SSH Secure Services on Windows 2K/XP? 270
jstockdale asks: "Lately I've been working on the security of the few Windows boxes I administer, specifically XP and 2000 stations. I havn't had much of a problem finding decent solutions for file/email/disk encryption (besides the fact that PGP is no longer selling their products), or for smartcard or smartcard+biometric solutions (besides the limitations on key size (2048-bit RSA maximum) and flexability). However when it comes to SSH services for remote administration, windows filesharing, and SFTP for file transfers I have hit a dead end. I have looked into SSH but their SSH for Windows Servers only runs on 2000, and costs $565. I ask what solutions have /.er's found in the realm of ssh network encryption, and also in integrating all these components simply and effectively."
CygWin (Score:2, Informative)
Re:CygWin (Score:2, Informative)
What I do is create a batch file called scmd [super command] that opens up a connection to localhost through ssh.
Then I just create an alias to my
Not to get too offtopic, but it's all great for running cron jobs. The AT scheduler is the worst.
when you are too lazy to hit google (Score:1)
Re:when you are too lazy to hit google (Score:5, Insightful)
Re:when you are too lazy to hit google (Score:3, Insightful)
Google search for "SSH Secure Services on Windows 2K" (cut and paste job from article title, leaving off
Result number ten is called "How to setup SSH service on an Windows NT\2000 system." [missouri.edu] using cygwin etc.
So there.
www.Cygwin.com (Score:3, Informative)
It has Open SSH 3.4p1-4 (Score:1)
I don't know if Cygwin opens other security holes in windows. Haven't heard anything about it.
It has Apache, MySQL, Postgres...
XFree86... bunch of stuff.
openssh via cygwin. (Score:2, Informative)
Re:openssh via cygwin. (Score:4, Insightful)
Putty (Score:2, Informative)
Re:Putty (Score:1)
Re:Putty (Score:2, Informative)
And he can get a fancy alpha-blended PuTTY here [daishar.com]. However, the way I understood it, he was asking for a server, not a client. PuTTY is only a client (ssh client, scp, sftp, etc).
OpenSSH - server and client (Score:2)
Tried VShell? (Score:5, Insightful)
Re:Tried VShell? (Score:5, Informative)
Re:Tried VShell? (Score:2, Informative)
Unless you work *real* cheap (Score:2, Insightful)
If you need what SSH provides, buy the damn thing and get it over with. You'd spend a helluva lot more than 10 hours getting something else working - or even just looking for something else.
Re:Unless you work *real* cheap (Score:2)
Re:He said it's for a server. NOT CLIENTS. (Score:2)
I personally work to support a network of thousands of Linux and Windows servers. Definitly more servers than clients owned by us.
Bitvise is nice and reasonably priced (Score:2, Informative)
Cygwin! (Score:1)
Putty ssh client (Score:1, Informative)
Errr.... (Score:1, Redundant)
Re:Errr.... (Score:2)
It's not very well known in the Windows world - seems to be something that us Unix folk load onto Windows machines to make them feel a little more like "home". I hope it gains more recognition by the Windows "mainstream" types, as it's one excellent bundle of useful apps.
Windows Programming: A related question (Score:2, Offtopic)
Same except for manpages. (Score:1)
Re:Same except for manpages. (Score:2)
Re:Windows Programming: A related question (Score:1)
Re:Windows Programming: A related question (Score:1)
They have the same problems... (Score:2)
Maybe this was because there was no solution!
Re:They have the same problems... (Score:2)
Re:Windows Programming: A related question (Score:2, Troll)
There are two main reasons people code. One is money. The second one is the appreciation of the theory and algorithms behind it.
As a result, we have Microsoft which I see as full of people in it for the money. This leaves crappy code and security holes since as long as everybody gets their paycheck they do whatever it takes to keep them from getting fired (ie, Office Space the movie)
Those people really don't care about the code, and so won't spend their free time contributing free software to the community. If they do write something, it will be for win32 and they will charge money so they can make a few dollars. They figure everything else costs money so why should theirs be free?
On the other hand, we have people who like to code, and don't care so much about the money as much as the respect of their peers and for the beauty of the code. Therefore we have a lot of free stuff in linux. Sure, some of it also has win32 ports, but are there any free office suites and full fledged graphics packages soley for win32? The answer is no (I would imagine) because win32 has such a huge user base. With something like 90% of the desktop, somebody is bound to pay for your product, so why should anybody write a free application for win32?
Re:Windows Programming: A related question (Score:3, Insightful)
Compare that to the unclean drivel in the Linux kernel, laden with intelligent comments like "Sun fucking blows me", clearly broken VMs that get released despite all those allegedly useful eyes staring at the code and supposedly testing it, and the unprofessional spats between the dev community.
And if you think caring about something means that it's so obviously superior, I would suggest that you consider the fanatical behavior of assorted cults throughout history -- or, alternately, the idiots on "American Idol" who clearly
As for why I code, when I do -- it's a method. Algorithms aren't too interesting if never tested, and I'm sure as hell not doing large amounts of repetitive mathematics by hand. So for me, programming is merely an extremely efficient way of getting things done, and not an ends in of itself. When it comes to recreation, I find classic literature or photography much more interesting than implementing Nelder-Mead simplex routines for function minimization, or their ilk.
Where to find the Windows programmers (Score:5, Informative)
In my opinion the best places to find out information about Microsoft technologies and products are
PS: So this post isn't offtopic I'll add something about SSH. OpenSSH in Windows is possible if one installs Cygwin [cygwin.com].
Re: (Score:2)
Re: (Score:2)
Re:Where to find the Windows programmers (Score:2)
Disclaimer: I work for Microsoft but this post contains my opinions and does not represent some official company statement
Hmm, I see this getting modded down relatively quick...
Oh, but he plugged cygwin so it's okay.
Re:Windows Programming: A related question (Score:4, Informative)
CodeGuru [codeguru.com] and CodeProject [codeproject.com] - both EXCELLENT sources of information, especially for MFC stuff. CodeProject also has lots on C#.
Microsoft Developer Network [microsoft.com] is a great source of support (especially the KB) and the MSDN library [microsoft.com] holds a full reference for the Microsoft implementations of C/C++, C#, Visual Basic, et al. MSDN is also integrated into Visual Studio.NET, so I rarely feel the need to visit the website directly.
Finally, lots of programmers gather in Usenet newsgroups and on IRC. I can recommend the channel #c++ on Quakenet (irc.quakenet.org) as a great source of help for Windows programmers, so long as you follow the (rather strict) channel rules [readme.tk]. Don't miss the #c++ n00blist [planetn00b.tk] of people who have failed to observe these rules
I hope this helps...
Re:Windows Programming: A related question (Score:2)
Yes microsoft switched MSDN to DVD and even offers a substancial rebate for people to switch to DVD subscription.
Depending on which kind of subscription you want, MSN can be in the 3 or 4 digits. The Universal subscription is huge and most of the people don't need it for simple application, as a matter of fact, having only the MSDN library on cd and a copy of visual studio is enough for most people. Unless you are writting huge-ass datacenter application or you need evey single microsoft product (server and client) readily installable, well usually you can shell out the money that will be needed to get such a package. No it's not open source, no it's not free, yes it's microsoft. While I don't really agree with some of their ways of doign things, if you don't like it, don't buy it and go find something else; if you can't, well now you know what it's going to cost you and you'll appreciate the litterature of the MSDN subscription. I find it very immature and non professional to post such biased comments, and even worse, people modding this up like mad.., when it's completely OT to the current subject and not helping in any case.
The only negative thing I have to say about MSDN is when you get a universal subscription, they are trying to SELL you a magazine on top of that, and the Technet library isn't included, with all of the stuff they give, this is really lame
Cygwin (Score:1)
You might want to check here [infopop.net] for some hints on installation. (In addition to the user guide and readmes of course).
Check out the VanDyke products (Score:5, Informative)
Lots of Options (Score:2)
There's lots of options available for SSH on Win32, a simple Google search turns them up. Specifically there's a free zipfile out there called ssh-win32.zip that contains a basic SSH terminal that works well. There's also GPL port-attempts of the unix commandline ssh tools, some of which work ok. In the cheapware/shareware category there's stuff like SecureCRT and F-Secure SSH. The list goes on and on... apparently some people like PuTTY.
