How does ChallengeResponseAuthentication actually works ? - SSH

This is a discussion on How does ChallengeResponseAuthentication actually works ? - SSH ; How does ChallengeResponseAuthentication actually works ? I am trying to use this option on both side (client as well server side) what additional security does it provides other than key/password based authentication ? Can someone help me here !...

+ Reply to Thread
Results 1 to 2 of 2

Thread: How does ChallengeResponseAuthentication actually works ?

  1. How does ChallengeResponseAuthentication actually works ?

    How does ChallengeResponseAuthentication actually works ?

    I am trying to use this option on both side (client as well server
    side) what additional security does it provides other than key/password
    based authentication ?

    Can someone help me here !


  2. Re: How does ChallengeResponseAuthentication actually works ?

    >>>>> "gnitin21" == gnitin21 writes:

    gnitin21> How does ChallengeResponseAuthentication actually works ? I
    gnitin21> am trying to use this option on both side (client as well
    gnitin21> server side) what additional security does it provides other
    gnitin21> than key/password based authentication ?

    It doesn't provide "additional security," per se. The term
    "ChallengeResponseAuthentication" is just an OpenSSH configuration
    keyword; it refers to the "keyboard-interactive" userauth method in the
    SSH protocol, defined here:

    http://www.snailbook.com/docs/keyboard-interactive.txt

    It allows for an arbitrary sequence of server prompts and typed user
    responses, to accomodate challenge-response protocols such as one-time
    password schemes (e.g. SecurID, OPIE, etc.).

    In many default Unix configurations, it may be identical in effect to
    SSH "password" authentication, keyboard-interactive is set to use PAM, and
    the PAM profile for SSH is set to simply verify the Unix password.

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread