Re: Windows SSH Secure Shell

Jason Piercey wrote:
While I'm not certain this is strictly an SBS question, I thought
I'd post here anyway since my concern involves keeping our
SBS secure.

We've got a client who does some moonlighting for us and we
were previously sharing documents via FTP (their setup, not on
our server). Evidently their ISP doesn't like the FTP site and
has shut it down.

This client has now asked us to use Windows SSH Secure Shell
to transfer documents back and forth in lieu of the FTP. Considering
I know nothing about this type of connection I am initially hesitant
to use it.

Questions:

How secure is this?

Any potential problems I should be aware of?


There have been bots running dictionary attacks on SSH for some years,
so the recommendation is to use public/private keys to authenticate. The
system uses SSL either way, and passwords if used are encrypted. It is
about as secure as file transfer gets. After the initial connection is
made to a new server, you are asked to confirm that you're sure about
the server you're connecting to, and if you ever try to connect again
and the computer key doesn't match the client's stored key, you are
warned.

I'm not aware of a Microsoft SSH server, but there are third-party
programs. If the server runs on their system it's not a problem for you
anyway. There is a free, well-thought-of Windows SSH client called PuTTY
which is a suite including SCP, the secure copy client program. This is
command-line driven, but I have no doubt there are also graphical
clients.

Note that if the server is configured to allow it, then TCP ports
can be forwarded either way at the request of the client. I run a
key-authenticated SSH server on my home server, for example, and
forward both the server's and my router's port 80, and the server's
IMAP port, to high ports on the localhost, letting me reach my email
and intranet and check the router log from my laptop remotely, but
without using a full VPN. The private key requires a passphrase for
use, so theft of the laptop would not be a big problem. Not in that
way, anyway.
.

Relevant Pages

  • RE: serial ports?
    ... including the client file system, smart cards, audio, serial ... ports, printers, and the clipboard. ... terminal services only can redirect the serial ports to the Terminal ... redirected to the Terminal Server. ...
    (microsoft.public.windows.terminal_services)
  • Re: Exchange ports through firewall?
    ... I take there are too many ports to open if we use the full client method? ... in this case if you want to provide clients RPC/MAPI access across a firewall, you can restrict clients and server to a narrower range of ports, or alternatively open a lot more ports on the firewall. ...
    (microsoft.public.exchange.admin)
  • Re: Microsoft FTP and Linksys BEFSR41 (okay, Kerio 2.1.5 also)
    ... configure PASV on your server, and ask people to use PASV ... If the client has a router which isnt well implemented for FTP ... it will drop incoming connections on high ports ...
    (comp.security.firewalls)
  • Re: Secure file transfers
    ... A customer will call in with a issue and I'll request they send me log ... as most users do not have pgp or a secure ftp client (mostly windows ... I believe one can set up a Apache server with SSL to PHP and have the ...
    (freebsd-questions)
  • Re: Socket Server with Encryption help
    ... do you know that .NET 2.0 has support for secure channels and the NTLM, ... write some encryption process. ... Client connects into Server and Server accepts the connection. ...
    (microsoft.public.dotnet.security)