SSH (Secure Shell) is an invention of a private company, aimed to provide secure access to remote hosts' console and for other network services (such as file transfer or remote execution of processes). SSH is mostly popular in Unix/Linux world, although servers for Windows platform also exist.
One of SSH protocol family parts is SSH Authentication Protocol. This protocol was created to allow the client software perform verification of server authenticity and also authenticate itself. Since there can be various types of clients (automated scripts or the human operator) on the client side, SSH Authentication Protocol offers various ways of authentication:
- Public key authentication (main authentication method)
- Password authentication
- Host-based authentication
- Keyboard authentication
Selecting authentication methods
SSH/SFTP client components support all mentioned methods of authentication. To specify, which methods should be used, set the value of AuthenticationTypes property.
Public key authentication
Public key authentication method is the only method that each software (both client and server) is required to implement. This method expects each client to have a key pair (key pair is a pair of keys, properly generated using one of asymmetric encryption algorithms, either RSA or DSA). The client first sends a public key to the server. If the server finds the key in the list of allowed keys, the client encrypts certain data packet using private key and sends the packet to the server together with the public key.
In SSH/SFTP client components public key authentication is done using TElSSHMemoryKeyStorage class. This class is a storage for keys (represented by TElSSHKey class). The application should put a key (which contains both public and private parts) to the storage and attach KeyStorage to ElSSHClient or other SSH/SFTP component via this component's KeyStorage property.