VanDyke Software

How To


Authenticate once to multiple servers using SSH agent support

SecureCRT® supports SSH agent and SSH agent forwarding functionality.

SSH Agent
SSH agent functionality allows you to enter your passphrase to unlock your private key when making the first connection.  The agent holds your decrypted private key and authenticates additional primary connections to machines using the same public-private key pair when the connection is initiated directly from the SecureCRT client machine. To enable key agent functionality, open the Global Options dialog, select the SSH2 category, and enable the Add keys to agent option.

Note:  For macOS users, SecureCRT utilizes the built-in "ssh-agent" process for storing and accessing decrypted keys. Keep in mind that although you may have disabled the Add keys to agent option in SecureCRT's Global Options, keys may be added to the built-in ssh-agent outside of SecureCRT's control since SecureCRT uses the system's ssh-agent functionality.

For Windows users, the agent is only active when an instance of SecureCRT, SecureFX®, the Activator, or one of the command-line utilities (vsftp, vcp, or vsh) is running.

SSH Agent Forwarding
SSH agent forwarding functionality allows for public-key authentication to occur to a secondary secure shell server without the corresponding private key existing on the primary secure shell server.  The corresponding public-key file must first be in place on all servers to which public‑key authentication is desired.  However, if agent forwarding functionality is enabled the private key can exist solely on the local SecureCRT machine, with each authenticating secure shell server "forwarding" the pubic‑key verification request back up the chain to the originating key agent. For a more detailed explanation of agent and agent forwarding in relation to public‑key authentication, read the agent forwarding tip.  To enable agent forwarding functionality in SecureCRT, open the Global Options dialog, select the SSH2 category, and turn on the Enable OpenSSH agent forwarding option.

Note:   A SecureCRT user can allow/disallow participation in agent forwarding functionality on a per-session basis.  For example, if there are specific sessions for which you wish to not allow agent forwarding to take place, edit the session options for that session, browse to the SSH2 / Advanced category, and ensure that the Enable OpenSSH agent forwarding option is turned off.  If this option is not enabled, SecureCRT will refuse all agent forwarded authentication requests that come through that specific session's SSH connection.

You can read more about SSH agent and SSH agent forwarding in the SecureCRT application Help. In the SecureCRT Help index, click on Secure Connections, and then select Using the Agent.

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.