Skip to content

Set Up Secure Shell (SSH) Connections

Reflection X uses Secure Shell by default for client definitions. To connect using Secure Shell, the computer running your X client must also be running a Secure Shell server. You can use installed sample definitions to get started:

To configure non-default Secure Shell settings:

How it works

Reflection X performs the following actions when it establishes a Secure Shell connection.

note

In the context of the Secure Shell protocol, Reflection X—an X server—acts as a client. The Secure Shell server resides on the same host that's running the X client application. Reflection X runs as a Secure Shell client that must authenticate the Secure Shell server, and must authenticate to this server as a client.

  1. Establish a secure connection

    Reflection X negotiates with the Secure Shell server running on the X client host. This negotiation establishes a shared key and cipher to use for session encryption, and a hash to use for data integrity checking.

  2. Authenticate the host

    The host sends identifying information to Reflection X to confirm its identity. By default, Secure Shell servers send the public key of a public/private key pair. Secure Shell servers can also be configured to use X.509 certificates for authentication. If you connect to hosts with this configuration, you can install and configure PKI Services Manager to support certificate validation.

  3. Authenticate the user

    The user sends identifying information to the Secure Shell server to confirm the user's identity. By default, this is done by entering a password or passphrase. You can also configure Reflection X to use public keys or certificates for user authentication.

  4. Forward X11 communications through a secure tunnel

    A secure tunnel is established between Reflection X and the X client host. All X11 data is sent securely through this tunnel.

More information

Back to top