Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia

Server Authentication using External Host Keys

In addition to conventional keys and certificates stored as files on disk, several external key providers are available for accessing keys and certificates stored in hardware tokens or external software modules.

The example below initializes the software external key provider, which is used to access keys and certificates on disk, and instructs it to read all keys in /etc/ssh2/hostkeys.

    <externalkey type="software"

Each hostkey element can be used for setting up one external key provider. Each provider may provide any number of keys to the server. It should be noted that due to the limitations of the SSH2 protocol, having more than one key of each type (RSA, DSA, X.509 certificate with RSA key and X.509 certificate with DSA key) is discouraged.

For more information on the different external keys and their initialization strings, see externalkey in ssh-server-config(5).




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now