Kloten (Switzerland),    

SSH for OpenVMS

Version 1.0a

The SSH for OpenVMS Solution

SSH for OpenVMS is the complete ssh networking security extension for HP’s OpenVMS VAX and Alpha systems. SSH for OpenVMS turns VAX and Alpha computers into very secure application servers in multi-platform environments. It integrates OpenVMS systems with virtually any other system through industry-standard SSH over TCP/IP.

The De-Facto Standard for Network Security

The SSH protocol is used by millions of users and thousands of organizations all over the world. It's also being standardized by the Internet Engineering Task Force (IETF). As the only certified SSH implementation, F-Secure SSH is widely used by government organizations and large enterprises.

The SSH for OpenVMS implementation bases on F-Secure (Data Fellows) source code license. The F-Secure Cryptographic Service Provider is compliant with FIPS 140-1, when used with DES (Cert. #129), 3DES (Cert. #68), DSA (Cert. #50), RSA (PApplied #1, vendor affirmed). SSH for OpenVMS also contains the following non-FIPS approved algorithms: AES, AES-128, AES-256, IDEA, BLOWFISH, TWOFISH, ARCFOUR and CAST-128.

The SSH for OpenVMS Services

SSH for OpenVMS is a software product that includes several SSH services and utilities. You can configure the SSH for OpenVMS product on your system in any manner that suits your needs.

SSH for OpenVMS comes complete with the product and you can configure and operate independently. You can also start and stop SSH for OpenVMS without rebooting the entire system and affecting other products.

SSH for OpenVMS enables remote systems administrators and telecommuters to access to corporate network resources without revealing passwords and confidential data to possible eavesdroppers.

SSH for OpenVMS, used in conjunction with Cisco routers, provides a secure method of remotely administering routers. It replaces telnet, which is vulnerable to username and password stealing and connection eavesdropping, with a secure terminal using the Secure Shell Protocol (SSH).

  • Secure terminal connections replace insecure login and the Telnet protocol.
  • All traffic is encrypted using strong encryption.
  • Authentication is secure.

Nokia has implemented SSH to provide a flexible and secure management environment for critical network security systems. The SSH Client and Server shipped on every Nokia Security Appliance enable systems administrators to manage network resources remotely without exposing passwords and confidential data.

Enterasys has implemented SSH on newer network switches, switch routers and IP load balancers as a part of the comprehensive security features ensure that these devices are protected from intruder attacks.

Fast and Efficient

SSH for OpenVMS takes full advantage of the distinct architecture of OpenVMS for VAX and OpenVMS for Alpha systems.

SSH for OpenVMS implements the SSH v1 and v2 protocols as an executive image, focusing on minimal CPU loading.

This provides peak performance so that SSH for OpenVMS integrates cleanly into the OpenVMS environment.

With support extended now to OpenVMS versions 6.2 through 7.3, SSH for OpenVMS supports the OpenVMS Communications Interface (VCI), a high-speed interface to Ethernet, FDDI, and Token Ring, and ATM and LAN over Galaxy shared memory drivers, using the pre-requirement TCP/IP Services.

Easy to Install and Operate

SSH for OpenVMS is easy to install using the VMSINSTAL installation procedure. It takes 5 minutes or less to configure all services and utilities. You can control SSH for OpenVMS by means of a single utility that simplifies network management and allows you to manage SSH for OpenVMS security.

Configuration Support

SSH for OpenVMS supports VAX and Alpha computers running various versions of OpenVMS. When each node in a VAXcluster shares a common system disk, the cluster needs to store just one copy of most SSH for OpenVMS files. You require only a few system-specific configuration files on each machine that runs the software. SSH for OpenVMS supports Symmetric Multi-Processing (SMP) for OpenVMS. Also supported by SSH for OpenVMS are Class A, B, C, and D (multicast) networks.

Compatibility with TCP/IP Services for OpenVMS

SSH for OpenVMS is compatible with HP’s TCP/IP Services for OpenVMS, allowing applications written for products to run transparently on top of SSH for OpenVMS.

Enhanced Security Features

The security features in SSH for OpenVMS provide data protection and security over the network that far exceeds what normal networks offer. This added security is important with the ever-increasing number of LANs, WANs, and hosts on the network. Network security prevents unauthorized use of systems, services, and network information.

SSH for OpenVMS offers the following types of security services:

  • Secure Shell (SSH) v1 and v2
  • Secure Copy Protocol v2 (SCP2)

Secure Shell (SSH) v1 Client and Server

SSH for OpenVMS SSH (Secure Shell) v1 is a program for logging into and executing commands on a remote system. It replaces rlogin, rshell, TELNET programs, and rsh, and provides secure encrypted communications between two untrusted hosts over an insecure network.

X11 connections and arbitrary TCP/IP ports can be forwarded over the secure channel. SSH connects and logs into the specified hostname. The SSH for OpenVMS SSH v1 implementation is based on the version 1.5 protocol. The Secure Shell daemon (SSHD) is the daemon program for SSH v1 that listens for connections from clients. When the SSHD daemon starts, it generates a server RSA key (normally 768 bits). This key is regenerated every hour (the time may be changed in the configuration file) if it has been used, and is never stored on disk. A new daemon is created for each incoming connection. The multiple encryption algorithms supported by SSH v1 are IDEA (the default), DES, 3DES, BLOWFISH, and ARCFOUR.

