You might know Secure Shell (SSH) as a tool that lets you encrypt access to a remote UNIX shell. However, SSH can also secure any TCP- or UDP-based application—including Windows file sharing—by forwarding traffic over the SSH secure connection. SSH Tectia, a commercial SSH implementation from SSH Communications Security, brings this functionality to Windows. SSH Tectia offers some excellent advantages over free alternatives, but unfortunately I was unable to get some of the product's key Windows functionality working correctly.
In addition to SSH Tectia's regular client and server components, SSH Communications Security offers Tectia Connector, a special SSH client that securely forwards a local application's network traffic to a remote server based on an administrator's configuration. End users don't have to start the client or specify a server to connect to. Instead of connecting two networks, as a VPN does, Tectia Connector simply connects a client application directly to its server counterpart. You no longer need to allow promiscuous remote machines to access any host and port on your network or set up complex routing for VPN clients.
For authentication, SSH Tectia can use passwords, private keys, certificates, RADIUS, RSA SecurID, and GSSAPI, a method that should allow Windows domain users to authenticate via Kerberos or NT LAN Manager (NTLM) without reentering their password. However, despite hours of tech support and an OS reinstallation, I couldn't get GSSAPI to work. Considering the lack of a Windows version of the product's Tectia Manager component and GSSAPI unreliability, I don't think SSH Tectia is quite ready for prime time in the Windows realm.
| Contact: SSH Communications Security * 781-431-0863 |
Price: Contact vendor for pricing
Pros: SSH encrypted tunneling is transparent to the end user
Cons: Domain user authentication is unreliable, no management server for Windows
Rating: 2 out of 5
Recommendation: SSH has the potential to become a more secure replacement for VPNs, but the current version isn't yet ready for the Windows market.