Host authentication enables Reflection X Advantage to reliably confirm the identity of the host on which an X client is running. Reflection X Advantage supports host authentication using public keys or certificates.
By default, Secure Shell servers use public key authentication. For this authentication, the server sends the public key of a public/private key pair to establish its identity. The first time you make a Secure Shell connection to a host, you see the Host Key Unknown dialog box because the key sent by the host is unknown to Reflection X Advantage. You can add the key to a list of trusted hosts in the Reflection X Advantage database. Once a key is added to the list, the stored key is used for subsequent authentication, which means you won't see the dialog box again when you make connections to this host.
To add a new host key to the trusted host list
Manually import the host key using the . dialog box
In response to a . prompt, click
NOTE:If you run Reflection X Advantage in Domain mode, the domain administrator can install a host key in the domain database and make it available to all domain users. Doing this avoids the potential confusion and security risk of having users respond to the Add a Trusted Host Key for all Domain Users.prompt. For details, see
Like public key authentication, certificate authentication uses public/private key pairs to verify the host identity. However, with certificate authentication, public keys are contained within digital certificates. The host obtains a certificate and an associated private key from a Certificate Authority (CA). The certificate is sent to the client during the authentication process. To verify the integrity of the information coming from the host, the client must establish that the certificate is valid. Reflection X Advantage uses a utility called PKI Services Manager to perform certificate validation services. If you are connecting to X client hosts that use certificates for host authentication, you can download this free utility from the Micro Focus website.