In communications networks, administrators often have to remotely communicate with network equipment. As with any distributed and open environment, security for remote access to that network equipment (e.g. network servers, routers, switches) is essential. Methods to assure confidentiality and the integrity of the remote communication have been developed as well as methods to assure the identity of the communication participants. Typically, administrators rely on the SSH (secure shell) protocol to establish secure communications with remote network equipment.
The SSH protocol is a client-server protocol which provides a secure transport layer assuring confidentiality and integrity for communications conducted over that transport layer. Furthermore, the SSH protocol provides for client and server authentication which allows the client and server in the client-server architecture to authenticate each other.
The SSH protocol offers three different client authentication methods: host-based authentication (which is not recommended since it can easily be used by a fraudulent attacker); password-based authentication; and public-key authentication (which is mandatory according to the SSH standard).
The classical password-based authentication method is often used since it can be easily integrated with existing technology. When an SSH server receives a user ID (user-identification)/password pair, it can rely on a local table or local database to validate the passwords. For a large distributed system, the SSH server can also rely on a central password validating server to validate the password. The central password validating server can be an authentication authorization and accounting (AAA) server such as a RADIUS (Remote Authentication Dial In User Service) server to validate the passwords. SSH Communications Security offers such a solution in which an SSH server accesses a central RADIUS server to perform password based user authentication.
In comparison to public-key authentication, the classical password-based authentication method is not preferable because it is vulnerable to replay attacks. Once a password has been detected and hence compromised, completely unauthorized parties can use it by “replaying” the detected password.
The most secure method of authentication, public-key authentication, typically is implemented by registering in a local key table or key database (registry) all the public keys of the potential clients. This approach does not scale easily for large distributed networks employing a large number of client administrator consoles and an even larger number of administrator users. Since each administrator console and each administrator user may have to “register” credentials on each piece of network equipment it requires access to, a communications system with numerous such consoles, administrators, and numerous pieces of network equipment would be cumbersome to manage, requiring frequent updates of many local key registries.
An example of such a prior art approach to key-based authentication is presented in FIG. 1. In a communications network 1, first, second, and third client machines 2a, 2b, 2c are connected by first, second, and third network connections 5a, 5b, 5c.i respectively to a first piece of network equipment 8a. The third client machine 2c is connected by a fourth network connection 5c.ii to a second piece of network equipment 8b. The client machines 2a, 2b, 2c are administrator consoles requiring secure remote connections to the network equipment 8a, 8b. The connections 5a, 5b, 5c.i, 5c.ii are secure SSH connections, and each piece of network equipment 8a, 8b is a network switch. Each piece of network equipment 8a, 8b has a respective public key database registry 9a, 9b for validating clients.
First client machine 2a attempts to access the first piece of network equipment 8a. For key-based authentication to occur, first client machine 2a passes either the console's or the administrator's credentials including its public key over the first network connection 5a to the network switch 8a which then looks in its public key database registry 9a to validate the first client machine 2a. If the first client machine 2a's credentials with its public key are in the key registry 9a, the first client machine 2a is validated, otherwise the first client machine 2a is invalidated. Based on the validity of the first client machine 2a, the network switch 8a can accept or refuse to continue the communication with the first client machine 2a. 
The third client machine 2c attempts to access the first piece of network equipment 8a and the second piece of network equipment 8b over the third and fourth network connections 5c.i, 5c.ii respectively. As with the first client machine 2a, for key-based authentication to occur the third client machine 2c must transmit either the console's or the administrator's credentials including the public key to each piece of network equipment 8a, 8b which need to individually validate the third client machine 2c by looking in its respective key database registry 9a, 9b. It is clear that this prior art method of public key authentication requires that the key registry of every piece of network equipment must be updated whenever a client console or administrator requiring access to that piece of network equipment is added to the communications network or whenever access privileges of existing client consoles or administrators are otherwise modified.
A robust deployment solution would rely on a Public-Key Infrastructure (PKI), however, the cost of such a solution is prohibitive to implementation of a system relying on PKI. As of today no simple solution has been presented to ease the deployment of the strong authentication method of key-based authentication.