Public key user authentication is an optional feature of the Secure Shell protocol. Reflection X Advantage supports both standard public key authentication and certificate authentication, which is a form of public key authentication.
NOTE:Keys or certificates you configure in this dialog box are available for all Secure Shell connections for which Public Key authentication is enabled (the default configuration). You can modify the supported authentication methods for individual clients using the Advanced Secure Shell dialog box .
From this dialog box, you can:
Generate and import user keys for public key authentication.
Import user certificates into the Reflection X Advantage key store for certificate authentication.
Configure Reflection X Advantage for user authentication with certificates in the Windows certificate store.
Configure Reflection X Advantage for user authentication with smart cards or other PKCS#11 compliant devices.
The options are:
User Key Sources
Modify this list to control which key store or stores Reflection X Advantage uses for making Secure Shell connections using the Public key authentication method.
Add or remove stores using plus (+) and (-).
The available stores are:
Reflection X Advantage Store
Use this store to authenticate with keys or certificates in the Reflection X Advantage store.
When this store is selected, you see a list of keys and/or certificates that you have added to the Reflection X Advantage database.
The following buttons are available when the Reflection X Advantage store is selected:
|
Opens the dialog box, from which you can create a new key pair to use for user authentication. The private key is added to the user key database. |
|
Opens the dialog box, from which you can add existing private keys to the user key data base. Imported keys or certificates can be in SecSH, OpenSSH, or PKCS#12 format. |
|
Exports the public key associated with the selected private key and allows you to specify a file format for the exported key. Use the exported public key to configure the Secure Shell server to authenticate with this user key. |
|
This button is available only if the selected item is an X.509 certificate. Click to view the contents of the certificate. |
|
Removes the selected key from the Reflection X Advantage store. |
Local Directory
Use this option to authenticate with keys or certificates stored locally (on the computer running X Manager or X Manager for Domains). Use
to specify the local directory. The list shows keys available in this directory.The following buttons are available when a local directory store is selected:
|
Opens the dialog box, from which you can create a new key pair to use for user authentication. The key pair is created in the local directory. |
|
Opens the dialog box, from which you can add keys or certificates that have been stored in SecSH, OpenSSH, or PKCS#12 format to the local directory. |
|
Exports the public key associated with the selected private key and allows you to specify a file format for the exported key. Use the exported public key to configure the Secure Shell server to authenticate with this user key. |
|
This button is available only if the selected item is an X.509 certificate. Click to view the contents of the certificate. |
|
Deletes the selected private key and its associated public key from the local directory. |
Windows Certificate Store
This store is available if you are running on Windows. Add this store to the list to authenticate with personal certificates in your Windows certificate store.
When this store is selected, you see a list of certificates available in your Windows Personal store. Reflection X Advantage will use these certificates for authentication.
NOTE:The certificate in the Windows store must use an RSA key pair; DSA keys are not supported.
The following button is available when the Windows certificate store is selected:
|
Click to view the contents of the certificate. |
PKCS#11 Provider
Use this store to authenticate using PKCS#11-compliant hardware devices such as smart cards or USB tokens. You can add one or more PKCS#11 stores.
Reflection X Advantage can authenticate using either the X.509 certificate in the smart card or token, or using the public key contained in the certificate. The first time you make a connection, you see two entries to authenticate with your device. The first entry is for authentication using the certificate in your device. The second entry is for standard public key authentication using the public key associated with that certificate. Authentication using the public key entry requires that your key be added to the server's list of authorized keys.
The following options are available when a PKCS#11 store is selected.
|
Specify a descriptive name to use to identify this provider. |
|
The name and location of the library file (*.dll or *.so) used by the token provider to provide access to your hardware device. This is typically installed to the Windows system folder. You may need to contact the device manufacturer to determine the correct file. |
|
Click to view the contents of a certificate on your card or token. |
NOTE:If a PIN is required, you may need to enter this value in order to see the list of certificates. |