Your browser does not allow storing cookies. We recommend enabling them.


Using Stored Passwords in Connection Profiles

In connection profiles that will be used in non-interactive connections, it is also possible to use passwords stored to the Tectia Client configuration or to the system.

In the Connection Broker configuration file ssh-broker-config.xml, the stored passwords are configured with the element password, with the following syntax:

  <authentication-method name="password" />
  <password file="path/to/file" />
  <password command="path/to/script_or_program" />

The password element can be used to specify a user password that the client will send as a response to password authentication.

The password can be given directly in the string attribute, but safer alternatives are to define either a path to a file containing the password in the file attribute, or to use the command attribute to define a path to a program or script that outputs the password.

When using the command attribute to refer to a shell script, make sure the script also defines the user's shell, and outputs the actual password. Otherwise the executed program fails, because it does not know what shell to use for the shell script. For example, if the password string is defined in a file named my_password.txt, and you want to use the bash shell, include these lines in the script:

cat /full/pathname/to/my_password.txt

If the password is given using this option, it is extremely important that the ssh-broker-config.xml file, the password file, or the program are not accessible by anyone else than the intended user.


Any password given with the command-line options will override this setting.

Via the Tectia Connections Configuration GUI, the stored passwords are configured on the Connection profiles → Authentication tab. Select Store password for non-interactive use and define the password or the path to the password file or program.


If you choose to use stored passwords, it is extremely important that the Tectia Client host and the password file or program are not accessible by anyone else than the intended user.

Configuring authentication methods for the profile

Figure 4.3. Configuring authentication methods for the profile

To store the password as such in the configuration, enter the password directly in the Password field.

To use a file containing the password, select Password file and enter the path to the file in the field.

To use a program or a script that outputs the password, select Password program and enter the path to the program in the field.


The user is required to have adequate permissions to the password file and to the password program. The file or the program executable must be owned by the user, local administrator or a member in the local admin group, and the file must have the allow-type permissions for administrators.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more