Generate/SecureFXsysicon.jpg  SSH2


The SSH2 category of the Global Options dialog allows you to configure your SSH2 [The second version of the SSH protocol which provides a way to encrypt network traffic between a client and a server, with a slightly different set of security features (including SFTP) than the SSH1 protocol provides.] public-key and agent settings.

See Set Up Public-Key Authentication for details on setting up public-key authentication on both the local machine and the SSH2 server.

Public key group

Use identity or certificate file

Selecting this option instructs SecureFX to use the identity file, OpenSSH certificate, or PKCS #12 file [A PKCS #12 file is a file that contains your X.509 certificate and its associated private key.] stored on the local system as your method of authentication. To use an existing file, enter the full path to the file or click on the browse button to open a file browser to locate the file. For more information on configuring your system to use identity files, see Set Up Public-Key Authentication.

Suppress expired certificate warning

Check this option to suppress exipired certificate warnings.

Fingerprint

This entry box will be filled in automatically with the algorithm specified by the Display as option when an identity file or certificate is entered above.

Create Identity File...

Click this button to activate the Key Generation wizard. Follow the instructions in the wizard to create an identity file that contains the public and private keys.

Note: SecureFX supports RSA, Ed25519, EDSA, and DSA key types.

Change Passphrase...

Click this button to activate the Change Passphrase dialog. This dialog allows you to change the passphrase associated with the selected identity file.

Note: Passphrases for specific session identity files can be changed using that session's Public Key Properties dialog which is opened by pressing the Properties button on the Connection/SSH2 category of the Session Options dialog.

Advanced group

Add keys to agent

Check this option to enable the SSH2 agent. Agents are programs that work in the background gathering information or performing small processing tasks. In SecureFX, the implemented agent temporarily holds private keys for use with public-key authentication to multiple remote hosts.

Enable OpenSSH agent forwarding

Check this option to use the agent to connect to a remote machine through another remote machine. If you are running integrated with SecureCRT, this option can be overridden on a per-session basis from the Session Options/Connection/SSH2/Advanced category.

Enable deprecated GSSAPI

Check this option to have SecureFX first attempt to connect using GSSAPI with MIC and then, if that is not successful, try regular GSSAPI. If this box is not checked, SecureFX will only try to connect using GSSAPI with MIC.

Note: When using Kerberos host and user authentication via GSSAPI, the connection [A data path or circuit between two computers over a phone line, network cable, or other media.] could be vulnerable to a man-in-the-middle attack. Using GSSAPI with MIC eliminates this risk. Although the GSSAPI method has been deprecated, GSSAPI with MIC is not yet widely supported. SecureFX allows you to attempt to connect using GSSAPI with MIC if it is available on the server.

Cache session password

When this option is set, passwords will be cached while SecureFX, SecureCRT®, or the Activator is running so that when re-connecting to that session or connecting in one of the other applications, the password does not have to be re-entered.

 

Related Topics

  1. Global Options/SSH Host Keys