If your SSH2 server environment is properly configured for X.509 smartcard certificate authentication, then you can configure SecureCRT/SecureFX to authenticate using 2FA certificates on your smartcard.
Here are the general steps you would take to configure SecureCRT/SecureFX for Windows to accomplish authentication using your smartcard:
Once you have made the above changes to SecureCRT's Global Options, you are now prepared to set up a session to use smartcard authentication.
If you want to use the selected certificate for all or most of your connections, edit the Default session to use the global public key configuration you've just configured above:
As configured above, SecureCRT/SecureFX do not cache your smartcard PIN. The first time you authenticate with a certificate on your smartcard, you will be prompted for the PIN by MS CAPI or your smartcard's middleware provider. If subsequently you are not prompted for your PIN when authenticating with the smartcard, it is because your PIN has been cached by your smartcard's middleware. Consult your smartcard middleware documentation on how to disable PIN caching.
In some cases, an individual may desire to use the certificate's private key from their smartcard to authenticate to a remote SSH2 host that does not support certificate authentication as per RFC 6187, but the remote host does support standard/raw SSH2 public-key authentication. You can achieve raw SSH2 public-key authentication with the private key on your smartcard if you modify the corresponding saved session in SecureCRT to enable the Use certificate as raw SSH2 key option.
To extract the public key (.pub) file needed to configure the remote SSH2 server to accept your key for authentication, press the [Export Public Key...] button. Then follow the instructions for the specific SSH2 server on the remote host as to how to apply that public key for use by your user account on the remote host.
There is an administrative option that can be applied via Group Policy that will force connections to be disconnected when a smartcard is removed. For more information about this GPO policy as it can be applied to VanDyke Software clients such as SecureCRT and SecureFX, please contact .
Here you can control cookies using the checkboxes below. Some cookies are essential for the use of our website and cannot be disabled. Others provide a convenience to the user and, if disabled, may reduce the ease of use of our site. Finally, some cookies provide anonymous analytic tracking data that help us provide the user with a richer browsing experience. You can elect to disable these cookies as well.