Configure the client side according to the key and certificate type used: X.509 or Entrust.
To configure the client to authenticate itself with an X.509 certificate, perform the following tasks:
- Enroll a certificate for yourself. Example: Enrollment using
$ ssh-cmpclient INITIALIZE \
-P generate://ssh2:passphrase@rsa:512/user_rsa \
-o /home/user/.ssh2/user_rsa \
-p 62154:ssh \
-s 'C=FI,O=SSH,CN=user;email@example.com' \
'C=FI, O=SSH Communications Security Corp, CN=Secure Shell Test CA'
Remember to define also the SOCKS server (
-S) before the CA URL, if required. For more information on the
ssh-cmpclient syntax, see the
ssh-cmpclient man page.
- Make sure that public-key authentication is enabled in the
- Specify the private key of your software certificate in the
The certificate itself will be read from
SSH Tectia Client supports also the use of Entrust keys and certificates for authentication. Entrust keys are handled as external keys.
The Entrust provider described in this section is a component designed by SSH Communications Security Corp.
Entrust Entelligence and the
*.epf files are components designed by Entrust, Inc.
To configure the client to authenticate itself using the user's Entrust key and certificate, perform the following tasks:
- Enable public-key authentication in the
- Define the Entrust external key provider and its initialization string:
The format of the initialization string is the same as for the server. See Section Server Entrust Authentication above.
- Copy the
entrust.ini file to