New SSH Options Make Their Way to iSeries

iSeries users have two new ways to implement Secure Shell (SSH) authentication and encrypted remote access in their network environment. At LinuxWorld last week, SSH Communications Security, the original developer of SSH, announced that its SSH Tectia platform now supports Linux running on IBM‘s entire eServer line. IBM also recently unveiled a new implementation of the Open SSH protocol that will execute in OS/400’s PASE AIX runtime environment.

SSH enables two computers to communicate securely over TCP/IP without exposing access passwords or worrying about eavesdropping, connection hijacking, or exposure to other dangers such as denial of service (DoS) attacks, IP source routing, and DNS spoofing. The protocol was developed by Tatu Ylönen, who founded SSH Communications Security in Helsinki, Finland, in 1995. Since then, the SSH protocol has been implemented on many different platforms, has been certified for integration with many applications, and won numerous awards. The company also released the SSH spec into the open source arena, via the GNU Public License (GPL) and Lesser GPL (LGPL) licenses, which has greatly increased its use.

SSH by itself provides authentication and encryption over the Internet, and it is typically implemented alongside an FTP, Telnet, or other remote access products. Since SSH is more or less in the public domain, SSH Communications Security makes money by selling an implementation of the SSH protocol coupled with data access products, which is called the SSH Tectia suite of products.

The SSH Tectia Server provides secure terminal, secure file transfer, and application tunneling server capabilities for all supported platforms. Companies implementing SSH Tectia Server are able to install, maintain, configure, and monitor their SSH environment from a central location. It is flexible and able to protect communications among a wide variety of platforms and across any type and speed of Internet connection. SSH Tectia Server is based on the SSH version 2.0 protocol. It can use a wide variety of different authentication methods, including passwords, Kerberos, and RSA SecurID, as well as several encryption methods, including 256-bit AES, 168-bit 3DES, Twofish, and Blowfish.

As a participant in IBM’s Application Advantage for Linux program, which includes the new “Chiphopper” porting tools for making code run across all of IBM’s servers, SSH Communications Security has enabled SSH Tectia Server for Linux on Power servers (iSeries, pSeries, and OpenPower), zSeries mainframe, and Intel-based xSeries servers. According to IBM, SSH Tectia is the 1,000th application available for Linux on Power since it was introduced in November 2002. SSH Tectia also runs natively on zSeries, AIX, and Windows.

iSeries shops have another new option for implementing SSH. Earlier this month, IBM announced its IBM Portable Utilities for i5/OS toolset, which contains the OpenSSH, OpenSSL, and zlib open source packages using the i5/OS PASE runtime environment.

The OpenSSH portion of the Portable Utilities for i5/OS includes the ssh utility, which allows an i5/OS user to connect as a client to a server running the sshd daemon. An ssh client can also be used to connect to the Hardware Management Console on the eServer i5 models, IBM says. The OpenSSH PASE port also includes the sftp utility, a secure ftp replacement; scp, a secure file copy program that provides an alternative to sftp for copying a single file in the Integrated File System (IFS); ssh-keygen for creating and managing public and private keys; ssh-agent, an authentication agent for storing private keys and eliminating the need for a user to re-type the passphrase each time an SSH connection is started; and the sshd daemon, which that handles incoming ssh connections and allows users to connect to i5/OS via an ssh client.

The Portable Utilities for i5/OS can be ordered through traditional distribution channels. For more information, visit the IBM Virtual Innovation Center.