Tectia SSH Technical Specifications

Tectia SSH is the SSH implementation by the team that is behind the original invention of the SSH protocol and actively participated in the IETF (Internet Engineering Task Force) standardization effort of the protocol since the beginning. Senior members of the Tectia SSH development team have contributed their security expertise and other domain knowledge to the greater good - because the company believes that security is important, and because the SSH protocol is such an important base of security.

Customer Driven Development - Commercially Relevant Features

Tectia SSH developement is driven by the needs and requirements of our large customer base. We have introduced and supplied native SSH capability onto platforms and operating environments that were lacking the basic security building block provided by the SSH protocol.

Support for Business Platforms

Tectia SSH is today available as native code on platforms such as Microsoft Windows, various commercial Unixes, various commercially important versions of Linux, and even the IBM Mainframes.

Microsoft Windows is today still the most common operating system across the globe. It is also an operating system that has no built-in support for SSH. Tectia SSH clients and servers are available for Windows.

Customer Driven Authentication Features

Tectia SSH is in frequent use within the US government's many organizations. As valued customers, there organizations have requested support for the use of the strong authenticatioin methods that are required in those organizations, Tectia SSH includes built-in support for US government smartcards (the CAC and PIV cards).

Standard PKI Support

Tectia SSH includes built-in support for strong PKI authentication support for scalable, managed, and standards compliance PKI support. There are no patches to apply or code modifications to make. Tectia SSH supports open standards for PKI, and there are no additional requirements or restrictions on the Certificate Authorities or certificate profiles to observe.

Native Platform Adaptation

Tectia SSH is developed as platform native software in each of the supported operating systems and environent. Unlike OpenSSH, that is ported to different platforms from a single Unix-based development tree, Tectia SSH is developed specifically for each of its supported platforms. Tectia SSH offers performance that is optimal and native.

Optimal Resource Usage

Tectia SSH offers minimal resource usage and imposes minimal performance penalties as compared to unprotected connections and file transfers. This is particularly beneficial in computing environments that base the customer cost structure on resource usage (such as Mainframe systems).

File Transfer Performance with Resume

Tectia SSH is designed and engineered for enterprise environments in which transferring large batches of files is a common task. Tectia SSH supports resuming interrupted file transfers. This allows avoiding re-transfers and results in considerable savings in time, network usage, and computing resources.

Tectia SSH - Standards Compliant

Tectia SSH is a fully standards compliant, enterprise grade SSH implementation that is actively developed by SSH Communications Security. The sections below present the standards and drafts from the IETF that Tectia SSH is compliant with.

SSH Protocol Version 2 - Core RFCs

RFC4250 SSH Protocol Assigned Numbers

RFC4251 SSH Protocol Architecture

RFC4252 SSH Authentication Protocol

RFC4253 SSH Transport Layer Protocol

RFC4253 SSH Connection Protocol

SSH Protocol Version 2 - Extension RFCs

RFC4256 Generic Message Exchange Authentication

RFC4344 SSH Transport Layer Encryption Modes

RFC4419 Diffie-Hellman Group Exchange

RFC4462 GSS-API Authentication and Key Exchange

RFC4716 SSH Public Key File Format

RFC5656 Elliptic Curve Algorithm Integration in SSH

RFC6668 SHA-2 Data Integrity Algorithms

Other Supported IETF Specifications

SSH File Transfer Protocol SSH File Transfer Protocol version 3

RFC2459 Internet X.509 Public Key Infrastructure Certificate and CRL Profile

RFC2865 Remote Authentication Dial In User Service (RADIUS)

RFC4511 Lightweight Directory Access Protocol (LDAP): The Protocol