Re: How does ChallengeResponseAuthentication actually works ?
- From: "Richard E. Silverman" <res@xxxxxxxx>
- Date: 24 Jan 2006 23:09:35 -0500
>>>>> "gnitin21" == gnitin21 <gnitin21@xxxxxxxxx> writes:
gnitin21> How does ChallengeResponseAuthentication actually works ? I
gnitin21> am trying to use this option on both side (client as well
gnitin21> server side) what additional security does it provides other
gnitin21> than key/password based authentication ?
It doesn't provide "additional security," per se. The term
"ChallengeResponseAuthentication" is just an OpenSSH configuration
keyword; it refers to the "keyboard-interactive" userauth method in the
SSH protocol, defined here:
http://www.snailbook.com/docs/keyboard-interactive.txt
It allows for an arbitrary sequence of server prompts and typed user
responses, to accomodate challenge-response protocols such as one-time
password schemes (e.g. SecurID, OPIE, etc.).
In many default Unix configurations, it may be identical in effect to
SSH "password" authentication, keyboard-interactive is set to use PAM, and
the PAM profile for SSH is set to simply verify the Unix password.
--
Richard Silverman
res@xxxxxxxx
.
- References:
- How does ChallengeResponseAuthentication actually works ?
- From: gnitin21
- How does ChallengeResponseAuthentication actually works ?
- Prev by Date: Re: Windows Remote Desktop over ssh
- Next by Date: Re: Method to customize SSH settings per user
- Previous by thread: How does ChallengeResponseAuthentication actually works ?
- Next by thread: SSH-2.0-OpenSSH_3.4p1 and SSH-2.0-OpenSSH_3.7.1p2 : StrictHostKeyChecking
- Index(es):
