Secure communications with SSH, Part 2

A look at SSH Tectia, a suite of SSH products supported under Linux, AIX, Solaris, HP-UX and Windows.

Last week we began slicing and dicing a protocol called Secure Shell, which not only provides safe terminal access but also gives you secure file transfer, provides secure X connections and supports secure forwarding of arbitrary TCP connections. As we noted, SSH is the communications equivalent of a secure Swiss Army knife.

We concluded with the promise to discuss a commercial SSH implementation, and that is SSH Tectia from SSH Communications Security.

SSH Tectia is a suite of SSH products supported under Linux, AIX, Solaris, HP-UX and Windows. We must note as an aside that the publisher is a Finnish company and we can provide no advice on whether the product’s name should be pronounced “tekt-ee-ah” or “tek-tee-a” or “tek-shh.”

The heart of the SSH Tectia suite consists of the Tectia Server and Tectia Client products with three optional add-on products:

• Tectia Connector, which provides a transparent IP tunnel between a server and a client, and does not require reconfiguration of client applications.

• Tectia Certifier, a public-key infrastructure platform for issuing and managing digital certificates in service provider and enterprise environments.

• Tectia Manager, a management console that lets you enable, disable and modify the configuration and operation of all Tectia products in your organization.

We tried out the Tectia Server and Client under Windows 2003 and XP, respectively. Installation in both cases was fast and painless, and a wizard takes you through the public- and private-key generation process. (An interesting option for Windows servers is the ability to specify a program other than cmd.exe as the terminal provider application.)

The out-of-the-box defaults will provide a completely functional system but you will want to configure your SSH system, which leads you into a maze of authentication and encryption standards.

Be prepared to do some reading and research because, while the SSH Tectia documentation covers a lot of ground, there is a lot more security technology that isn’t explained.

The Tectia Client supports an IP tunneling/VPN feature that is pretty easy to set up. With the Tectia Client loaded you simply point your e-mail and FTP clients to talk to their respective servers at “localhost” (127.0.0.1). The Tectia Client now will proxy all requests to whatever destination server to which you are currently connected. Obviously if you plan to access multiple servers securely this is going to be a bit clumsy.

The Tectia Server and Client products default to using the SSH2 protocol we discussed last week but they also can work with SSH1. Both products are standards-based, which means they can interoperate with other products that “speak” SSH. For example, we used the PuTTY SSH freeware client with the Tectia Server without incident.

Let us digress for a moment to note that the PuTTY client is cool. It is an implementation of Telnet and SSH for Win32 and Unix platforms combined with an xterm terminal emulator.

PuTTY includes Plink, a command-line SSH implementation; PSCP, the PuTTY Secure Copy client, for secure file transfer over SSH1, and PSFTP, a version of PSCP for SSH2 connections; and finally Pageant, an SSH authentication agent that stores your decoded private keys in memory so you can use them without needing to enter the passphrase.

For casual use the PuTTY client and most other freeware and shareware SSH clients and servers are great, but the big advantage of the Tectia suite is its suitability for enterprise use – it provides centralized control and management that is vital if you are looking at large-scale deployments.

You can find a more comprehensive review of the Tectia SSH Server and Client here. We agree with the conclusions of this review: “Tectia 4.0 is a commercial-grade SSH implementation that offers the strong security features of the SSH protocol with a pretty rich set of authentication and usability features.”

Pricing for SSH Tectia is $119 for the Client, $549 for the Linux Tectia Server and $679 for the Windows Tectia Server. The Tectia Connector costs $149, and the starting price for the Tectia Manager is $14,500. The Tectia Certifier is priced on application. Also, note that the source code is provided with the Unix version.