Public-key authentication is based on the use of digital signatures. To use public-key authentication, you must first create a key pair on the client, and upload the public key to the server. For instructions, see User Authentication with Public Keys.

At connection establishing phase, the server sends Tectia ConnectSecure a challenge. Sign the challenge with the passphrase of your private key. After the server has successfully completed user authentication, the Secure Shell connection to the server is opened.

The Connection Broker operates automatically as an authentication agent. It offers an easy method for utilizing also digital certificates and smart cards. The authentication forwarding functionality allows the forwarding of public-key authentication over several Secure Shell connections. The Connection Broker is started automatically when you start Tectia ConnectSecure.