SSH Hardens the Secure Shell

There can hardly be an IT administrator today that has not used SSH to log into a remote server.

SSH Communications Security, the company that originally developed the SSH protocol , has now upped the ante with a pair of new solutions aimed at the enterprise market.

SSH, typically in the form of the open source OpenSSH application, is widely deployed in nearly every UNIX and/or Linux variant in existence today, though SSH Communications Security claims its SSH implementation is the only one that is enterprise-grade.

The newly announced SSH Tectia client/server solution 5.0 and SSH Tectia Manager 2.0 will work in UNIX, Linux, Windows and IBM mainframe environments and enables secure file transfer, application connectivity and system administration capabilities.

SSH Tectia client/server solution 5.0 is based on the latest SSH G3
protocol, which is the third generation of SSH and boasts of faster
encryption throughput than its predecessors. SSH G3 is actually a re-write
of the SSH Tectia codebase and is supposed to reduce latency and put
less burden on the overall system. SSH Tectia with G3 technology has
incorporated the Cryptico Crypicore algorithm based on the Rabbit Stream
Cipher. Overall, SSH Tectia claims the speed is two to eight times faster than its predecessors depending on the OS and file size when using SFTP.

“We started to look at this when several large financial institutions
came to us because of their acquisitions,”
Byron Rashed, senior marketing communications manager of SSH Communications
Security, told “The file size dramatically increased and
the need for speed in Secure File Transfer was now a business challenge to
them due to the cut-off times of sending this data from branches to the main
data center and then to the Fed.”

“Speed has always been an issue with customers, and this technology
solves that concern,” Rashed said.

SSH Tectia vs. openSSH

SSH Communications Security founder Tatu Ylonen wrote the
original SSH protocol in 1995. In 1999 the OpenSSH project
was started as a cleanup of the SSH 1.2.12 code which was the last free
version of Tatu Ylonen’s code.

SSH Tectia’s current code is not open source.

The first OpenSSH implementation of the SSH 2.0 protocol was released in
early 2000. OpenSSH claims that it has also,”led in the implementation of
proactive security techniques such as privilege separation and

“Free software community [members] were rapid adopters of OpenSSH, with most free
operating systems shipping OpenSSH within its first year of existence,”
OpenSSH developer Damien Miller wrote in a 2004 mailing list post
celebrating the fifth anniversary of the project’s creation. “Over the last
five years, OpenSSH has become the most widely used SSH protocol
implementation (by a large margin) and has been included in products from
major vendors including IBM, Apple, HP, Sun, Cisco and NetScreen. Today,
OpenSSH runs on everything from mobile phones to Cray supercomputers.”

“In providing a free, popular and easy to use secure login and command
execution protocol OpenSSH has been instrumental in speeding the deprecation
of insecure protocols like telnet and rlogin,” Miller wrote.

OpenSSH released its latest version 4.2 at the beginning of September
calling it a ” 100 percent complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.”

SSH Communications however doesn’t see its open source cousin as

“One thing to remember is that OpenSSH is basically a utility,” SSH’s
Byron Rashed explained. “Many vendors use it because it is free and they can
use it without a license, so the number of users for remote access is quite
large, but it does not provide very good SFTP or application connectivity

Rashed argues that SSH Tectia is an enterprise-class security solution
with robust features such as a management system to manage the SSH Tectia
environment (SSH Tectia Manager), a FIPS 140-2 certified crypto algorithm
(OpenSSH cannot be FIPS certified), and supports all the major platforms and
authentication methods.

Perhaps even more surprising, Rashed contends that OpenSSH has an 11:1
vulnerability ratio vs. SSH Tectia.

“OpenSSH also uses OpenSSL libraries and these must be updated as well,
opening up the possibilities of additional unknown vulnerabilities,” Rashed
said. “There is still some SSH1 codebase used in OpenSSH while SSH Tectia
(and the predecessor SSH Secure Shell) uses only the SSH2 base that was
written due to the vulnerabilities in SSH1 by SSH Communications Security
and adopted by the IETF.”

“Due to compliance regulations and security audits, more and more users have
now been mandated to use commercial SSH due to the liability and support
issues that enterprises can face,” Rashed said.

News Around the Web