Tectia SSH Technical Specifications
Tectia SSH is the SSH implementation by the team that is behind the original invention of the SSH protocol and actively participated in the IETF (Internet Engineering Task Force) standardization effort of the protocol since the beginning. Senior members of the Tectia SSH development team have contributed their security expertise and other domain knowledge to the greater good - because the company believes that security is important, and because the SSH protocol is such an important base of security.
Customer Driven Development - Commercially Relevant Features
Tectia SSH developement is driven by the needs and requirements of our large customer base. We have introduced and supplied native SSH capability onto platforms and operating environments that were lacking the basic security building block provided by the SSH protocol.
Support for Business Platforms
Tectia SSH is today available as native code on platforms such as Microsoft Windows, various commercial Unixes, various commercially important versions of Linux, and even the IBM Mainframes.
Microsoft Windows is today still the most common operating system across the globe. It is also an operating system that has no built-in support for SSH. Tectia SSH clients and servers are available for Windows.
Customer Driven Authentication Features
Tectia SSH is in frequent use within the US government's many organizations. As valued customers, there organizations have requested support for the use of the strong authenticatioin methods that are required in those organizations, Tectia SSH includes built-in support for US government smartcards (the CAC and PIV cards).
Standard PKI Support
Tectia SSH includes built-in support for strong PKI authentication support for scalable, managed, and standards compliance PKI support. There are no patches to apply or code modifications to make. Tectia SSH supports open standards for PKI, and there are no additional requirements or restrictions on the Certificate Authorities or certificate profiles to observe.
Native Platform Adaptation
Tectia SSH is developed as platform native software in each of the supported operating systems and environent. Unlike OpenSSH, that is ported to different platforms from a single Unix-based development tree, Tectia SSH is developed specifically for each of its supported platforms. Tectia SSH offers performance that is optimal and native.
Optimal Resource Usage
Tectia SSH offers minimal resource usage and imposes minimal performance penalties as compared to unprotected connections and file transfers. This is particularly beneficial in computing environments that base the customer cost structure on resource usage (such as Mainframe systems).
File Transfer Performance with Resume
Tectia SSH is designed and engineered for enterprise environments in which transferring large batches of files is a common task. Tectia SSH supports resuming interrupted file transfers. This allows avoiding re-transfers and results in considerable savings in time, network usage, and computing resources.
Tectia SSH - Standards Compliant
Tectia SSH is a fully standards compliant, enterprise grade SSH implementation that is actively developed by SSH Communications Security. The sections below present the standards and drafts from the IETF that Tectia SSH is compliant with.
SSH Protocol Version 2 - Core RFCs
RFC4250 SSH Protocol Assigned Numbers
RFC4251 SSH Protocol Architecture
RFC4252 SSH Authentication Protocol
RFC4253 SSH Transport Layer Protocol
RFC4253 SSH Connection Protocol
SSH Protocol Version 2 - Extension RFCs
RFC4256 Generic Message Exchange Authentication
RFC4344 SSH Transport Layer Encryption Modes
RFC4419 Diffie-Hellman Group Exchange
RFC4462 GSS-API Authentication and Key Exchange
RFC4716 SSH Public Key File Format
RFC5656 Elliptic Curve Algorithm Integration in SSH
RFC6668 SHA-2 Data Integrity Algorithms
Other Supported IETF Specifications
SSH File Transfer Protocol SSH File Transfer Protocol version 3
RFC2459 Internet X.509 Public Key Infrastructure Certificate and CRL Profile
RFC2865 Remote Authentication Dial In User Service (RADIUS)
RFC4511 Lightweight Directory Access Protocol (LDAP): The Protocol