SSH Tectia Client

SSH Tectia Client provides secure interactive file transfer and terminal client functionality for remote users and system administrators for accessing remote hosts running SSH Tectia Server or other Secure Shell server.

SSH Tectia Client provides easy-to-use graphical user interfaces for file transfers and for configuring the Connection Broker settings on Windows. The intuitive file transfer window includes separate views for the file folders in the local and remote computers, as well as transfer progress and history views.

SSH Tectia Client also includes advanced command-line tools for system administrators to set up secure automated file transfers, and support for outgoing and incoming application tunneling, such as X11 forwarding. On Windows, SSH Tectia Client supports also transparent TCP tunneling.

Connection Broker

The Connection Broker is an integrated component of SSH Tectia Client and SSH Tectia ConnectSecure. The Connection Broker handles all cryptographic operations and authentication-related tasks on the client side.

Connection Broker architecture

Figure 4.2. Connection Broker architecture

The connections of the Connection Broker to other applications is shown in Figure 4.3.

Connection Broker connections

Figure 4.3. Connection Broker connections

The Connection Broker supports the following key and certificate providers:

  • MSCAPI: Microsoft Crypto API, a standard cryptographic interface in Microsoft Windows-based systems.

  • PKCS#11: Connection Broker supports cryptographic tokens based on PKCS#11 (v2.x).

    The PKCS#11 Public-Key Cryptography Standard specifies an API called Cryptoki to devices that hold cryptographic information and perform cryptographic functions. For more information, see the RSA Laboratories web page at http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/index.html.

  • Entrust: By using the Entrust provider, SSH Tectia can utilize keys and certificates stored in an Entrust profile file (.epf). The initialization file includes the basic Entrust PKI configuration (for example the certification authority (CA) address).