Tectia^® Client 7.0

User Manual

SSH Communications Security Corporation

Copyright © 1995–2025 SSH Communications Security Corporation

This software and documentation are protected by international copyright laws and treaties. All rights reserved.

ssh® and Tectia® are registered trademarks of SSH Communications Security Corporation in the United States and in certain other jurisdictions.

SSH and Tectia logos and names of products and services are trademarks of SSH Communications Security Corporation. Logos and names of products may be registered in certain jurisdictions.

All other names and marks are property of their respective owners.

No part of this publication may be reproduced, published, stored in an electronic database, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, for any purpose, without the prior written permission of SSH Communications Security Corporation.

THERE IS NO WARRANTY OF ANY KIND FOR THE ACCURACY, RELIABILITY OR USEFULNESS OF THIS INFORMATION EXCEPT AS REQUIRED BY APPLICABLE LAW OR EXPRESSLY AGREED IN WRITING.

For Open Source Software acknowledgements, see appendix Open Source Software License Acknowledgements in the User Manual.

27 November 2025

Table of Contents

1. About This Document

Documentation Conventions
Customer Support
Component Terminology

2. Installing Tectia Client

Preparing for Installation
Installing the Tectia Client Software
Removing the Tectia Client Software
Files Related to Tectia Client
Symlinks between ssh/scp/sftp and sshg3/scpg3/sftpg3 (on Unix)

3. Getting Started with Tectia Client

Product Components
First Login to a Remote Host
Using Public-Key Authentication
Configuring Tectia Client
Creating Connection Profiles
Enabling FIPS 140-2 Mode

4. Authentication

Supported User Authentication Methods
Server Authentication with Public Keys
Server Authentication with Certificates
User Authentication with Passwords
User Authentication with Public Keys
User Authentication with Certificates
Host-Based User Authentication (Unix)
User Authentication with Keyboard-Interactive
User Authentication with GSSAPI

5. Transferring Files

Secure File Transfer with scpg3 and sftpg3 Commands
Secure File Transfer GUI
Controlling File Transfer

6. Secure Shell Tunneling

Local Tunnels
Remote Tunnels
X11 Forwarding
Agent Forwarding

7. Troubleshooting Tectia Client

Gathering Basic Troubleshooting Information
Collecting System Information for Troubleshooting
Setting Connection Broker to Debug Mode
Answers to Common Problems

A. Connection Broker Configuration Tools

Tectia Connections Configuration GUI
Configuration File for the Connection Broker
Backup of Configuration Files
Connection Broker Configuration File Quick Reference
PrivX Desktop Shortcut Menu (Windows and Linux)

B. Command-Line Tools and Man Pages

ssh-broker-g3 — Tectia Connection Broker - Generation 3
ssh-broker-ctl — Tectia Connection Broker control utility
ssh-troubleshoot — tool for collecting system information
sshg3 — Secure Shell terminal client - Generation 3
scpg3 — Secure Shell file copy client - Generation 3
sftpg3 — Secure Shell file transfer client - Generation 3
ssh-translation-table — Secure Shell Translation Table
ssh-keygen-g3 — authentication key pair generator
ssh-keyfetch — Host key tool for the Secure Shell client
ssh-cmpclient-g3 — CMP enrollment client
ssh-scepclient-g3 — SCEP enrollment client
ssh-certview-g3 — certificate viewer
ssh-ekview-g3 — external key viewer

C. Egrep Syntax

Egrep Patterns
Escaped Tokens for Regex Syntax Egrep
Character Sets For Egrep

D. Audit Messages

E. Default and Supported SSH Algorithms

Ciphers
Key-Exchange Algorithms
Message-Authentication Codes
Host-Key and Public Key Signature Algorithms

F. Removing OpenSSL from Tectia Client

Background Information
Removing the OpenSSL Cryptographic Library

G. Open Source Software License Acknowledgements