SSH Tectia

Transparent TCP Tunneling from Server Perspective

SSH Tectia Client and SSH Tectia ConnectSecure provide transparent TCP tunneling of applications. They both can connect to any Secure Shell server complient with IETF SSH version 2. SSH Tectia Server and SSH Tectia Server for IBM z/OS both support transparent TCP tunneling. In this document, we handle the settings of SSH Tectia Server.

The SSH Tectia Client and ConnectSecure users must be able to log in to an existing user account, preferably a non-privileged user account, on the server.

Users can have their own user accounts. If the Windows login name can be used also as the server-side login name, the variable %USERNAME% can be conveniently used in the configuration of SSH Tectia ConnectSecure.

Most of the user authentication methods supported by SSH Tectia Server can be used with transparent TCP Tunneling. The authentication methods include password, any keyboard-interactive methods such as SecurID or RADIUS, public-key authentication with certificates on smart cards, and GSSAPI if SSH Tectia Client or ConnectSecure and the server computers are part of the same Windows domain, or SSH Tectia Server can perform initial login to MIT Kerberos realm on behalf of the SSH Tectia Client or ConnectSecure user.

User interaction is required for the keyboard-interactive authentication methods and typically at least the first time when the private key stored on a smart card is accessed in public-key authentication. For details on the user authentication methods, see Chapter 5.