302
c.
Informs the client of the authentication result.
If the AAA server requires the user to enter a password for secondary authentication, it sends the SSH
server an authentication response carrying a prompt. The prompt is transparently transmitted to the client
to notify the user to enter a specific password. When the user enters the correct password, the AAA sever
examines the password validity. If the password is valid, the SSH server returns an authentication success
message to the client.
For more information about AAA, see "
NOTE:
SSH1 clients do not support secondary password authentication that is initiated by the AAA server.
Publickey authentication
The server authenticates a client by verifying the digital signature of the client. The publickey
authentication process is as follows:
1.
The client sends the server a publickey authentication request that includes the username, public
key, and public key algorithm name.
If the digital certificate of the client is required in authentication, the client also encapsulates the
digital certificate in the authentication request. The digital certificate carries the public key
information of the client.
2.
The server verifies the client's public key.
{
If the public key is invalid, the server informs the client of the authentication failure.
{
If the public key is valid, the server requests the digital signature of the client. After receiving the
signature, the server uses the public key to verify the signature, and informs the client of the
authentication result.
When acting as an SSH server, the device supports using the public key algorithms RSA, DSA, and
ECDSA to verify digital signatures.
When acting as an SSH client, the device supports using the public key algorithms RSA, DSA, and
ECDSA to generate digital signatures.
For more information about public key configuration, see "
Password-publickey authentication
The server requires SSH2 clients to pass both password authentication and publickey authentication.
However, an SSH1 client only needs to pass either authentication, regardless of the requirement of the
server.
Any authentication
The server requires clients to pass password authentication or publickey authentication.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see "