SSH and SSL Security

Enable Secure Connection
Enable this option to encrypt terminal emulation sessions and provide protection from eavesdropping, tampering, or message forgery over TCP/IP. There are two types of secure connections available: SSH (Secure Shell) and SSL (Secure Sockets Layer).

• SSH
  SSH (Secure Shell) security is available for VT, SCO ANSI and Wyse-60 sessions. When using SSH typically TCP port 22 is used instead of 23.

• SSL
  SSL (Secure Sockets Layer) is available for TN3270, TN5250, VT, SCO ANSI and Wyse-60 sessions. When using SSL for TN3270 typically TCP port 992 is used instead of 23, but may be configured to any TCP port desired.

SSH SECURITY CONFIGURATION

Preferred Protocol Version
Specifies which version of the SSH protocol is used when a host connection is established. Two versions are available: SSH-1 and SSH-2. SSH-2 is a newer, more secure implementation and is the default setting.  With this setting PASSPORT will first attempt to connect using SSH-2 and will try SSH-1 if the server does not support SSH-2. Selecting SSH-2 Only or SSH-1 Only will force the connection to this version of the protocol.

Enable Compression
This enables data compression for the SSH connection. With this option enabled, data sent by the server is compressed before sending, and decompressed at the client end. Likewise, data sent to the server is compressed first and the server decompresses it at the other end. This can help with low-bandwidth connections. 

Username
The username to be sent to the SSH server can be entered or left blank. If left blank the user is required to type this parameter each time host session is established. For security reasons, passwords cannot be saved and must always be typed by the user.

Private Key File for Authentication
Enter the path to the private key file, or locate it using the Browse button.

When SSH security is enabled, the text "SSH" appears in positions 5-7 of the OIA line.

SSL SECURITY CONFIGURATION

Negotiate via Telnet
Enable to configure PASSPORT to negotiate Transport Layer Security (TLS) through Telnet. To enable PASSPORT to request SSL/TLS immediately without Telnet negotiation, disable the Negotiate via Telnet option.

Accept Self-Signed Certificates
Enable to accept a self-signed server certificate.

Accept Expired Certificates
Enable to accept a server certificate that has expired.

Accept Not Yet Valid Certificates
Enable to accept a server certificate that has a starting date in the future.

Accept Invalid Certificates
Enable to accept if the server certificate is invalid for any reason other than the date or signature. With this option enabled, the server certificate check will be ignored.

Accept Host Name Mismatch
Enable to accept SSL certificates that have mismatched names. Host names may be either an IP address or a DNS name. In order for host names to match both must be either IP addresses or DNS names.

Action if Certificate Not Accepted
This option determines how PASSPORT will respond to any items above that are unchecked. The items above that are checked will ignore this option and allow the certificate. Choose one of the following:

• Ignore Warning and Connect

• Prompt for User Action

• Do Not Connect

When SSL security is enabled, the text "SSL" appears in positions 5-7 of the OIA line and a padlock will display on the status bar. Double-clicking the padlock will display the certificate information on the server the session is currently connected to.

Enable Client Authentication
If enabled, an SSL client certificate will be used to establish an SSL connection with the host. A certificate must be specified in order to use this option.

Certificate to use from "My" store:
Select the SSL certificate to use. In order to use your own SSL client certificate, it must first be imported to the Microsoft Windows "Personal" Certificate Store.