Show Contents / Index / Search

Identity Tab

Getting there

Use the Identity tab to configure server authentication.

Caution: Changes to host key and certificate configuration do not take effect until you restart the server. If you are replacing a compromised key, you should restart the server immediately after configuring a new key.

Host Key

 

Private key

Specifies the file name and location of the private key used to authenticate the server.

 

Key comment

Displays comment text, which includes identifying information about the key.

 

SHA1 fingerprint

Displays the SHA1 hash for this key. Use this value to confirm the host identity when a client displays an unknown host fingerprint using SHA1 (also called Bubble Babble) format.

 

MD5 fingerprint

Displays the MD5 hash for this key. This is the hexadecimal value of the public key. Use this value to confirm the host identity when a client displays an unknown host fingerprint using MD5 format.

 

Generate

Opens the Generate Host Private Key dialog box, from which you can create a new host key.

 

Export

Uses the host private key to create the associated public key. You can add the exported key to a client's trusted host store.

Host certificate

 

Use the local computer certificate from the Windows certificate store

Select this option to use the local computer certificate from the Windows certificate store. To view and manage this certificate, use the Microsoft Management Console. The server uses the certificate located under Certificates (Local Computer) > Personal > Certificates.

Note: The certificate in the Windows store must be configured to allow export of the private key.

 

Use the following certificate

Select this option to authenticate using a certificate in a file available on your system. You can use this option with either of the following:

 

 

  • A PKCS #12 file (*.pfx or *.p12) that includes both the certificate and the associated private key.
    -or-
  • A certificate file (*.cer) and its associated private key.

 

Private key

Specify the file name and location of a private key, or a PKCS#12 file that includes the private key.

 

 

Note: The private key used for host authentication cannot be passphrase-protected.

 

Certificate

Specify the name and location of the certificate.

 

 

Notes:

  • If you specify a PKCS#12 file for Private key, the certificate is automatically exported, and the correct name and location are entered automatically.
  • If the client is not configured for certificate authentication, the server uses public key authentication, even if you have configured certificate authentication on the server.

 

Server version string

 

Server version string

A two-part string sent to the client when a connection is made.

Two-part server version string

The first part of the string (SSH-2.0-) consists of the SSH version supported by the server, and cannot be edited.

The second portion of the string is handled as follows:

 

 

If you

This occurs

 

 

Do not edit this string

The value is generated automatically, and includes the server's build number. This number will be updated automatically when you upgrade your server software.

 

 

 

Note: This value is not saved in the configuration file.

 

 

Edit this string

The edited value is saved to your configuration file, and your edited string is not affected by subsequent software upgrades.

 

 

Note: Many Secure Shell clients use the server version string to identify the server manufacturer and modify client behavior to match the server type. If you edit this string, users may encounter unexpected client functionality.

Related Topics

Server Authentication

Configure Public Key Host Authentication

Configure Certificate Server Authentication