|
     |
This section gives basic instructions on how you can log in from Tectia Client to a Secure Shell server with the default settings. The default settings on Tectia Client and Tectia Server allow login with passwords, public keys, and GSSAPI.
There
are separate instructions on using the PrivX Desktop GUI to connect to a remote server
host (see Logging in with PrivX Desktop GUI) and on using sshg3 on
the command line (see Logging in with Command-Line sshg3).
Tectia Client includes a shortcut menu that helps configuring the connection settings. description of the Tectia shortcut menu, see PrivX Desktop Shortcut Menu (Windows and Linux).
With Tectia Client it is easy to establish connections to new remote host computers, and to manage the settings required for each host. The Quick Connect option allows you to quickly open new connections, minimizing the work associated with configuring each connection. It is easy to define profiles for new hosts, and save the correct settings for each.
You can connect to a remote host by using PrivX Desktop as follows:
Open the Tectia Client GUI for example by clicking the PrivX Desktop icon on your desktop.
PrivX Desktop offers several ways to open a Secure Shell connection:
On Quick Connect page you can provide host name or profile name and change the most common connection settings for this connection without editing the profile.
If you already have an ongoing session, open a New Connection in a new tab by clicking the + button. You can connect to a new remote host computer and still keep the old connection to a different host open.
If earlier session has been disconnected, you can open a new session by pressing Enter or Space on the keyboard when the (still disconnected) terminal or file transfer window is active.
If you or the administrator has defined connection profiles, you can also connect from
Profiles page of the New Connection tab
by clicking the profile tile. From the alternate profile tile menu
you can choose to Open Terminal or Open File Transfer initially
instead of the default channel type.
In this case, the settings defined in the profile (hostname, port, user name etc.) are automatically used for the connection.
On Recent Connections page of the New Connection tab, you can quickly reopen connections to the remote hosts that have been disconnected and closed since the Connection Broker has been started or open additional connections to the host with ongoing connections.
On Quick Connect page of the New Connection tab you can define the server host you want to connect to:
Define at least the Host and click Connect:
Host – the FQDN, short host name, the IP address of the remote host or the connection profile name.
User – your user name on the remote host.
Port – specify alternate port number if the default Secure Shell listener port 22 is not used on the remote host.
Authentication Method –
by default enabled user authentication methods from Default Settings
are used unless you specify one of the Quick Connect user authentication methods. Password
will attempt methods used commonly for password-based methods like Password and Keyboard-interactive only,
and Public-Key will use available certificates and public keys only.
Exclusive connection – by default a new connection to the same remote host will open a new channel. To open an additional secure shell connection or prevent opening additional channels later within the connection, enable Exclusive connection checkbox.
Start with –
Terminal or File Transfer as the initial channel
in the secure shell connection. You can later open additional channels or new connections to the server.
Environment variables can be used to pre-fill the Quick Connect values. If undefined, the Default Settings will be used and the client prompts for required values if needed.
The server authentication phase starts. The remote server host will provide your local computer with its host public key. The host key identifies the server host.
Tectia Client checks if information on this key is already stored in your own host key directory. If not, the host key directory common to all users on your computer is checked next. If information on this host key is not found, you are asked to verify the new key.
When public-key authentication is used to authenticate the server, the first connection is very important. When Tectia Client receives a new server host key, it will display the host identification message.
The message displays the fingerprint of the host's public key in the SSH Babble format that is a series of pronounceable five-letter words in lower case and separated by dashes. By default also base64-encoded SHA-256 fingerprint is shown.
Verify the validity of the fingerprint, preferably by contacting the administrator of the remote host computer by telephone. After verifying the fingerprint, it is safe to save information on the host key for future use. You can also choose to cancel the connection, or to proceed with this connection without saving the host public key information.
![[Caution]](images/caution.gif) | Caution |
|---|---|
Never save a host public key without verifying its authenticity! |
Click OK to close the host identification dialog.
Information on the server public key will be stored on the client-side machine so that the client can later validate the key. On Tectia Client, the public key information is stored in the user's hostkeys directory:
$HOME/.ssh2/hostkeys
After the first connection, only the locally stored information about the server public key will be used in server authentication.
For more information on server authentication, see Server Authentication with Public Keys.
The user authentication phase starts. You will be prompted to authenticate yourself to the server using the authentication method you selected in the Connect to Server dialog, or by default with your password or with the passphrase of your private key. The required authentication method depends on the server settings.
After the server has successfully authenticated you, the Secure Shell connection to the server is opened.
You can connect to a remote host by using sshg3 on the command line:
Enter the sshg3 command using the following syntax:
$ sshg3 <hostname>For example:
$ sshg3 abc.example.com
The basic syntax is:
$ sshg3 user@host#port
where:
user - Enter a user name that is valid on the
remote host. The user@ attribute is optional.
If no user name is given, the local user name is assumed.
host - Enter the name of the remote host as an IP
address, FQDN (fully qualified domain name), or short host name. The remote host must be running a
Secure Shell version 2 server.
port - Enter the number of the Secure Shell listen
port on the remote server. The #port attribute is optional.
If no port is given, the default Secure Shell port 22 is assumed.
If you have defined connection profiles in the
ssh-broker-config.xml file, you can also connect by using the
name of the connection profile, for example:
$ sshg3 profile1
In this case, the settings defined in the profile (host name, port,
user name etc.) are used for the connection. For instructions on creating
and editing the connection profiles, see
the section called “The profiles Element”.
For more information on the sshg3 commands and options, see sshg3(1).
The server authentication phase starts. The server sends its public key to the client for validation (when server public-key authentication is used).
Tectia Client checks if this key is already stored in your own host key directory. If not, the host key directory common to all users on your computer is checked next.
If the host key is not found, you are asked to verify it.
When Tectia Client receives a new host public key, a host identification message is displayed. For example:
$ sshg3 user@server
Host key for the host "server" not found from database.
The fingerprint of the host public key is:
Babble: "xozif-hynas-sehuf-mabyz-zytez-resog-gogum-rilyk-sefop-rucit-paxix"
SHA-256: "E6uSBGEWQTGJdTVBiccvP8PNkQxwAKEWh0aAJTEK4WY"
You can get a public key's fingerprint by running
% ssh-keygen-g3 -F publickey.pub
on the key file.
Please select how you want to proceed.
cancel) Cancel the connection.
once) Proceed with the connection but do not save the key.
save) Proceed with the connection and save the key for future use.
Please select one (cancel, once, save):
The message shows the fingerprint of the host's public key in the SSH Babble format that is a series of pronounceable five-letter words in lower case and separated by dashes and by default in base64-encoded SHA-256 format.
Verify the validity of the fingerprint, preferably by contacting the administrator of the remote host computer by telephone.
After the fingerprint has been verified and found to be correct, it is safe to save the key and continue connecting. You can also select to cancel the connection, or to proceed with the connection without saving the key.
If you choose to save the server public key, relevant information
about the key will be stored on the client host in directory
$HOME/.ssh2/hostkeys on Unix or
in %APPDATA%\SSH\HostKeys on Windows.
After the first connection, the locally stored information about the server
public key will be used in server authentication.
For more information on server authentication, see Server Authentication with Public Keys.
The user authentication phase starts. You will be prompted to authenticate yourself to the server with your password or with the passphrase of your private key (if your public key has already been uploaded to the server). The required authentication method depends on the server settings.
After the server has successfully authenticated you, the Secure Shell connection to the server is opened.
| |