Accessing SSH Hosts using SecureCRT

The following steps will enable X.509 SSH certificate support for logging into Smallstep SSH hosts on SecureCRT for MacOS.

SecureCRT has support for using X.509 certificates. (read)

SecureCRT users have reported having trouble getting SSH certificates to work on Windows 10/11. The following instructions are confirmed for MacOS.

  • First, set up a client desktop for Smallstep in accordance with our client quickstart guide. Be sure to run `step ssh login` to make sure you have renewed certificates.
  • Next, perform the following configuration in SecureCRT for each host you wish to connect to.
  • Create a new Session in Session Manager and edit the properties as follows
    • Hostname (IP or hostname)
    • Username (the Smallstep user you'd be logging in as)

  • Authentication Configuration
    • Uncheck all Authentication options except for PublicKey
    • Highlight PublicKey and click the gear icon to configure its properties for certificates
    • Navigate to the identity_key file found in the end-user's home directory under the hidden USER_HOME_DIR/.step/identity/ directory.
    • Make sure no other properties are checked as shown below and click OK to save your changes.
  • SSH2 Configuration for host key algorithms
    • Under the SSH2 --> Host Key session options, be sure to enable the algorithm labeled as, `ecdsa-sha2-nistp256`
    • Save your changes and attempt to connect to the server from the session manager.