Secure Shell software

In our test of SSH Communications Security's Tectia 4.0 - its upgraded Secure Shell client and server combination - we found it is easy to use; provides convenient, restartable file transfers; and offers more GUI features than competing commercial and open source SSH implementations.

Tectia 4.0 also supports a variety of port-forwarding schemes that let you set a VPN-like tunnel to your managed machines.

On the downside, some of the authentication options were very difficult to configure and use.

The SSH code - developed by SSH Communications in 1995 - provides console (or 'shell') communications between a network device and a local PC over the Internet, using cryptographic techniques to secure user authentication processes and data traffic flow between the machines. Tectia 4.0, announced in October and released in December, supports the current version of the protocol, SSH 2, and the older SSH 1.

We tested Tectia 4.0 client and server versions for Windows and Linux (see How we did it.) SSH Communications also offers Tectia Connector, a product that supports application tunneling, and Tectia Manager, software for managing distributed Tectia client/server installations.

Installation of Tectia 4.0 on Windows systems was straightforward. But the software was more difficult to get running on Red Hat Advanced Server because you have to uninstall OpenSSH to run Tectia.

The documentation was accurate and plentiful, and gave solid information about the core functions overall, but the parts pertaining to the new features were a bit sloppy. For example, while the documentation suggests that the product supports IPv6, the vendor does not recommend it for production environments.

You manage Tectia servers like any other Unix/Linux Daemon or Windows service. On Unix, the Tectia code generates syslog messages so you can track procedures such as user logons or logon failures. In Windows, the Tectia server generates messages to the Windows Event Log. The servers emit messages when the configuration changes, which could become a problem when strict change controls are required.

Tectia 4.0 provides a Windows GUI-based file transfer tool so you don't need to run a command-line application to perform SSH file transfers. This improves its ease of use over previous versions.

Previous versions of the product let you set up SSH tunnels as an alternative to IPSec VPNs. Tectia 4.0 makes this much easier to use. The client can be configured in a "port forward only" mode so you can deploy it to desktops with minimal user configuration. It also supports Socks, a connection proxy mechanism that browsers and e-mail clients use, which makes it much easier to configure other software on the client system to support SSH port forwarding.

Tectia 4.0 supports several cryptographic algorithms, including Advanced Encryption Standard (AES), the current algorithm of choice for encrypting data; Triple-DES, Arcfour (RC-4) and others. SSH Communications also addresses the current IETF work to standardize the SSH protocol, with support for keyboard-interactive authentication (a new mechanism designed to support future interactive user-authentication mechanisms), Generic Security Services API (GSS-API) used for Active directory authentication, and X.509 digital certificates.