|
     |
Tectia Client includes a default configuration that can get you started. To tailor the Tectia Client behaviour according to the needs of your environment, you can edit the existing configuration.
A component called Connection Broker handles all cryptographic operations and authentication-related tasks for SSH operations of Tectia Client, so all the related settings are made in the Connection Broker configuration.
On Linux, macOS and Windows, Tectia Client provides a graphical user interface for handling the Connection Broker configuration. On other platforms, the configuration can be edited directly in the configuration file (in XML format). The Connection Broker settings can be edited using the Tectia Connections Configuration GUI that can be started for example from the Tectia Client tray icon menu.
For users of Tectia Client, the most relevant and most typically needed item to configure for the Connection Broker are the connection profile settings. All other settings are typically configured by system administrators.
It is advisable to create connection profiles for servers where you will need to connect repeatedly. The profiles contain the server ID, your user name on that server, and information on the authentication method to be used.
In general, the following aspects can be configured for the Connection Broker:
These settings define how Tectia Client will establish the secure connections to the remote servers, for example: what type of a connection will be opened, what authentication methods will be applied, will a proxy be used and is tunneling allowed.
The user authentication settings define the methods Tectia Client will use when sending user authentication data to the remote servers. The Tectia Connections Configuration GUI includes a public-key wizard (on Linux and Windows) that helps in creating and uploading public keys to the servers.
The server authentication settings define how the remote servers will be authenticated by Tectia Client.
Tunnels can be defined to secure all or some TCP applications and FTP connections. It is also possible to allow forwarding of X11 sessions and SSH connections from one remote server to another.
![[Tip]](images/tip.gif) | Tip |
|---|---|
The first things to configure are the user authentication settings (creating public keys for the users and uploading them to remote servers) and creating connection profiles for servers where you will need to connect repeatedly. |
For instructions on defining the authentication settings, see Chapter 4, and for the authentication-related options in the configuration file, see authentication-methods .
For instructions on creating connection profiles via the GUI, see Defining Connection Profiles, and about adding connection profiles directly
into the configuration file, see the section called “The profiles Element”.
For a detailed description of the Connection Broker configuration options, see Appendix A.
The Connection Broker configuration is stored in an
XML file named ssh-broker-config.xml. You can edit the
configuration file with your favorite XML or text editor, but make sure
ssh-broker-config.xml remains a valid XML file. For details
about the Connection Broker configuration options, see ssh-broker-config(5).
When you want to modify the Connection Broker configuration, you will typically
edit a user-specific copy of the configuration file stored in
$HOME/.ssh2 on Unix, %APPDATA%\SSH\ on Windows). You
need to create the user-specific configuration file first.
The Tectia Connections Configuration GUI on Windows and Linux also writes to the user-specific configuration file automatically.
For a list of the related configuration files and their locations:
on Unix, refer to File Locations on Unix
on Windows, refer to File Locations on Windows
Tectia Client includes command-line tools sshg3, scpg3 and sftpg3 that can be used to open secure connections and to transfer files securely - the same as with the PrivX Desktop GUI
These tools can be used in scripts and in real-time with a set of options detailing their behaviour. The options given on command line will override the settings specified in the configuration file.
The options of each command-line tool are described on the man pages sshg3(1), scpg3(1), and sftpg3(1)).
| |