asp:review

Pragma SecureShell 3.0

By Michael Riley

In a world where not every server is a MicrosoftOS-controlled machine, different secure methods of man-to-machine command-lineinteraction have been developed. The most prominent of these in the Unix worldis the Secure Shell, better known as SSH. SSH was developed by a commercialcompany, but its widespread adoption really took off in the Unix/Linux worldwhen it was ported to the open-source OpenSSH implementation. Given theclear-text vulnerabilities of Telnet, SSH quickly replaced the unsecure Telnetclient as the de facto standard for accessing the command-line remotely onUnix-based platforms.

Although Microsoft could have recognized SSH's dominance,it failed to do so with the release of its Windows Services for Unix 3.0, whichstill ships with the paltry Telnet server. Enter Pragma systems, a company that- like many other Microsoft software partners - identified the gap and filledit with its Win32-native solution. Unlike the free, open-source SSH daemon thatships with the Cygwin (http://www.cygwin.com)solution, Pragma's SecureShell 3.0 product is built specifically for Windows -meaning it is designed to be multithreaded and, more importantly, does not requirethe installation of a large emulation library that might create administrativelabor. Unlike the Cygwin approach, however, Pragma's version is most definitelynot free. In fact, it's downright costly. This fact alone might drive away manypotential customers opting instead for the Cygwin version for small internalproject needs. Yet for those large enterprise customers seeking SSH access toWindows 2000/XP servers, Pragma provides the correct, albeit expensive, path tothe solution.

Pragma's version implements several key features. First,it can support simultaneously both the older and considerably less secure level1 protocol as well as the government-standard Advanced Encryption Standard(AES)-enabled level 2 protocol. Pragma's SSH2 implementation also supports DES,Triple DES, Blowfish, Arcfour, Cast128, and AES 128, 192, and 256. Second,administrators will appreciate its automatic, secure key generation during theinstallation process. Pragma naturally includes a key-generation program thatcan be invoked after installation for new key pairs, but it's nice to know thatPragma has taken the extra step to ensure secure measures were enacted beforethe newly installed SSH service (yes, Pragma's solution runs as a WindowsService) was even started. Another feature administrators will appreciate isits servers' integration with Windows User Authentication - no need toestablish a separate Access Control List (ACL).

The inclusion of a standalone Session Manager to monitorconnected clients is also a key product differentiator. Finally, the ability toforward incoming requests easily to different ports can make the product partof a powerful VPN solution. For example, you can set up secure port forwardingcan to connect external SSH clients to programs running on different internalmachines. This is done by running the SSH server in a DMZ, then forwardingrequests to identified server resources such as internal e-mail or file orstorage servers once the client is authenticated. The product's manual describesseveral of these scenarios in detail.

Keep in mind that Pragma's solution includes only the ssh,scp (secure copy), and sftp (secure FTP) client and server support. Onceconnected to a Pragma-enabled secure server, the system's administrator stillmust provide whatever other command-line applications logged-in users canaccess. By default, connected users see the "c:\" prompt, though the server'sconfiguration manager can deposit incoming users into any directory uponconnection. But unless that client is versed in NT-specific command-line syntaxfor access to the event log, performance and network monitor, and so on, mostSSH servers probably will have at least a few command-line apps to help outlogged-in users.

Pragma's SecureShell 3.0 delivers what it promises, butits price could keep all but the most sophisticated and well-funded Microsoftserver shops from buying it.

asp:factfile

Rating: ???

Web Site: http://www.pragmasys.com/SecureShell/

Price: Startsat US$599