Tectia 4.0 from SSH

SSH Communications Security’s Tectia 4.0, the company’s upgraded Secure Shell client and server combination, is easy to use; provides convenient, restartable file transfers; and offers more GUI features than competing commercial and open source SSH implementations.

Tectia 4.0 also supports a variety of port-forwarding schemes that let you set a VPN-like tunnel to your managed machines.

On the downside, some of the authentication options were very difficult to configure and use.

The SSH code – developed by SSH Communications in 1995 – provides console (or ‘shell’) communications between a network device and a local PC over the Internet, using cryptographic techniques to secure user authentication processes and data traffic flow between the machines. Tectia 4.0 supports the current version of the protocol, SSH 2, and the older SSH 1.

We tested Tectia 4.0 client and server versions for Windows and Linux. SSH Communications also offers Tectia Connector, a product that supports application tunneling, and Tectia Manager, software for managing distributed Tectia client/server installations.

Installation of Tectia 4.0 on Windows systems was straightforward. But the software was more difficult to get running on Red Hat Advanced Server because you have to uninstall OpenSSH to run Tectia.

You manage Tectia servers like any other Unix/Linux Daemon or Windows service. On Unix, the Tectia code generates syslog messages so you can track procedures such as user logons or logon failures. In Windows, the Tectia server generates messages to the Windows Event Log. The servers emit messages when the configuration changes, which could become a problem when strict change controls are required.

Tectia 4.0 provides a Windows GUI-based file transfer tool so you don’t need to run a command-line application to perform SSH file transfers. This improves its ease of use over previous versions.

Tectia 4.0 supports Advanced Encryption Standard (AES), the current algorithm of choice for encrypting data; Triple-DES, Arcfour (RC-4) and others. SSH Communications also addresses the current IETF work to standardize the SSH protocol, with support for keyboard-interactive authentication (a new mechanism designed to support future interactive user-authentication mechanisms), Generic Security Services API (GSS-API) used for Active directory authentication, and X.509 digital certificates.

SSH Communications offers an array of authentication options, from simple username/password all the way up to smart card digital certificates. The more sophisticated options are intended for use in situations where strong authentication is justified, such as medical systems, access to sensitive network equipment, traveling executives or military applications.

Overall, we concluded that Tectia 4.0 is a commercial-grade SSH implementation that offers the strong security features of the SSH protocol with a pretty rich set of authentication and usability features. It would be a good fit in environments where you have cross-platform (Windows, Unix, and network devices) SSH console access requirements.

For the full report, go to https://www.nwfusion.com/reviews/2004/0301revssh.html