Pragma FortressSSH is a full-featured secure shell server with these highlights:
Generic Security Service Application Programming Interface (GSSAPI)
GSSAPI is an industry wide standard to access various security authentication mechanisms in an environment without knowing how it is implemented in an operating system. GSSAPI is the accepted standard in SSH world to use Kerberos or NTLM for user authentication. This allows users to login to a system securely without having to provide a password. All SSH related standard documents, including GSSAPI use in SSH, can be found at the web site http://www.ietf.org/html.charters/secsh-charter.html
NTLM
NTLM, Windows NT LAN Manager, is Windows challenge/response authentication protocol for network access. The interactive user credentials are passed using an encrypted certificate calculation that proves the identity of the client to the server.
Certificate
Certificate support allows public keys to be used to validate users without entering a password. Users will copy their public keys to their profile directory on the server, allowing a check of the key before granting access.
Advanced Console
Allows history scroll back with the ability to run console application. Advanced Console screen mode is a combination of Pragma’s unique Stream mode and Full Console support.
Application Wrap
Application Wrap enables character or console based programs that have difficulty running in a telnet or terminal session to run on Windows.
Printing
Pragma Fortress supports printing across a ssh session to a printer connected to a ssh client or terminal. This allows ssh session print jobs to be sent back through to the client. Very useful for point-of-sale (POS) systems. The user prints with their application and the job will be sent back to the client and can then be routed to the local printer or any other printer accessible by the client application.
Any system beep run inside a Fortress SSH session will automatically pass to the client, causing the client to beep. A console beep can be sent to the client by turning off the ENABLE_PROCESSED_OUTPUT for the console.
Sample code in C:
GetConsoleMode( hOutput, &Mode );
Mode &= ~ENABLE_PROCESSED_OUTPUT;
SetConsoleMode( hOutput, Mode );
Selective Access
Restrict or grant access to a protocol. For example, allow SFTP access, without allowing SSH access, or allow only SCP access.
Run insecure protocols like SMTP, POP, TELNET etc to run over a secure ssh session. See Port Forwarding for more details.
RSA\DSA Cryptography
Uses proven reliable RSA\DSA cryptography. User can generate keys independent of client/server connection.
Data Compression
User can choose between nine levels of data compression.
Multiple Encryption Ciphers
DES, 3DES, Blowfish, CAST-128, Arcfour and new AES (Rijndael) encryption is supported. See Encryption for more details.
Secure File Transfer
Pragma FortressSSH environment includes secure file transfer capabilities. Two standards are defined for file transfers: SCP and SFTP. Scp is both a file copying server and client and uses ssh-sshd secure tunnel under the hood to securely copy files between systems. A sftp client program works similar to ftp client user interface and uploads or downloads files and directories from an sftp-server. SFTP also uses under the hood ssh client on the client side and sshd server on the server side to create the secure tunnel over which all data transfer and commands travel. Standard FTP can be piped through a SSH tunnel using the port forwarding feature. Pragma's FortressSSH package supports all of these file transfer features. See SFTP Server, sftp, scp, and Port Forwarding for more details
NET USE Cleanup
When a user ends the session, Pragma Fortress will automatically disconnect any network drives that were connected during the session. This is a configurable option, see NET USE Cleanup for more information.
Multiple User Configuration
Most of the session configurations can be specified on a per-user basis. As a possible security option, only configured users can be given access to the server.
Group Access Management and Configuration
Specify that only users of specific Windows groups be allowed telnet access. Session configuration can be assigned based on the group.
IP Address Filtering
Deny or Grant access to any configured InetD service by the client IP Address.
Graceful Termination of Applications
Specify how open processes started by the session should be handled when the session is dropped.
Service Logon
Give user information for any configured InetD service to launch a service as a specific user.
User Defined Command Shell
Customizable login-shell allowing UNIX-like shell or custom applications to be run when a ssh clients logs on. Initial directory set to the user’s home directory (if specified).
User Defined Login Script
A shell initializing program and/or login script can be run to setup the user’s environment.
User Environment Variables
Specify environment variables to be set up in the session.
Console Subsystem
Integration with console subsystem to provide users with easy command shell features, with up-arrow for last command, command editing, and function key support. This makes the remote user's session act as if they are typing the commands to a local command shell or program.
Console Application
Can run any console mode or text-mode program that can be run on Windows NT, including 16-bit DOS applications. Examples are EDIT, VI, EMACS, DEBUG, TREE, DIR, NETSTAT, NET, COMPILER, LINKER, FTP, and LYNX.
Multi-user support
Multiple users can log in simultaneously.
Dynamic Character Mapping
Pragma Fortress supports user defined character maps. This will improve the look of any session from any terminal, by assigning a new value to a character that is represented undesirably. See Dynamic Character Mapping for more information.
Session Logging
Pragma Fortress supports logging user sessions to a file. A text or HTML format file can be saved, to be viewed at another time. This will track user logon, logoff and all typing done by remote user. See Logging Options for more information.
Session Monitoring
This option opens a console window on the server for each telnet session so that an administrator can actually see what is going on in each telnet session. See Monitor Sessions for more information.
Optimized Screen Scraper Procedure
Improved full console screen handling. Increases speed of screen redraws and allows client size changes during a session. See Full Console Settings for more information.
User Defined Packet Size
Users may specify the largest packet size sent to the client. This optimizes the data transfer rate for connections on Modems to a T-1. See Full Console Settings for more information.
Slow Connection
There is an option for slow clients, like hand held clients, or slow connections. This will reduce redraw problems due to information being lost by slow clients. See Full Console Settings for more information.
GUIStart Application
Included with Pragma Fortress is a program to launch GUI applications on the server, without setting the “Allow service to Interact with Desktop” setting for InetD service. Ideal for remote execution of programs to be used by someone on the server.
Pragma Session Manager
Pragma Session Manager is a connection-oriented application to manage server connections. Information is refreshed automatically as soon as a session is established with the server. This can be used to logoff users from the server or any remote machine.
Error Message Handling
Both in the Event Log and also error messages displayed to the user.
Environment variables
PRAGMASYS_SSHD_PID identifies the process id of the sshd.exe of the current session.
PRAGMASYS_MODE identifies the console mode (stream/console), the ssh protocol (ssh1/ssh2), the encryption algorithm, and the authentication method of the current session.
PRAGMASYS_REMOTE_ADDR identifies the IP address of the client machine.
PRAGMASYS_INETD_SOCK identifies the session as a Pragma Systems server session.
Color
Full ANSI color support.
Gray Scale
4 level gray scale support for monochrome terminals.
Reverse Video
Enable the User Shell to run in reverse video, dark foreground on light background.
PC Keyboard
Multiple Terminal Emulation
ANSI, Digital VT100, VT220, VT320, VT420, and WYSE terminal support – Dynamic character mapping using the charmap.ini file
Windows User Authentication
Integration with Windows’ native security to allow user logon authentication via Windows’ user account database.
Variable Screen Size
Control C support
Control-C to abort a running program.