The Secure Shell protocol, which lets Unid administrators remotely manage systems while copying data securely and quite easily across potentially hostile networks, has now graduated to managing Windows NT/2000. Up until recently, Windows NT was difficult to manage remotely. Windows administrators were usually limited to the use of standard Windows file sharing, FTP or proprietary tools for transferring files. Solutions were seldom good and were usually insecure.
Now, however, thanks to SSH Secure Shell for Windows Server, Windows bundles SSHD as a commercial offering. SSH Secure Shell for Windows Servers is a single package that supports SSH versions 2 (not version 1, however), SFTP or Secure File Transfer protocol, and SCP or Secure Copy. This is a far cry from the unsupported Cygwin port of the Unix package. Although that worked, it was not commercially supported.
Installing the SSH server for Windows can be done in just minutes and the entire distribution is less than 3 MB. SSH server for Windows installs the SSH server process as a standard service letting you control it from the command line or from the standard services component of the Windows Control Panel. You can fine-tune its configuration even though it runs well enough right out of the box. If you are familiar with the Unix ssh2-config configuration file, you can open and edit it manually in Notepad. However, if you prefer a GUI, SSH Communications Security has built in a great configuration
Requires Free Membership to View
When you register, my team of editors will also send you the latest expert resources covering pertinent IT topics such as Windows server backup and recovery, server administration, storage management, infrastructure security, virtualization, Hyper-V, Active Directory and Group Policy.
Cathleen A. Gagne, Senior Editorial Director
interface that should take care of any customization you want. Administrators can
control port forwarding, time-out values, user permissions or restrictions, encryption algorithms,
encryption keys, and other features.
There are two primary components, the first being secure, remote command-line administration. You can use a standard SSH client (Windows or Unix) to remotely access the Windows system and authenticate using native NT/2000 based accounts. The second component that administrators will like is the use of standards-based secure file transfer protocols, such as SFTP and SCP. Although native Windows file sharing could be an acceptable solution for internal file copying needs, what if you have to copy these files between Windows and Unix? Native FTP has been the solution because of its availability on multiple platforms and because of its ease of use. Unfortunately, FTP lacks encryption abilities. However, SFTP and SCP offer a standards-based cross-platform mechanism to move files securely across hostile territory.
The only possible drawback with SSH is that the default configuration makes it possible for all domain users to log in and gain shell-level access to servers. You should be certain to restrict logins based on user names and host addresses.
Barrie Sosinsky (barries@killerapps.com)is president of consulting company Sosinsky and Associates (Medfield MA). He has written extensively on a variety of computer topics. His company specializes in custom software (database and Web related), training and technical documentation.
This was first published in November 2001