Easy Management of Host Authentication

Tectia Manager offers two options for managing the authentication of SSH server hosts:

  • In a Tectia SSH environment, Tectia Manager provides robust public-key infrastructure (PKI) support with a built-in certification authority (CA) and centralized configuration and deployment of the PKI settings. Tectia Manager includes full certificate lifecycle management features for enrolling, renewing, and revoking X.509v3 host certificates.

    Either the built-in CA or an existing third-party PKI solution (for example, Entrust Authority) can be used for managing Tectia Server host identities.

  • In a mixed environment where a full PKI with certificates is not an option, Tectia Manager can collect the public keys of all managed Tectia Server and OpenSSH server hosts automatically and distribute the host keys to all managed Tectia Client, ConnectSecure and OpenSSH client hosts.

    The automated host key distribution saves bandwidth as the keys are handled in a centralized manner instead of each server sending its keys to all the clients separately. Also, the system is made safer as the host keys are kept up-to-date, and their validity checking does not depend on end users. The end users are also saved from the often confusing "Host key has changed" notifications upon server updates and rebuilds.

Tectia Manager collects host keys and distributes them to client hosts

Figure 2.5. Tectia Manager collects host keys and distributes them to client hosts

Tectia Manager collects detailed data on the host keys, and generates reports listing the key details and their distribution situation. The Hostkeys view helps administrators find for example out-dated or too short keys, and cases where the key distribution has failed.