Public Key Properties Dialog

SecureCRT


The Public Key Properties dialog can be accessed by clicking on the Properties button in the Authentication group of the Connection/SSH1 or SSH2 category of the Session Options dialog. This dialog is not available when the session A session is a set of options that are assigned to a connection to a remote machine. These settings and options are saved under a session name and allow the user to have different preferences for different hosts. is connected .

Use global public key setting/Use session public key setting

Select whether SecureCRT should use the global identity file Identity files are two files containing the public-private key pair used to connect to an SSH server using RSA or DSA authentication. The Identity file contains the public and private key pair and is used by SecureCRT. The Identity.pub file contains only the public key which is usually appended to the authorized_keys file. or a specified session identity file as your method of authentication for this session. Your choice will determine the options available in the group below.

Global/Session settings group

Use identity or certificate file

Selecting this option instructs SecureCRT to use the specified identity or PKCS #12 file as your method of authentication. For more information on configuring your system to use identity files, see Public-Key Authentication for SSH1 or Public-Key Authentication for SSH2.

SecureCRT also supports accessing X.509 certificates through PKCS #11 An API defining a generic interface to cryptographic tokens. . The locator prefix (e.g., “pkcs11::”) and suffix (e.g., “::standard”) specify which public-key algorithm to use. To use this feature, enter a string similar to one of the following examples but pointing to your PKCS #11 .dll file in the text box:

pkcs11::prov=c:\windows\system32\opensc-pkcs11.dll

pkcs11::prov=c:\windows\system32\pkcs11.dll::cert

The above examples use the x509v3-sign-rsa algorithm.

pkcs11::prov=c:\windows\system32\opensc-pkcs11.dll::standard

The above example uses the x509v3-sign-rsa-sha1 algorithm.

pkcs11key::prov=c:\windows\system32\pkcs11.dll

The above example uses the ssh-rsa algorithm, which can be used to send the certificate as a raw key.

To use an Amazon EC2 "key pair" with SecureCRT, specify the private key file of the key pair generated by Amazon as the identity or certificate file. This file typically has a .pem extension.

Fingerprint

This entry box will be filled in automatically when an identity file is entered above.

Create Identity File

Press this button to start the Key Generation wizard and create identity files which contain your public-private key pair A pair of keys used with RSA or DSA authentication. The public key is usually kept in a file named Identity.pub, which is then transferred to the remote SSH server and appended to the user's authorized_keys file. Another file usually named identity contains both the public key and the corresponding private key. This file is kept on the local machine and is used by SecureCRT with public key or RSA authentication methods. .

Note: SecureCRT to supports both DSA and RSA key types.

Upload

Press this button to open the Upload Public Key dialog and upload the specified identity file to the server A computer program that provides services to other computer programs (called clients). Often the computer on which a server program runs is also called a server. The term host is often used as a synonym for server. configured for this session.

Public keys are uploaded using the public-key assistant. Uploads are only available on servers that support the public-key assistant (such as VanDyke Software's VShell® server 2.1 or newer).

Change Passphrase

Press this button to change the passphrase A password used to protect a private key from unauthorized use. It is recommended that a passphrase be assigned to all private keys to prevent unauthorized use, especially in environments where multiple individuals have access to the machine on which the private key files are stored. When using public-key authentication, a private key with an assigned passphrase will not be available if the correct passphrase is not supplied during the authentication process. for your identity file.

Use personal store certificate (CAPI)

Selecting this option instructs SecureCRT to use X.509 certificates from your Microsoft CAPI personal store as your method of authentication. For more information on X.509 certificates, see Using X.509 Certificates .