Authentication Tab on Advanced Secure Shell Settings
How do I get to this dialog box?
From the Administrative Console and X Manager
(Administrative Console only) Click the Domain Definitions tab.
Under X Clients on the left, select or add a client definition.
Set Connection Method to Secure Shell.
Click the Advanced button.
Click the Authentication tab.
The options in this tab apply to Secure Shell sessions, and determine how host and user authentication are negotiated for the X client definition you are currently configuring.
|Host authentication||Specify which authentication methods Reflection X can use to authenticate the host, and in what order. In most cases, you don't need to modify the default configuration. However, if the host you are connecting to is configured to support both public key and certificate authentication and you haven't configured Reflection X to validate host certificates, you may see an error message saying "No PKI server configured".|
|To resolve this problem without configuring PKI Services Manager, clear the X.509 certificate option or move it to the bottom of the list. Secure Shell protocol allows only one attempt to authenticate the host. By forcing public key authentication first, you can authenticate to the host using its public key. X.509 certificate enables the following host authentication methods, which are attempted in this order: x509v3-rsa2048-sha256, x509v3-sign-rsa, x509v3-sign-dss. SSH Public key enables the following host authentication methods, which are attempted in this order: firstname.lastname@example.org, ssh-rsa, ssh-dss.|
|Edit Secure Shell Host Keys||Opens the Secure Shell Host Keys Dialog Box, which you can use to manage host keys and certificates. (This option is not available from the Administrative Console.)|
|User authentication||Specify one or more user authentication methods (Public key, Keyboard interactive, and Password) in order of preference. Secure Shell protocol allows multiple attempts at user authentication. Reflection X attempts the selected authentication methods in order from top to bottom until the connection is successful or all supported methods have failed.|
|Note: Public key authentication requires configuration on both Reflection X and the host.|
|Always prompt for user key during public key authentication||This setting is relevant if you have configured authentication using public keys or certificates and more than one key or certificate is available. (This option is not available from the Administrative Console.) When this setting is cleared, Reflection X displays a list of available keys only if you have not previously connected to a host. After you make a successful connection, Reflection X automatically uses the successful key or certificate for subsequent connections. When this setting is selected, Reflection X always shows the list of available keys and certificates.|
|Use certificate for X.509 authentication||This setting is relevant only if you have configured public key authentication and selected a certificate from a PKCS#11 provider as your user key. If enabled, the certificate from the PKCS#11 provider will be used for X.509 authentication. If disabled, only the user's SSH certificate public key will be used.|
|Edit Secure Shell User Keys||Opens the Secure Shell User Keys Dialog Box, which you can use to generate public/private key pairs, and to manage which keys or certificates are sent to the host for user authentication. (This option is not available from the Administrative Console.)|