6.4.3 Connect using Secure Shell (SSH)

You can configure Secure Shell connections when you need secure, encrypted communications between a trusted host and your PC over an insecure network. Secure Shell connections ensure that both the client user and the host computer are authenticated; and that all data is encrypted. Passwords are never sent over the network in a clear text format as they are when you use Telnet, FTP, or rlogin. You can use this procedure to connect securely to UNIX and Linux hosts.

NOTE:Secure Shell connections are available for VT terminal sessions.

Before you start

By default, Secure Shell connections use public key authentication for the host and username/password authentication for the user. To configure a connection using these defaults, you need to make sure your system has a Secure Shell server or servers and that you know the following information:

  • The host name.

  • The User name and password.

  • The port used by the Secure Shell server (the default is 22).

To configure a secure terminal session using Secure Shell (SSH)

  1. From the Create New Document dialog box, select the VT Terminal template and click Create.

  2. In the Create New dialog box, under Connection:

    • Select Secure Shell.

      The Port value changes to 22, which is the standard port for Secure Shell connections. If you need to connect to a different port, select Configure additional settings, or use the procedure below to change the default Secure Shell settings.

    • (Optional) Enter the Host name/IP address. If you omit this, you will be prompted for a host name when you connect.

    • (Optional) Enter your User name. If you omit this, you will be prompted for a user name when you connect.

  3. Click OK.

  4. The first time you connect, you are prompted to verify the host hey authenticity. Verify the host key fingerprint and select Always.

    NOTE:Host authentication (performed with public key authentication) enables the Secure Shell client to reliably confirm the identity of the Secure Shell server. If the host public key is not installed on the client, the host fingerprint is displayed and users are prompted to contact the system administrator to verify the fingerprint. This confirmation prevents risk of a "man-in-the-middle" attack, in which another server poses as the host. After the host key is added to the client, Micro Focus Reflection Desktop can authenticate the server without requiring user confirmation, and the unknown host prompt does not appear again. The key is saved in a file called known_hosts, which is created in the folder %userprofile%\Documents\Micro Focus\Reflection\.ssh.

  5. When prompted, enter your password.

  6. Click the Save button on the Quick Access toolbar and save the session document.

    The file is saved in [PersonalFolder]\Micro Focus\Reflection\.

To configure username and password prompts to appear in the terminal window

  1. Open a session that you have configured to use Secure Shell. Disconnect if you are connected.

  2. Under Host Connection, click Configure Connection Settings.

  3. Under Connection Options, select Handle SSH user authentication in terminal window.

To configure non-default Secure Shell settings

  1. Open a session that you have configured to use Secure Shell. Disconnect if you are connected.

  2. Under Host Connection, click Set up Connection Security.

  3. In the Secure Shell Settings dialog box, configure any non-default settings and then click OK.


  • When you click OK, changes to the default settings are saved in the Secure Shell configfile in [PersonalFolder]\Micro Focus\Reflection\.ssh

  • If you want to deploy the session to all users of a computer, first rename the config file to ssh_config and the known_hosts file to ssh_known_hosts.