What is the ssh-broker-cli process that gets started when using sshg3/sftpg3/scpg3?

ssh-broker-cli is the process for the Tectia Connection Broker.

As of versions 5.0 and newer of Tectia the Connection Broker handles all of the SSH protocol and cryptographic operations for the client components (the terminal client on windows and command line tools such as sshg3, scpg3, sftpg3).

If the Connection Broker is not already running launching a client component (such as sshg3) will in turn launch the ssh-broker-cli process in on demand mode. If running on demand the broker process will remain running as long as there are clients using it and exit 10 seconds after the last client has disconnected.

Any additional clients (such as other sshg3 instances or scpg3/sftpg3) that are launched for the same user while the broker is running will use the existing broker process instead of launching a new one and will re-use existing connections (without requiring to authenticate again).

On Windows, the Connection Broker is launched on user login. On Unix it can also be started directly by running:

$ ssh-broker-g3

In this case the broker will run on daemon mode, which means that it will remain running until it is explicitly stopped.

It's important to note that the Connection Broker is per-user. That is each user will have an ssh-broker-cli process running that will centrally handle connections for clients of that particular user.

From the client documentation:

The Connection Broker is a key component in the SSH G3 architecture, handling all protocol and cryptographic operations. Client-side memory consumption is reduced since there needs to be only a single Connection Broker instance running per user. Security is also further improved by isolating all security-critical operations including authentication data handling in a single component.