AuthenticationMethods

[keer1gl]

z/OS OpenSSH 2.3 User's Guide mentions AuthenticationMethods as a way to require multiple authentication methods. I am trying to set up a transfer with a client that is requiring public key and then password authentication. I only want to require the multiple authentication for this client and want to run the job in batch. Has anyone been able to set this up successfully? Could you provide sample JCL?

[dovetail]

Which side is the z/OS ssh client and which is the server? (The client starts the connection to the server)
Are you using the word "client" to mean something else?

FYI: AuthenticationMethods is a sshd server configuration option.

[Bernhard]

I think I have a similar question - in my case regarding only the sFTP client (on z/OS):

...
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Trying private key: /.ssh/id_rsa
...

I want to enforce the client to only try a login by publickey. Is there any option to suppress all other authentication method trials?

And: is there any debugging feature which can show me in detail what did (not) work after "we sent a publickey packet, wait for reply"?

Thanks in advance
Bernhard

[dovetail]

You can disable specific authentication methods for the ssh client by setting options in /etc/ssh/ssh_config.

For example:

Code: Select all

PasswordAuthentication no
GSSAPIAuthentication no
GSSAPIKeyExchange no
ChallengeResponseAuthentication no