Archived TD0243: SSH Key-Based Authentication
FIA_UAU.5.1 provides a selection for authentication based on X.509 certificates. The default implementation of OpenSSH does not provide capabilities for x.509 authentication. While it is not a mandatory inclusion, many end-users will chose to disable password authentication in favor of using SSH Keys.
FIA_UAU.5.1 is updated as follows to allow the use of SSH keys:
FIA_UAU.5 Multiple Authentication Mechanisms
authentication based on user name and password,
] to support user authentication.
The "for use in SSH only, SSH public key-based authentication as specified by the Extended Package for Secure Shell" selection can only be included, and must be included, if FTP_ITC_EXT.1.1 selects "SSH as conforming to the Extended Package for Secure Shell".
Operating systems, like other technologies, should be allowed to support public key authentication without X.509 certificates for SSH.