Have you looked at remotely anywhere? (Score:2, Informative)
Re: (Score:1)
But be careful (Score:2)
CuteFTP Pro has SFTP (Score:1)
Works fine for win2k, XP, and is cheap to buy.
______
Jaylen
OpenSSH + CygWin + libsectok (Score:5, Informative)
As a few people have mentioned OpenSSH is supported on Windows via CygWin [cygwin.com]. What hasn't been mentioned is that OpenSSH supports smartcards through the use of libsectok [umich.edu]. I use it with Schlumberger Cyberflex Access cards.
I don't know whether libsectok has been built on Windows before, but it uses the standard /dev/tty interface so it should be too difficult to get working.
Re:OpenSSH + CygWin + libsectok (Score:4, Funny)
Basically, I've gotten Cygwin with OpenSSH working on Win2K with zero problems.
It's an eery feeling typing "ssh philov@win2kbox" and then getting a Bash prompt.
Remember, once you install Cygwin to learn how to install *ANY* Unix server as a service on your Windows box. I got Apache and SSHd and a few others working trivially once I figured out that strange Cygwin addservice command.
Re:OpenSSH + CygWin + libsectok (Score:3, Interesting)
Re:OpenSSH + CygWin + libsectok (Score:2)
MH was always a pain to use. pine and elm were more limited than mutt. Mozilla was nice, but too limited.
The things I like about Evolution:
- Virtual mailboxes -- insanely useful feature. I have a virtual mailbox for example that shows me any mail from a known list of friends across all of my IMAP and local mailboxes.
- Wonderfully smooth and responsive IMAP and POP handling
- Very good handling of attachments and all sorts of strange document types
- Drag and drop between accounts
- Well protected against malicious HTML mail (doesn't do javascript or load images by default, etc).
- Excellent searching capabilities
Had you had some problems with it that made you unhappy?Yep -- sshd configuration instructions (Score:4, Informative)
Second all of the above.
For configuring sshd, see http://tech.erdelynet.com/cygwin-sshd.html [erdelynet.com].
Warning about Cygwin! (Score:3)
This may seem incredibly obvious (Score:2)
Although, I have had problems that if you try and resize the rxvt it stops responding, and stupid Windows doesn't kill the children if you kill the rxvt so you end up with dead processes hanging around if you're not careful, but in principle it all works fine. ssh, scp, the lot. It all interoperates with Unix beautifully.
The Oxy* Project (Score:1, Funny)
winscp (freeware) (Score:2, Informative)
Erm... (Score:2)
Fingerprint Biometrics: DigitalPersona.com (Score:2)
I have their inexpensive "UareU Pro" system, and it works great for (literally) one-touch Win2k logins. You can integrate it with your domain server to make fingerprint logins universal, but even just on a local workstation, it works fine.
Unfortunately, zero Linux support.
You can use the fingerprint biometrics for an encrypted virtual drive with additional software, but without any documentation or peer review of their encrypted storage, it's impossible to evaluate their security.
What's wrong with Win2k server? (Score:2, Interesting)
I always thought of PGP as a personal resource, not something capable of effectively encrypting entire network environments. Why do you choose not to use the EFS capabilities of Windows, which, to my knowledge, are very secure and transparent to the user (provided (s)he has permission to decrypt).
The same question applies to Smartcard technology. Windows supports the PKINIT protocol, RSA and CryptoAPI etc. You can install Certificate Authority software as part of your install. Why specifically go with cryptoflex?
And specifically regarding your SSH question, it's not SSH but Windows Server supports Remote Access services via which you could set up a VPN and have a secure connection to the company servers.
Please share your knowledge.
Re:What's wrong with Win2k server? (Score:4, Informative)
. . .
Well for one thing, for every client that uses Windows Server for _authentication_ you have to pay up for an extra internet Client Access License. As far as I understand this (and I re- read the terms not so long back) that's each _individual_ client, not concurrent or pooled / proxied clients.
Win2k has excellent smartcard suport, out of the box, highly recommended to lock down _physical access_. But, if like me, you're interested in smartcard authentication for a fair number of users _remotely_ it may not be the best solution to work with your existing toolchain (e.g. Cygwin, OpenSSH etc.)
