libassh reference manual

Table of contents Headers list All declarations

libassh reference manual » Algorithms and methods » User authentication methods

1 What is libassh ?
- 1.1 Event based ssh
- 1.2 Modular ssh
- 1.3 Clean design
- 1.4 Portable ssh
- 1.5 Security
- 1.6 Performances
- 1.7 Testing
2 Quickstart
3 Design and architecture
- 3.1 Protocol architecture
  - 3.1.1 Transport layer and packets
  - 3.1.2 Key-exchange process and methods
  - 3.1.3 SSH services
  - 3.1.4 The connection protocol
  - 3.1.5 Mapping to libassh components
- 3.2 Software interfaces
  - 3.2.1 Core and modules
  - 3.2.2 Event based API
  - 3.2.3 Helper functions
  - 3.2.4 Channels and requests
  - 3.2.5 Timeout management
  - 3.2.6 Error handling
- 3.3 State machines
  - 3.3.1 Transport layer FSMs
  - 3.3.2 User auth FSMs
  - 3.3.3 Connection layer FSMs
  - 3.3.4 Key exchange FSMs
- 3.4 Source tree
- 3.5 Build configuration
4 Algorithms and methods
- 4.1 Algorithms registration
- 4.2 Key-exchange algorithms
- 4.3 Authentication algorithms
- 4.4 Cipher algorithms
- 4.5 Message authentication algorithms
- 4.6 Compression algorithms
- 4.7 User authentication methods
- 4.8 Key types and formats
5 Example applications
- 5.1 Remote command execution
- 5.2 Simple loopback server
- 5.3 Command line client
- 5.4 Forwarded command execution
- 5.5 POSIX server
- 5.6 SSH key management tool
6 Test programs
7 API documentation
- 7.1 Headers list
- 7.2 All declarations
8 SSH Lexicon
9 Copyright and license
- 9.1 Software License
- 9.2 Copyright owner
- 9.3 Derivative work
- 9.4 Copying this document
10 Bibliography
11 Appendix
12 GNU Free Documentation License

4.7 User authentication methods

The user authentication protocol is implemented as separate client and server service modules. The following standard authentication methods are supported by the modules provided with libassh:

none : When allowed by the server application, this method always grants access without authentication of the user.
password : This is the password based user authentication method. The user password is transmitted to the server for checking, as specified in rfc4252.
hostbased : This is the host based user authentication method, specified in rfc4252.
publickey : This is the public key user authentication method, specified in rfc4252.
keyboard-interactive : This is the keyboard interactive user authentication method, specified in rfc4256.

The various methods can be disabled in build configuration and at run time.

Multi-factor authentication is supported on client and server sides. This means that the server application may require multiple methods to succeed in order to grant access. On the client side, multiple user authentication events are reported until the server reports a success.

Valid XHTML 1.0 StrictGenerated by diaxen on Sun Oct 25 23:30:45 2020 using MkDoc