Entire Connection supports Telnet SSH for sessions of type Telnet VTxxx. This allows a secure connection between Entire Connection and a server. In an SSH session, all data is encrypted before it is sent to the Telnet server. Encrypted data received from the server is decrypted before it is processed.
You enable SSH by selecting the connection type SSH for your Telnet VTxxx session (see the description of the General page for Telnet VTxxx in Communication Parameters in the Overview of Object Properties).
Telnet VTxxx sessions with the connection type SSH require that the
option Return key send option is set to CR
(see the description of the
Terminal
page for VT types in Session Properties in the
Overview of Object Properties), otherwise the sessions may
not work properly. CR
is the default setting when you create new
sessions of type Telnet VTxxx. A different setting might be in effect, however,
if you change the connection type of an existing Telnet VTxxx session from
Telnet to SSH, or if you duplicate a Telnet VTxxx session; in these cases, you
have to make sure that CR
is used.
A prerequisite for using SSH is that you have a server with an SSH-enabled port. Entire Connection supports the SSH protocol version 2.0.
The following SSH authentication methods are supported:
"password" authentication
"keyboard-interactive" authentication
"publickey" authentication
Depending on your SSH host configuration, one or more authentication methods are offered from the host. The "publickey" authentication method is the preferred method. It will be used when a private key file has been specified (see the description of the Security page for Telnet VTxxx in Communication Parameters in the Overview of Object Properties).
To use the SSH "publickey" authentication method, you must have a public/private key pair. You can generate such a key pair using, for example, OpenSSH tools or PuTTY. We strongly recommend that you protect the private key file with a pass phrase. It is important that the key files have the OpenSSH format.
The private key file has to be deployed to the \Software AG\Entire Connection\certs folder of your user's local appdata folder, and the name of the private key file has to be specified on the Security page of the Telnet VTxxx communication parameters.
The content of the user's public key file has to be added to the $HOME/.ssh/authorized_keys file on the server. Make sure that the public key is one line in the authorized_keys file. It is important that the folders $HOME and $HOME/.ssh and the authorized_keys file have appropriate permission attributes. The permission attributes 700 for the folders and 400 for the file seem to work on most servers.
The authentication methods "password" and "keyboard-interactive" are used in this order if offered by the server and if the "publickey" authentication method does not get preference because you have entered the name of a private key file on the Security page of the Telnet VTxxx communication parameters. If you want to disable authentication methods, see the other options on the Security page.