Tip

SSH server and Microsoft Windows

The Secure Shell protocol, which lets Unid administrators remotely manage systems while copying data securely and quite easily across potentially hostile networks, has now graduated to managing Windows NT/2000. Up until recently, Windows NT was difficult to manage remotely. Windows administrators were usually limited to the use of standard Windows file sharing, FTP or proprietary tools for transferring files. Solutions were seldom good and were usually insecure.

Now, however, thanks to SSH Secure Shell for Windows Server, Windows bundles SSHD as a commercial offering. SSH Secure Shell for Windows Servers is a single package that supports SSH versions 2 (not version 1, however), SFTP or Secure File Transfer protocol, and SCP or Secure Copy. This is a far cry from the unsupported Cygwin port of the Unix package. Although that worked, it was not commercially supported.

Installing the SSH server for Windows can be done in just minutes and the entire distribution is less than 3 MB. SSH server for Windows installs the SSH server process as a standard service letting you control it from the command line or from the standard services component of the Windows Control Panel. You can fine-tune its configuration even though it runs well enough right out of the box. If you are familiar with the Unix ssh2-config configuration file, you can open and edit it manually in Notepad. However, if you prefer a GUI, SSH Communications Security has built in a great configuration

    Requires Free Membership to View

interface that should take care of any customization you want. Administrators can control port forwarding, time-out values, user permissions or restrictions, encryption algorithms, encryption keys, and other features.

There are two primary components, the first being secure, remote command-line administration. You can use a standard SSH client (Windows or Unix) to remotely access the Windows system and authenticate using native NT/2000 based accounts. The second component that administrators will like is the use of standards-based secure file transfer protocols, such as SFTP and SCP. Although native Windows file sharing could be an acceptable solution for internal file copying needs, what if you have to copy these files between Windows and Unix? Native FTP has been the solution because of its availability on multiple platforms and because of its ease of use. Unfortunately, FTP lacks encryption abilities. However, SFTP and SCP offer a standards-based cross-platform mechanism to move files securely across hostile territory.

The only possible drawback with SSH is that the default configuration makes it possible for all domain users to log in and gain shell-level access to servers. You should be certain to restrict logins based on user names and host addresses.


Barrie Sosinsky (barries@killerapps.com)is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.


This was first published in November 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.