[scponly] Alternate authentication methods for sftp

Ralf Durkee rd at rd1.net
Sat Dec 20 21:50:27 EST 2003


>Date: Sat, 20 Dec 2003 19:48:21 +1000
>From: Andy Gayton <andy at thecablelounge.com>
>To: scponly at lists.ccs.neu.edu
>Subject: [scponly] Alternate authentication methods for sftp
>
>Hi All,
>
>Is it possible to authenticate of something besides the unix system 
>password file for sftp only users?  Perhaps from a database or from ldap?
>
>...
>Any advice is greatly apprciated!
>Andy.

Keep in mind the user is authenticated before scponly is invoked, and 
before sftp-server is invoked, so the authentications available have 
nothing to do with scponly or sftp.  SSH is probably one of the most 
flexible protocols for authentication. It's really depends mostly on the OS 
and the pam methods for support rather than SSH. Although in addition to 
what the OS supports (such as NIS/NIS+ or LDAP) There is special support 
for Kerberos that may be compiled in. LDAP would be supported via PAM.

Other authentications with special support:
Public-key
TIS (Trusted Information Systems)
Login Password (such as NIS/NIS+ Kerberos,  S/Key, SecureID, one-Time-Password)
Rhosts (not recommended)



-- Ralf Durkee, GSEC, GCIH
Information Security Consultant
http://rd1.net



More information about the scponly mailing list