That's just what comes immediately to mind. I've not delved all I should, so further comment very welcome.
I'll just part with the thought that in your example of installing Certificate Services, if you used this to authenticate users for a web site in even a small installation, you could be talking about hundreds of required licenses. Up to you, though, of course :)
Re:What's wrong with Win2k server? (Score:2)
. . .
You are partly right, no CAL is required for _anonymous_ access to Win2k. Reassuring isn't it? :-)
I should have clarified my point a bit - in a heterogenous LAN / WAN it's not always practical to use Win2k services for all authentication. Quite apart from the expense of CALs, replicating ActiveDirectory to LDAP is a complete PITA. At a considerable price you can buy meta - directory products e.g. from SUN One and Novell to accomplish this more easily. For many instances you simply do not need to deliver NT services such as file and print or authentication to _everyone_ so then a meta - directory starts to feel like over - kill. Having *nix based smartcard tools, sans CAL costs can be a major project boon, for obvious reasons.
As I understand it, contrary to your asertion, Cert Services under Win2k offers X.509 support for the web _and_ smartcard services. Integration is the key - either a massive boon if you wish to standardise, or a liability with the licensing cops if you mix up your distinctions :). Here's a quote http://www.microsoft.com/technet/treeview/default. asp?url=/TechNet/prodtechnol/windows2000serv/deplo y/depopt/2000cert.asp [microsoft.com] :
And some evidence that they are inseparable can be found by a search for KB Q228831 "Cannot Overwrite Smart Card Key During Certificate Services Setup" at their site, which appears broken now.
A Laptop would not normally remote authenicate,except for web e.g., when on the move, so I don't see your point exactly, unless you mean that the laptop should be forced to call home to auth for OS login (useful to reduce risk damage from theft, and quite possible under Win2k). Smartcards are very useful for local access control under Win2k Workstation, standalone, which was my point. It's possible to use EFS to encrypt your data and locally install a X.509 cert locally to a machine, use that cert to authenticate your SSH sessions (hah!, finally back on topic :) and then use _without_ paying for more CAL's a neato smart card to secure _remote_ device access. Yup, there are subtle potential security flaws in that, as with any chain - of - systems but if your interest is not to move from machine to machine, and you keep an aggressive CRL for use with your SSH accounts, this idea is fairly useful, and way better than standard SSH + login and password. On a laptop especially you need every protection you can get :)
Hope that clears up any confusion arising from my tiredness last night. If you simply want to manage X.509 and CRLs, there are many third party or free tools to accomplish this. If you're just setting out, I recommend you spend your money and time learning how the infrastructure works, then worry about implementations later. Knowledge wil make you free of any ties to a particular OS, or at least save you from the worst rent charges ;) For certs, he "X.509 style Guide" (sorry no link, Google is there for you), is a fine place to start. For some Smartcard background, take a gander here, for example : http://www.citi.umich.edu/projects/smartcard/ [umich.edu]
Cygwin & TTSSH (Score:3, Informative)
IBM Article (Score:5, Informative)
Their purpose was to have CVS over SSH to a Win2K box, but that is not its only use. And they use CygWin (as a plethora of people have already said to use).
They even go as far as demonstrating the first few commands you're likely to need once it's set up.
Try Zebedee (ZBD) (Score:4, Informative)
Re:Try Zebedee (ZBD) (Score:2)
I fought with OpenSSH on Debian and Cygwin-OpenSSH and the commercial SSH on Windows machines for an hour at work today. To make a long story short:
Some help from the file descriptions at the end of man ssh made things clear for me.
Why not just use PPTP VPN? (Score:3, Insightful)
Paul
Damn Skippy (Score:2)
SSH itself is somewhat limiting for Windows administration, considering that X-Forwarding ain't gonna happen.
And while you're at it, use Windows Native encrytion instead of PGP.
Re:Damn Skippy (Score:2, Informative)
Actually, SSH is much more secure than VPN as far as attained rights are concerned. If you connect a VPN tunnel amongst a bunch of Windows machines, if one of them is compromised, all of them are compromised. This is not the case with SSH.
Advocating using a VPN and opening access to everything on the other machine reflects a general lack of security knowledge. VPN on Windows throws open both barn doors for access to a service when you really only need a tiny well shuttered opening. Unfortunately, I find this poor security attitude/knowledge far too often among windows users and adminstrators.
