You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Summary

JOE Profile Window

Using the JOE menu options File->FTP/SFTP->Open Directory opens the profile window.

 

In the profile window select the protocol SFTP from the list box with the same name.

Using the SFTP protocol suggests to specify authentication methods with the SFTP tab of this window.

JOE SFTP Authentication Methods Window

Using the SFTP tab from the Profile Window shows the following tab window:

 

Keep in mind that all authentication methods have to be enabled accordingly with the SSH server in use.

If in doubt contact your system administrator to check respective settings in sshd_config and related files.

Two-factor Authentication

if the respective checkbox is checked then the following behavior applies:

  • You have to specify both Public/Private Key and one of the Password related authentication methods.
  • JOE will send the private key and the password to the SSH server and both authentication methods have to match.

Which password related authentication method has to be be used (Password, Keyboard Interactive) depends on the SSH server settings.

  • The following SSH setting would force both Public/Private Key and Password or Keyboard Interactive authentication:
    • AuthenticationMethods publickey,password publickey,keyboard-interactive

No two-factor Authentication

If the respective checkbox is unchecked then the following behavior applies:

  • You can specify any of the authentication methods Public/Private Key, Password or Keyboard Interactive provided that the authentication method is enabled with the SSH server.
  • Should the SSH server be configured to allow a number of alternative authentication methods then the following behavior applies:
    • JOE will try to use Private / Public Key authentication and then Password authentication.
    • If the private key matches then authentication is completed and no Password authentication takes place.
    • Should Public / Private Key authentication fail but subsequent Password authentication be successful then the user is authenticated.

Public/Private Key related Authentication Methods

Use Key Agent

This method makes use of Public / Private Key authentication and retrieves the private key and optionally its passphrase from an SSH Key Agent

  • The SSH server has to be configured like this:
    • AuthenticationMethods publickey
  • Certainly any additional authentication methods can be specified.

Typically an SSH Key Agent is implemented on top of a credential store or a password manager and would forward credentials if requested by JOE.

  • The password manager KeePass offers installation of an SSH Key Agent plugin that suggests a good match for a secure credential store with SSH Key Agent support.
  • SOS performs regular tests for use of JobScheduler components with KeePass and Key Agent.
  • Other SSH Key Agent products can be used provided that they are compliant with the SSH Key Agent standard.

Use Private Key File

This method makes use of Public / Private Key authentication and retrieves the private key from the file system location that you specify with JOE.

  • The SSH server has to be configured like this:
    • AuthenticationMethods publickey
  • Certainly any additional authentication methods can be specified.

Passphrase Interactive

This setting can be used if the private key file is protected by a passphrase.

JOE forces interactive user input to type the password.

Use Passphrase stored with JOE

This setting can be used if the private key file is protected by a passphrase.

The passphrase is stored with the JOE configuration and is obfuscated but is not encrypted. JOE will automatically use the passphrase, i.e. no  user interaction is required.

This method is not considered a secure way to handle passphrases, however, for uncritical environments you might consider this a viable approach.

Password related Authentication Methods

Keyboard Interactive Authentication Method

This method indicates that the password has to be typed from the keyboard, it cannot be stored with JOE.

  • The SSH server has to be configured like this:
    • ChallengeResponseAuthentication yes

Password Interactive

This method indicates that Password authentication is used, however, the password is not stored with JOE but has to be typed interactively.

  • The SSH server has to be configured like this:
    • PasswordAuthentication yes

Password stored with JOE

This method makes use of Password authentication.

  • The SSH server has to be configured like this:
    • PasswordAuthentication yes

The password is stored with the JOE configuration and is obfuscated but is not encrypted. JOE will automatically use the password, i.e. no  user interaction is required.

This method is not considered a secure way to handle passwords, however, for uncritical environments you might consider this a viable approach.

 

 

 

 

 

  • No labels