Secure Shell User Keys Dialog Box

Public key user authentication is an optional feature of the Secure Shell protocol. Reflection X Advantage supports both standard public key authentication and certificate authentication, which is a form of public key authentication.

NOTE:Keys or certificates you configure in this dialog box are available for all Secure Shell connections for which Public Key authentication is enabled (the default configuration). You can modify the supported authentication methods for individual clients using the Advanced Secure Shell dialog box Authentication tab.

From this dialog box, you can:

  • Generate and import user keys for public key authentication.

  • Import user certificates into the Reflection X Advantage key store for certificate authentication.

  • Configure Reflection X Advantage for user authentication with certificates in the Windows certificate store.

  • Configure Reflection X Advantage for user authentication with smart cards or other PKCS#11 compliant devices.

The options are:

User Key Sources

Modify this list to control which key store or stores Reflection X Advantage uses for making Secure Shell connections using the Public key authentication method.

Add or remove stores using plus (+) and (-).

The available stores are:

Reflection X Advantage Store

Use this store to authenticate with keys or certificates in the Reflection X Advantage store.

When this store is selected, you see a list of keys and/or certificates that you have added to the Reflection X Advantage database.

The following buttons are available when the Reflection X Advantage store is selected:

Generate

Opens the Generate Key Pair dialog box, from which you can create a new key pair to use for user authentication. The private key is added to the user key database.

Import

Opens the Import User Key Pair dialog box, from which you can add existing private keys to the user key data base. Imported keys or certificates can be in SecSH, OpenSSH, or PKCS#12 format.

Export

Exports the public key associated with the selected private key and allows you to specify a file format for the exported key. Use the exported public key to configure the Secure Shell server to authenticate with this user key.

View

This button is available only if the selected item is an X.509 certificate. Click to view the contents of the certificate.

Delete

Removes the selected key from the Reflection X Advantage store.

Local Directory

Use this option to authenticate with keys or certificates stored locally (on the computer running X Manager or X Manager for Domains). Use Directory to specify the local directory. The User Keys list shows keys available in this directory.

The following buttons are available when a local directory store is selected:

Generate

Opens the Generate Key Pair dialog box, from which you can create a new key pair to use for user authentication. The key pair is created in the local directory.

Import

Opens the Import User Key Pair dialog box, from which you can add keys or certificates that have been stored in SecSH, OpenSSH, or PKCS#12 format to the local directory.

Export

Exports the public key associated with the selected private key and allows you to specify a file format for the exported key. Use the exported public key to configure the Secure Shell server to authenticate with this user key.

View

This button is available only if the selected item is an X.509 certificate. Click to view the contents of the certificate.

Delete

Deletes the selected private key and its associated public key from the local directory.

Windows Certificate Store

This store is available if you are running on Windows. Add this store to the list to authenticate with personal certificates in your Windows certificate store.

When this store is selected, you see a list of certificates available in your Windows Personal store. Reflection X Advantage will use these certificates for authentication.

NOTE:The certificate in the Windows store must use an RSA key pair; DSA keys are not supported.

The following button is available when the Windows certificate store is selected:

View Certificate

Click to view the contents of the certificate.

PKCS#11 Provider

Use this store to authenticate using PKCS#11-compliant hardware devices such as smart cards or USB tokens. You can add one or more PKCS#11 stores.

Reflection X Advantage can authenticate using either the X.509 certificate in the smart card or token, or using the public key contained in the certificate. The first time you make a connection, you see two entries to authenticate with your device. The first entry is for authentication using the certificate in your device. The second entry is for standard public key authentication using the public key associated with that certificate. Authentication using the public key entry requires that your key be added to the server's list of authorized keys.

The following options are available when a PKCS#11 store is selected.

Description

Specify a descriptive name to use to identify this provider.

Library

The name and location of the library file (*.dll or *.so) used by the token provider to provide access to your hardware device. This is typically installed to the Windows system folder. You may need to contact the device manufacturer to determine the correct file.

Slot ID

This optional setting defines the slot ID number for the PKCS#11 provider. Leave it empty to auto-select a Slot ID.

View Certificate

Click to view the contents of a certificate on your card or token.

NOTE:If a PIN is required, you may need to enter this value in order to see the list of certificates.