OpenSSH on Windows (Score:3, Informative)
Ya beat me to it (Score:3, Informative)
A possible other alternative (Score:2)
They used a feature of IPSEC that didn't encrypt the packets, but CRC'd them anyway. Then they configured the machines that were supposed to listen to the outside world (Business logic servers/ database servers) to punt all packets that didn't have an IPSEC crc on 'em.
The system does the decoding at IIRC the 2nd or 3rd layer, using some very efficient code Microsoft got from Cisco. The teacher reported pounding on a laptop on a 100mbit segment with 6 orther attacking computers and the laptop registered about 12% utilization whil punting illegal packets.
This should be in .NET server and ported to W2K (Score:2)
SSH, SFTP and SCP would be wonderful tools to have. Just yank out Telnet, yank out IIS FTP Server and so forth and put this in instead. Terminal Services is fine and all but sometimes you need to do remote file transfers. The current alternatives MS provides are just not any good.
Re:This should be in .NET server and ported to W2K (Score:2, Insightful)
Re:This should be in .NET server and ported to W2K (Score:2, Informative)
SSH has much greater functionality than IPSEC. (Score:2, Informative)
With SSH I can use one standard protocol/app set that will run on everything from cell phones to PDAs to huge servers, running all kinds of OS's, generally at little to no cost. Show me an IPSEC solution that can do that. SSH requires no kernal mods, or even anything that must be installed as a root/administrator on any platform. The code is open, and free for you to mod as well. If you must have VPN type functionality you CAN do things like PPP over SSH if you must, although this isn't the highest performing option, it is possible.
The one thing SSH *IS* missing is the ability to forward UDP traffic.
Re:SSH has much greater functionality than IPSEC. (Score:2)
IPSEC is an IETF standard, always has been. The standard has some problems, requiring servers that become bottlenecks is not on of them. IPSEC is peer to peer, always has been.
SSH began as an attempt to run Telnet over SSL, back in the very early days. Then they discovered that there were problems with that approach and the SSH protocol is now an application level security protocol while SSL is transport layer and IPSeC packet layer.
The big problem with IPSEC is that it is designed to be peer to peer and is not designed to support the VPN application as its priary objective. As a result it is sub-optimal as a VPN, but hardly sub-optimal enough to go to the hassle of installing something else. Certainly there is not going to be much advantage in running compressed X-Windows sessions off a Windows box...
PPTP is a legacy protocolbuilt in the days when the export controls limited crypto to 40 bits. in those days a lot of broken protocols got developed, there was little point in paying someone competent huge bucks ($5K a day) to design the protocol if you knew it was going to be broken by law. The early versions of SSL were not much better. Ever heard of SSLv1? It was broken at MIT before Marc Andressen had finished explaining it, he spent the rest of the meeting trying to call up his security guru on his cell phone.
The big problem with EFS, as with many Microsoft crypto products is that they don't give enough info on what it does and does not secure. Most people who use it don't even know that they have to export the master escrow certificate keys off the machine in order to get any security from it.
Re:SSH has much greater functionality than IPSEC. (Score:2)
It is amazing how the clue density in this thread appears to be minimal.
As a participant in this thread, let me say that it's even more amazing how much of a self-righteous dickhead you are, especially considering the fact that you posted a method absolutely void of any useful facts, nor even relating to the conversation that was being had.
Piece of advice: The next time you feel the urge to show your self-promoted superiority, add something useful or at least relevant to the conversation.
Re:SSH has much greater functionality than IPSEC. (Score:2)
I thought it was fairly relevant to the conversation to point out that on a Windows box the ability to compress X-Windows sessions was not going to be the first feature most users would be demanding. Equally if you are going to flame Microsoft over PPTP then you should also point out that many non-Microsoft protocols have come out with serious problems.
Re:SSH has much greater functionality than IPSEC. (Score:2, Interesting)
I too would agree with this statement-- in an ideal world with mixed platforms (Solaris, Linux, Windows, HPUX) IPSEC everywhere would be ideal, I just fear that cross platform management would be a nightmare. One of the most attractive aspects of using IPSEC is as you mention, that you can do all of this without you users even being aware of it, and no tool changes are required.
