SSH Tectia

Defining User Authentication

Under User Authentication, you can configure settings related to public-key and certificate authentication. See Managing Keys and Certificates and Managing Key Providers.

To enable or disable public-key authentication, see Defining Default Connection Settings and Defining Authentication.

Managing Keys and Certificates

On the Keys and Certificates page, you can add key and certificate files used in user authentication, generate a new key, upload a key to a server, or change the passphrase for a key.

Defining keys and certificates

Figure 4.25. Defining keys and certificates

Default keys

The default location of user keys.

Default certificates

The default location of user certificates.


Use the Add... button to add a directory of keys, Delete to remove.


Select a key from the list and click Change passphrase... to change the passphrase.

Click Upload... to upload the key to a server.

Click New key... to start the key generation wizard. Click the Help button in the wizard for more information.

Use the Add... button to add single keys and certificates, Delete to remove.


The user-specific Application Data directory is hidden by default. To view hidden directories, change the setting in Windows Explorer. For example, on Windows XP, select Tools → Folder Options on the menu, click the View tab, and select Show hidden files and folders.

Managing Key Providers

On the Key Providers page you can define the settings of external key providers used in user authentication. Available key providers are MSCAPI, Entrust, and PKCS#11.

Defining key providers

Figure 4.26. Defining key providers

Microsoft Crypto API

SSH Tectia Client and ConnectSecure can access keys via Microsoft Crypto API (MSCAPI). MSCAPI is a standard cryptographic interface used in Microsoft Windows systems.

Microsoft Crypto API (MSCAPI) providers can be enabled by selecting the Enable Microsoft Crypto API check box. If you enable the MSCAPI providers, you can use software keys and certificates created by Microsoft applications.


Select the Enable Entrust check box to enable using Entrust. Entrust is available on Microsoft Windows systems.

Enter the Initialization file (*.ini) and Profile file (*.epf).

By using the Entrust provider, SSH Tectia Client and ConnectSecure can utilize keys and certificates stored in an Entrust profile file (.epf). The initialization file includes the basic Entrust PKI configuration (for example the CA address).

When the provider is enabled for the first time, Entrust Entelligence will prompt for your Entrust password. As long as the Entrust provider is enabled, the password is asked each time SSH Tectia Client/ConnectSecure is started.


By using the PKCS#11 provider, SSH Tectia Client and ConnectSecure can use keys and certificates stored in PKCS#11 tokens (for example, smart cards or USB tokens).

Click Add... to define a PKCS#11 provider.

Defining a PKCS#11 provider, Aladdin eToken DLL path shown as an example

Figure 4.27. Defining a PKCS#11 provider, Aladdin eToken DLL path shown as an example

Use the Dynamic library to define a dynamic library containing the PKCS#11 driver.

Use the Slots to define slots. A slot is a logical reader that potentially contains a token. Slots are manufacturer- specific. They are defined with an integer. Examples: "0,1", "0-3, !2", "2".