SSH Frequently Asked Questions

What the heck is "keyboard interactive" authentication?

---

"keyboard-interactive" user authentication is intended primarily to accomodate PAM authentication on the server side. It provides for a multiple challenge-response dialog with the user in which the server sends a text query to the user, the user types in a response, and this process can repeat any number of times. So for example, you might configure PAM for SSH with a module which performs authentication using an RSA security token, or a one-time password scheme. People become confused by this because by default, "keyboard-interactive" authentication usually just implements password authentication in a single challenge-response cycle, which just prompts for a password, thus looking exactly the same as "password" authentication. If you're not deliberately using both for different purposes, you may want to disable one or the other to avoid end-user confusion.