Host Authentication for Secure Shell SessionsHost authentication enables Reflection X Advantage to reliably confirm the identity of the host on which an X client is running. Reflection X Advantage supports host authentication using public keys or certificates. Public Key AuthenticationBy default, Secure Shell servers use public key authentication. For this authentication, the server sends the public key of a public/private key pair to establish its identity. The first time you make a Secure Shell connection to a host, you see the Host Key Unknown dialog box because the key sent by the host is unknown to Reflection X Advantage. You can add the key to a list of trusted hosts in the Reflection X Advantage database. Once a key is added to the list, the stored key is used for subsequent authentication, which means you won't see the Host Key Unknown dialog box again when you make connections to this host. To add a new host key to the trusted host list Note: If you run Reflection X Advantage in Domain mode, the domain administrator can install a host key in the domain database and make it available to all domain users. Doing this avoids the potential confusion and security risk of having users respond to the Host Key Unknown prompt. For details, see Add a Trusted Host Key for all Domain Users. Certificate AuthenticationLike public key authentication, certificate authentication uses public/private key pairs to verify the host identity. However, with certificate authentication, public keys are contained within digital certificates. The host obtains a certificate and an associated private key from the CA. The certificate is sent to the client during the authentication process. To verify the integrity of the information coming from the host, the client must establish that the certificate is valid. Reflection X Advantage uses a utility called PKI Services Manager to perform certificate validation services. If you are connecting to X client hosts that use certificates for host authentication, you can download this free utility from the Attachmate website. | ||
|