Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia


The General page contains the general server settings, for example, the maximum number of connections, FIPS mode, and banner message.

SSH Tectia Server Configuration - General page

Figure 4.4. SSH Tectia Server Configuration - General page

Maximum number of connections / Maximum number of processes

SSH Tectia Server uses a distributed architecture where the master server process launches several servant processes that handle the actual client connections. The server's total number of connections is the number of connections multiplied by the number of processes.

Limiting the maximum number of connections is useful in systems where system overload may be caused by a high load in the server program when opening new connections.

Maximum number of connections defines the maximum number of client connections allowed per servant. The value range is 1-256. The default value is 256.

Maximum number of processes defines the maximum number of servant processes the master server will launch. The value range is 1-40. The default is 40.

The GUI does not allow you to type in illegal values.

Cryptographic library

SSH Tectia Server can be operated in FIPS mode, using a version of the cryptographic library that has been validated according to the Federal Information Processing Standard (FIPS) 140-2. In this mode, the cryptographic operations are performed according to the rules of the FIPS 140-2 standard.

Select the Operate in FIPS Mode check box to use the FIPS-certified version of the SSH cryptographic library. Clear the check box to use the standard (default) SSH cryptographic library.


Setting the FIPS mode does not prevent using algorithms from crypto plugins. For example, CryptiCore can be used even when the main crypto library is set in the FIPS mode. To enforce that only FIPS-compliant algorithms are used, disable the non-FIPS algorithms from the configuration. See Parameters.


The server has to be restarted after changing the FIPS-mode setting.

Banner message file

To define a banner message file, click the Browse button on the right-hand side of the text field. The Select File dialog appears, allowing you to specify the desired file. You can also type the path and filename directly into the text field.

The message file is sent to the client before authentication. Note, however, that the client is not obliged to show this message.

Login grace time

Specify a time after which the server disconnects if the user has not successfully logged in. If the value is set to 0, there is no time limit. The default is 600 seconds.

User configuration directory

Specify a path to a directory from where SSH Tectia Server looks for user-specific authorized public keys, if they are not stored to the default location. With this setting the administrator can control options that are usually controlled by the user. If no setting is given, the default setting will be used.

The default setting is %D/.ssh2, which expands to %USERPROFILE%\.ssh2 (usually "C:\Documents and Settings\<username>\.ssh2").

Enter the path as a pattern string which will be expanded by SSH Tectia Server. The following pattern strings can be used:

  • %D or %homedir% is the user's home directory

  • %U or %username% is the user's login name

    For Windows domain users, these strings are substituted differently:

    • %U is expanded to domain.username

    • %username% is expanded to domain\username

  • %username-without-domain% is the user's login name without the domain part.


The User configuration directory setting will be read only if the Authentication view does NOT have anything set in the following settings:

  • Authorization file

  • Authorized-keys directory

  • OpenSSH authorized-keys file

For reference, see Parameters

Windows logon type

Specify what kind of user log-on methods for the local host are accepted by SSH Tectia Server. The defined log-on type affects password authentication. Select a suitable value from the dropdown menu: batch, interactive, network, or network-cleartext. The default value is interactive. Note that this setting only affects password-based authentication methods.

For example, to enable accounts that do not have the access right to log on locally, select value network.

For information on the attribute values, refer to Microsoft documentation on Windows logon types.

Resolve client hostname

Define whether SSH Tectia Server should try to resolve the client host name from the client IP address during connection setup. By default, Yes is selected and DNS lookups are used to resolve the client host name at connection time.

If you select No, client host name resolution is not attempted, but the IP address is used as the returned client host name. This is useful when you know that the DNS cannot be reached, and the query would cause just additional delay in logging in.


This attribute does not affect the resolution of TCP tunnel endpoints and SSH Tectia Server will try to resolve the client host name when creating a TCP tunnel.

Windows terminal mode

Define the mode of operation of a terminal session on the server side. This setting can have values Console and Stream.

If set to Console (default), the server reads the screen buffer in a loop and detects modifications based on current cursor location. If set to Stream, the server reads the stdout and stderr of cmd.exe as a stream of data, while providing basic facilities for command-line editing.




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now