Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Server Authentication Management

SSH Tectia Manager contains a built-in certification authority (CA) for managing SSH Tectia Server host identities. The CA can issue X.509 certificates to server hosts that have SSH Tectia Server version 4.x or later installed, renew the certificates when the end of their validity period is near, and revoke them when necessary. The CA publishes a certificate revocation list (CRL) where the revoked certificates are listed. SSH Tectia Manager also manages public-key infrastructure (PKI) settings throughout the client/server environment to ensure easy deployment of strong authentication.

SSH Tectia Manager also supports centralized enrollment of certificates from an external PKI (Entrust Authority is supported).

In environments where the PKI and X.509 certificate authentication are not available, host public keys are used for SSH Tectia Server host authentication. During server public-key authentication, SSH Tectia Client typically notifies the user upon connecting if the public key of the server host has changed since the last connection. This is done to inform the user of a potential security breach. However, in many cases the server public key has changed due to a reinstallation of the server.

There is the danger that users who see such notifications repeatedly may eventually begin to ignore them, which negates the original purpose of the alarm and weakens the security of the environment against real attacks.

To avoid unnecessary user alerts, SSH Tectia Manager enables automatic distribution of the public keys of server hosts within the environment. In the event of an authorized reinstallation of a server, SSH Tectia Manager distributes the new host key to the other hosts in the environment, thus providing transparent authentication for subsequent connections. The server authentication management also enables the first connection to a new server to be transparently authenticated. The private key of the server never leaves its host.


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more