Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Common Security Features

Easy Installation

The SSH Tectia client/server solution provides the authentication and encryption services on the application protocol layer. This means that the installation of an SSH Tectia Client, SSH Tectia Connector, or SSH Tectia Server is a straightforward and easy task, and requires no changes to the operating system, as is the case with many other encryption and security products. Consequently, the installation process is effortless and can be performed by the end users themselves rather than by an already overworked IT administrator. Installations can also be centrally managed with SSH Tectia Manager. For more information, see Centralized Management.


SSH Tectia offers support for common enrollment and life-cycle management protocols for communicating with a certification authority (CA) or a registration authority (RA). It is interoperable with RSA Keon, and Entrust PKI (client-side authentication only).

Smart Card Authentication

Today, the most tamper-resistant storage of private keys used in certificate-based authentication is offered by smart cards or similar hardware tokens. The Connection Broker enables the use of hardware tokens and electronic identities for authentication.

Strong Authentication

SSH Tectia Connector and SSH Tectia Client offer a multitude of methods to be used for user and host authentication, and true strong authentication using either public keys or PKI. To ensure the highest level of data privacy, the encryption algorithm implementations are state-of-the-art, and include the following algorithms: AES, 3DES, Twofish, Blowfish, and SEED.


SSH Tectia Server, Client, and Connector can be operated in FIPS mode, using a version of the cryptographic library that has been certified according to the Federal Information Processing Standard (FIPS). In this mode the cryptographic operations are performed according to the rules of the FIPS 140-2 standard. The mode of the cryptographic library can be changed easily in the configuration file or on Windows using the configuration GUI.

For a list of platforms on which the FIPS library has been validated or tested, see Supported Cryptographic Algorithms, Protocols, and Standards.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now