Public-key authentication is based on the use of digital signatures and provides the best authentication security. To use public-key authentication, you must first create a key pair on the client, and upload the public key to the server. For instructions, see User Authentication with Public Keys.
At connection establishing phase, the server sends the SSH Tectia Client a challenge. Sign the challenge with the passphrase of your private key. After the server has successfully completed user authentication, the Secure Shell connection to the server is opened.
The Connection Broker operates automatically as an authentication agent. It offers an easy method for utilizing also digital certificates and smart cards. The authentication forwarding functionality allows the forwarding of public-key authentication over several Secure Shell connections. The Connection Broker is started automatically when you start SSH Tectia Client.