The SSH Tectia client/server solution provides the authentication and encryption services on the application protocol layer. This means that the installation of an SSH Tectia Client, SSH Tectia Connector, or SSH Tectia Server is a straightforward and easy task, and requires no changes to the operating system, as is the case with many other encryption and security products. Consequently, the installation process is effortless and can be performed by the end users themselves rather than by an already overworked IT administrator. Installations can also be centrally managed with SSH Tectia Manager. For more information, see Centralized Management.
SSH Tectia offers support for common enrollment and life-cycle management protocols for communicating with a certification authority (CA) or a registration authority (RA). It is interoperable with RSA Keon, and Entrust PKI (client-side authentication only).
Smart Card Authentication
Today, the most tamper-resistant storage of private keys used in certificate-based authentication is offered by smart cards or similar hardware tokens. The Connection Broker enables the use of hardware tokens and electronic identities for authentication.
SSH Tectia Connector and SSH Tectia Client offer a multitude of methods to be used for user and host authentication, and true strong authentication using either public keys or PKI. To ensure the highest level of data privacy, the encryption algorithm implementations are state-of-the-art, and include the following algorithms: AES, 3DES, Twofish, Blowfish, and SEED.
SSH Tectia Server, Client, and Connector can be operated in FIPS mode, using a version of the cryptographic library that has been certified according to the Federal Information Processing Standard (FIPS). In this mode the cryptographic operations are performed according to the rules of the FIPS 140-2 standard. The mode of the cryptographic library can be changed easily in the configuration file or on Windows using the configuration GUI.
For a list of platforms on which the FIPS library has been validated or tested, see Supported Cryptographic Algorithms, Protocols, and Standards.