SSH Tectia

SSH Tectia® Client/Server 5.3

Product Description

SSH Communications Security Corp.

This software is protected by international copyright laws. All rights reserved. ssh® and Tectia® are registered trademarks of SSH Communications Security Corp in the United States and in certain other jurisdictions. The SSH and Tectia logos are trademarks of SSH Communications Security Corp and may be registered in certain jurisdictions. All other names and marks are property of their respective owners.

No part of this publication may be reproduced, published, stored in an electronic database, or transmitted, in any form or by any means, electronic, mechanical, recording, or otherwise, for any purpose, without the prior written permission of SSH Communications Security Corp.

THERE IS NO WARRANTY OF ANY KIND FOR THE ACCURACY OR USEFULNESS OF THIS INFORMATION EXCEPT AS REQUIRED BY APPLICABLE LAW OR EXPRESSLY AGREED IN WRITING.

19 September 2007


Table of Contents

1. About This Document
Documentation Conventions
Customer Support
2. Introduction
Secure TCP/IP Connectivity
Threats and Attacks
Security Services
Secure Shell Protocol
Protocol
Authentication
Different Protocol Versions
3. Key Applications for SSH Tectia
Secure System Administration
Secure File Transfer
Secure Application Connectivity
Centralized Management
Common Security Features
New Features in SSH Tectia Client/Server Solution 5.3
New Features in SSH Tectia Server 5.4 for IBM z/OS
4. Architecture
SSH Tectia Solution Components
SSH Tectia Server
SSH Tectia Client
SSH Tectia Connector
Connection Broker
SSH Tectia Manager
Configuring SSH Tectia Client/Server Solution
Server Authentication
User Authentication
Tunneling
Tunneling Applications
Tunneling FTP
Tunneling with SSH Tectia Connector
FTP-SFTP Conversion
5. Use Cases
Secure System Administration
Secure System Administration with RSA SecurID
Secure Application Connectivity with Application Login
Secure Application Connectivity with Kerberos/GSSAPI
Secure TN3270 Application Connectivity to IBM Mainframes
Remote Access with SSH Tectia Client/Server
Remote Access through Nested Tunnels
Integrating an Extranet Application with SFTP
Securing Data Warehouse Communications with SFTP
Protecting a Healthcare Application with SFTP
FTP-SFTP Conversion
6. Choosing the Authentication Method
Password Authentication
Advantages and Disadvantages of Password Authentication
Public-Key Authentication
Authentication Procedure
Compatibility with OpenSSH Keys
Advantages and Disadvantages of Public-Key Authentication
Certificate Authentication and PKI
Certificate Enrollment
Certificate Revocation
Authentication Procedure
Advantages and Disadvantages of Certificate Authentication
Making the Most of Public Keys and PKI
Certificates and Keys on Smart Cards
Authentication Agents and Key Providers
Host-Based Authentication
Advantages and Disadvantages of Host-Based Authentication
Keyboard-Interactive Authentication
Advantages and Disadvantages of Keyboard-Interactive Authentication
Password Submethod
PAM Submethod
RSA SecurID Submethod
RADIUS Submethod
GSSAPI Authentication
GSSAPI Interoperability
Advantages of GSSAPI Authentication
7. Product Specification
Main Features
Secure Shell Protocol Features
Secure File Transfer
High Performance with SSH G3
User Authentication
Ease of Use
Enhanced File Transfer (EFT) Expansion Pack (Optional)
SSH Tectia Connector and Tunneling Expansion Pack for SSH Tectia Server (Optional)
SSH Tectia Server for IBM z/OS (Optional)
SSH Tectia Server and Client Version Differences
Technical Specifications
Supported Operating Systems
Hardware Requirements
PKI Features
Supported Third-Party Products
Supported Cryptographic Algorithms, Protocols, and Standards
Glossary
Index