A client program (SSH) is provided with SSH for OpenVMS, but any SSH client that uses SSH v1 protocol may be used to access the server. Examples of such programs are FISSH and SSH for OpenVMS Client; TTSSH, VanDyke SecureCRT(R), F-Secure SSH Client, Multi-Net and TCPware SSH Client, and PuTTY on Windows(R)-based systems; F-Secure SSH and other SSH programs on UNIX-based systems.

SSH v1 offers the following server system authentications: rhosts, rhosts-rsa, rsa challenge-response, and password.

Both SSH v1 and v2 offer break-in and intrusion detection, session termination, X11 forwarding, and port forwarding.

Secure Shell (SSH) v2

SSH for OpenVMS SSH v2 implementation is based on the version 3.1.0 protocol. While SSH v2 is generally regarded to be more secure than SSH v1, both protocols are offered by SSH for OpenVMS. Although the protocols are incompatible, they may exist simultaneously on a SSH for OpenVMS system. The SSH for OpenVMS server front-end identifies what protocol a client desires to use, and will create an appropriate server for that client.

The client and server together, using the Diffie-Hellman key-exchange method, determine a 256-bit random number to use as the "session key". This key is used to encrypt all further communications in the session.

The multiple encryption algorithms supported by SSH v2 are AES-128 (the default), CAST-128, DES, 3DES, BLOWFISH, TWOFISH, and ARCFOUR.

SSH v2 offers the following server system authentications: host-based, public-key, and password.

Both SSH v2 and v1 offer break-in and intrusion detection, session termination, X11 forwarding, and port forwarding.

Secure Copy Protocol v2 (SCPv2)

SCPv2 file transfers are different from FTP file transfers. With FTP a file can be transferred as ASCII, BINARY, RECORD, or in OpenVMS format (if SSH for OpenVMS is in use). SCPv2 has one specified format: BINARY. Also, the defined syntax for a file specification is UNIX. SSH for OpenVMS uses methods available in the protocol to attempt to improve the chances that files will be useful upon transfer.

SSH for OpenVMS uses the defined extensions in the protocol to transfer information about the OpenVMS file header characteristics such that when a file is transferred between two OpenVMS systems running SSH for OpenVMS, Process Software Multi-Net v4.4 or Process Software TCPware V5.6 the file header information will also be transferred and the file will have the same format on the destination system as it had on the source system. Also, when a file is transferred to a non-OpenVMS system, a method has been provided to translate those files that can be translated into a format that will be usable on the remote system. Files that are transferred from non-OpenVMS systems are stored as stream files on the OpenVMS system, which provides compatibility for text files from those systems.

Services, Documentation, and Ordering Information

Technical Services

Process Software’s Technical Services Program has a well-deserved reputation for excellence. Services include consulting, training, software maintenance, support, online resources, and 24-hour support. In short, everything you need to keep your Process Software products and your network operating at peak efficiency.

Consulting

A comprehensive suite of programs is available on a host of topics, including SSH for OpenVMS installation and configuration, DNS setup and use, network security, troubleshooting, and others.

Hot Line Support

Networking experts are available by telephone, e-mail, or fax. Optional 24-hour support is also available.

Updates

All maintenance customers with current service contracts receive automatic software and documentation updates of major releases.

Training

A wide range of educational services can be provided at your site, at regional training locations throughout North America, or at our own training facility in Framingham, MA.

Documentation

Comprehensive documentation for all SSH for OpenVMS products includes user guides, installation and configuration information, management functions and utilities, programming facilities, and network security. Documentation in HTML and PDF format is included on your product CD, and is available in HTML format on Process Software’s web site, www.process.com.

You can find Frequently Asked Questions (FAQs) on the Tech Support web page on the Process Software web site (http://www.support.process.com/).

Ordering Information

SSH for OpenVMS is shipped on CD-ROM.

SSH for OpenVMS is available on a per system license, client-only, server-only or client and server part.

Software Warranty

Process Software warrants all products for 90 days from the date of delivery.

Hardware and Software Requirements

SSH for OpenVMS requires at least one network controller supported by UCX or TCP/IP Services for OpenVMS.

OpenVMS VAX V6.2, V7.0, V7.1, V7.2 V7.2
OpenVMS Alpha V6.2, V7.0, V7.1, V7.2-1, V7.2-2, V7.3

UCX V4.2 and above, or
TCP/IP Services V5.0 and above

Standards and RFCs

SSH for OpenVMS conforms to the following IETF drafts, military standards and Internet Requests for Comments:

IETF Internet Drafts

http://www.ietf.org/ids.by.wg/secsh.html

SSH for OpenVMS Product Description

SSH for OpenVMS Documentation

get Acrobat Reader
  weiter  
   
Applied Security
Sicherheit in der Informatik
Managed Services
Webdesign
Engineering
Communication - Network
Lösungen
Partner

 
Technologie und Produkte
    SSH vs. VPN
SSH for OpenVMS
Kerberos
CyberSafe TrustBroker
Radius
Radius for OpenVMS
Message Exchange (MX)
   

| Managed Services | Engineering | Lösungen | Partner | Communications - Networks | WebShop | About | Careers | Site Search | Contact Us |

| Privacy Policy | © 2000-2007 Applied Security Webdesign KCS Engineering & Consulting |