Pragma SecureShell 3.0

Rating:

(0)

Michael Riley

DevProConnections

InstantDoc ID #123790

asp:review

Pragma SecureShell 3.0

By Michael Riley

In a world where not every server is a Microsoft OS-controlled machine, different secure methods of man-to-machine command-line interaction have been developed. The most prominent of these in the Unix world is the Secure Shell, better known as SSH. SSH was developed by a commercial company, but its widespread adoption really took off in the Unix/Linux world when it was ported to the open-source OpenSSH implementation. Given the clear-text vulnerabilities of Telnet, SSH quickly replaced the unsecure Telnet client as the de facto standard for accessing the command-line remotely on Unix-based platforms.

Although Microsoft could have recognized SSH's dominance, it failed to do so with the release of its Windows Services for Unix 3.0, which still ships with the paltry Telnet server. Enter Pragma systems, a company that - like many other Microsoft software partners - identified the gap and filled it with its Win32-native solution. Unlike the free, open-source SSH daemon that ships with the Cygwin (http://www.cygwin.com) solution, Pragma's SecureShell 3.0 product is built specifically for Windows - meaning it is designed to be multithreaded and, more importantly, does not require the installation of a large emulation library that might create administrative labor. Unlike the Cygwin approach, however, Pragma's version is most definitely not free. In fact, it's downright costly. This fact alone might drive away many potential customers opting instead for the Cygwin version for small internal project needs. Yet for those large enterprise customers seeking SSH access to Windows 2000/XP servers, Pragma provides the correct, albeit expensive, path to the solution.

Pragma's version implements several key features. First, it can support simultaneously both the older and considerably less secure level 1 protocol as well as the government-standard Advanced Encryption Standard (AES)-enabled level 2 protocol. Pragma's SSH2 implementation also supports DES, Triple DES, Blowfish, Arcfour, Cast128, and AES 128, 192, and 256. Second, administrators will appreciate its automatic, secure key generation during the installation process. Pragma naturally includes a key-generation program that can be invoked after installation for new key pairs, but it's nice to know that Pragma has taken the extra step to ensure secure measures were enacted before the newly installed SSH service (yes, Pragma's solution runs as a Windows Service) was even started. Another feature administrators will appreciate is its servers' integration with Windows User Authentication - no need to establish a separate Access Control List (ACL).

The inclusion of a standalone Session Manager to monitor connected clients is also a key product differentiator. Finally, the ability to forward incoming requests easily to different ports can make the product part of a powerful VPN solution. For example, you can set up secure port forwarding can to connect external SSH clients to programs running on different internal machines. This is done by running the SSH server in a DMZ, then forwarding requests to identified server resources such as internal e-mail or file or storage servers once the client is authenticated. The product's manual describes several of these scenarios in detail.

Keep in mind that Pragma's solution includes only the ssh, scp (secure copy), and sftp (secure FTP) client and server support. Once connected to a Pragma-enabled secure server, the system's administrator still must provide whatever other command-line applications logged-in users can access. By default, connected users see the "c:\" prompt, though the server's configuration manager can deposit incoming users into any directory upon connection. But unless that client is versed in NT-specific command-line syntax for access to the event log, performance and network monitor, and so on, most SSH servers probably will have at least a few command-line apps to help out logged-in users.

Pragma's SecureShell 3.0 delivers what it promises, but its price could keep all but the most sophisticated and well-funded Microsoft server shops from buying it.