Authenticating users via PKI

We have already talked about the SSH Server Key, which is used to verify the server’s identity and to negotiate the security (hmac/encryption) parameters. In this article, instead, we want to explain how to use PKI to authenticate users in Server!

First of all it is important to understand that – unlike the Server Key – these user-specific key pairs are not used for encryption, but only and exclusively to authenticate users, thus to verify their identity and decide whether to let them log into the server or not.

Authenticating users via PKI certainly grants a much higher degree of security that simply using a password, and is therefore a highly recommended authentication method. Continue reading

RSA or DSA keys for public-key authentication with Server!?

Some SFTP clients have the ability to generate key-pairs for SSH2 public-key authentication, and – in some cases – our users are presented with the question: do you want to generate RSA or DSA keys?

When you want to authenticate against a Server!, please, always use RSA keys. If you use DSA keys you may not be able to successfully authenticate.