| | |
| ||
| ||
     |
ssh-broker-g3 — SSH Connection Broker - Generation 3
ssh-broker-g3 (ssh-broker-g3.exe on
Windows) is a component of SSH Tectia Client. It handles all cryptographic
operations and authentication-related tasks for the SSH Tectia Client programs
sshg3, scpg3, sftpg3, and
ssh-client-g3.exe (on Windows only).
ssh-broker-g3 uses the Secure Shell version 2
protocol to communicate with a Secure Shell server.
When starting the Connection Broker manually, use the ssh-broker-g3 program.
If you want to specify a certain mode for the Connection Broker, use the options
described below (gui, cli, or
silent).
If you do not specify GUI or command-line mode separately,
ssh-broker-g3 will guess which one to use. On Unix, it
will use the command-line mode. On Windows, if the current window
station is capable of showing interactive user interfaces (always, if
running as a logged in user) GUI mode will be used, otherwise
command-line mode is used.
You can start the Broker under Unix/Linux using the ssh-broker-g3
command. This means that all following usage of sshg3, sftp
or scp will use this instance of the Broker instead of starting a new broker session.
To see all available options:
ssh-broker-g3 --helpThe most important arguments are:
-VPrints the current Broker version and exits.
-f file_path.xmlReads the configuration from file_path.xml instead of the default location.
--ignore-sigintIgnores the Ctrl+C signal from the console.
--plugin-path=directory_pathBroker will try to use the authentication and ciphers plugin from directory_path instead of the default plugin path.
--auxdata-path=directory_pathBroker will try to locate some extra data (like DTDs, licenses)
from directory_path instead of the default auxiliary path.
--mode=my_modeTries to start the Broker in the silent, cli or single-shot mode. On Unix the GUI mode is not available.
The different operation modes of the Connection Broker are the following:
--mode=guiThe Connection Broker performs all user interaction itself using dialog windows launched from the broker process.
--mode=cliThe Connection Broker performs all user interaction itself using the terminal window where the broker is running.
--mode=silentIf the client component using broker is not capable of showing dialogs, all operations requiring user interaction will fail as if the user had selected Cancel or an error occured.
If the client component is capable of showing dialogs, the dialogs are delegated to the client component which then shows them in any way it sees fit.
-f, --config-file=FILEUse the Connection Broker configuration file FILE.
-hDisplays help and exits.
-VDisplays version string and exits.
Software provider
1. To add a single key file (for example:
/home/me/keys/enigma and /etc/my_key) you should
specify both private file name and public file name for that key:
<key-stores> <key-store type="software" init="key_files(/home/me/keys/enigma.pub,/home/me/keys/enigma)"/> <key-store type="software" init="key_files(/etc/my_key.pub,/etc/my_key)"/> </key-stores>
2. To add all keys from a specific directory (for example all
keys from /home/me/all_my_keys and
/etc/keys):
<key-stores> <key-store type="software" init="directory(path(/home/me/all_my_keys))"/> <key-store type="software" init="directory(path(/etc/keys))"/> </key-stores>
Entrust provider
You should provide the initialization file and the profile specific file for the Entrust provider. For example:
<key-stores> <key-store type="entrust" init="ini-file(/etc/entrust.ini),profile-file(/etc/profile.epf)"/> </key-stores>
PKCS#11 provider
Specify the dynamic library path for the PKCS provider and all or a specific slot. For example:
With all slots:
<key-stores> <key-store type="pkcs11" init="dll(/usr/lib/pkcs.so),slots(all)"/> </key-stores>
One slot named sesam:
<key-stores> <key-store type="pkcs11" init="dll(/usr/local/lib/pkcs.so),slots(sesam)"/> </key-stores>
| |
Copyright 
2005 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information