I'm speaking out of my ass in a certain respect, as I haven't configured IPSEC on a mass scale for multiple platforms (but I have with SSH), but I'm not aware of any multiplatform (as mentioned above, all of them, not just a couple) IPSEC products where changes can be easily made by one person on one platform. Again, these may exist, and if you know of any, I'd be interested in hearing about them.
Of course I understand that IPSEC is fully documented and heavily deployed (I work at a company that makes many IPSEC products), I was just speaking about the ease of ssh implementation and light weight of the required apps. I'm not aware of any Java or Regarding compression, authentication, etc: These are all separate elements of the communications layers, and personally I don't LIKE to see them all slammed together in some emacs type "cater to everyone" combination.
It's all about what you want to use it for. Even in an all IPSEC environment, SSH is still very usefull ON TOP of it all for things like transparent X forwarding between machines (no more setting your $DISPLAY), authentication, etc.
As I mentioned, I wouldn't use SSH for a VPN, although I specifically DO use SSH instead of a VPN for telecommuting-- and I work from home 4 days a week.
How about filesystem encryption for Linux? (Score:2)
Not a troll...just a suggestion (Score:3, Offtopic)
Why am I telling you all this?? Not to bash MS. I ask that you look really close at your requirements and remote administration. Do they say 'I have to run on Windows??'. If not, maybe it's time to look elsewhere for solutions.
Nothing to do with security or scalability or reliability (ok
If you have to have a Windows solution, I saw a lot of good ones above that we use, Cygwin and VanDyke being my favorite.
Re:Not a troll...just a suggestion (Score:2)
they dropped commandline installation and require a graphical head for the Java install. Why does everything java have to be GUI? can't there be commandline variants to a java program?
stupid oracle.
Get the Oreilly Book (Score:2)
A Checklist for System Administrators I know its primarilly about creating Windows Bastion hosts, but there is an aweful lot of general Windows security and remote administration information as well. Every Windows sysadmin needs to give it a read!
stupid question.... (Score:2)
Is it more "secure"? It seems that win2k has very little command prompt ability and most people don't even know anything other then a few basics... So I guess my question I guess is Why?
Re:stupid question.... (Score:2)
BTW, another vote for networksimplicity's OpenSSH installer. If you don't need CygWin for other stuff, it's the way to go, user account setup is so much easier.
Stunnel, TLSWrap, SSLWrap, Safetp. (Score:3, Interesting)
TLSwrap [freshmeat.net] is another ssl wrapper, used for ftp, but can be used for other ports.
Safetp [berkeley.edu] seems to be a popular one with the college kids. Ive tested it out, and it does encrypt your session, and any ftp client will work since it encrypted the port.
Personally, I dont want command line on windows, I want a GUI for windows. Tight VNC isnt encrypted, but you can use stunnel to take care of that. But I find remote desktop, using rdp 5.1, is fast as hell(compared to tightvnc) and is designed for windows. Very usable over a modem too.
I Love computers and networking, 500 solutions to 1 problem.
Cygwin (Score:2)
You can download cygwin for free from cygwin.com [cygwin.com]. It includes both the client and the server for ssh. You can set up ssh as a service that runs even prior to login, so it's the real deal. All drives are accessible through the shell via the invisible /cygdrive/c, /cygdrive/d, etc directory. All the rest is explained on the Cygwin site. I believe commercial support for Cygwin is offered by Redhat, but it's worth noting that they have a very responsive free support list, frequented by all the major developers/porters.
Give it a go. I think you'll be impressed.
what DO you use for secure filesystem/disk? (Score:2)
What have you found that works for you?
Cygwin is STANDARD on my Windows systems (Score:3, Informative)
As a long-time NT administrator (original NT 3.1 beta tester), no Windows system goes on my network without Cygwin [cygwin.com] . In recent years, they've added XFree86 4.x (which works flawlessly nowdays), and other goodies like OpenSSH.
And on Win/NT versions (NT, 2K, XP), you can setup OpenSSH in full server mode which is especially sweet for automation. You can find more information on how to configure OpenSSH as a server on NT/2K/XP here. [erdelynet.com]
There is not a week that goes by without me needing something (let alone another user on our local support list) that Cygwin doesn't solve quickly and effectively. Again, that's why its on all my Windows systems by default.
