Advanced VT SSH Options


You can configure the following options in the Advanced VT SSH dialog box:

User authentication Click in the box next to any authentication method to clear or enable that method. You must select at least one authentication method. You can use the arrows to specify your order of preference. Host Integrator attempts each method in order, starting from the top.
Cipher list Use this list to specify the ciphers you want to allow for connections to the current host. When more than one cipher is selected, the SSH client attempts to use ciphers in the order you specify, starting from the top. To change the order, select a cipher from the list, then click the up or down arrow. The cipher used for a given session is the first item in this list that is also supported by the server.
HMAC list Specifies the HMAC (hashed message authentication code) methods you want to allow. This hash is used to verify the integrity of all data packets exchanged with the server. When more than one HMAC is selected, the SSH client attempts to negotiate an MAC with the server in the order you specify, starting from the top. To change the order, select an HMAC from the list, then click the up or down arrow.
Key exchange algorithms Specifies which key exchange algorithms the client supports, and the order of preference. In some cases, you may need to change the order of the key exchange algorithms to put DH Group14 SHA1 ahead of the other values. This is required if you want use the hmac-sha512 HMAC, or if you see the following error during key exchange: "Unable to exchange encryption keys."
Hostkey algorithms Specifies the hash algorithm the client uses in the process of proving possession of the private key. This hash is used during public key user authentication. Use RSA to specify the hash used with RSA keys and DSS to specify the hash used with DSA keys.
Keep alive When Keep Alive is selected, Host Integrator sends NOOP messages to the server through the secure tunnel at the specified interval. Use this setting to maintain the connection to the server. Use Interval in seconds to specify how frequently server alive messages are sent. If this setting is not enabled, the SSH connection will not terminate if the server dies or the network connection is lost.

The SSH Keep Alive setting is not related to the TCP keep alive setting that can be set in the Windows registry to keep all TCP/IP connections from being timed out by a firewall. To change the TCP/IP keep alive behavior, you need to edit the Windows registry.

Only show FIPS validated values Select this to filter the Cipher and HMAC lists to show only FIPS validated values. SSH only uses the values you configure. If you choose a non-FIPS value while running in FIPS mode an error message asking to you to specify a valid cipher displays.

Federal Information Processing Standards (FIPS) are guidelines established by the United States government to standardize computer systems. To use FIPS 140-2 validated encryption, in a Windows environment, you must first define an environment variable, VHI_FIPS = 1.

Enable compression When Enable compression is selected, the client requests compression of all data. Compression is desirable on modem lines and other slow connections, but will only slow down response rate on fast networks.

 

Related Topics
Bullet Configuring a VT session
Bullet SSH Authentication Options
Bullet Using SSH: Overview