SSH: Client-Side Server authentication

By | August 4, 2014

        We know that in SSH, server authenticate client before allowing to logon on server. Server authentication process identifies user through local, LDAP or Kerberos authentication process.

SSH also provides mechanism to authenticate server on client side before client proceed to logon on server. In order to authenticate server in initial key exchange, the client keeps server public key in a system wide file /etc/ssh/ssh_known_hosts, additionally each user have their own file of server public keys ~/.ssh/known_hosts.

When the client connects to the server through ssh, server sends its public key. The client look into server authentication key file /etc/ssh/ssh_known_hosts or ~/.ssh/known_hosts, if the key of server found and match with passed server key then authentication considered as successful. In case of absence or mismatch of keys as per default settings a warning displays.

As we noticed, in case of mismatch client display a warning. If we want to abort ssh connection in case of mismatch of keys then following parameter or ssh client configuration file can help

StrictHostKeyChecking

If we set this parameter to yes, then ssh connection aborts in case of mismatch.

Share itShare on FacebookEmail this to someoneTweet about this on TwitterShare on Google+Share on LinkedInPrint this page

Leave a Reply

Your email address will not be published. Required fields are marked *

Current month ye@r day *