Show Contents / Index / Search
User Keys Tab (Secure Shell Settings)

Getting there

The User Keys tab provides tools for creating and managing the keys that authenticate your client session to the host when you establish a Secure Shell connection using public key authentication.

Reflection maintains a list of available user keys. To specify which key(s) you want Reflection to use for authentication to the current host, select or clear the check boxes in the Use column. The list of keys you select for use is saved for the currently specified SSH configuration scheme.

The list of keys includes:

  • Keys you have created using the User Key Generation dialog box.
  • Keys you have added using the Import button.
  • Keys you have copied manually to the Reflection Secure Shell folder.
  • Keys in the Reflection Key Agent.
  • User and Authentication Agent keys copied during migration of F-Secure settings to Reflection.
  • Certificates in the Windows Certificate Manager in your personal store.
  • Certificates in the Reflection Certificate Manager in your personal store.

The following key management tools are also available:


Generate Key

Opens the User Key Generation dialog box, which you can use to configure a public/private key pair for user key authentication.


Change Passphrase

Change the passphrase used to protect the selected key.


Launch Key Agent

Launches the Reflection Key Agent.



Add a private key to the list of available keys. You can use this feature to provide easy access within Reflection to keys created using other applications. Importing a key copies it to the Reflection Secure Shell folder.



Export a public key, or public/private key pair.


Add to Agent

Adds the selected key to the Reflection Key Agent. If you have not yet started the Key Agent for the first time, or if the Key Agent is locked, you will be prompted to enter the Key Agent passphrase. In addition, you will be prompted to enter the private key's passphrase before the key can be added to the agent.



Upload a public key to the currently specified host.



Deletes the selected key.



Displays the contents of the selected key or certificate.


Allow Agent Forwarding

Enables forwarding of the Reflection Key Agent connection. Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's Unix-domain socket) can access the local agent through the forwarded connection. Attackers cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent.