Separate ssh tunnel params from ssh connection params

11 files changed, 364 insertions, 363 deletions

diff --git a/src/remmina_applet_menu_item.c b/src/remmina_applet_menu_item.c
index 85477c533..546f12b16 100644
--- a/src/remmina_applet_menu_item.c
+++ b/src/remmina_applet_menu_item.c
@@ -69,7 +69,7 @@ static void remmina_applet_menu_item_init(RemminaAppletMenuItem* item)
 	item->group = NULL;
 	item->protocol = NULL;
 	item->server = NULL;
-	item->ssh_enabled = FALSE;
+	item->ssh_tunnel_enabled = FALSE;
 	g_signal_connect(G_OBJECT(item), "destroy", G_CALLBACK(remmina_applet_menu_item_destroy), NULL);
 }
 
@@ -104,7 +104,7 @@ GtkWidget* remmina_applet_menu_item_new(RemminaAppletMenuItemType item_type, ...
 		item->group = g_key_file_get_string(gkeyfile, "remmina", "group", NULL);
 		item->protocol = g_key_file_get_string(gkeyfile, "remmina", "protocol", NULL);
 		item->server = g_key_file_get_string(gkeyfile, "remmina", "server", NULL);
-		item->ssh_enabled = g_key_file_get_boolean(gkeyfile, "remmina", "ssh_enabled", NULL);
+		item->ssh_tunnel_enabled = g_key_file_get_boolean(gkeyfile, "remmina", "ssh_tunnel_enabled", NULL);
 
 		g_key_file_free(gkeyfile);
 
diff --git a/src/remmina_applet_menu_item.h b/src/remmina_applet_menu_item.h
index 1a1a1fbfe..09424a077 100644
--- a/src/remmina_applet_menu_item.h
+++ b/src/remmina_applet_menu_item.h
@@ -57,7 +57,7 @@ typedef struct _RemminaAppletMenuItem {
 	gchar *				group;
 	gchar *				protocol;
 	gchar *				server;
-	gboolean			ssh_enabled;
+	gboolean			ssh_tunnel_enabled;
 } RemminaAppletMenuItem;
 
 typedef struct _RemminaAppletMenuItemClass {
diff --git a/src/remmina_file.c b/src/remmina_file.c
index 2f602b2a5..a37f445e6 100644
--- a/src/remmina_file.c
+++ b/src/remmina_file.c
@@ -66,6 +66,8 @@
 #define MIN_WINDOW_WIDTH 10
 #define MIN_WINDOW_HEIGHT 10
 
+#define KEYFILE_GROUP_REMMINA "remmina"
+
 static struct timespec times[2];
 
 static RemminaFile *
@@ -233,6 +235,87 @@ const RemminaProtocolSetting *find_protocol_setting(const gchar *name, RemminaPr
 	return NULL;
 }
 
+
+static void upgrade_sshkeys_202001_mig_common_setting(RemminaFile *remminafile, gboolean protocol_is_ssh, gboolean ssh_enabled, gchar *suffix)
+{
+	gchar *src_key;
+	gchar *dst_key;
+	const gchar *val;
+
+	src_key = g_strdup_printf("ssh_%s", suffix);
+	dst_key = g_strdup_printf("ssh_tunnel_%s", suffix);
+
+	val = remmina_file_get_string(remminafile, src_key);
+	if (!val) {
+		g_free(dst_key);
+		g_free(src_key);
+		return;
+	}
+
+	if (ssh_enabled && val && val[0] != 0)
+		remmina_file_set_string(remminafile, dst_key, val);
+
+	if (!protocol_is_ssh)
+		remmina_file_remove_key(remminafile, src_key);
+
+	g_free(dst_key);
+	g_free(src_key);
+}
+
+static void upgrade_sshkeys_202001(RemminaFile *remminafile)
+{
+	TRACE_CALL(__func__);
+
+	gboolean protocol_is_ssh;
+	gboolean ssh_enabled;
+	const gchar *val;
+
+	if (remmina_file_get_string(remminafile, "ssh_enabled")) {
+
+		/* Upgrade ssh params from remmina pre 1.4 */
+
+		ssh_enabled = remmina_file_get_int(remminafile, "ssh_enabled", 0);
+		val = remmina_file_get_string(remminafile, "protocol");
+		protocol_is_ssh = (strcmp(val, "SSH") == 0);
+
+		upgrade_sshkeys_202001_mig_common_setting(remminafile, protocol_is_ssh, ssh_enabled, "stricthostkeycheck");
+		upgrade_sshkeys_202001_mig_common_setting(remminafile, protocol_is_ssh, ssh_enabled, "kex_algorithms");
+		upgrade_sshkeys_202001_mig_common_setting(remminafile, protocol_is_ssh, ssh_enabled, "hostkeytypes");
+		upgrade_sshkeys_202001_mig_common_setting(remminafile, protocol_is_ssh, ssh_enabled, "ciphers");
+		upgrade_sshkeys_202001_mig_common_setting(remminafile, protocol_is_ssh, ssh_enabled, "proxycommand");
+		upgrade_sshkeys_202001_mig_common_setting(remminafile, protocol_is_ssh, ssh_enabled, "passphrase");
+		upgrade_sshkeys_202001_mig_common_setting(remminafile, protocol_is_ssh, ssh_enabled, "auth");
+		upgrade_sshkeys_202001_mig_common_setting(remminafile, protocol_is_ssh, ssh_enabled, "privatekey");
+
+		val = remmina_file_get_string(remminafile, "ssh_loopback");
+		remmina_file_set_string(remminafile, "ssh_tunnel_loopback", val);
+		remmina_file_remove_key(remminafile, "ssh_loopback");
+
+		val = remmina_file_get_string(remminafile, "ssh_username");
+		remmina_file_set_string(remminafile, "ssh_tunnel_username", val);
+		remmina_file_set_string(remminafile, "username", val);
+		remmina_file_remove_key(remminafile, "ssh_username");
+
+		val = remmina_file_get_string(remminafile, "ssh_password");
+		remmina_file_set_string(remminafile, "ssh_tunnel_password", val);
+		remmina_file_set_string(remminafile, "password", val);
+		remmina_file_remove_key(remminafile, "ssh_password");
+
+		val = remmina_file_get_string(remminafile, "ssh_server");
+		remmina_file_set_string(remminafile, "ssh_tunnel_server", val);
+		// g_key_file_set_string(gkeyfile, KEYFILE_GROUP_REMMINA, "server", val);
+		remmina_file_remove_key(remminafile, "ssh_server");
+
+		remmina_file_remove_key(remminafile, "ssh_enabled");
+		remmina_file_remove_key(remminafile, "save_ssh_server");
+		remmina_file_remove_key(remminafile, "save_ssh_username");
+
+		remmina_file_set_int(remminafile, "ssh_tunnel_enabled", ssh_enabled);
+
+	}
+
+}
+
 RemminaFile *
 remmina_file_load(const gchar *filename)
 {
@@ -260,13 +343,14 @@ remmina_file_load(const gchar *filename)
 		}
 	}
 
-	if (g_key_file_has_key(gkeyfile, "remmina", "name", NULL)) {
+	if (g_key_file_has_key(gkeyfile, KEYFILE_GROUP_REMMINA, "name", NULL)) {
+
 		remminafile = remmina_file_new_empty();
 
 		protocol_plugin = NULL;
 
 		/* Identify the protocol plugin and get pointers to its RemminaProtocolSetting structs */
-		proto = g_key_file_get_string(gkeyfile, "remmina", "protocol", NULL);
+		proto = g_key_file_get_string(gkeyfile, KEYFILE_GROUP_REMMINA, "protocol", NULL);
 		if (proto) {
 			protocol_plugin = (RemminaProtocolPlugin *)remmina_plugin_manager_get_plugin(REMMINA_PLUGIN_TYPE_PROTOCOL, proto);
 			g_free(proto);
@@ -276,12 +360,13 @@ remmina_file_load(const gchar *filename)
 		secret_service_available = secret_plugin && secret_plugin->is_service_available();
 
 		remminafile->filename = g_strdup(filename);
-		keys = g_key_file_get_keys(gkeyfile, "remmina", NULL, NULL);
+		keys = g_key_file_get_keys(gkeyfile, KEYFILE_GROUP_REMMINA, NULL, NULL);
 		if (keys) {
+
 			for (i = 0; keys[i]; i++) {
 				key = keys[i];
 				if (protocol_plugin && remmina_plugin_manager_is_encrypted_setting(protocol_plugin, key)) {
-					s = g_key_file_get_string(gkeyfile, "remmina", key, NULL);
+					s = g_key_file_get_string(gkeyfile, KEYFILE_GROUP_REMMINA, key, NULL);
 					if (g_strcmp0(s, ".") == 0) {
 						if (secret_service_available) {
 							sec = secret_plugin->get_password(remminafile, key);
@@ -299,7 +384,7 @@ remmina_file_load(const gchar *filename)
 				} else {
 					/* If we find "resolution", then we split it in two */
 					if (strcmp(key, "resolution") == 0) {
-						resolution_str = g_key_file_get_string(gkeyfile, "remmina", key, NULL);
+						resolution_str = g_key_file_get_string(gkeyfile, KEYFILE_GROUP_REMMINA, key, NULL);
 						if (remmina_public_split_resolution_string(resolution_str, &w, &h)) {
 							remmina_file_set_string_ref(remminafile, "resolution_width", g_strdup_printf("%i", w));
 							remmina_file_set_string_ref(remminafile, "resolution_height", g_strdup_printf("%i", h));
@@ -310,11 +395,13 @@ remmina_file_load(const gchar *filename)
 						g_free(resolution_str);
 					} else {
 						remmina_file_set_string_ref(remminafile, key,
-									    g_key_file_get_string(gkeyfile, "remmina", key, NULL));
+									    g_key_file_get_string(gkeyfile, KEYFILE_GROUP_REMMINA, key, NULL));
 					}
 				}
 			}
-			g_strfreev(keys);
+
+			upgrade_sshkeys_202001(remminafile);
+
 		}
 	} else {
 		g_debug("Unable to load remmina profile file %s: cannot find key name= in section remmina.\n", filename);
@@ -351,6 +438,11 @@ void remmina_file_set_string_ref(RemminaFile *remminafile, const gchar *setting,
 	}
 }
 
+gboolean remmina_file_remove_key(RemminaFile *remminafile, const gchar *setting)
+{
+	return g_hash_table_remove(remminafile->settings, setting);
+}
+
 const gchar *
 remmina_file_get_string(RemminaFile *remminafile, const gchar *setting)
 {
@@ -484,19 +576,19 @@ void remmina_file_save(RemminaFile *remminafile)
 					if (value && value[0]) {
 						if (g_strcmp0(value, ".") != 0)
 							secret_plugin->store_password(remminafile, key, value);
-						g_key_file_set_string(gkeyfile, "remmina", key, ".");
+						g_key_file_set_string(gkeyfile, KEYFILE_GROUP_REMMINA, key, ".");
 					} else {
-						g_key_file_set_string(gkeyfile, "remmina", key, "");
+						g_key_file_set_string(gkeyfile, KEYFILE_GROUP_REMMINA, key, "");
 						secret_plugin->delete_password(remminafile, key);
 					}
 				} else {
 					g_debug ("We have a password and disablepasswordstoring=0");
 					if (value && value[0] && nopasswdsave == 0) {
 						s = remmina_crypt_encrypt(value);
-						g_key_file_set_string(gkeyfile, "remmina", key, s);
+						g_key_file_set_string(gkeyfile, KEYFILE_GROUP_REMMINA, key, s);
 						g_free(s);
 					} else {
-						g_key_file_set_string(gkeyfile, "remmina", key, "");
+						g_key_file_set_string(gkeyfile, KEYFILE_GROUP_REMMINA, key, "");
 					}
 				}
 				if (secret_service_available && nopasswdsave == 1) {
@@ -504,18 +596,18 @@ void remmina_file_save(RemminaFile *remminafile)
 						if (g_strcmp0(value, ".") != 0) {
 							g_debug ("Deleting the secret in the keyring as disablepasswordstoring=1");
 							secret_plugin->delete_password(remminafile, key);
-							g_key_file_set_string(gkeyfile, "remmina", key, ".");
+							g_key_file_set_string(gkeyfile, KEYFILE_GROUP_REMMINA, key, ".");
 						}
 					}
 				}
 			}
 		} else {
-			g_key_file_set_string(gkeyfile, "remmina", key, value);
+			g_key_file_set_string(gkeyfile, KEYFILE_GROUP_REMMINA, key, value);
 		}
 	}
 
 	/* Avoid storing redundant and deprecated "resolution" field */
-	g_key_file_remove_key(gkeyfile, "remmina", "resolution", NULL);
+	g_key_file_remove_key(gkeyfile, KEYFILE_GROUP_REMMINA, "resolution", NULL);
 
 	/* Store gkeyfile to disk (password are already sent to keyring) */
 	content = g_key_file_to_data(gkeyfile, &length, NULL);
@@ -580,7 +672,7 @@ remmina_file_get_icon_name(RemminaFile *remminafile)
 	if (!plugin)
 		return g_strconcat (REMMINA_APP_ID, "-symbolic", NULL);
 
-	return remmina_file_get_int(remminafile, "ssh_enabled", FALSE) ? plugin->icon_name_ssh : plugin->icon_name;
+	return remmina_file_get_int(remminafile, "ssh_tunnel_enabled", FALSE) ? plugin->icon_name_ssh : plugin->icon_name;
 }
 
 RemminaFile *
diff --git a/src/remmina_file.h b/src/remmina_file.h
index e8a92d057..8d03a9232 100644
--- a/src/remmina_file.h
+++ b/src/remmina_file.h
@@ -71,6 +71,7 @@ gchar *remmina_file_get_secret(RemminaFile *remminafile, const gchar *setting);
 void remmina_file_set_int(RemminaFile *remminafile, const gchar *setting, gint value);
 gint remmina_file_get_int(RemminaFile *remminafile, const gchar *setting, gint default_value);
 void remmina_file_store_secret_plugin_password(RemminaFile *remminafile, const gchar *key, const gchar *value);
+gboolean remmina_file_remove_key(RemminaFile *remminafile, const gchar *setting);
 /* Create or overwrite the .remmina file */
 void remmina_file_save(RemminaFile *remminafile);
 /* Free the RemminaFile object */
diff --git a/src/remmina_file_editor.c b/src/remmina_file_editor.c
index d4955bbf1..8b11fa1e9 100644
--- a/src/remmina_file_editor.c
+++ b/src/remmina_file_editor.c
@@ -125,19 +125,18 @@ struct _RemminaFileEditorPriv {
 	GtkWidget *		resolution_custom_combo;
 	GtkWidget *		keymap_combo;
 
-	GtkWidget *		ssh_enabled_check;
-	GtkWidget *		ssh_loopback_check;
-	GtkWidget *		ssh_server_default_radio;
-	GtkWidget *		ssh_server_custom_radio;
-	GtkWidget *		ssh_server_entry;
-	GtkWidget *		ssh_auth_agent_radio;
-	GtkWidget *		ssh_auth_password_radio;
-	GtkWidget *		ssh_auth_password;
-	GtkWidget *		ssh_auth_publickey_radio;
-	GtkWidget *		ssh_auth_auto_publickey_radio;
-	GtkWidget *		ssh_username_entry;
-	GtkWidget *		ssh_privatekey_chooser;
-	GtkWidget *		ssh_charset_combo;
+	GtkWidget *		ssh_tunnel_enabled_check;
+	GtkWidget *		ssh_tunnel_loopback_check;
+	GtkWidget *		ssh_tunnel_server_default_radio;
+	GtkWidget *		ssh_tunnel_server_custom_radio;
+	GtkWidget *		ssh_tunnel_server_entry;
+	GtkWidget *		ssh_tunnel_auth_agent_radio;
+	GtkWidget *		ssh_tunnel_auth_password_radio;
+	GtkWidget *		ssh_tunnel_auth_password;
+	GtkWidget *		ssh_tunnel_auth_publickey_radio;
+	GtkWidget *		ssh_tunnel_auth_auto_publickey_radio;
+	GtkWidget *		ssh_tunnel_username_entry;
+	GtkWidget *		ssh_tunnel_privatekey_chooser;
 
 	GHashTable *		setting_widgets;
 };
@@ -272,32 +271,32 @@ static GtkWidget *remmina_file_editor_create_notebook_tab(RemminaFileEditor *gfe
 
 #ifdef HAVE_LIBSSH
 
-static void remmina_file_editor_ssh_server_custom_radio_on_toggled(GtkToggleButton *togglebutton, RemminaFileEditor *gfe)
+static void remmina_file_editor_ssh_tunnel_server_custom_radio_on_toggled(GtkToggleButton *togglebutton, RemminaFileEditor *gfe)
 {
 	TRACE_CALL(__func__);
-	gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_server_entry),
-				 gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(gfe->priv->ssh_enabled_check)) &&
-				 (gfe->priv->ssh_server_custom_radio == NULL ||
-				  gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(gfe->priv->ssh_server_custom_radio)))
+	gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_tunnel_server_entry),
+				 gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(gfe->priv->ssh_tunnel_enabled_check)) &&
+				 (gfe->priv->ssh_tunnel_server_custom_radio == NULL ||
+				  gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(gfe->priv->ssh_tunnel_server_custom_radio)))
 				 );
 }
 
-static void remmina_file_editor_ssh_auth_publickey_radio_on_toggled(GtkToggleButton *togglebutton, RemminaFileEditor *gfe)
+static void remmina_file_editor_ssh_tunnel_auth_publickey_radio_on_toggled(GtkToggleButton *togglebutton, RemminaFileEditor *gfe)
 {
 	TRACE_CALL(__func__);
 	gboolean b;
 	const gchar *s;
 
-	b = ((!gfe->priv->ssh_enabled_check ||
-	      gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(gfe->priv->ssh_enabled_check))) &&
-	     gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(gfe->priv->ssh_auth_publickey_radio)));
-	gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_privatekey_chooser), b);
+	b = ((!gfe->priv->ssh_tunnel_enabled_check ||
+	      gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(gfe->priv->ssh_tunnel_enabled_check))) &&
+	     gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(gfe->priv->ssh_tunnel_auth_publickey_radio)));
+	gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_tunnel_privatekey_chooser), b);
 
-	if (b && (s = remmina_file_get_string(gfe->priv->remmina_file, "ssh_privatekey")))
-		gtk_file_chooser_set_filename(GTK_FILE_CHOOSER(gfe->priv->ssh_privatekey_chooser), s);
+	if (b && (s = remmina_file_get_string(gfe->priv->remmina_file, "ssh_tunnel_privatekey")))
+		gtk_file_chooser_set_filename(GTK_FILE_CHOOSER(gfe->priv->ssh_tunnel_privatekey_chooser), s);
 }
 
-static void remmina_file_editor_ssh_enabled_check_on_toggled(GtkToggleButton *togglebutton,
+static void remmina_file_editor_ssh_tunnel_enabled_check_on_toggled(GtkToggleButton *togglebutton,
 							     RemminaFileEditor *gfe, RemminaProtocolSSHSetting ssh_setting)
 {
 	TRACE_CALL(__func__);
@@ -306,39 +305,38 @@ static void remmina_file_editor_ssh_enabled_check_on_toggled(GtkToggleButton *to
 	gchar *p;
 	const gchar *cp;
 
-	if (gfe->priv->ssh_enabled_check) {
-		enabled = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(gfe->priv->ssh_enabled_check));
-		if (gfe->priv->ssh_loopback_check)
-			gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_loopback_check), enabled);
-		if (gfe->priv->ssh_server_default_radio)
-			gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_server_default_radio), enabled);
-		if (gfe->priv->ssh_server_custom_radio)
-			gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_server_custom_radio), enabled);
-		remmina_file_editor_ssh_server_custom_radio_on_toggled(NULL, gfe);
+	if (gfe->priv->ssh_tunnel_enabled_check) {
+		enabled = gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(gfe->priv->ssh_tunnel_enabled_check));
+		if (gfe->priv->ssh_tunnel_loopback_check)
+			gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_tunnel_loopback_check), enabled);
+		if (gfe->priv->ssh_tunnel_server_default_radio)
+			gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_tunnel_server_default_radio), enabled);
+		if (gfe->priv->ssh_tunnel_server_custom_radio)
+			gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_tunnel_server_custom_radio), enabled);
+		remmina_file_editor_ssh_tunnel_server_custom_radio_on_toggled(NULL, gfe);
 		p = remmina_public_combo_get_active_text(GTK_COMBO_BOX(priv->protocol_combo));
 		//if (!(g_strcmp0(p, "SFTP") == 0 || g_strcmp0(p, "SSH") == 0)) {
-		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_charset_combo), enabled);
-		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_username_entry), enabled);
-		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_auth_agent_radio), enabled);
-		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_auth_password_radio), enabled);
-		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_auth_password), enabled);
-		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_auth_publickey_radio), enabled);
-		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_auth_auto_publickey_radio), enabled);
+		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_tunnel_username_entry), enabled);
+		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_tunnel_auth_agent_radio), enabled);
+		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_tunnel_auth_password_radio), enabled);
+		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_tunnel_auth_password), enabled);
+		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_tunnel_auth_publickey_radio), enabled);
+		gtk_widget_set_sensitive(GTK_WIDGET(gfe->priv->ssh_tunnel_auth_auto_publickey_radio), enabled);
 		//}
 		g_free(p);
 	}
-	remmina_file_editor_ssh_auth_publickey_radio_on_toggled(NULL, gfe);
+	remmina_file_editor_ssh_tunnel_auth_publickey_radio_on_toggled(NULL, gfe);
 
-	if (gfe->priv->ssh_username_entry)
-		if (enabled && gtk_entry_get_text(GTK_ENTRY(gfe->priv->ssh_username_entry)) [0] == '\0') {
-			cp = remmina_file_get_string(priv->remmina_file, "ssh_username");
-			gtk_entry_set_text(GTK_ENTRY(gfe->priv->ssh_username_entry), cp ? cp : "");
+	if (gfe->priv->ssh_tunnel_username_entry)
+		if (enabled && gtk_entry_get_text(GTK_ENTRY(gfe->priv->ssh_tunnel_username_entry)) [0] == '\0') {
+			cp = remmina_file_get_string(priv->remmina_file, "ssh_tunnel_username");
+			gtk_entry_set_text(GTK_ENTRY(gfe->priv->ssh_tunnel_username_entry), cp ? cp : "");
 		}
 
-	if (gfe->priv->ssh_auth_password) {
-		if (enabled && gtk_entry_get_text(GTK_ENTRY(gfe->priv->ssh_auth_password)) [0] == '\0') {
-			cp = remmina_file_get_string(priv->remmina_file, "ssh_password");
-			gtk_entry_set_text(GTK_ENTRY(gfe->priv->ssh_auth_password), cp ? cp : "");
+	if (gfe->priv->ssh_tunnel_auth_password) {
+		if (enabled && gtk_entry_get_text(GTK_ENTRY(gfe->priv->ssh_tunnel_auth_password)) [0] == '\0') {
+			cp = remmina_file_get_string(priv->remmina_file, "ssh_tunnel_password");
+			gtk_entry_set_text(GTK_ENTRY(gfe->priv->ssh_tunnel_auth_password), cp ? cp : "");
 		}
 	}
 }
@@ -353,10 +351,10 @@ static void remmina_file_editor_create_ssh_privatekey(RemminaFileEditor *gfe, Gt
 	RemminaFileEditorPriv *priv = gfe->priv;
 
 	widget = gtk_radio_button_new_with_label_from_widget(
-		GTK_RADIO_BUTTON(priv->ssh_auth_password_radio), _("Identity file"));
+		GTK_RADIO_BUTTON(priv->ssh_tunnel_auth_password_radio), _("Identity file"));
 	g_signal_connect(G_OBJECT(widget), "toggled",
-			 G_CALLBACK(remmina_file_editor_ssh_auth_publickey_radio_on_toggled), gfe);
-	priv->ssh_auth_publickey_radio = widget;
+			 G_CALLBACK(remmina_file_editor_ssh_tunnel_auth_publickey_radio_on_toggled), gfe);
+	priv->ssh_tunnel_auth_publickey_radio = widget;
 	gtk_widget_show(widget);
 	gtk_grid_attach(GTK_GRID(grid), widget, 0, row + 22, 1, 1);
 
@@ -376,15 +374,15 @@ static void remmina_file_editor_create_ssh_privatekey(RemminaFileEditor *gfe, Gt
 	g_free(s);
 	gtk_widget_show(widget);
 	gtk_grid_attach(GTK_GRID(grid), widget, column + 1, row + 22, 1, 1);
-	priv->ssh_privatekey_chooser = widget;
+	priv->ssh_tunnel_privatekey_chooser = widget;
 
-	ssh_privatekey = remmina_file_get_string(priv->remmina_file, "ssh_privatekey");
+	ssh_privatekey = remmina_file_get_string(priv->remmina_file, "ssh_tunnel_privatekey");
 	if (ssh_privatekey &&
 	    g_file_test(ssh_privatekey, G_FILE_TEST_IS_REGULAR | G_FILE_TEST_EXISTS))
-		gtk_file_chooser_set_filename(GTK_FILE_CHOOSER(priv->ssh_privatekey_chooser),
+		gtk_file_chooser_set_filename(GTK_FILE_CHOOSER(priv->ssh_tunnel_privatekey_chooser),
 					      ssh_privatekey);
 	else
-		remmina_file_set_string(priv->remmina_file, "ssh_privatekey", NULL);
+		remmina_file_set_string(priv->remmina_file, "ssh_tunnel_privatekey", NULL);
 }
 #endif
 
@@ -814,7 +812,7 @@ static void remmina_file_editor_create_settings(RemminaFileEditor *gfe, GtkWidge
 	}
 }
 
-static void remmina_file_editor_create_ssh_tab(RemminaFileEditor *gfe, RemminaProtocolSSHSetting ssh_setting)
+static void remmina_file_editor_create_ssh_tunnel_tab(RemminaFileEditor *gfe, RemminaProtocolSSHSetting ssh_setting)
 {
 	TRACE_CALL(__func__);
 #ifdef HAVE_LIBSSH
@@ -835,12 +833,12 @@ static void remmina_file_editor_create_ssh_tab(RemminaFileEditor *gfe, RemminaPr
 	gtk_widget_set_halign(widget, GTK_ALIGN_START);
 	gtk_grid_attach(GTK_GRID(grid), widget, 0, 0, 1, 1);
 	g_signal_connect(G_OBJECT(widget), "toggled",
-			 G_CALLBACK(remmina_file_editor_ssh_enabled_check_on_toggled), gfe);
-	priv->ssh_enabled_check = widget;
+			 G_CALLBACK(remmina_file_editor_ssh_tunnel_enabled_check_on_toggled), gfe);
+	priv->ssh_tunnel_enabled_check = widget;
 
 	widget = gtk_check_button_new_with_label(_("Tunnel via loopback address"));
 	gtk_grid_attach(GTK_GRID(grid), widget, 1, 0, 2, 1);
-	priv->ssh_loopback_check = widget;
+	priv->ssh_tunnel_loopback_check = widget;
 
 	row++;
 	/* SSH Server group */
@@ -851,38 +849,38 @@ static void remmina_file_editor_create_ssh_tab(RemminaFileEditor *gfe, RemminaPr
 		widget = gtk_radio_button_new_with_label(NULL, s);
 		g_free(s);
 		gtk_grid_attach(GTK_GRID(grid), widget, 0, row, 3, 1);
-		priv->ssh_server_default_radio = widget;
+		priv->ssh_tunnel_server_default_radio = widget;
 		row++;
 
 		widget = gtk_radio_button_new_with_label_from_widget(
-			GTK_RADIO_BUTTON(priv->ssh_server_default_radio), _("Custom"));
+			GTK_RADIO_BUTTON(priv->ssh_tunnel_server_default_radio), _("Custom"));
 		gtk_grid_attach(GTK_GRID(grid), widget, 0, row, 1, 1);
 		g_signal_connect(G_OBJECT(widget), "toggled",
-				 G_CALLBACK(remmina_file_editor_ssh_server_custom_radio_on_toggled), gfe);
-		priv->ssh_server_custom_radio = widget;
+				 G_CALLBACK(remmina_file_editor_ssh_tunnel_server_custom_radio_on_toggled), gfe);
+		priv->ssh_tunnel_server_custom_radio = widget;
 
 		widget = gtk_entry_new();
 		gtk_entry_set_max_length(GTK_ENTRY(widget), 100);
 		gtk_widget_set_tooltip_markup(widget, _(server_tips2));
 		gtk_grid_attach(GTK_GRID(grid), widget, 1, row, 2, 1);
-		priv->ssh_server_entry = widget;
+		priv->ssh_tunnel_server_entry = widget;
 		row++;
 		break;
 
 	case REMMINA_PROTOCOL_SSH_SETTING_REVERSE_TUNNEL:
-		priv->ssh_server_default_radio = NULL;
-		priv->ssh_server_custom_radio = NULL;
+		priv->ssh_tunnel_server_default_radio = NULL;
+		priv->ssh_tunnel_server_custom_radio = NULL;
 
-		priv->ssh_server_entry = remmina_file_editor_create_text(gfe, grid, 1, 0,
+		priv->ssh_tunnel_server_entry = remmina_file_editor_create_text(gfe, grid, 1, 0,
 									 _("Server"), NULL);
-		gtk_widget_set_tooltip_markup(priv->ssh_server_entry, _(server_tips));
+		gtk_widget_set_tooltip_markup(priv->ssh_tunnel_server_entry, _(server_tips));
 		row++;
 		break;
 	case REMMINA_PROTOCOL_SSH_SETTING_SSH:
 	case REMMINA_PROTOCOL_SSH_SETTING_SFTP:
-		priv->ssh_server_default_radio = NULL;
-		priv->ssh_server_custom_radio = NULL;
-		priv->ssh_server_entry = NULL;
+		priv->ssh_tunnel_server_default_radio = NULL;
+		priv->ssh_tunnel_server_custom_radio = NULL;
+		priv->ssh_tunnel_server_entry = NULL;
 
 		break;
 
@@ -891,13 +889,6 @@ static void remmina_file_editor_create_ssh_tab(RemminaFileEditor *gfe, RemminaPr
 	}
 
 	p = remmina_public_combo_get_active_text(GTK_COMBO_BOX(priv->protocol_combo));
-	/* The charset in VTE is deprecated so we remove it completely
-	 * if (!(g_strcmp0(p, "SFTP") == 0 || g_strcmp0(p, "SSH") == 0)) {
-	 * 	priv->ssh_charset_combo = remmina_file_editor_create_combo(gfe, grid, row + 3, 0,
-	 *		    _("Character set"), charset_list, remmina_file_get_string(priv->remmina_file, "ssh_charset"));
-	 *		row++;
-	 * }
-	 */
 	if (ssh_setting == REMMINA_PROTOCOL_SSH_SETTING_SFTP) {
 		widget = remmina_file_editor_create_text(gfe, grid, row + 8, 1,
 							 _("Startup path"), NULL);
@@ -914,33 +905,33 @@ static void remmina_file_editor_create_ssh_tab(RemminaFileEditor *gfe, RemminaPr
 
 	if (ssh_setting == REMMINA_PROTOCOL_SSH_SETTING_TUNNEL ||
 			ssh_setting == REMMINA_PROTOCOL_SSH_SETTING_REVERSE_TUNNEL) {
-		priv->ssh_username_entry =
+		priv->ssh_tunnel_username_entry =
 			remmina_file_editor_create_text(gfe, grid, row + 10, 0,
 					_("Username"), NULL);
 		row++;
 	}
 	widget = gtk_radio_button_new_with_label(NULL, _("SSH agent (automatic)"));
 	gtk_grid_attach(GTK_GRID(grid), widget, 0, row + 19, 1, 1);
-	priv->ssh_auth_agent_radio = widget;
+	priv->ssh_tunnel_auth_agent_radio = widget;
 	row++;
 
 	widget = gtk_radio_button_new_with_label_from_widget(
-			GTK_RADIO_BUTTON(priv->ssh_auth_agent_radio), _("Password"));
+			GTK_RADIO_BUTTON(priv->ssh_tunnel_auth_agent_radio), _("Password"));
 	gtk_grid_attach(GTK_GRID(grid), widget, 0, row + 21, 1, 1);
-	priv->ssh_auth_password_radio = widget;
+	priv->ssh_tunnel_auth_password_radio = widget;
 
 	widget = gtk_entry_new();
 	gtk_grid_attach(GTK_GRID(grid), widget, 1, row + 21, 2, 1);
 	gtk_entry_set_max_length(GTK_ENTRY(widget), 300);
 	gtk_entry_set_visibility(GTK_ENTRY(widget), FALSE);
 	gtk_widget_set_hexpand(widget, TRUE);
-	priv->ssh_auth_password = widget;
+	priv->ssh_tunnel_auth_password = widget;
 	row++;
 
 	widget = gtk_radio_button_new_with_label_from_widget(
-			GTK_RADIO_BUTTON(priv->ssh_auth_password_radio), _("Public key (automatic)"));
+			GTK_RADIO_BUTTON(priv->ssh_tunnel_auth_password_radio), _("Public key (automatic)"));
 	gtk_grid_attach(GTK_GRID(grid), widget, 0, row + 22, 1, 1);
-	priv->ssh_auth_auto_publickey_radio = widget;
+	priv->ssh_tunnel_auth_auto_publickey_radio = widget;
 	row++;
 
 	remmina_file_editor_create_ssh_privatekey(gfe, grid, row + 1, 0);
@@ -948,37 +939,37 @@ static void remmina_file_editor_create_ssh_tab(RemminaFileEditor *gfe, RemminaPr
 	row++;
 
 	/* Set the values */
-	cs = remmina_file_get_string(priv->remmina_file, "ssh_server");
+	cs = remmina_file_get_string(priv->remmina_file, "ssh_tunnel_server");
 	if (ssh_setting == REMMINA_PROTOCOL_SSH_SETTING_TUNNEL) {
-		gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(priv->ssh_enabled_check),
-					     remmina_file_get_int(priv->remmina_file, "ssh_enabled", FALSE));
-		gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(priv->ssh_loopback_check),
-					     remmina_file_get_int(priv->remmina_file, "ssh_loopback", FALSE));
+		gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(priv->ssh_tunnel_enabled_check),
+					     remmina_file_get_int(priv->remmina_file, "ssh_tunnel_enabled", FALSE));
+		gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(priv->ssh_tunnel_loopback_check),
+					     remmina_file_get_int(priv->remmina_file, "ssh_tunnel_loopback", FALSE));
 
 		gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(cs ?
-							       priv->ssh_server_custom_radio : priv->ssh_server_default_radio), TRUE);
-		gtk_entry_set_text(GTK_ENTRY(priv->ssh_server_entry),
+							       priv->ssh_tunnel_server_custom_radio : priv->ssh_tunnel_server_default_radio), TRUE);
+		gtk_entry_set_text(GTK_ENTRY(priv->ssh_tunnel_server_entry),
 				   cs ? cs : "");
 	} else if (ssh_setting == REMMINA_PROTOCOL_SSH_SETTING_REVERSE_TUNNEL) {
-		gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(priv->ssh_enabled_check),
-					     remmina_file_get_int(priv->remmina_file, "ssh_enabled", FALSE));
-		gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(priv->ssh_loopback_check),
-					     remmina_file_get_int(priv->remmina_file, "ssh_loopback", FALSE));
-		gtk_entry_set_text(GTK_ENTRY(priv->ssh_server_entry),
+		gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(priv->ssh_tunnel_enabled_check),
+					     remmina_file_get_int(priv->remmina_file, "ssh_tunnel_enabled", FALSE));
+		gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(priv->ssh_tunnel_loopback_check),
+					     remmina_file_get_int(priv->remmina_file, "ssh_tunnel_loopback", FALSE));
+		gtk_entry_set_text(GTK_ENTRY(priv->ssh_tunnel_server_entry),
 				   cs ? cs : "");
 	}
 
 	//if (!(g_strcmp0(p, "SFTP") == 0 || g_strcmp0(p, "SSH") == 0)) {
 	gtk_toggle_button_set_active(GTK_TOGGLE_BUTTON(
 				remmina_file_get_int(priv->remmina_file, "ssh_auth", 0) == SSH_AUTH_PUBLICKEY ?
-				priv->ssh_auth_publickey_radio :
+				priv->ssh_tunnel_auth_publickey_radio :
 				remmina_file_get_int(priv->remmina_file, "ssh_auth", 0) == SSH_AUTH_AUTO_PUBLICKEY ?
-				priv->ssh_auth_auto_publickey_radio :
+				priv->ssh_tunnel_auth_auto_publickey_radio :
 				remmina_file_get_int(priv->remmina_file, "ssh_auth", 0) == SSH_AUTH_AGENT ?
-				priv->ssh_auth_agent_radio :
-				priv->ssh_auth_password_radio), TRUE);
+				priv->ssh_tunnel_auth_agent_radio :
+				priv->ssh_tunnel_auth_password_radio), TRUE);
 
-	remmina_file_editor_ssh_enabled_check_on_toggled(NULL, gfe, ssh_setting);
+	remmina_file_editor_ssh_tunnel_enabled_check_on_toggled(NULL, gfe, ssh_setting);
 	//}
 	gtk_widget_show_all(grid);
 	g_free(p);
@@ -1016,7 +1007,7 @@ static void remmina_file_editor_create_all_settings(RemminaFileEditor *gfe)
 	remmina_file_editor_create_settings(gfe, grid, autostart_settings);
 
 	/* The SSH tab */
-	remmina_file_editor_create_ssh_tab(gfe, priv->plugin->ssh_setting);
+	remmina_file_editor_create_ssh_tunnel_tab(gfe, priv->plugin->ssh_setting);
 
 }
 
@@ -1042,18 +1033,17 @@ static void remmina_file_editor_protocol_combo_on_changed(GtkComboBox *combo, Re
 	priv->resolution_custom_combo = NULL;
 	priv->keymap_combo = NULL;
 
-	priv->ssh_enabled_check = NULL;
-	priv->ssh_loopback_check = NULL;
-	priv->ssh_server_default_radio = NULL;
-	priv->ssh_server_custom_radio = NULL;
-	priv->ssh_server_entry = NULL;
-	priv->ssh_username_entry = NULL;
-	priv->ssh_auth_agent_radio = NULL;
-	priv->ssh_auth_password_radio = NULL;
-	priv->ssh_auth_publickey_radio = NULL;
-	priv->ssh_auth_auto_publickey_radio = NULL;
-	priv->ssh_privatekey_chooser = NULL;
-	priv->ssh_charset_combo = NULL;
+	priv->ssh_tunnel_enabled_check = NULL;
+	priv->ssh_tunnel_loopback_check = NULL;
+	priv->ssh_tunnel_server_default_radio = NULL;
+	priv->ssh_tunnel_server_custom_radio = NULL;
+	priv->ssh_tunnel_server_entry = NULL;
+	priv->ssh_tunnel_username_entry = NULL;
+	priv->ssh_tunnel_auth_agent_radio = NULL;
+	priv->ssh_tunnel_auth_password_radio = NULL;
+	priv->ssh_tunnel_auth_publickey_radio = NULL;
+	priv->ssh_tunnel_auth_auto_publickey_radio = NULL;
+	priv->ssh_tunnel_privatekey_chooser = NULL;
 
 	g_hash_table_remove_all(priv->setting_widgets);
 
@@ -1066,64 +1056,60 @@ static void remmina_file_editor_protocol_combo_on_changed(GtkComboBox *combo, Re
 	}
 }
 
-static void remmina_file_editor_update_ssh(RemminaFileEditor *gfe)
+static void remmina_file_editor_save_ssh_tunnel_tab(RemminaFileEditor *gfe)
 {
 	TRACE_CALL(__func__);
 	RemminaFileEditorPriv *priv = gfe->priv;
-	gboolean ssh_enabled;
-	int ssh_auth;
+	gboolean ssh_tunnel_enabled;
+	int ssh_tunnel_auth;
 
-	if (priv->ssh_charset_combo)
-		remmina_file_set_string_ref(priv->remmina_file, "ssh_charset",
-					    remmina_public_combo_get_active_text(GTK_COMBO_BOX(priv->ssh_charset_combo)));
-
-	ssh_enabled = (priv->ssh_enabled_check ?
-		       gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(priv->ssh_enabled_check)) : FALSE);
+	ssh_tunnel_enabled = (priv->ssh_tunnel_enabled_check ?
+		       gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(priv->ssh_tunnel_enabled_check)) : FALSE);
 	remmina_file_set_int(priv->remmina_file,
-			     "ssh_loopback",
-			     (priv->ssh_loopback_check ?
-			      gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(priv->ssh_loopback_check)) :
+			     "ssh_tunnel_loopback",
+			     (priv->ssh_tunnel_loopback_check ?
+			      gtk_toggle_button_get_active(GTK_TOGGLE_BUTTON(priv->ssh_tunnel_loopback_check)) :
 			      FALSE));
-	remmina_file_set_int(priv->remmina_file, "ssh_enabled", ssh_enabled);
-	remmina_file_set_string(priv->remmina_file, "ssh_username",
-				(ssh_enabled ? gtk_entry_get_text(GTK_ENTRY(priv->ssh_username_entry)) : NULL));
+	remmina_file_set_int(priv->remmina_file, "ssh_tunnel_enabled", ssh_tunnel_enabled);
+	remmina_file_set_string(priv->remmina_file, "ssh_tunnel_username",
+				(ssh_tunnel_enabled ? gtk_entry_get_text(GTK_ENTRY(priv->ssh_tunnel_username_entry)) : NULL));
 	remmina_file_set_string(
 		priv->remmina_file,
-		"ssh_server",
-		(ssh_enabled && priv->ssh_server_entry
-		 && (priv->ssh_server_custom_radio == NULL
+		"ssh_tunnel_server",
+		(ssh_tunnel_enabled && priv->ssh_tunnel_server_entry
+		 && (priv->ssh_tunnel_server_custom_radio == NULL
 		     || gtk_toggle_button_get_active(
-			     GTK_TOGGLE_BUTTON(priv->ssh_server_custom_radio))) ?
-		 gtk_entry_get_text(GTK_ENTRY(priv->ssh_server_entry)) : NULL));
+			     GTK_TOGGLE_BUTTON(priv->ssh_tunnel_server_custom_radio))) ?
+		 gtk_entry_get_text(GTK_ENTRY(priv->ssh_tunnel_server_entry)) : NULL));
 
-	ssh_auth = (priv->ssh_auth_publickey_radio
+	ssh_tunnel_auth = (priv->ssh_tunnel_auth_publickey_radio
 		    && gtk_toggle_button_get_active(
-			    GTK_TOGGLE_BUTTON(priv->ssh_auth_publickey_radio)) ?
+			    GTK_TOGGLE_BUTTON(priv->ssh_tunnel_auth_publickey_radio)) ?
 		    SSH_AUTH_PUBLICKEY :
-		    priv->ssh_auth_auto_publickey_radio
+		    priv->ssh_tunnel_auth_auto_publickey_radio
 		    && gtk_toggle_button_get_active(
-			    GTK_TOGGLE_BUTTON(priv->ssh_auth_auto_publickey_radio)) ?
+			    GTK_TOGGLE_BUTTON(priv->ssh_tunnel_auth_auto_publickey_radio)) ?
 		    SSH_AUTH_AUTO_PUBLICKEY :
-		    priv->ssh_auth_agent_radio
+		    priv->ssh_tunnel_auth_agent_radio
 		    && gtk_toggle_button_get_active(
-			    GTK_TOGGLE_BUTTON(priv->ssh_auth_agent_radio)) ?
+			    GTK_TOGGLE_BUTTON(priv->ssh_tunnel_auth_agent_radio)) ?
 		    SSH_AUTH_AGENT : SSH_AUTH_PASSWORD);
 
 	remmina_file_set_int(
 		priv->remmina_file,
-		"ssh_auth",
-		ssh_auth
+		"ssh_tunnel_auth",
+		ssh_tunnel_auth
 		);
 	remmina_file_set_string(
 		priv->remmina_file,
-		"ssh_privatekey",
-		(priv->ssh_privatekey_chooser ?
-		 gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(priv->ssh_privatekey_chooser)) : NULL));
+		"ssh_tunnel_privatekey",
+		(priv->ssh_tunnel_privatekey_chooser ?
+		 gtk_file_chooser_get_filename(GTK_FILE_CHOOSER(priv->ssh_tunnel_privatekey_chooser)) : NULL));
 
 	remmina_file_set_string(
 		priv->remmina_file,
-		"ssh_password",
-		(ssh_enabled && (ssh_auth == SSH_AUTH_PASSWORD)) ? gtk_entry_get_text(GTK_ENTRY(priv->ssh_auth_password)) : NULL);
+		"ssh_tunnel_password",
+		(ssh_tunnel_enabled && (ssh_tunnel_auth == SSH_AUTH_PASSWORD)) ? gtk_entry_get_text(GTK_ENTRY(priv->ssh_tunnel_auth_password)) : NULL);
 }
 
 static void remmina_file_editor_update_settings(RemminaFileEditor *gfe)
@@ -1204,7 +1190,7 @@ static void remmina_file_editor_update(RemminaFileEditor *gfe)
 		remmina_file_set_string_ref(priv->remmina_file, "keymap",
 					    remmina_public_combo_get_active_text(GTK_COMBO_BOX(priv->keymap_combo)));
 
-	remmina_file_editor_update_ssh(gfe);
+	remmina_file_editor_save_ssh_tunnel_tab(gfe);
 	remmina_file_editor_update_settings(gfe);
 }
 
@@ -1227,6 +1213,9 @@ static void remmina_file_editor_on_default(GtkWidget *button, RemminaFileEditor
 	remmina_file_set_string(gf, "precommand", NULL);
 	remmina_file_set_string(gf, "postcommand", NULL);
 
+	remmina_file_set_string(gf, "ssh_tunnel_server", NULL);
+	remmina_file_set_string(gf, "ssh_tunnel_password", NULL);
+
 	remmina_file_save(gf);
 	remmina_file_free(gf);
 
diff --git a/src/remmina_protocol_widget.c b/src/remmina_protocol_widget.c
index 343fb79ba..53c36b727 100644
--- a/src/remmina_protocol_widget.c
+++ b/src/remmina_protocol_widget.c
@@ -228,7 +228,7 @@ void remmina_protocol_widget_open_connection_real(gpointer data)
 
 	num_ssh = 0;
 #ifdef HAVE_LIBSSH
-	if (remmina_file_get_int(gp->priv->remmina_file, "ssh_enabled", FALSE))
+	if (remmina_file_get_int(gp->priv->remmina_file, "ssh_tunnel_enabled", FALSE))
 		num_ssh += 2;
 
 #endif
@@ -569,7 +569,7 @@ gboolean remmina_protocol_widget_query_feature_by_type(RemminaProtocolWidget *gp
 
 #ifdef HAVE_LIBSSH
 	if (type == REMMINA_PROTOCOL_FEATURE_TYPE_TOOL &&
-	    remmina_file_get_int(gp->priv->remmina_file, "ssh_enabled", FALSE))
+	    remmina_file_get_int(gp->priv->remmina_file, "ssh_tunnel_enabled", FALSE))
 		return TRUE;
 
 #endif
@@ -719,7 +719,7 @@ static gboolean remmina_protocol_widget_init_tunnel(RemminaProtocolWidget *gp)
 		mp = remmina_protocol_widget_mpprogress(gp->cnnobj, msg, cancel_init_tunnel_cb, NULL);
 		g_free(msg);
 
-		if (!remmina_ssh_init_session(REMMINA_SSH(tunnel))) {
+		if (!remmina_ssh_init_session(REMMINA_SSH(tunnel), TRUE)) {
 			g_debug ("[SSH] Cannot init SSH session with tunnel struct");
 			remmina_protocol_widget_set_error(gp, REMMINA_SSH(tunnel)->error);
 			remmina_ssh_tunnel_free(tunnel);
@@ -761,32 +761,36 @@ gchar *remmina_protocol_widget_start_direct_tunnel(RemminaProtocolWidget *gp, gi
 {
 	TRACE_CALL(__func__);
 	const gchar *server;
+	const gchar *ssh_tunnel_server;
 	//const gchar *proto;
-	gchar *host, *dest;
-	gint port;
+	gchar *ssh_tunnel_host, *srv_host, *dest;
+	gint srv_port, ssh_tunnel_port;
 	gchar *msg;
 
 	g_debug ("SSH tunnel initialization…");
 	//proto = remmina_file_get_string(gp->priv->remmina_file, "protocol");
 
 	server = remmina_file_get_string(gp->priv->remmina_file, "server");
+	ssh_tunnel_server = remmina_file_get_string(gp->priv->remmina_file, "ssh_tunnel_server");
 
 	if (!server)
 		return g_strdup("");
 
-	remmina_public_get_server_port(server, default_port, &host, &port);
-	g_debug ("server: %s, port: %d", host, port);
+	remmina_public_get_server_port(server, default_port, &srv_host, &srv_port);
+	remmina_public_get_server_port(ssh_tunnel_server, 22, &ssh_tunnel_host, &ssh_tunnel_port);
+	g_debug ("server: %s, port: %d", srv_host, srv_port);
 
-	if (port_plus && port < 100)
+	if (port_plus && srv_port < 100)
 		/* Protocols like VNC supports using instance number :0, :1, etc. as port number. */
-		port += default_port;
+		srv_port += default_port;
 
 #ifdef HAVE_LIBSSH
 	RemminaMessagePanel *mp;
 
-	if (!remmina_file_get_int(gp->priv->remmina_file, "ssh_enabled", FALSE)) {
-		dest = g_strdup_printf("[%s]:%i", host, port);
-		g_free(host);
+	if (!remmina_file_get_int(gp->priv->remmina_file, "ssh_tunnel_enabled", FALSE)) {
+		dest = g_strdup_printf("[%s]:%i", srv_host, srv_port);
+		g_free(srv_host);
+		g_free(ssh_tunnel_host);
 		return dest;
 	}
 
@@ -797,7 +801,8 @@ gchar *remmina_protocol_widget_start_direct_tunnel(RemminaProtocolWidget *gp, gi
 	}
 
 	if (!remmina_protocol_widget_init_tunnel(gp)) {
-		g_free(host);
+		g_free(srv_host);
+		g_free(ssh_tunnel_host);
 		g_debug ("[SSH] Setting up the tunnel failed, returning NULL");
 		return NULL;
 	}
@@ -806,17 +811,21 @@ gchar *remmina_protocol_widget_start_direct_tunnel(RemminaProtocolWidget *gp, gi
 	mp = remmina_protocol_widget_mpprogress(gp->cnnobj, msg, cancel_start_direct_tunnel_cb, NULL);
 	g_free(msg);
 
-	if (remmina_file_get_int(gp->priv->remmina_file, "ssh_loopback", FALSE)) {
-		g_free(host);
-		host = g_strdup("127.0.0.1");
+	if (remmina_file_get_int(gp->priv->remmina_file, "ssh_tunnel_loopback", FALSE)) {
+		g_free(srv_host);
+		g_free(ssh_tunnel_host);
+		srv_host = g_strdup("127.0.0.1");
 	}
 
-	if (!remmina_ssh_tunnel_open(gp->priv->ssh_tunnel, host, port, remmina_pref.sshtunnel_port)) {
-		g_free(host);
+	g_debug ("%s: starting tunnel to: %s, port: %d", __func__, ssh_tunnel_host, ssh_tunnel_port);
+	if (!remmina_ssh_tunnel_open(gp->priv->ssh_tunnel, srv_host, srv_port, remmina_pref.sshtunnel_port)) {
+		g_free(srv_host);
+		g_free(ssh_tunnel_host);
 		remmina_protocol_widget_set_error(gp, REMMINA_SSH(gp->priv->ssh_tunnel)->error);
 		return NULL;
 	}
-	g_free(host);
+	g_free(srv_host);
+	g_free(ssh_tunnel_host);
 
 	remmina_protocol_widget_mpdestroy(gp->cnnobj, mp);
 
@@ -825,7 +834,8 @@ gchar *remmina_protocol_widget_start_direct_tunnel(RemminaProtocolWidget *gp, gi
 #else
 
 	dest = g_strdup_printf("[%s]:%i", host, port);
-	g_free(host);
+	g_free(srv_host);
+	g_free(ssh_tunnel_host);
 	return dest;
 
 #endif
@@ -846,7 +856,7 @@ gboolean remmina_protocol_widget_start_reverse_tunnel(RemminaProtocolWidget *gp,
 	gchar *msg;
 	RemminaMessagePanel *mp;
 
-	if (!remmina_file_get_int(gp->priv->remmina_file, "ssh_enabled", FALSE))
+	if (!remmina_file_get_int(gp->priv->remmina_file, "ssh_tunnel_enabled", FALSE))
 		return TRUE;
 
 	if (!remmina_protocol_widget_init_tunnel(gp))
@@ -925,7 +935,7 @@ gboolean remmina_protocol_widget_ssh_exec(RemminaProtocolWidget *gp, gboolean wa
 }
 
 #ifdef HAVE_LIBSSH
-static gboolean remmina_protocol_widget_tunnel_init_callback(RemminaSSHTunnel *tunnel, gpointer data)
+static gboolean remmina_protocol_widget_xport_tunnel_init_callback(RemminaSSHTunnel *tunnel, gpointer data)
 {
 	TRACE_CALL(__func__);
 	RemminaProtocolWidget *gp = REMMINA_PROTOCOL_WIDGET(data);
@@ -941,13 +951,13 @@ static gboolean remmina_protocol_widget_tunnel_init_callback(RemminaSSHTunnel *t
 	return ret;
 }
 
-static gboolean remmina_protocol_widget_tunnel_connect_callback(RemminaSSHTunnel *tunnel, gpointer data)
+static gboolean remmina_protocol_widget_xport_tunnel_connect_callback(RemminaSSHTunnel *tunnel, gpointer data)
 {
 	TRACE_CALL(__func__);
 	return TRUE;
 }
 
-static gboolean remmina_protocol_widget_tunnel_disconnect_callback(RemminaSSHTunnel *tunnel, gpointer data)
+static gboolean remmina_protocol_widget_xport_tunnel_disconnect_callback(RemminaSSHTunnel *tunnel, gpointer data)
 {
 	TRACE_CALL(__func__);
 	RemminaProtocolWidget *gp = REMMINA_PROTOCOL_WIDGET(data);
@@ -981,9 +991,9 @@ gboolean remmina_protocol_widget_start_xport_tunnel(RemminaProtocolWidget *gp, R
 	g_free(msg);
 
 	gp->priv->init_func = init_func;
-	gp->priv->ssh_tunnel->init_func = remmina_protocol_widget_tunnel_init_callback;
-	gp->priv->ssh_tunnel->connect_func = remmina_protocol_widget_tunnel_connect_callback;
-	gp->priv->ssh_tunnel->disconnect_func = remmina_protocol_widget_tunnel_disconnect_callback;
+	gp->priv->ssh_tunnel->init_func = remmina_protocol_widget_xport_tunnel_init_callback;
+	gp->priv->ssh_tunnel->connect_func = remmina_protocol_widget_xport_tunnel_connect_callback;
+	gp->priv->ssh_tunnel->disconnect_func = remmina_protocol_widget_xport_tunnel_disconnect_callback;
 	gp->priv->ssh_tunnel->callback_data = gp;
 
 	remmina_public_get_server_port(remmina_file_get_string(gp->priv->remmina_file, "server"), 0, &server, NULL);
@@ -1351,8 +1361,8 @@ gint remmina_protocol_widget_panel_authuserpwd_ssh_tunnel(RemminaProtocolWidget
 	    !remminafile->prevent_saving && allow_password_saving)
 		pflags |= REMMINA_MESSAGE_PANEL_FLAG_SAVEPASSWORD;
 
-	username = remmina_file_get_string(remminafile, "ssh_username");
-	password = remmina_file_get_string(remminafile, "ssh_password");
+	username = remmina_file_get_string(remminafile, "ssh_tunnel_username");
+	password = remmina_file_get_string(remminafile, "ssh_tunnel_password");
 
 	return remmina_protocol_widget_dialog(RPWDT_AUTH, gp, pflags, _("Type in username and password for SSH."), username,
 					      password, NULL, _("Password"));
diff --git a/src/remmina_sftp_client.c b/src/remmina_sftp_client.c
index 75f51ed0f..f899a9413 100644
--- a/src/remmina_sftp_client.c
+++ b/src/remmina_sftp_client.c
@@ -509,7 +509,7 @@ remmina_sftp_client_thread_main(gpointer data)
 		size = 0;
 		if (!sftp) {
 			sftp = remmina_sftp_new_from_ssh(REMMINA_SSH(client->sftp));
-			if (!remmina_ssh_init_session(REMMINA_SSH(sftp)) ||
+			if (!remmina_ssh_init_session(REMMINA_SSH(sftp), FALSE) ||
 			    remmina_ssh_auth(REMMINA_SSH(sftp), NULL, NULL, NULL) <= 0 ||
 			    !remmina_sftp_open(sftp)) {
 				remmina_sftp_client_thread_set_error(client, task, (REMMINA_SSH(sftp))->error);
@@ -977,7 +977,7 @@ remmina_sftp_client_new_init(RemminaSFTP *sftp)
 	SET_CURSOR(gdk_cursor_new_for_display(display, GDK_WATCH));
 	gdk_display_flush(display);
 
-	if (!remmina_ssh_init_session(REMMINA_SSH(sftp)) ||
+	if (!remmina_ssh_init_session(REMMINA_SSH(sftp), FALSE) ||
 	    remmina_ssh_auth(REMMINA_SSH(sftp), NULL, NULL, NULL) <= 0 ||
 	    !remmina_sftp_open(sftp)) {
 		dialog = gtk_message_dialog_new(GTK_WINDOW(gtk_widget_get_toplevel(client)),
diff --git a/src/remmina_sftp_plugin.c b/src/remmina_sftp_plugin.c
index be833fed7..e1042774c 100644
--- a/src/remmina_sftp_plugin.c
+++ b/src/remmina_sftp_plugin.c
@@ -75,12 +75,7 @@ remmina_plugin_sftp_main_thread(gpointer data)
 	gboolean cont = FALSE;
 	gint ret;
 	const gchar *cs;
-	const gchar *saveserver;
-	const gchar *saveusername;
 	gchar *hostport;
-	gchar tunneluser[33];           /* On linux a username can have a 32 char lenght */
-	gchar tunnelserver[256];        /* On linux a servername can have a 255 char lenght */
-	gchar tunnelport[6];            /* A TCP port can have a maximum value of 65535 */
 	gchar *host;
 	gint port;
 
@@ -96,59 +91,27 @@ remmina_plugin_sftp_main_thread(gpointer data)
 	 *
 	 * */
 	remminafile = remmina_plugin_service->protocol_plugin_get_file(gp);
-	/* We save the SSH server name, so that we can restore it at the end of the connection */
-	saveserver = remmina_plugin_service->file_get_string(remminafile, "ssh_server");
-	remmina_plugin_service->file_set_string(remminafile, "save_ssh_server", g_strdup(saveserver));
-	/* We save the SSH username, so that we can restore it at the end of the connection */
-	saveusername = remmina_plugin_service->file_get_string(remminafile, "ssh_username");
-	remmina_plugin_service->file_set_string(remminafile, "save_ssh_username", g_strdup(saveusername));
-
-	if (saveserver) {
-		/* if the server string contains the character @ we extract the user
-		 * and the server string (host:port)
-		 * */
-		if (strchr(saveserver, '@')) {
-			sscanf(saveserver, "%[_a-zA-Z0-9.]@%[_a-zA-Z0-9.]:%[0-9]",
-			       tunneluser, tunnelserver, tunnelport);
-			g_print("Username: %s, tunneluser: %s\n",
-				remmina_plugin_service->file_get_string(remminafile, "ssh_username"), tunneluser);
-			if (saveusername != NULL && tunneluser[0] != '\0')
-				remmina_plugin_service->file_set_string(remminafile, "ssh_username", NULL);
-			remmina_plugin_service->file_set_string(remminafile, "ssh_username",
-								g_strdup(tunneluser));
-			remmina_plugin_service->file_set_string(remminafile, "ssh_server",
-								g_strconcat(tunnelserver, ":", tunnelport, NULL));
-		}
-	}
 
 	hostport = remmina_plugin_service->protocol_plugin_start_direct_tunnel(gp, 22, FALSE);
-	/* We restore the SSH username as the tunnel is set */
-	remmina_plugin_service->file_set_string(remminafile, "ssh_username", g_strdup(saveusername));
 	if (hostport == NULL)
 		return FALSE;
+
 	remmina_plugin_service->get_server_port(hostport, 22, &host, &port);
 
 	ssh = g_object_get_data(G_OBJECT(gp), "user-data");
 	if (ssh) {
 		/* Create SFTP connection based on existing SSH session */
 		sftp = remmina_sftp_new_from_ssh(ssh);
-		if (remmina_ssh_init_session(REMMINA_SSH(sftp)) &&
+		if (remmina_ssh_init_session(REMMINA_SSH(sftp), FALSE) &&
 		    remmina_ssh_auth(REMMINA_SSH(sftp), NULL, gp, remminafile) > 0 &&
 		    remmina_sftp_open(sftp))
 			cont = TRUE;
 	} else {
 		/* New SFTP connection */
-		if (remmina_plugin_service->file_get_int(remminafile, "ssh_enabled", FALSE))
-			remmina_plugin_service->file_set_string(remminafile, "ssh_server", g_strdup(hostport));
-		else
-			remmina_plugin_service->file_set_string(remminafile, "ssh_server",
-								remmina_plugin_service->file_get_string(remminafile, "server"));
-		g_free(hostport);
-		g_free(host);
 
 		sftp = remmina_sftp_new_from_file(remminafile);
 		while (1) {
-			if (!remmina_ssh_init_session(REMMINA_SSH(sftp))) {
+			if (!remmina_ssh_init_session(REMMINA_SSH(sftp), FALSE)) {
 				remmina_plugin_service->protocol_plugin_set_error(gp, "%s", REMMINA_SSH(sftp)->error);
 				break;
 			}
@@ -170,10 +133,6 @@ remmina_plugin_sftp_main_thread(gpointer data)
 			cont = TRUE;
 			break;
 		}
-
-		/* We restore the ssh_server name */
-		remmina_plugin_service->file_set_string(remminafile, "ssh_server",
-							remmina_plugin_service->file_get_string(remminafile, "save_ssh_server"));
 	}
 	if (!cont) {
 		if (sftp) remmina_sftp_free(sftp);
@@ -345,9 +304,9 @@ static const RemminaProtocolFeature remmina_plugin_sftp_features[] =
  */
 static const RemminaProtocolSetting remmina_sftp_basic_settings[] =
 {
-	{ REMMINA_PROTOCOL_SETTING_TYPE_SERVER,	  "ssh_server",	    NULL,			  FALSE, "_sftp-ssh._tcp", NULL },
-	{ REMMINA_PROTOCOL_SETTING_TYPE_TEXT,	  "ssh_username",   N_("Username"),		  FALSE, NULL,		   NULL },
-	{ REMMINA_PROTOCOL_SETTING_TYPE_PASSWORD, "ssh_password",   N_("Password"),	  FALSE, NULL,		   NULL },
+	{ REMMINA_PROTOCOL_SETTING_TYPE_SERVER,	  "server",	   		NULL,			  FALSE, "_sftp-ssh._tcp", NULL },
+	{ REMMINA_PROTOCOL_SETTING_TYPE_TEXT,	  "username",  		N_("Username"),		  FALSE, NULL,		   NULL },
+	{ REMMINA_PROTOCOL_SETTING_TYPE_PASSWORD, "password",		N_("Password"),	  FALSE, NULL,		   NULL },
 	{ REMMINA_PROTOCOL_SETTING_TYPE_SELECT,	  "ssh_auth",	    N_("Authentication type"),	  FALSE, ssh_auth,	   NULL },
 	{ REMMINA_PROTOCOL_SETTING_TYPE_FILE,	  "ssh_privatekey", N_("Identity file"),	  FALSE, NULL,		   NULL },
 	{ REMMINA_PROTOCOL_SETTING_TYPE_PASSWORD, "ssh_passphrase", N_("Password to unlock private key"), FALSE, NULL,		   NULL },
diff --git a/src/remmina_ssh.c b/src/remmina_ssh.c
index beb2ec24a..2eb51432c 100644
--- a/src/remmina_ssh.c
+++ b/src/remmina_ssh.c
@@ -277,16 +277,16 @@ remmina_ssh_auth_auto_pubkey(RemminaSSH *ssh, RemminaProtocolWidget *gp, Remmina
 
 		ret = remmina_protocol_widget_panel_auth(gp, (disablepasswordstoring ? 0 : REMMINA_MESSAGE_PANEL_FLAG_SAVEPASSWORD),
 							 _("SSH credentials"), NULL,
-							 remmina_file_get_string(remminafile, "ssh_passphrase"),
+							 remmina_file_get_string(remminafile, ssh->is_tunnel ? "ssh_tunnel_passphrase" : "ssh_passphrase"),
 							 NULL,
 							 _("SSH private key passphrase"));
 		if (ret == GTK_RESPONSE_OK) {
 			pwd = remmina_protocol_widget_get_password(gp);
 			save_password = remmina_protocol_widget_get_savepassword(gp);
 			if (save_password)
-				remmina_file_set_string(remminafile, "ssh_passphrase", pwd);
+				remmina_file_set_string(remminafile, ssh->is_tunnel ? "ssh_tunnel_passphrase" : "ssh_passphrase", pwd);
 			else
-				remmina_file_set_string(remminafile, "ssh_passphrase", NULL);
+				remmina_file_set_string(remminafile, ssh->is_tunnel ? "ssh_tunnel_passphrase" : "ssh_passphrase", NULL);
 		} else {
 			return -1;
 		}
@@ -445,7 +445,7 @@ remmina_ssh_auth_gui(RemminaSSH *ssh, RemminaProtocolWidget *gp, RemminaFile *re
 {
 	TRACE_CALL(__func__);
 	gchar *keyname;
-	gchar *pwdtype;
+	gchar *pwdfkey;
 	gchar *message;
 	gint ret;
 	size_t len;
@@ -552,26 +552,31 @@ remmina_ssh_auth_gui(RemminaSSH *ssh, RemminaProtocolWidget *gp, RemminaFile *re
 		return 0;
 	}
 
+	enum { REMMINA_SSH_AUTH_PASSWORD, REMMINA_SSH_AUTH_PKPASSPHRASE, REMMINA_SSH_AUTH_KRBTOKEN } remmina_ssh_auth_type;
+
 	switch (ssh->auth) {
 	case SSH_AUTH_PASSWORD:
 		keyname = _("SSH password");
-		pwdtype = "ssh_password";
+		pwdfkey = ssh->is_tunnel ? "ssh_tunnel_password" : "password";
+		remmina_ssh_auth_type = REMMINA_SSH_AUTH_PASSWORD;
 		break;
 	case SSH_AUTH_PUBLICKEY:
 	case SSH_AUTH_AGENT:
 	case SSH_AUTH_AUTO_PUBLICKEY:
 		keyname = _("SSH private key passphrase");
-		pwdtype = "ssh_passphrase";
+		pwdfkey = ssh->is_tunnel ? "ssh_tunnel_passphrase" : "ssh_passphrase";
+		remmina_ssh_auth_type = REMMINA_SSH_AUTH_PKPASSPHRASE;
 		break;
 	case SSH_AUTH_GSSAPI:
 		keyname = _("SSH Kerberos/GSSAPI");
-		pwdtype = "kerberos_token";
+		pwdfkey = ssh->is_tunnel ? "ssh_tunnel_kerberos_token" : "ssh_kerberos_token";
+		remmina_ssh_auth_type = REMMINA_SSH_AUTH_KRBTOKEN;
 		break;
 	default:
 		return FALSE;
 	}
 	/* Try empty password or existing password/passphrase first */
-	ret = remmina_ssh_auth(ssh, remmina_file_get_string(remminafile, pwdtype), gp, remminafile);
+	ret = remmina_ssh_auth(ssh, remmina_file_get_string(remminafile, pwdfkey), gp, remminafile);
 	if (ret > 0) return 1;
 
 	/* Requested for a non-empty password */
@@ -580,75 +585,55 @@ remmina_ssh_auth_gui(RemminaSSH *ssh, RemminaProtocolWidget *gp, RemminaFile *re
 
 		disablepasswordstoring = remmina_file_get_int(remminafile, "disablepasswordstoring", FALSE);
 
-		if (g_strcmp0(pwdtype, "ssh_passphrase") == 0) {
+		if (remmina_ssh_auth_type == REMMINA_SSH_AUTH_PKPASSPHRASE) {
 			ret = remmina_protocol_widget_panel_auth(gp,
 					(disablepasswordstoring ? 0 :
 					 REMMINA_MESSAGE_PANEL_FLAG_SAVEPASSWORD),
-					_("SSH credentials"), NULL,
-					remmina_file_get_string(remminafile, "ssh_passphrase"),
+					ssh->is_tunnel ? _("SSH tunnel credentials") : _("SSH credentials"), NULL,
+					remmina_file_get_string(remminafile, pwdfkey),
 					NULL,
 					_("SSH private key passphrase"));
 			if (ret == GTK_RESPONSE_OK) {
 				pwd = remmina_protocol_widget_get_password(gp);
 				save_password = remmina_protocol_widget_get_savepassword(gp);
 				if (save_password)
-					remmina_file_set_string(remminafile, "ssh_passphrase", pwd);
+					remmina_file_set_string(remminafile, pwdfkey, pwd);
 				else
-					remmina_file_set_string(remminafile, "ssh_passphrase", NULL);
+					remmina_file_set_string(remminafile, pwdfkey, NULL);
 				g_free(pwd);
 			} else {
 				return -1;
 			}
-		} else if (g_strcmp0(pwdtype, "ssh_password") == 0) {
+		} else if (remmina_ssh_auth_type == REMMINA_SSH_AUTH_PASSWORD) {
 			ret = remmina_protocol_widget_panel_auth(gp,
 					(disablepasswordstoring ? 0 : REMMINA_MESSAGE_PANEL_FLAG_SAVEPASSWORD)
 					| REMMINA_MESSAGE_PANEL_FLAG_USERNAME,
-					_("SSH credentials"),
-					remmina_file_get_string(remminafile, "ssh_username"),
-					remmina_file_get_string(remminafile, "ssh_password"),
+					ssh->is_tunnel ? _("SSH tunnel credentials") : _("SSH credentials"),
+					remmina_file_get_string(remminafile, ssh->is_tunnel ? "ssh_tunnel_username" : "username"),
+					remmina_file_get_string(remminafile, pwdfkey),
 					NULL,
 					NULL);
 			if (ret == GTK_RESPONSE_OK) {
 				pwd = remmina_protocol_widget_get_username(gp);
-				remmina_file_set_string(remminafile, "ssh_username", pwd);
+				remmina_file_set_string(remminafile, ssh->is_tunnel ? "ssh_tunnel_username" : "username", pwd);
 				g_free(pwd);
 				pwd = remmina_protocol_widget_get_password(gp);
 				save_password = remmina_protocol_widget_get_savepassword(gp);
 				if (save_password)
-					remmina_file_set_string(remminafile, "ssh_password", pwd);
+					remmina_file_set_string(remminafile, pwdfkey, pwd);
 				else
-					remmina_file_set_string(remminafile, "ssh_password", NULL);
+					remmina_file_set_string(remminafile, pwdfkey, NULL);
 				g_free(pwd);
 			} else {
 				return -1;
 			}
 		} else {
-			/* ??? */
-			ret = remmina_protocol_widget_panel_auth(gp, (disablepasswordstoring ? 0 : REMMINA_MESSAGE_PANEL_FLAG_SAVEPASSWORD) | REMMINA_MESSAGE_PANEL_FLAG_USERNAME,
-								 _("SSH authentication"),
-								 remmina_file_get_string(remminafile, "Username"),
-								 remmina_file_get_string(remminafile, "Password"),
-								 NULL,
-								 NULL);
-			if (ret == GTK_RESPONSE_OK) {
-				pwd = remmina_protocol_widget_get_username(gp);
-				remmina_file_set_string(remminafile, "Username", pwd);
-				g_free(pwd);
-				pwd = remmina_protocol_widget_get_password(gp);
-				save_password = remmina_protocol_widget_get_savepassword(gp);
-				if (save_password)
-					remmina_file_set_string(remminafile, "Password", pwd);
-				else
-					remmina_file_set_string(remminafile, "Password", NULL);
-				g_free(pwd);
-			} else {
-				return -1;
-			}
+			g_print("Unimplemented.");
+			return -1;
 		}
 
-		pwd = remmina_protocol_widget_get_password(gp);
-		ret = remmina_ssh_auth(ssh, pwd, gp, remminafile);
-		g_free(pwd);
+		ret = remmina_ssh_auth(ssh, remmina_file_get_string(remminafile, pwdfkey), gp, remminafile);
+
 	}
 
 	if (ret <= 0) {
@@ -667,7 +652,7 @@ remmina_ssh_log_callback(ssh_session session, int priority, const char *message,
 }
 
 gboolean
-remmina_ssh_init_session(RemminaSSH *ssh)
+remmina_ssh_init_session(RemminaSSH *ssh, gboolean is_tunnel)
 {
 	TRACE_CALL(__func__);
 	gint verbosity;
@@ -801,12 +786,11 @@ remmina_ssh_init_session(RemminaSSH *ssh)
 }
 
 gboolean
-remmina_ssh_init_from_file(RemminaSSH *ssh, RemminaFile *remminafile)
+remmina_ssh_init_from_file(RemminaSSH *ssh, RemminaFile *remminafile, gboolean is_tunnel)
 {
 	TRACE_CALL(__func__);
-	const gchar *ssh_server;
-	const gchar *ssh_username;
-	const gchar *ssh_privatekey;
+	const gchar *username;
+	const gchar *privatekey;
 	const gchar *server;
 	gchar *s;
 
@@ -815,15 +799,15 @@ remmina_ssh_init_from_file(RemminaSSH *ssh, RemminaFile *remminafile)
 	ssh->authenticated = FALSE;
 	ssh->error = NULL;
 	ssh->passphrase = NULL;
+	ssh->is_tunnel = is_tunnel;
 	pthread_mutex_init(&ssh->ssh_mutex, NULL);
 
 	/* Parse the address and port */
-	ssh_server = remmina_file_get_string(remminafile, "ssh_server");
-	ssh_username = remmina_file_get_string(remminafile, "ssh_username");
-	ssh_privatekey = remmina_file_get_string(remminafile, "ssh_privatekey");
-	server = remmina_file_get_string(remminafile, "server");
-	if (ssh_server) {
-		remmina_public_get_server_port(ssh_server, 22, &ssh->server, &ssh->port);
+	server = remmina_file_get_string(remminafile, is_tunnel ? "ssh_tunnel_server" : "server");
+	username = remmina_file_get_string(remminafile, is_tunnel ? "ssh_tunnel_username" : "username");
+	privatekey = remmina_file_get_string(remminafile, is_tunnel ? "ssh_tunnel_privatekey" : "ssh_privatekey");
+	if (server) {
+		remmina_public_get_server_port(server, 22, &ssh->server, &ssh->port);
 		if (ssh->server[0] == '\0') {
 			g_free(ssh->server);
 			remmina_public_get_server_port(server, 0, &ssh->server, NULL);
@@ -836,20 +820,20 @@ remmina_ssh_init_from_file(RemminaSSH *ssh, RemminaFile *remminafile)
 		ssh->port = 22;
 	}
 
-	ssh->user = g_strdup(ssh_username ? ssh_username : g_get_user_name());
+	ssh->user = g_strdup(username ? username : g_get_user_name());
 	ssh->password = NULL;
-	ssh->auth = remmina_file_get_int(remminafile, "ssh_auth", 0);
+	ssh->auth = remmina_file_get_int(remminafile, is_tunnel ? "ssh_tunnel_auth" : "ssh_auth", 0);
 	ssh->charset = g_strdup(remmina_file_get_string(remminafile, "ssh_charset"));
-	ssh->kex_algorithms = g_strdup(remmina_file_get_string(remminafile, "ssh_kex_algorithms"));
-	ssh->ciphers = g_strdup(remmina_file_get_string(remminafile, "ssh_ciphers"));
-	ssh->hostkeytypes = g_strdup(remmina_file_get_string(remminafile, "ssh_hostkeytypes"));
-	ssh->proxycommand = g_strdup(remmina_file_get_string(remminafile, "ssh_proxycommand"));
-	ssh->stricthostkeycheck = remmina_file_get_int(remminafile, "ssh_stricthostkeycheck", 0);
-	gint c = remmina_file_get_int(remminafile, "ssh_compression", 0);
+	ssh->kex_algorithms = g_strdup(remmina_file_get_string(remminafile, is_tunnel ? "ssh_tunnel_kex_algorithms" : "ssh_kex_algorithms"));
+	ssh->ciphers = g_strdup(remmina_file_get_string(remminafile, is_tunnel ? "ssh_tunnel_ciphers" : "ssh_ciphers"));
+	ssh->hostkeytypes = g_strdup(remmina_file_get_string(remminafile, is_tunnel ? "ssh_tunnel_hostkeytypes" : "ssh_hostkeytypes"));
+	ssh->proxycommand = g_strdup(remmina_file_get_string(remminafile, is_tunnel ? "ssh_tunnel_proxycommand" : "ssh_proxycommand"));
+	ssh->stricthostkeycheck = remmina_file_get_int(remminafile, is_tunnel ? "ssh_tunnel_stricthostkeycheck" : "ssh_stricthostkeycheck", 0);
+	gint c = remmina_file_get_int(remminafile, is_tunnel ? "ssh_tunnel_compression" : "ssh_compression", 0);
 	ssh->compression = (c == 1) ? "yes" : "no";
 
 	/* Public/Private keys */
-	s = (ssh_privatekey ? g_strdup(ssh_privatekey) : remmina_ssh_find_identity());
+	s = (privatekey ? g_strdup(privatekey) : remmina_ssh_find_identity());
 	if (s) {
 		ssh->privkeyfile = remmina_ssh_identity_path(s);
 		g_free(s);
@@ -869,6 +853,7 @@ remmina_ssh_init_from_ssh(RemminaSSH *ssh, const RemminaSSH *ssh_src)
 	ssh->error = NULL;
 	pthread_mutex_init(&ssh->ssh_mutex, NULL);
 
+	ssh->is_tunnel = ssh_src->is_tunnel;
 	ssh->server = g_strdup(ssh_src->server);
 	ssh->port = ssh_src->port;
 	ssh->user = g_strdup(ssh_src->user);
@@ -969,7 +954,7 @@ remmina_ssh_tunnel_new_from_file(RemminaFile *remminafile)
 
 	tunnel = g_new(RemminaSSHTunnel, 1);
 
-	remmina_ssh_init_from_file(REMMINA_SSH(tunnel), remminafile);
+	remmina_ssh_init_from_file(REMMINA_SSH(tunnel), remminafile, TRUE);
 
 	tunnel->tunnel_type = -1;
 	tunnel->channels = NULL;
@@ -1659,7 +1644,7 @@ remmina_sftp_new_from_file(RemminaFile *remminafile)
 
 	sftp = g_new(RemminaSFTP, 1);
 
-	remmina_ssh_init_from_file(REMMINA_SSH(sftp), remminafile);
+	remmina_ssh_init_from_file(REMMINA_SSH(sftp), remminafile, FALSE);
 
 	sftp->sftp_sess = NULL;
 
@@ -1721,7 +1706,7 @@ remmina_ssh_shell_new_from_file(RemminaFile *remminafile)
 
 	shell = g_new0(RemminaSSHShell, 1);
 
-	remmina_ssh_init_from_file(REMMINA_SSH(shell), remminafile);
+	remmina_ssh_init_from_file(REMMINA_SSH(shell), remminafile, FALSE);
 
 	shell->master = -1;
 	shell->slave = -1;
diff --git a/src/remmina_ssh.h b/src/remmina_ssh.h
index d0a947f62..8967db0d5 100644
--- a/src/remmina_ssh.h
+++ b/src/remmina_ssh.h
@@ -81,6 +81,9 @@ typedef struct _RemminaSSH {
 	pthread_mutex_t ssh_mutex;
 
 	gchar *		passphrase;
+
+	gboolean	is_tunnel;
+
 } RemminaSSH;
 
 gchar *remmina_ssh_identity_path(const gchar *id);
@@ -89,10 +92,10 @@ gchar *remmina_ssh_identity_path(const gchar *id);
 gchar *remmina_ssh_find_identity(void);
 
 /* Initialize the ssh object */
-gboolean remmina_ssh_init_from_file(RemminaSSH *ssh, RemminaFile *remminafile);
+gboolean remmina_ssh_init_from_file(RemminaSSH *ssh, RemminaFile *remminafile, gboolean is_tunnel);
 
 /* Initialize the SSH session */
-gboolean remmina_ssh_init_session(RemminaSSH *ssh);
+gboolean remmina_ssh_init_session(RemminaSSH *ssh, gboolean is_tunnel);
 
 /* Authenticate SSH session */
 /* -1: Require password; 0: Failed; 1: Succeeded */
diff --git a/src/remmina_ssh_plugin.c b/src/remmina_ssh_plugin.c
index 16b157942..5608d3631 100644
--- a/src/remmina_ssh_plugin.c
+++ b/src/remmina_ssh_plugin.c
@@ -227,19 +227,14 @@ remmina_plugin_ssh_main_thread(gpointer data)
 	RemminaSSHShell *shell = NULL;
 	gboolean cont = FALSE;
 	gint ret;
-	const gchar *saveserver;
-	const gchar *saveusername;
 	gchar *hostport;
-	gchar tunneluser[33];           /**< On Linux a username can have a 32 char length */
-	gchar tunnelserver[256];        /**< On Linux a servername can have a 255 char length */
-	gchar tunnelport[6];            /**< A TCP port can have a maximum value of 65535 */
 	gchar *host;
 	gint port;
 
 	pthread_setcancelstate(PTHREAD_CANCEL_ENABLE, NULL);
 	CANCEL_ASYNC
 
-		gpdata = GET_PLUGIN_DATA(gp);
+	gpdata = GET_PLUGIN_DATA(gp);
 
 	/**
 	 * remmina_plugin_service->protocol_plugin_start_direct_tunnel start the
@@ -249,62 +244,32 @@ remmina_plugin_ssh_main_thread(gpointer data)
 	 *
 	 **/
 	remminafile = remmina_plugin_service->protocol_plugin_get_file(gp);
-	/* We save the SSH server name, so that we can restore it at the end of the connection */
-	saveserver = remmina_plugin_service->file_get_string(remminafile, "ssh_server");
-	remmina_plugin_service->file_set_string(remminafile, "save_ssh_server", g_strdup(saveserver));
-	/* We save the SSH username, so that we can restore it at the end of the connection */
-	saveusername = remmina_plugin_service->file_get_string(remminafile, "ssh_username");
-	remmina_plugin_service->file_set_string(remminafile, "save_ssh_username", g_strdup(saveusername));
-
-	if (saveserver) {
-		/** if the server string contains the character @ we extract the user
-		 * and the server string (host:port)
-		 **/
-		if (strchr(saveserver, '@')) {
-			sscanf(saveserver, "%[_a-zA-Z0-9.]@%[_a-zA-Z0-9.]:%[0-9]",
-			       tunneluser, tunnelserver, tunnelport);
-			g_debug("Username: %s, tunneluser: %s\n",
-				remmina_plugin_service->file_get_string(remminafile, "ssh_username"), tunneluser);
-			if (saveusername != NULL && tunneluser[0] != '\0')
-				remmina_plugin_service->file_set_string(remminafile, "ssh_username", NULL);
-			remmina_plugin_service->file_set_string(remminafile, "ssh_username",
-								g_strdup(tunneluser));
-			remmina_plugin_service->file_set_string(remminafile, "ssh_server",
-								g_strconcat(tunnelserver, ":", tunnelport, NULL));
-		}
-	}
-	g_debug ("Trying to initiate SSH tunnel…");
+
+	// Optionally start the SSH tunnel
 	hostport = remmina_plugin_service->protocol_plugin_start_direct_tunnel(gp, 22, FALSE);
-	g_debug ("Tunnel started on %s", hostport);
-	/* We restore the SSH username as the tunnel is set */
-	remmina_plugin_service->file_set_string(remminafile, "ssh_username", g_strdup(saveusername));
-	remmina_plugin_service->file_set_string(remminafile, "ssh_server", g_strdup(saveserver));
 	if (hostport == NULL)
 		return FALSE;
+
+	g_debug ("Tunnel started on %s", hostport);
 	remmina_plugin_service->get_server_port(hostport, 22, &host, &port);
 
 	ssh = g_object_get_data(G_OBJECT(gp), "user-data");
 	if (ssh) {
 		/* Create SSH shell connection based on existing SSH session */
 		shell = remmina_ssh_shell_new_from_ssh(ssh);
-		if (remmina_ssh_init_session(REMMINA_SSH(shell)) &&
+		if (remmina_ssh_init_session(REMMINA_SSH(shell), FALSE) &&
 		    remmina_ssh_auth(REMMINA_SSH(shell), NULL, gp, remminafile) > 0 &&
 		    remmina_ssh_shell_open(shell, (RemminaSSHExitFunc)
 					   remmina_plugin_service->protocol_plugin_signal_connection_closed, gp))
 			cont = TRUE;
 	} else {
 		/* New SSH Shell connection */
-		if (remmina_plugin_service->file_get_int(remminafile, "ssh_enabled", FALSE))
-			remmina_plugin_service->file_set_string(remminafile, "ssh_server", g_strdup(hostport));
-		else
-			remmina_plugin_service->file_set_string(remminafile, "ssh_server",
-								remmina_plugin_service->file_get_string(remminafile, "save_ssh_server"));
 		g_free(hostport);
 		g_free(host);
 
 		shell = remmina_ssh_shell_new_from_file(remminafile);
 		while (1) {
-			if (!remmina_ssh_init_session(REMMINA_SSH(shell))) {
+			if (!remmina_ssh_init_session(REMMINA_SSH(shell), FALSE)) {
 				remmina_plugin_service->protocol_plugin_set_error(gp, "%s", REMMINA_SSH(shell)->error);
 				break;
 			}
@@ -324,9 +289,6 @@ remmina_plugin_ssh_main_thread(gpointer data)
 			break;
 		}
 
-		/* We restore the ssh_server name */
-		remmina_plugin_service->file_set_string(remminafile, "ssh_server",
-							remmina_plugin_service->file_get_string(remminafile, "save_ssh_server"));
 	}
 	if (!cont) {
 		if (shell) remmina_ssh_shell_free(shell);
@@ -1053,7 +1015,7 @@ static RemminaProtocolFeature remmina_plugin_ssh_features[] =
  */
 static const RemminaProtocolSetting remmina_ssh_basic_settings[] =
 {
-	{ REMMINA_PROTOCOL_SETTING_TYPE_SERVER,	  "ssh_server",	    NULL,			  FALSE, "_ssh._tcp", NULL },
+	{ REMMINA_PROTOCOL_SETTING_TYPE_SERVER,	  "server",	    NULL,			  FALSE, "_ssh._tcp", NULL },
 	{ REMMINA_PROTOCOL_SETTING_TYPE_TEXT,	  "username",   N_("Username"),		  FALSE, NULL,	      NULL },
 	{ REMMINA_PROTOCOL_SETTING_TYPE_PASSWORD, "password",   N_("User password"),	  FALSE, NULL,	      NULL },
 	{ REMMINA_PROTOCOL_SETTING_TYPE_SELECT,	  "ssh_auth",	    N_("Authentication type"),	  FALSE, ssh_auth,    NULL },