RSS Feed Types of SSH Authentication
You can use SSH to authenticate to PSC systems using a public-private key pair or with a password.
- Authentication using a public-private key
pair
You can authenticate to PSC systems using a public-private key pair to encrypt and decrypt an authentication message. The private key is available only to the user, while the public key is, well, publicly accessible. Data encoded by one key can only be decoded by the other. Knowledge of the public key does not allow one to deduce the private key.
If a set of public/private keys exist, the remote machine encodes a message using the public key when SSH makes a connection to it. It sends the encoded message back to the client machine. SSH decrypts the message using the private key. The private key is not disclosed during this transaction. SSH then sends the decoded message back to the remote machine; if it matches, the user is authenticated, and can log in without using a password.
You must create your own set of public/private keys with your SSH client. One common way to generate keys is the ssh-keygen command. Once the keys are generated, the public key needs to be propagated to the PSC systems you wish to access.
PSC has created a web interface so you can manage your key pairs, including propagating them to PSC machines. See how to use this interface to install and use SSH key pairs at PSC.
Or, you can go directly to the key management system.
- Password Authentication
If other authentication methods fail, SSH prompts you for a password for the remote machine. Your password is encrypted, so even if it is intercepted, it is secure. If the password is correct, you are logged in.