The Default Connection page allows you to edit default settings for authentication (Defining Authentication), ciphers (Defining Ciphers), MACs (Defining MACs), server connection (Defining Advanced Connection Settings), and tunneling (Defining Default Tunneling Settings).
Newly created connection profiles will inherit the default settings defined here. The values can be customized on the profile-specific tabbed pages and they override the default settings. See Defining Authentication, Defining Ciphers, Defining MACs, and Defining Advanced Connection Settings.
On the Authentication tab, you can define the default user authentication methods.
Select the Use factory defaults check box to use the factory default authentication methods, or clear the check box to define a custom list of authentication methods.
In SSH Tectia Client 5.3, the factory default authentication methods are, in order:
Public-key
Password
Keyboard-interactive
GSSAPI
To add a new authentication method to the list, click Add and select the method from the drop-down menu.
To remove an authentication method, select a method from the list and click Delete.
Use the arrow buttons to organize the preferred order of the authentication methods. The first method that is allowed by the Secure Shell server is used. Note that in some cases, the server may require several authentication methods to be passed before allowing login.
Possible methods for user authentication are the following:
Password: Use a password for authentication.
Public-key: Use public-key authentication. See also Defining User Authentication.
Keyboard-interactive: Keyboard-interactive is designed to allow the Secure Shell client to support several different types of authentication methods, including RSA SecurID, and PAM. For more information on keyboard-interactive, see User Authentication with Keyboard-Interactive.
GSSAPI: GSSAPI (Generic Security Service Application Programming Interface) is a common security service interface that allows different security mechanisms to be used via one interface. For more information on GSSAPI, see User Authentication with GSSAPI.
On the Ciphers tab, you can define the encryption algorithms used.
Select the Use factory defaults check box to use the factory default algorithms, or define a cipher list using the arrow buttons. The ciphers are tried in the order they are specified.
The factory default ciphers are, in order:
CryptiCore
AES-128
AES-192
AES-256
3DES
SEED
The ciphers that can operate in the FIPS mode are 3DES, AES-128, AES-192, and AES-256.
On the MACs tab, you can configure the message integrity algorithms used.
Select the Use factory defaults check box to use the factory default algorithms, or define a MAC list using the arrow buttons. The MACs are tried in the order they are specified.
The factory default MACs are, in order:
CryptiCore
HMAC-MD5
HMAC-SHA1
The HMAC-SHA1 algorithm can operate in the FIPS mode.
On the Server tab, you can define advanced server connection settings.
Select the check box to use default values for the server connection settings.
This settings define the number of transport channels used by the Secure Shell connection. Using more than one transport may increase the throughput over low bandwidth connections. Currently, a value of 1 to 8 transports is supported. The default is 2 transports.
This setting specifies how long idle time (after all connection channels are closed) is allowed for a connection before automatically closing the connection. The default is 5 seconds. Setting a longer time allows the connection to the server to remain open even after a session (for example, GUI client) is closed. During this time, a new session to the server can be initiated without re-authentication. Setting the time to 0 (zero) terminates the connection immediately when the last channel to the server is closed.
Select the check box if you want to have the server banner message file (if it exists) visible to users before login.
On the Tunneling tab, you can define the default settings for X11 and agent forwarding (tunneling). The defaults are applied to those connection profiles that do not have their own tunneling settings, and to new connection profiles.
Select the Use factory defaults check box to apply the factory defaults for X11 and agent forwarding. According to the factory defaults, both forwarding methods are disabled (off).
Select the Tunnel X11 connections check box to allow X11 forwarding on the client side.
Select the Allow Agent Forwarding check box to allow agent forwarding on the client side.