A Key Based Authentication is a more secure and encrypted method of authorization that allows a user to gain access to target resources with the help of secret keys that are stored and guarded in a secure location by the end user. It is basically of two types namely SSH Key Based Authentication and Access Key Based Authentication.
This method works with SSH Key Management accounts, which are user accounts responsible for remote system administration and secure file transfer on Unix-based devices authenticated with the help of a text, password, or RSA/DSA based key file. The text implies a Public Certificate, and the Key file is usually a pair of Public and Private Keys which are responsible for providing cryptographic security to the SSH Server.
SSH Key Based Authentication provides cryptographic security to the SSH server, where the encryption algorithm works with a Public Key and Private Key pair. The user is granted access to data on the SSH server by decrypting the user’s Public Key on the SSH Server with a Private Key for successful Authentication.
Aside from offering significant security benefits, this authentication provides a few other advantages as well. These are:
Amazon Web Services accommodates two types of users namely a root user and IAM users. Root user is one who can log into the Amazon Management Console with the email id and password associated with his AWS account working on tasks specific to the root user. IAM user is one who can log into the console with their AWS account ID and password for working on everyday AWS tasks. AWS also allows another method of access, which is through access keys that allows a user to make programmatic calls to AWS or to use AWS tools for PowerShell or AWS Command Line Interface.
The credentials are account specific and must be stored carefully. Once you log in and check into the user’s profile, there is an option to the access keys tab, which is a set of Access key ID and Secret Key. Secrets Keys are limited to two per user and can be downloaded and stored upon its creation. These access keys can be used to gain programmatic access.
Yes. Instead of a cookie, a token is sent on every request, and this helps prevent CSRF attacks. Even if the token is stored within a cookie on the client-side, the cookie is just a storage mechanism and not an authentication one. Since we don’t have a session, there is no session-based information one can manipulate.
Moreover, the token expires after a set period of time, requiring the user to log in once again. Also, there is this concept of token revocation that allows clients to indicate to the authentication server that a specific token is no longer needed and must be invalidated.
Sectona Privileged Access Management Solution has a built-in robust and automated password management module which facilitates Key Based Authentication of both SSH Key-Based Authentication and AWS Token-Based Authentication, ensuring access to the target assets is secured and protected. The preview below provides an overview of the authentication types and the variables required to configure the account.