Skip to content

Identity Tab

From the server console, click the Identity tab.

Use the Identity tab to configure server authentication.

Host Key

This option Does this
Private key Specifies the filename and location of the private key used to authenticate the server.
Key comment Displays comment text, which includes identifying information about the key.
SHA256 fingerprint Displays the SHA256 hash for this key. Use this value to confirm the host identity when a client displays an unknown host fingerprint using SHA256 format.
SHA1 fingerprint Displays the SHA1 hash for this key. Use this value to confirm the host identity when a client displays an unknown host fingerprint using SHA1 format.
MD5 fingerprint Displays the MD5 hash for this key. Use this value to confirm the host identity when a client displays an unknown host fingerprint using MD5 format.
Generate Opens the Generate Host Private Key dialog box, from which you can create a new host key.
Export Uses the host private key to create the associated public key. You can add the exported key to a client's trusted host store.

Info

MD5, SHA1, and SHA256 hashes can be displayed in three formats, see the Fingerprint display format table entry for more information.

Use host certificate

This option Does this
Use host certificate When this option is cleared (the default), the server always authenticates using its public key. When this option is selected, the server can authenticate using either its public key or a host certificate.
Use the local computer certificate from the Windows certificate store Select this option to use a local computer certificate from the Windows certificate store. Click Browse to select a certificate from this store. Click View to view the contents of the selected certificate. When you specify a certificate from the Windows certificate store, the setting is valid only on the current computer (or other computers with an identical certificate installed); if you copy your server configuration file to a different system, you need to reconfigure the certificate setting on that system.
Use the following certificate Select this option to authenticate using a certificate in a file available on your system. You can use this option with either a PEM or PKCS #12 file that includes both the certificate and the associated private key, or a certificate file (*.cer) and its associated private key.
Private key Specify the filename and location of a private key, or a PKCS#12 file that includes the private key. The private key used for host authentication cannot be passphrase-protected.
Certificate Specify the name and location of the certificate. If you specify a PEM file for the Private key, the same PEM file is entered automatically. If you specify a PKCS#12 file for Private key, the certificate is automatically exported, and the correct name and location are entered automatically.

If the client is not configured for certificate authentication, the server uses public key authentication, even if you have configured certificate authentication on the server.

Server version string

A two-part string sent to the client when a connection is made. The first part of the string (SSH-2.0-) consists of the SSH version supported by the server, and cannot be edited. The second portion of the string is handled as follows:

  • If you do not edit this string, the value is generated automatically, and includes the server's build number. This number is updated automatically when you upgrade your server software. This value is not saved in the configuration file.

  • If you do edit this string, the edited value is saved to your configuration file, and your edited string is not affected by subsequent software upgrades.

    Tip

    Many Secure Shell clients use the server version string to identify the server manufacturer and modify client behavior to match the server type. If you edit this string, users may encounter unexpected client functionality.

More information