The Internet and TCP/IP standard for doing the remote access are one of telnet, rsh, rexec or rlogin. But the flaws in them are that they are not secure as the password is sent in clear text and data is not encrypted. A hacker can simply sniff the data exchanges and pick the password up or look at data that may be sensitive. Secure shell puts an end to all of these security flaws. It introduces a single client (ssh) and a single server (sshd), which can authenticate users based on any of the means used in telnet(password), rsh, rexec(password) and rlogin. It does these securely by establishing a secure channel using public key cryptography and strong encryption. Once a secure channel is established, credentials like password and data can be sent without worry as they are all encrypted. Additionally, new authentication means like RSA/X.509 certificate, kerberos based schemes can be supported allowing even greater security in the system overall using Secure Shell. Further, with port forwarding feature of Secure Shell, software VPN tunnel is established between the ssh client and sshd server node over which non-secured TCP/IP applications like SMTP, POP, Telnet, ftp, X-windows, etc. can be run making them run securely without any change! All these capabilities make the users’ task easy and secured when Secure Shell is introduced in an organization. User’s can do the task they are used to, but do it with a proven cryptographic secured way.

Secure Shell is designed in TCP/IP client-server model. The Secure Shell Server (sshd) runs as a daemon in UNIX and as a service in Windows NT/2000, and listens for connection from ssh clients on TCP port 22. A Secure Shell Client (ssh) is run to connect to a given sshd server identified by the host name of the sshd server machine. The client and server exchange RSA certificates to identify each other and then establish a shared secret key dynamically and securely using RSA public key encryption. The new shared secret key is then used for encrypting all future data between the ssh and sshd nodes during that session. At this stage, since a secure pathway exists, password or other authentication information can be transferred safely for user authentication.

Once the user authentication is done, the sshd server typically provides the command shell of the operating system to the ssh client. Ssh client can type any command into this shell and get its output interactively. All input and output data are encrypted and optionally compressed during transit on the network. The session ends when a shell terminating command like “exit” or “logout” is typed on the ssh client. Thus ssh access works very much like telnet access. If you have used telnet, rsh, rexec or rlogin, you will be at ease using ssh.

Another important use of Secure Shell is to use an ssh-sshd session as a secure tunnel to pass data from non-secure protocols like SMTP, POP, FTP, etc. to make them run secure without any change. In this case ports of the protocols to be protected are forwarded via proxy and listed when a ssh session is started. In the command line of ssh, -L option is used to list protocol ports to be forwarded.

Secure Shell standard was created in 1995 by SSH Communications Security Ltd. of Finland. It is a widely used standard and available in most UNIX platforms for both clients and servers. Ssh clients are available for most operating systems including Windows 2000/NT/98/95/3.x and Macintosh. What was lacking was a Secure Shell server for Windows NT/2000 which Pragma Systems now brings to the market.

Pragma SecureShell 2000 is US$999.