Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Common Security Features

Easy Installation

The SSH Tectia client/server solution provides the authentication and encryption services on the application protocol layer. This means that the installation of an SSH Tectia Client, SSH Tectia Connector, or SSH Tectia Server is a straightforward and easy task, and requires no changes to the operating system, as is the case with many other encryption and security products. Consequently, the installation process is effortless and can be performed by the end users themselves rather than by an already overworked IT administrator. Installations can also be centrally managed with SSH Tectia Manager. For more information, see Centralized Management.


SSH Tectia offers support for common enrollment and life-cycle management protocols for communicating with a certification authority (CA) or a registration authority (RA). It is interoperable with RSA Keon, and Entrust PKI (client-side authentication only).

Smart Card Authentication

Today, the most tamper-resistant storage of private keys used in certificate-based authentication is offered by smart cards or similar hardware tokens. The Connection Broker enables the use of hardware tokens and electronic identities for authentication.

Strong Authentication

SSH Tectia Connector and SSH Tectia Client offer a multitude of methods to be used for user and host authentication, and true strong authentication using either public keys or PKI. To ensure the highest level of data privacy, the encryption algorithm implementations are state-of-the-art, and include the following algorithms: AES, 3DES, Twofish, Blowfish, and SEED.


SSH Tectia Server, Client, and Connector can be operated in FIPS mode, using a version of the cryptographic library that has been certified according to the Federal Information Processing Standard (FIPS). In this mode the cryptographic operations are performed according to the rules of the FIPS 140-2 standard. The mode of the cryptographic library can be changed easily in the configuration file or on Windows using the configuration GUI.

For a list of platforms on which the FIPS library has been validated or tested, see Supported Cryptographic Algorithms, Protocols, and Standards.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more