SSH Tectia

Defining Default Settings

The Default Connection page allows you to edit default settings for authentication (Defining Authentication), ciphers (Defining Ciphers), MACs (Defining MACs), server connection (Defining Advanced Connection Settings), and tunneling (Defining Default Tunneling Settings).

Newly created connection profiles will inherit the default settings defined here. The values can be customized on the profile-specific tabbed pages and they override the default settings. See Defining Authentication, Defining Ciphers, Defining MACs, and Defining Advanced Connection Settings.

Defining Authentication

On the Authentication tab, you can define the default user authentication methods.

Authentication methods for Client and Connector

Figure 4.2. Authentication methods for Client and Connector

Select the Use factory defaults check box to use the factory default authentication methods, or clear the check box to define a custom list of authentication methods.

In SSH Tectia Client 5.2, the factory default authentication methods are, in order:

  • Public-key

  • Password

  • Keyboard-interactive

  • GSSAPI

To add a new authentication method to the list, click Add and select the method from the drop-down menu.

To remove an authentication method, select a method from the list and click Delete.

Use the arrow buttons to organize the preferred order of the authentication methods. The first method that is allowed by the Secure Shell server is used. Note that in some cases, the server may require several authentication methods to be passed before allowing login.

Possible methods for user authentication are the following:

  • Password: Use a password for authentication.

  • Public-key: Use public-key authentication. See also Defining User Authentication.

  • Keyboard-interactive: Keyboard-interactive is designed to allow the Secure Shell client to support several different types of authentication methods, including RSA SecurID, and PAM. For more information on keyboard-interactive, see User Authentication with Keyboard-Interactive.

  • GSSAPI: GSSAPI (Generic Security Service Application Programming Interface) is a common security service interface that allows different security mechanisms to be used via one interface. For more information on GSSAPI, see User Authentication with GSSAPI.

Defining Ciphers

On the Ciphers tab, you can define the encryption algorithms used.

Defining a cipher list

Figure 4.3. Defining a cipher list

Select the Use factory defaults check box to use the factory default algorithms, or define a cipher list using the arrow buttons. The ciphers are tried in the order they are specified.

The factory default ciphers are, in order:

  • CryptiCore

  • AES-128

  • AES-192

  • AES-256

  • 3DES

  • SEED

The ciphers that can operate in the FIPS mode are 3DES, AES-128, AES-192, and AES-256.

Defining MACs

On the MACs tab, you can configure the message integrity algorithms used.

Defining a MAC list

Figure 4.4. Defining a MAC list

Select the Use factory defaults check box to use the factory default algorithms, or define a MAC list using the arrow buttons. The MACs are tried in the order they are specified.

The factory default MACs are, in order:

  • CryptiCore

  • HMAC-MD5

  • HMAC-SHA1

The HMAC-SHA1 algorithm can operate in the FIPS mode.

Defining Advanced Connection Settings

On the Server tab, you can define advanced server connection settings.

Defining server connection settings

Figure 4.5. Defining server connection settings

Use factory defaults

Select the check box to use default values for the server connection settings.

Transport distribution

This settings define the number of transport channels used by the Secure Shell connection. Using more than one transport may increase the throughput over low bandwidth connections. Currently, a value of 1 to 8 transports is supported. The default is 2 transports.

Connection timeout

This setting specifies how long idle time (after all connection channels are closed) is allowed for a connection before automatically closing the connection. The default is 5 seconds. Setting a longer time allows the connection to the server to remain open even after a session (for example, GUI client) is closed. During this time, a new session to the server can be initiated without re-authentication. Setting the time to 0 (zero) terminates the connection immediately when the last channel to the server is closed.

Show server banner

Select the check box if you want to have the server banner message file (if it exists) visible to users before login.

Defining Default Tunneling Settings

On the Tunneling tab, you can define the default settings for X11 and agent forwarding (tunneling). The defaults are applied to those connection profiles that do not have their own tunneling settings, and to new connection profiles.

Defining default tunneling settings

Figure 4.6. Defining default tunneling settings

Select the Use factory defaults check box to apply the factory defaults for X11 and agent forwarding. According to the factory defaults, both forwarding methods are disabled (off).

Select the Tunnel X11 connections check box to allow X11 forwarding on the client side.

Select the Allow Agent Forwarding check box to allow agent forwarding on the client side.