You can configure Secure Shell connections when you need secure, encrypted communications between a trusted host and your PC over an insecure network. Secure Shell connections ensure that both the client user and the host computer are authenticated; and that all data is encrypted. Passwords are never sent over the network in a clear text format as they are when you use Telnet, FTP, or rlogin.
The following cryptographic algorithms are supported:
Encryption protects the confidentiality of data in transit. This protection is accomplished by encrypting the data before it is sent using a secret key and cipher. The received data must be decrypted using the same key and cipher. The cipher used for a given session is the cipher highest in the client's order of preference that is also supported by the server. You can use the Encryption tab of the Reflection Secure Shell Settings dialog box to specify which ciphers the Secure Shell connection should use.
The following data encryption standards are supported:
Arcfour, Arcfour128, and Arcfour258 (stream mode)
TripleDES (168-bit) CBC mode
Cast (128-bit)
Blowfish (128-bit) CBC mode
AES (also known as Rijndael) (128-, 192-,or 256-bit) CBC mode and CTR mode
Data integrity ensures that data is not altered in transit. Secure Shell connections use MACs (message authentication codes) to ensure data integrity. The client and server independently compute a hash for each packet of transferred data. If the message has changed in transit, the hash values are different and the packet is rejected. The MAC used for a given session is the MAC highest in the client's order of preference that is also supported by the server. Reflection supports the following MAC standards:
hmac-sha1
hmac-md5
hmac-sha1-96
hmac-md5-96
hmac-ripemd-160
hmac-sha256
hmac-sha2-256
hmac-sha512
hmac-sha2-512
Digital signatures are used for public key authentication (including certificate authentication). The authenticating party uses the digital signature to confirm that the party being authenticated holds the correct private key. The Secure Shell client uses a digital signature to authenticate the host. The Secure Shell server uses a digital signature to authenticate the client when public key authentication is configured. Reflection supports the following digital signature algorithms:
x509v3-rsa2048-sha256
x509v3-sign-rsa
x509v3-sign-dss
ssh-rsa-sha2-256@attachmate.com
ssh-rsa
ssh-ds