyboard, including simple password authentication, thereby enabling the Secure Shell client to support a range of authentication mechanisms, such as RSA SecurID tokens or RADIUS servers.

A client administrator could, for example, configure keyboard interactive authentication to handle situations in which multiple prompts are required, such as for password updates.

Keyboard data is sent to the host through the encrypted channel.

Public Key

Relies upon public/private key pairs Public keys and private keys are pairs of cryptographic keys that are used to encrypt or decrypt data. Data encrypted with the public key can only be decrypted with the private key; and data encrypted with the private key can only be decrypted with the public key. . To configure public key authentication, each client user needs to create a key pair and upload the public key to the server. If the key is protected by a passphrase, the client user is prompted to enter that passphrase to complete the connection using public key authentication.

GSSAPI (Kerberos V5)

Kerberos is a security protocol that provides an alternate mechanism for both client and server authentication. Kerberos authentication relies on a trusted third party called the KDC (Key Distribution Center). The Secure Shell protocol supports Kerberos authentication via GSSAPI (Generic Security Services Application Programming Interface).