Your browser does not allow storing cookies. We recommend enabling them.


Security Precautions

It is assumed that the usual standards of corporate security are followed when integrating Tectia Manager into an existing environment.

Pay attention to the following security issues:

  • The Management Server host root accounts must be limited to authorized superusers, only.

  • The Management Server does not contain passwords or other access data for opening terminals to the monitored hosts, only for controlling the Management Agents.

  • The Management Server (dbsrv8) accepts connections from the network by default (port 2638). It is important to change the default password.

  • There should be no unnecessary open ports on the managed and monitored hosts.

  • The administrator group roles can be segregated according to the allowed host groups and management actions.

  • The Management Agent and administration interface connections are TLS-secured. The weak TLS ciphers (56-bit keys) are NOT supported by the web administration interface.

  • All administrator actions, including logins and logouts, are stored in the administrator audit log.

  • The Management Agent runs with root or admin privileges (system service or daemon).

  • The web-server administrator access is allowed via an encrypted tunnel only.

  • Critical database contents are 3DES-encrypted (host PSKs, admin passwords).

In case you identify any further issues compromising system security, please inform SSH, see instructions at

Please note that this Administrator Manual does NOT detail general security precautions that are required when incorporating a system such as Tectia Manager into a production environment. These issues include:

  • Hardening the Tectia Manager host on the operating system level

  • The physical security of the Tectia Manager and its Management Server

  • The security on administrator workstations connecting to the Management Server through the administration interface (for example, turning off browser password caching).


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more