action.skip

Secure Shell User Keys Dialog Box

How do I get to this dialog box?

From X Manager

  • From the Tools menu, click Secure Shell User Keys.

Public key user authentication is an optional feature of the Secure Shell protocol. Reflection X supports both standard public key authentication and certificate authentication, which is a form of public key authentication.

note

Keys or certificates you configure in this dialog box are available for all Secure Shell connections for which Public Key authentication is enabled (the default configuration). You can modify the supported authentication methods for individual clients using the Advanced Secure Shell dialog box Authentication tab.

From this dialog box, you can:

  • Generate and import user keys for public key authentication.

  • Import user certificates into the Reflection X key store for certificate authentication.

  • Configure Reflection X for user authentication with certificates in the Windows certificate store.

  • Configure Reflection X for user authentication with smart cards or other PKCS#11 compliant devices.

Descriptions of the list that controls which key stores are used and the available stores are shown below.

User Key Sources

Modify this list to control which key store or stores Reflection X uses for making Secure Shell connections using the Public key authentication method.

Add or remove stores using plus (+) and (-).

Reflection X Store

Use this store to authenticate with keys or certificates in the Reflection X store.

When this store is selected, you see a list of keys and/or certificates that you have added to the Reflection X database.

The following buttons are available when the Reflection X store is selected:

Generate Opens the Generate Key Pair dialog box, from which you can create a new key pair to use for user authentication. The private key is added to the user key database.
Import Opens the Import User Key Pair dialog box, from which you can add existing private keys to the user key data base. Imported keys or certificates can be in SecSH, OpenSSH, or PKCS#12 format.
Export Exports the public key associated with the selected private key and allows you to specify a file format for the exported key. Use the exported public key to configure the Secure Shell server to authenticate with this user key.
View This button is available only if the selected item is an X.509 certificate. Click to view the contents of the certificate.
Delete Removes the selected key from the Reflection X store.

Local Directory

Use this option to authenticate with keys or certificates stored locally (on the computer running X Manager or X Manager for Domains). Use Directory to specify the local directory. The User Keys list shows keys available in this directory.

The following buttons are available when a local directory store is selected:

Generate Opens the Generate Key Pair dialog box, from which you can create a new key pair to use for user authentication. The key pair is created in the local directory.
Import Opens the Import User Key Pair dialog box, from which you can add keys or certificates that have been stored in SecSH, OpenSSH, or PKCS#12 format to the local directory.
Export Exports the public key associated with the selected private key and allows you to specify a file format for the exported key. Use the exported public key to configure the Secure Shell server to authenticate with this user key.
View This button is available only if the selected item is an X.509 certificate. Click to view the contents of the certificate.
Delete Deletes the selected private key and its associated public key from the local directory.

Windows Certificate Store

This store is available if you are running on Windows. Add this store to the list to authenticate with personal certificates in your Windows certificate store.

When this store is selected, you see a list of certificates available in your Windows Personal store. Reflection X will use these certificates for authentication.

note

The certificate in the Windows store must use an RSA key pair; DSA keys are not supported.

The following button is available when the Windows certificate store is selected:

View Certificate Click to view the contents of the certificate.

PKCS#11 Provider

Use this store to authenticate using PKCS#11-compliant hardware devices such as smart cards or USB tokens. You can add one or more PKCS#11 stores.

Reflection X can authenticate using either the X.509 certificate in the smart card or token, or using the public key contained in the certificate. The first time you make a connection, you see two entries to authenticate with your device. The first entry is for authentication using the certificate in your device. The second entry is for standard public key authentication using the public key associated with that certificate. Authentication using the public key entry requires that your key be added to the server's list of authorized keys.

The following options are available when a PKCS#11 store is selected.

Description Specify a descriptive name to use to identify this provider
Library The name and location of the library file (.dll or .so) used by the token provider to provide access to your hardware device. This is typically installed to the Windows system folder. You may need to contact the device manufacturer to determine the correct file.
Slot ID This optional setting defines the slot ID number for the PKCS#11 provider. Leave it empty to auto-select a Slot ID.
View Certificate Click to view the contents of a certificate on your card or token.

note

If a PIN is required, you may need to enter this value in order to see the list of certificates.

More information