|
|
 |
| SSHield |
| Embedded Secure Shell ( SSH /
SECSH ) Server and Client |
|
SSHield
is an embedded Secure Shell (IETF SECSH,
formerly known as SSH) implementation with a full-featured
suite of secure applications that are interoperable with
all popular desktop, server and embedded SSH
implementations. SSHield enables secure communication over
a public or insecure network using popular encryption and
authentication techniques. It includes an SSH server and
client, secure copy (scp), secure FTP client and server (sftp
and sftpd), a built-in version of modular crypto libraries
all of which can be scaled out when not in use. With
advanced features such as X.509 digital certificate
support and Kerberos authentication, performance and
memory optimizations for low-resource embedded
environments. SSHield is an ideal fit for secure
command-line management of any networked equipment and for securely transfering data and image files between field
embedded devices and centralized servers.
|
|
|
|
|
|
|
|
|
|
|
|
SSHield is a standards based implementation of the SSH protocol,
and integrates the core server and client components
needed to implement a secure communication channel over
insecure networks.
Its unique, advanced features include a full suite of
secure applications such as an embedded SSH client and
server, secure copy (scp), secure FTP client and server
(sftp and sftpd), a built-in version of modular crypto
libraries including support for AES, 3-DES, SHA-1 and
other encryption & hashing algorithms.
Since SSHield is a designed-for-embedded implementation,
the extensive feature set does not come at the expense
of large memory footprints and a performance impact.
Further, individual features can be disabled at run-time
or even completely scaled out of the run-time version to
eliminate any impact from unused features and
components. Individual ciphers and hashing algorithms
can be scaled in or out for the best
application-specific trade-off between legacy
compatibility and resource usage.
SSHield also includes flexible authentication support
ranging from a simple password-based scheme (exchanged
in encrypted form), public-key authentication support (RSA
and DSA based), support for X.509 digital certificates
and other schemes. Plug-in Kerberos authentication
support is included and can be enabled by adding on a
Kerberos module such as AuthAgent Kerberos.
SSHield can be used in any setting where a secure
equivalent of FTP and telnet are desired, including
command-line interface (CLI) management of embedded
datacom, telecom, industrial and other equipment.
SSHield includes specific hooks for integrating with
existing CLIs and management backplanes, and also
includes a modular helper library to optionally develop
CLIs from scratch. |
|
 |
Features |
 |
 |
 |
|
 |
Provides SSH protocol client and server support
with both SSHv1 and SSHv2. |
|
|
Includes sftp client and server as well as scp
with flexible library-style APIs. |
|
|
Supports password authentication in addition to
public-key user authentication. |
|
|
X.509 certificate support for authentication. |
|
|
Support for Kerberos authentication. |
|
|
Supports custom authentication mechanisms. |
|
|
Modular crypto to scale out unneeded ciphers and
hashes. |
|
|
APIs for target-based key
generation. |
|
|
Data compression support. |
|
|
Port Forwarding for legacy
applications and X11 Forwarding. |
|
|
Abstracted file IO system. |
|
|
Works with standard SecureShell
client implementations on other platforms. |
|
|
Support for CPU types of either
endian-ness including PowerPC, MIPS, X86, ARM/XScale. |
|
|
 |
 |
 |
 |
|
|
|
|
|
|
 |
|
|
SSHield is not limited to CLI security, and
can be used to secure a wide range of applications by
integrating the application with SSHield secure file descriptors
as a replacement for standard I/O, or as a secure transport for
any TCP-based networking protocol, using a generic tunneling
mechanism ("port-forwarding"). Port-forwarding not only serves
as a convenient secure transport channel, but also enables TCP
applications to be secured without requiring the application's
source code to change or even be re-compiled! In other words,
even binary application components for which source is not
available (such as a telnet server or client) can be secured
transparently with SSHield.
SSHield's SSH protocol implementation is completely
interoperable with commercial and open-source flavors of the
protocol available on desktop, server and other embedded
platforms.
SSHield has
been extensively validated on a variety of CPU architectures,
and this minimizes development and integration efforts. SSHield supports for
multi-tasking, memory partitions, & abstractions that are lean,
yet fast. SSHield enables secure transactions in embedded
network applications with the fewest changes. |
|
|
|
Special Features |
|
|
Includes server and
client components for the SSH protocol as well as
subsystems for SFTP and SCP |
|
|
Wide choice for encryption algorithms including
AES (Rijndael), DES, 3DES, Blowfish, Twofish, CAST or
Arcfour |
|
|
Overridable Pseudo
Random Number Generator (PRNG) |
|
|
FIPS-certified
cryptographic algorithms and FIPS 140-2 certification |
|
|
Target based key
generation |
|
|
Extended upport for
digital certificate authentication |
|
|
Multi-tasking support |
|
|
Enhanced memory management & partition support |
|
|
Native support for
VxWorks 5.3, 5.4.x, 5.5.x, and AE 1.x, Linux, QNX, pSOS
and other OSes. |
|
|
|
|
|
|
