SSH

User Keys

Enabling Elliptic Curve Public Keys

To enable ECDSA public-key algorithms for Tectia Client, do the following:

  1. In the Tectia Connections Configuration GUI, go to General > Default Connection and select the Authentication tab.

  2. Move ecdsa-sha2-nistp256, ecdsa-sha2-nistp384 and ecdsa-sha2-nistp521 to the Enabled Algorithms list:

    Enabling ECDSA public-key signature algorithms

    Figure 2.1. Enabling ECDSA public-key signature algorithms

  3. Once you have enabled the elliptic curve algorithms, you can change the order of the list using the red up and down arrow buttons. Tectia Client reads the list in the top-down order. The list will look like this if the ECDSA algorithms are ordered at the top:

  4. Click Apply.
[Note]Note

To enable ECDSA keys for X.509, repeat the process above but select the keys named x509v3-ecdsa-sha2-* instead.

Creating ECDSA User Key

  1. In the Tectia Connections Configuration GUI, go to User Authentication > Keys and Certificates. Under Key and Certificate List, click New key....

  2. Provide a file name for the key.

  3. Click Advanced Options.

  4. For Key type, select ECDSA.

  5. Select the Key length. A 256-bit ECDSA key provides a level of security equivalent to a 3072-bit DSA or RSA key.

    Creating an ECDSA key using the Public-Key Authentication Wizard

    Figure 2.2. Creating an ECDSA key using the Public-Key Authentication Wizard

  6. To generate the key, click Next.

  7. The wizard takes you to the Upload Public Key page. If you do not wish to upload the key to a server, click Cancel.