SSH user identities
OpenSSH supports more than just simple passwords for authentication. It can be configured to use PAM (Pluggable authentication modules), Challenge/Response protocols, Kerberos authentication, authenticated host-based trust, and there are even patches for other methods, such as X509 keys. However the most popular alternate authentication method is Identity/Pubkey authentication.
This article shows how to improve SSH security using public key authentication instead of, or in addition to, password authentication.
By Brian Hatch at SecurityFocus.
[ Read more ]