The
tab provides tools for creating and managing the keys that authenticate your client session to the host when you establish a Secure Shell connection using Public Key Authentication.NOTE:Changes you make in this dialog box are saved to the currently specified SSH configuration scheme when you click .
Reflection maintains a list of available user keys. To specify which key or keys you want Reflection to use for authentication to the current host, select one or more check boxes in the
column (or enable ).The list of keys includes:
Keys you have added using the
button.Keys you have copied manually to the Secure Shell folder.
Keys and certificates in the Key Agent.
User and Authentication Agent keys copied during migration of F-Secure settings.
Certificates in the Windows Certificate Manager in your personal store.
Certificates in the Reflection Certificate Manager in your personal store.
The following key management tools are also available:
|
Displays the contents of the selected key or certificate. |
|
Opens the dialog box, which you can use to configure a public/private key pair for user key authentication. |
|
Upload a public key to the currently specified host. The utility automatically detects the host type and uploads the key by default using appropriate settings for this host. After the secure connection to the host has been established, a dialog box appears, displaying information about where on the host to upload the key. In most cases you do not need to change these settings. If the host or key type determined by the utility is incorrect, you can configure host-specific values for key uploads by setting the ServerKeyFormat and ServerStyle keywords in the Secure Shell configuration file. The public key is transferred using the secure SFTP protocol. You will need the ability to use password authentication (or another authentication method) in order to upload the public key. Once the public key is successfully uploaded, you may disable other authentication methods. |
|
Add a private key to the list of available keys. You can use this feature to provide easy access to keys created using other applications. Importing a key copies it to the Secure Shell folder. |
|
Export a public key or public/private key pair. |
|
Deletes the selected key. |
|
Change the passphrase used to protect the selected key. |
|
Adds the selected key to the Key Agent. If you have not yet started the Key Agent for the first time, or if the Key Agent is locked, you will be prompted to enter the Key Agent passphrase. In addition, you will be prompted to enter the private key's passphrase before the key can be added to the agent. |
|
When this option is selected, the client attempts to authenticate with all the listed keys, regardless of whether or not the Use checkbox is selected. |
|
This setting determines the order in which the client presents certificate signature types to the server during public key authentication. When this setting is selected (the default), the client sends the key using a standard ssh key signature first (ssh-rsa or ssh-dss). If that fails, the client tries again using a certificate signature (x509-sign-rsa or x509-sign-dss). When this option is cleared, the client presents the certificate signature first. This can be useful in situations where the certificate key type is required and the server doesn't allow the client to attempt a second authentication using the same key with a different signature type. |
|
Enables forwarding of the Key Agent connection. Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's Unix-domain socket) can access the local agent through the forwarded connection. Attackers cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. |
|
This setting is available when is enabled. When it is selected and public key authentication to the server is successful, the key or certificate that was used for authentication is automatically added to the Key Agent. This key is not saved in the Key Agent, but remains available as long as the Key Agent is running. |
|
Launches the Key Agent. |