Compliance with the IETF Secure Shell standards
SSH Tectia Client and Server implement the Secure Shell (version 2) protocol as defined by the IETF Proposed Standard RFC specifications. SSH Communications Security is the original developer of Secure Shell and has been an active driver of the Secure Shell standardization in the IETF.
Comprehensive cryptographic support
SSH Tectia Client and Server offer state-of-the-art encryption with broad support for symmetric ciphers including 3DES, AES, Arcfour, Blowfish, SEED, and Twofish. Supported message authentication and public-key algorithms include MD5, SHA-1, Diffie-Hellman, DSA, and RSA.
FIPS-certified cryptographic library
SSH Tectia Client and Server incorporate a FIPS 140-2 certified cryptographic module to help ensure acceptance in government audits. The FIPS 140-2 Cryptographic Library has been validated for both Windows and major Unix platforms.
Versatile command line tools
SSH Tectia Client and Server include versatile command line tools that can be used for remote login, remote command execution, and file transfer operations. These tools allow easy scripting of automated jobs such as secure file transfers or starting and stopping of services in remote locations.
Tunneling (port forwarding)
One of the key features of Secure Shell in addition to secure terminal access and secure file transfers is its ability to tunnel TCP-based application connections. SSH Tectia Client and Server allow static application tunneling where application client connections are routed through the local TCP port, and then securely forwarded to a remote Secure Shell server.
Before an application can be tunneled, a Secure Shell connection needs to be established. When using the pre-configured tunneling feature, SSH Tectia Client listens to a specific port and establishes the connection automatically when the specific application is connecting to the localhost port.
SSH Tectia Client incorporates authentication agent functionality that allows the caching of passphrases (used for encrypting the private key), eliminating the need to retype the passphrase each time when a connection is made. In addition, authentication can be "forwarded", allowing administrators to hop from one server to another without the need to store private keys in multiple servers.
Host-based authentication mimics the legacy rhosts authentication that was used with Unix tools such as rsh and rcp to control access to systems based on the address of the remote host. The Secure Shell host-based authentication utilizes strong cryptography for host identity verification.
SSH Tectia Client and Server support SOCKS (4 and 5) and HTTP proxy for accessing Secure Shell servers located behind firewalls.
Multi-channel support allows users to have multiple terminal sessions, file transfers, and application tunnels that are multiplexed to a single Secure Shell connection without the need to authenticate every session separately.
Configurable re-keying policies
Administrators can configure the renewal period for session encryption keys according to the security requirements.
What to read next:
Reduce Secure Shell risk. Get to know the NIST 7966.
The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
ISACA Practitioner Guide for SSH
With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.