Re:Cygwin is STANDARD on my Windows systems (Score:2, Insightful)
From Openssh.com (Score:4, Informative)
- PuTTY [greenend.org.uk]
is an SSH1+SSH2 implementation. PSCP, an
scp [openbsd.org]-style
program for Windows, is also available.
- TTSSH (SSH1) [zip.com.au]
is an SSH1-only implementation, by Robert O'Callahan.
- Cygwin (POSIX software on top of Windows) [cygwin.com]
- MSSH [mscd.edu]
- OpenSSH for Windows [networksimplicity.com]
- Secure iXplorer [i-tree.org]
- WinSCP [winscp.vse.cz]
The following clients are recommended for interoperating with OpenSSH from Mac machines:PuTTY is available under the MIT licence (BSD-like).
"PuTTY is a free implementation of Telnet and SSH for Win32 platforms, written and maintained primarily by Simon Tatham, who lives in Great Britain."
"TTSSH is a free SSH client for Windows. It is implemented as an extension DLL for Teraterm Pro. Teraterm Pro is a superb free terminal emulator/telnet client for Windows, and its source is available. TTSSH adds SSH capabilities to Teraterm Pro without sacrificing any of Teraterm's existing functionality. TTSSH is also free to download and use and its source is available too, with an open source license. Furthermore, TTSSH has been developed entirely in Australia [...]."
OpenSSH (SSH1 and SSH2 protocol) with Cygwin can run on Windows using the portable version of OpenSSH [slashdot.org].
MSSH from the Metropolitan State College of Denver supports Windows 95 and Windows 98, supporting SSH1 protocol.
Another OpenSSH running on top of Windows..
Secure iXplorer is graphical front end to PuTTY's [greenend.org.uk] pscp.exe.
WinSCP is a scp(1) program for Windows, with PuTTY integrated into it.
"NiftyTelnet 1.1 SSH r3 is an enhanced version of Chris Newman's NiftyTelnet 1.1 application which adds support for encrypted terminal sessions using the SSH (Secure Shell) protocol. Please read the included Readme file before distributing this version."
"MacSSH is a modified version of BetterTelnet with SSH2 support. [...] The only SSH2 client for MacOS that I could find is a commercial product thats costs more than $100, and it crashes my Mac when closing a session... Since it's best to do things by oneself, here's MacSSH."
Re:From Openssh.com (Score:2)
Bitvise WinSSHD (Score:2)
I use Bitvise WinSSHD [bitvise.com].
Aside from dropping you straight to the Win2k command prompt, it has
Win2K security (Score:2, Funny)
You might want to take the one-day class on securing Windows 2000 currently being run in various cities by the SANS Institute [sans.org] or you won't have to worry about having secure remote access to your server(s) -- someone else will.
It won't help to have the best encryption in the world securing your front door to a system that has 120 vulnerabilities in the default install!
It's easy with an SSH tunnel (Score:2, Informative)
Cygwin instructions (Score:3, Insightful)
- Go to the cygwin [cygwin.com] site and click on the "install now" box on the side of the screen. Run the setup.exe program off the site (don't bother to save it somewhere, it gets updated almost weekly).
- Tell it to install from the internet. Choose a mirror. It'll download a list of packages. Choose the Net | OpenSsh package. If you want to run the server, you might also want to choose everything in the Admin section. I also find Net | rsync more useful than the scp that comes with openssh.
- Once the install is complete, fire it up and run ssh-host-config to set up the server. It'll ask you a bunch of simple questions, generate your hostkey, and stick the server in the startup scripts.
With just this, the whole install takes about 32MB.Enjoy!
OpenSSH For Windows (Score:2, Insightful)
http://www.networksimplicity.com/openssh/
Complete Help (Score:2)
Re:IPSec (Score:2)
Yup, another classic example of 'when all you know how to use is a hammer, every problem starts to look like a nail.
Re:Umm, Umm... (Score:2)
You windows weenies have no sense of humor, sheesh.
You're a fool to think all the regulars here are young students.
Re:Umm, Umm... (Score:2)