Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH Tectia

Connection Broker

The Connection Broker is a shared component included in SSH Tectia Client and SSH Tectia Connector. All cryptographic operations and authentication-related tasks for SSH Tectia Client and Connector are handled by the Connection Broker.

Connection Broker architecture

Figure 4.3. Connection Broker architecture

The Connection Broker replaces SSH Accession as the authentication agent in 5.0 and later versions. The connection of the agent to other applications is shown in Figure 4.4.

Connection Broker connections

Figure 4.4. Connection Broker connections

Supported key and certificate providers:

  • MSCAPI: Microsoft Crypto API, a standard cryptographic interface in Microsoft Windows-based systems.

  • PC/SC: A standard for integrating smart cards and smart card readers. It is defined by the PC/SC Workgroup. For more information, see

  • PKCS#11: Connection Broker supports cryptographic tokens based on PKCS#11 (v2.x).

    The PKCS#11 Public-Key Cryptography Standard specifies an API called Cyptoki to devices that hold cryptographic information and perform cryptographic functions. For more information, see the RSA Laboratories web page at

  • Entrust: By using the Entrust provider, SSH Tectia can utilize keys and certificates stored in an Entrust profile file (.epf). The initialization file includes the basic Entrust PKI configuration (for example the certification authority (CA) address).