Secure Communications Resources

This page covers secure communications with SSH, SSL/TLS, SRP, IPSEC, hardware-based authentication, etc.

New location: http://www.adelphi.edu/~spock/secure.html

SSH Resources

This is a list of resources for Secure Shell (SSH) on various platforms. Read the note on the patent issue with RSA implementations.

Desktop systems (Mac/PC)

For Windows 9x/NT systems, you can get:

The F-Secure SSH client (commercial trial version) by DataFellows. Supports SSH1/SSH2.
The free version by Cedomir Igaly. This site also has a 16-bit version. An alternate site is here.
TTSSH, an SSH extension for TeraTerm Pro. (free)
The commercial SecureCRT (30-day trial version available), by Van Dyke Technologies. Supports SSH2 and SSH1.
The ZOC client with SSH module. This implementation does not seem to support port forwarding/tunnelling.
For both Win and DOS platforms, try PuTTY. Secure copy, interactive logins, SSH1 only. Free.

Looking for scp? Try WinSCP.
Looking for sshd for WinNT? Try Sergey Okhapin's site. Find some setup info here.

For Macintosh systems, you can get:

The F-Secure SSH client (commercial trial version) by DataFellows.
The SSH-enhanced version of BetterTelnet (free) by Ralf Braun. (SSH support seems to be been delayed due to export restrictions - current status: see MacSSH)
The SSH-enhanced version of NiftyTelnet (free) by Jonas Wallden. This implementation does not support port forwarding/tunnelling (use Java-based MintTerm for that). Supports SSH1, scp (Secure Copy) and RSA authentication.
Another modification of BetterTelnet, known as MacSSH. Supports SSH2 only, and port forwarding/tunnelling.
Databeast uses a modified version of DataComet for SSH1/SSH2-enabled communications. Supports SCP. Demo copy only.

For OS/2 systems, you can get:

The OS/2 version based on earlier code. (status: missing)
The ZOC OS/2 client
This port.

For BeOS:

The BeOS ports, for both Intel and PPC. See the web page also.

PalmPilot/Palm Organizers

Top Gun SSH (TGSSH). Also look here.

Windows CE

sshCE is supposedly in the works.

Java implementations

MindTerm, an SSH client, written entirely in Java. Both Applet and full versions exist.
MindTunnel, an SSH server, also written in Java, used for tunneling.
MindVNC, a VNC client in Java supporting SSH.
Cedric Gourio's Java-SSH.

Workstations and servers

For Unix, see SSH Communications Security or the original the Finnish site for client and server programs. Also note the new GPL'ed implementation (alternate site is here) of the SSH 2.0 protocol.
A recent player is OpenSSH, an open platform and relatively license-free implementation of the SSH 1.5/2.0 protocols.
For VMS, there is a mailing list, send mail to vms-ssh-request@alpha.sggw.waw.pl with "subscribe" in the message body. There are also archives for the list, send mail to vms-ssh-archives@alpha.sggw.waw.pl with "help" in the message body. Ports for both an SSH client and server are in progress.
There is an OpenVMS SSH server, an original implementation, not a port. The code can be found here.
For an OpenVMS client, go Fish.

Other SSH tips

Thomas Koenig's SSH FAQ. (Seems to be slightly out of date, but still useful)
A new FAQ on the block.
There is a broken link in the SSH FAQ for gwpop, a Perl script for handling SSH access to POP mail from a Unix host.
Andy Polyakov's Beyond the Secure Shell tips for Secure FTP and NFS, and some interesting patches.

SSL/TLS Resources

This sections discusses the quasi-standard for secure web transactions, the Secure Sockets Layer (SSL), and its successor, the Transport Layer Security (TLS) standard.

The TLS 1.0 Protocol is the successor to SSL version 3.0 and is on standards track by the Transport Layer Security Working Group at the IETF.
The SSL 3.0 Protocol, the predecessor to TLS 1.0, developed by the Netscape Communications Corporation.
The official reference implementation of SSL 3.0 is for citizens of USA and Canada only.
Ben Laurie's Apache-SSL provides full-strength authentication and encryption to the rest of the world for free.
Eric Young's SSLeay was the first non-US implementation and provides both SSL and TLS functionality.
The Apache Web Server Project has an interface to SSLeay called mod_ssl.
The Stronghold server, based off the original Apache server.
Current development of SSLeay continues in the direction of OpenSSL.
The PureTLS toolkit by Eric Rescorla.
The Stunnel project based on OpenSSL allows for tunnelling of information through an SSL pipe. A mirror site and an FTP site. Versions available for Unix and Win32.
The SSL-Talk FAQ at Consensus Development.

SRP Resources

This section discusses the Secure Remote Password authentication protocol.

The main site is Tom Wu's SRP page.
SRP is an add-on to the Telnet protocol, as described in the Internet Drafts documents draft-wu-srp-auth and draft-wu-telnet-auth-srp based on RFC1416 at the IETF.

IPSEC Resources

This section discusses the IPSEC standard and its implementation.

The Security Architecture for the Internet Protocol (RFC 2401) (IPSEC) within the IP Security Protocol Working Group.
The Finnish company SSH Communications Ltd. has IPsec solutions.

Hardware authentication

This section has a few pointers on token-based authentication. This is often referred to as an example of strong authentication.

The SecurID card solution by Security Dynamics.
The Datakey solution.

Home page: Sven Dietrich.

Last modified: 19 December 2001