Connection Settings

Connectivity Secure Shell

Connection Settings


Host Name—Specify a new IP address or fully qualified domain name of a Secure Shell server host to which you want the tunnel to connect. Every time you specify a new host, the previous host is added to the drop-down list so that you can select it again at a later time. The User Name and TCP Port values are not saved with the selected host. That is, if these values differ depending on the host, you must change them accordingly after you select a new host from the list. Consider creating a separate tunnel profile for each host.

User Name—Specify your login name for the host specified above. This name is used for authentication.

TCP Port—Specify the host port to which the tunnel will connect. The default port is 22.


Default Window Size—Specify the amount of data that can be transferred before acknowledgement is required. The Connectivity Secure Shell engine must acknowledge receipt once the specified amount of data is transferred. The smaller the window size, the more acknowledgement is required.

Maximum Packet Size (KB)—Specify the maximum size of transferred packets. Generally speaking, smaller maximum packet sizes can increase system responsiveness. Larger maximum packet sizes are more suited for large file transfers, such as FTP.

Initial Buffer Allocation (KB)—Specify the initial size of the internal buffer allocations. Change this setting if recommended by Hummingbird Technical Support.

Connection Timeout (Seconds)—Specify the amount of time that Connectivity Secure Shell will wait for a host response before terminating a connection attempt. Increase this value if a host is slow to respond, or if the network is slow.

Protocol Keepalive Interval (Seconds)—If the server uses a heartbeat function to test sockets for inactivity, socket connections can be disconnected. This setting lets you specify the amount of time after connecting that Connectivity Secure Shell waits before sending an SSH2_MSG_IGNORE packet with a random amount of data to keep sockets active. You may also use this option to confound attempts at traffic analysis, a method used to deduce information that is helpful in connection attacks.

Level of Outbound Compression—Specify the degree of compression for outbound data. A value of 0 indicates no compression, and 9 indicates the highest level of compression.

Enable Socket Keepalive—Enable this option to allow the server to disconnect in the event that the connection fails. The applicability of this option is dependent on whether or not a keepalive mechanism is enabled on the server.

Enable Nagle Algorithm—This option is selected by default for telnet and most other applications. When using X-Windows through Secure Shell, however, you may experience better performance with the Nagle Algorithm disabled.

  If this option is cleared, Connectivity Secure Shell enables the TCP_NODELAY option in the TCP/IP protocol stack.

Prompt for Banner Message—Clear this option to disable the automatic display of the host’s banner message when you connect. If you enable this option, banner messages will be displayed if sent by the host.

  In cases where one machine serves as the SFTP proxy server for a number of other machines on the local area network, banners from various hosts accumulate on the server machine. (One banner is posted per new connection.) To avoid this, FTP clients should use tunnel profiles in which the Prompt for Banner Message option is turned off.

Server Key Action

Host authentication with Secure Shell is performed by distributing and storing keys when a host is first accessed. For each subsequent connection attempt, the keys are compared to ensure that they match.

You can configure the action to be taken when a host sends an unidentifiable public key to Connectivity Secure Shell for authentication:

  • If the host address/port number entry is not found in the server key, then Connectivity Secure Shell performs the action that you specify in the New Server Key Action drop-down list.
  • If the host address/port number entry is found, but the public key no longer matches (has changed), then Connectivity Secure Shell performs the action that you specify in the Changed Server Key Action drop-down list.

    Tip:  Beware of changed keys as they may signal a potential security breach.

Select one of the following options in each drop-down list:

  • Prompt—The user is prompted with the following choices. This option is the default.
  • Add (Replace) Key and Connect—The key is added or replaced and the connection continues. If this is selected, the user is not notified.
  • Do Not Add (Replace) Key and Connect—No change is made to the key database and the connection continues. If this is selected, the user is not notified.
  • Deny Connection—The connection fails. The user is not notified.
      In all of the above cases, if logging is turned on, all actions are logged.


Generate trace files if recommended by Hummingbird Technical Support. Tracing generates large files and adds significant overhead to the communication process, which can increase the memory requirements. In some cases, traces can cause connections to work incorrectly with default timeout values. You can choose the following trace levels:

Tip:  For information on timeout values, see Advanced.

  • Basic—Select to log only major events such as connection, disconnection, errors. This option has the least impact on performance.
  • Detail—Select to log all important actions and events with a high level of detail. The data traffic itself is not logged.
  • Verbose—Select to perform a trace that includes all the elements of a Detail trace, plus all of the packets read and written from the network. This trace lets you view encrypted as well as plaintext packet contents so that you can match up trace events with protocol analyzer output.
      The output of a Verbose trace can easily reach hundreds of megabytes. This trace can have a significant impact on performance.