The Identity page is used to specify the host keys and host certificates that identify the server to the clients.
Under Host Key (RSA), you can generate an RSA key, and specify the private and public host key files.
Click the Browse button on the right-hand side of the text field to change the private host key file. The Select File dialog appears, allowing you to find and specify the desired file. You can also type the path and file name directly into the text field.
The default file is hostkey
, located in the installation directory
("<INSTALLDIR>\SSH Tectia Server
", see Directory Paths).
The key file and directory should have full permissions for the Administrators
group and the SYSTEM account and no other permissions.
Click Browse button on the right-hand side of the text field to change the public host key file. The Select File dialog appears, allowing you to find and specify the desired file. You can also type the path and file name directly into the text field.
If the public key is not specified, it will be derived from the private key. However, specifying the public key will decrease the start-up time for the software, as deriving the public key is a fairly slow operation.
Click the Generate RSA key button to generate a new RSA
host key pair. This launches the ssh-keygen-g3.exe
command-line
tool and generates a 1536-bit RSA key pair.
You can generate the key pairs also manually with a command line tool. See instruction in ssh-keygen-g3(1).
Click the Show Fingerprint button to view the key's fingerprint in the SSH Babble format (a series of five-letter words).
Under Host Key (DSA), you can generate a DSA key, and specify the private and public host key files.
Click the Browse button on the right-hand side of the text field to specify the private host key file. The Select File dialog appears, allowing you to find and specify the desired file. You can also type the path and file name directly into the text field.
By default, the hostkey
is located in the installation directory
("<INSTALLDIR>\SSH Tectia Server
", see Directory Paths).
The key file and directory should have full permissions for the Administrators
group and the SYSTEM account and no other permissions.
Click the Browse button on the right-hand side of the text field to specify the public host key file. The Select File dialog appears, allowing you to find and specify the desired file. You can also type the path and file name directly into the text field.
If the public key is not specified, it will be derived from the private key. However, specifying the public key will decrease the start-up time for the software, as deriving the public key is a fairly slow operation.
Click the Generate DSA key button to generate a new DSA
host key pair. This launches the ssh-keygen-g3.exe
command-line
tool and generates a 1536-bit DSA key pair.
You can generate the key pairs also manually with a command line tool. See instruction in ssh-keygen-g3(1).
Click the Show Fingerprint button to view the key's fingerprint in the SSH Babble format (a series of five-letter words).
Under Certificate, you can specify the host certificate settings.
Click the Browse button on the right-hand side of the text field to change the private key file associated with the certificate. The Select File dialog appears, allowing you to specify the desired file. You can also type the path and file name directly into the text field.
Click the Import PKCS12 button to import a private key stored in the Personal Information Exchange (PFX) format. The Select File dialog appears, allowing you to specify the desired file.
Click the Browse button to select the host certificate file. The Select File dialog appears, allowing you to specify the desired file. You can also type the path and file name directly into the text field.
Click the View button to display the current certificate.
Under External Key, you can specify an external host key to be used.
Enter the type of the external key in the text box. The currently supported
types are none
, software
, entrust
,
mscapi
, pkcs11
and pkcs12
.
Enter the initialization info of the external key provider.
This field can be used, for example, to define a directory where the keys
are polled or key files where the keys are read. For information on the
init-info
options, see externalkey
in ssh-server-config(5).
Notice that all key and certificate files should be located on a local drive. Network or mapped drives should not be used, as the server program may not have proper access rights for them.
See also Server Authentication with Public Keys, Server Authentication with Certificates, and Server Authentication using External Host Keys.