Archived
TD0243: SSH Key-Based Authentication
Publication Date
2017.10.03
Protection Profiles
PP_OS_V4.1
Other References
FIA_UAU.5.1
Issue Description
FIA_UAU.5.1 provides a selection for authentication based on X.509 certificates. The default implementation of OpenSSH does not provide capabilities for x.509 authentication. While it is not a mandatory inclusion, many end-users will chose to disable password authentication in favor of using SSH Keys. Resolution
FIA_UAU.5.1 is updated as follows to allow the use of SSH keys: FIA_UAU.5 Multiple Authentication Mechanisms
authentication based on user name and password,
] to support user authentication.
Application Note:
The "for use in SSH only, SSH public key-based authentication as specified by the Extended Package for Secure Shell" selection can only be included, and must be included, if FTP_ITC_EXT.1.1 selects "SSH as conforming to the Extended Package for Secure Shell". Justification
Operating systems, like other technologies, should be allowed to support public key authentication without X.509 certificates for SSH. |