Skip to content

Host Authentication (Secure Shell Settings)

Use the Host Authentication section to manage the keys that authenticate the host to the client session. Use this section to view the list of trusted hosts, add or delete host keys, and specify how the client will handle unknown hosts.

Host authentication enables the Secure Shell client to reliably confirm the identity of the Secure Shell server. This authentication is done using public key authentication. If the host public key has not previously been installed on the client, the first time you attempt to connect you see a message indicating that this is an unknown host. This message includes a fingerprint that identifies the host. To be sure that this is actually your host, you should contact the host system administrator who can confirm that this is the correct fingerprint. Until you know that the host is actually your host, you are at risk of a "man-in-the-middle" attack, in which another server poses as your host. If you select Always in response to this prompt, the host is added to the Trusted Host Keys list. To avoid the need to contact the host administrator, you can add host keys to the Trusted Host Keys list before the first connection.

The options are:

Host Keys Specifies how Reflection should handle host key checking when connecting to an unknown host. The options are:
  • Ask User (default)
    Display the Host Key Authenticity confirmation dialog box when you connect to an unknown host.
  • Yes (most secure)
    The connection is refused if the host is not a trusted host. Before you can connect, you must add the host key to your list of trusted host keys.
  • No (least secure)
    No host key checking is done. The connection is made without displaying a confirmation dialog box. The host key is not added to the list of trusted keys.
Prefer SSH keys over certificates Specifies the order of preference for host key algorithms. When this setting is unselected (the default), Reflection requests host certificates before host keys. When this setting is selected, Reflection requests host keys before host certificates.

This setting is useful when the server is configured for both certificate and standard host key authentication. SSH protocol allows only one attempt to authenticate the host. If the host presents a certificate, and the client is not configured for host authentication using certificates, the connection fails. (This is different from user authentication, in which multiple authentication attempts are supported.)
Trusted Host Keys Displays a list of trusted hosts for the current Windows user. You can modify the contents of this list using Import and Delete.

By default, when you attempt a connection to a host that is not on this list, you are asked if you want to trust the new host key. If you select Always in response to this prompt, the host is added to the Trusted Host Keys list.

Use the Import button to import host keys. To delete from the Trusted Host Keys list hover over the desired host key and select the Delete button.
Global Host Keys (read only) Displays a list of trusted host keys that are available to all users of the computer. Items on this list can be viewed but not edited.

System administrators can modify the Global Host Keys list using the global .The Known Hosts File.