login about faq

What is the difference, on the SSH server side, in end user key authentication configuration between Tectia and OpenSSH?

asked Jul 26 '11 at 20:35

SSH%20KB's gravatar image

SSH KB ♦
509250247238


On most Linux and Unix systems a version of OpenSSH comes installed by default. OpenSSH is an open source product based on code originally developed by the founder Tectia (formerly SSH Communications Security) who then released the code publicly while at the same time continuing to develop the commercial SSH version (i.e. central management, X509v3/PKI, smartcard/token support, Kerberos/SSO support plus other features)). More info on that can be found here.

OpenSSH uses a completely different approach to configure the end user key authentication on the SSH server side. Please notice that Tectia Server on Windows/Linux/Unix/zOS operating systems also supports similar OpenSSH type configuration syntax on top of the normal Tectia's "authorized_keys directory" approach.

Summary in brief:

OpenSSH

In OpenSSH keys are stored in the authorized_keys file.

Authorized_keys file

Default location:

$HOME/.ssh/authorized_keys

  • In this case this is a file
  • Each key is stored in plain-text contained in one single (long) line
  • Can contain multiple keys

No other end user key authentication configuration methods in OpenSSH server

Tectia Server on Linux, Windows & Unix (not zOS)

Keys can be configured in one of 3 places:

  • authorized_keys directory
  • authorization file
  • authorized_keys file (from OpenSSH)

Authorized_keys directory

Default location:

$HOME/.ssh2/authorized_keys/

For example on Windows this would be either:

C:\Documents and Settings\<USERNAME>\.ssh2\authorized_keys\

or

C:\Users\<USERNAME>\.ssh2\authorized_keys\

  • This is a directory
  • End users can just drop his/her personal .pub file into this directory and that is all that is needed
  • Can contain multiple .pub keys
  • Each end user will have his/her own .ssh2/authorized_keys/ directory
  • Tectia Server supports both, IETF and OpenSSH format SSH public key files in that directory

Authorization file

Default location:

$HOME/.ssh2/authorization

  • This is a file which contains one key per line in the following format (The file mykey.pub is a file containing the public key located in the same directory as the authorization file)
    Key mykey.pub
  • There can be multiple "Key" entries (one per line)

Authorized_keys file (OpenSSH)

Tectia Server also supports OpenSSH’s authorized_keys file (yes, a file!)

Default location:

$HOME/.ssh/authorized_keys

See Authorized_keys file from OpenSSH configuration above

  • Needs to be configured separately in ssh-server-config.xml
    (Tectia Server’s configuration file, check configuration instructions from Tectia Server's Administrator Manual)
link

answered Jul 26 '11 at 21:19

Sami%20Marttinen's gravatar image

Sami Marttinen ♦
191114

edited Jul 27 '11 at 15:23

Roman's gravatar image

Roman ♦♦
7735817

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×82
×38
×24
×19
×12

Asked: Jul 26 '11 at 20:35

Seen: 13,680 times

Last updated: Jul 27 '11 at 15:23

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.