SSH2 Server for Wind= ows NT/XP/VISTA/2000/2003/2008
Keep it Secure – Simply
User
THIS PAGE INTENTIONALLY LEFT B=
LANK
Georgia SoftWorks
SSH2 Server
Copyright = ã 1997-2009, Georgia SoftWorks, All Rights Reserved
Public Square
17 Hwy 9 South •
Dawsonville
Telephone 706.265.1018 • Fax 706.265.1020
http://www.georgiasoftworks.com
Copyright ©
Georgia SoftWorks, 1997-2009 All Rights Reserved.
User's Manual, V=
ersion
7.50, January 15, 2009
Microsoft, Windo=
ws, Windows
VISTA, Windows XP, Windows 2000 Windows NT, Windows 98, Windows 95 are
trademarks of Microsoft Corporation. SAP, SAPConsole are trademarks of SAP
AG. SecureCRT, F-Secure, PuTT=
Y are
trademarks of their respective companies.
THIS P=
ROGRAM
IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSE=
D OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
LICENS=
OR MAKES
NO WARRANTIES OR REPRESENTATIONS, EXPRESS OR IMPLIED, ORAL OR WRITTEN,
REGARDING THE PROGRAM OR DOCUMENTATION AND HEREBY EXPRESSLY DISCLAIMS ALL O=
THER
EXPRESS OR IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE. LICENSOR DOES NOT WARRANT THE PROGRAM WILL MEET YOUR
REQUIREMENTS OR THAT ITS OPERATION WILL BE UNITERRUPTED OR ERROR FREE.
IN NO =
EVENT
WILL GEORGIA SOFTWORKS BE LIABLE TO YOU FOR ANY DAMAGES, INCLUDING ANY LOST
PROFITS, LOST SAVINGS OR OTHER INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING =
OUT
OF THE USE OR INABILITY TO USE SUCH PROGRAMS.
COPYIN=
G:
WHILE =
YOU ARE
PERMITTED TO MAKE BACKUP COPIES OF THE SOFTWARE FOR YOU OWN USE AND PROTECT=
ION,
YOU ARE NOT PERMITTED TO MAKE COPIES FOR THE USE OF ANYONE ELSE.
LICENS=
E:
YOU ARE LICENSED TO RUN THIS SOFTWARE ON A SINGLE WINDOWS NT/XP/VISTA/2000/2003/2008 SYSTEM. THE GEORGIA SOFTWORKS WINDOWS NT/XP/VISTA/2000/2003/2008 SSH2 SERVER SOFTWARE MAY BE INSTALLED ON A SINGLE WINDOWS NT/XP/VISTA/2000/2003/2008 SY= STEM.
This Page Le=
ft
Intentionally Blank
Table of Contents
Float=
ing
License – Overview=
Floating License – Hardware Key Installation
Instructions
Removing Floating License – (Hardware Key)
Regis=
tration
via Software Serial Number=
GSW FIPS 140-2 Compliant Option..
ENABLE FIPS 140-2 ON SSH2 SERVER..
ENABLE FIPS 140-2 ON GSW MOBILE/CE and DESKTOP CLIE=
NTS
Allow=
only
AES-256 Encryption=
Chang=
e the
SSH2 Port Number.=
Locat=
ion of
SSH2 Server RSA Private Key.=
Locat=
ion of
SSH2 Server DSA Private Key.=
Using the GSW SSH2 Server Software.
Windows CE – Psion-Teklogix 7535 Devices
Specify Domain with a 3rd Party Client=
GSW SSH2 Server Subscription..
HOW TO
RENEW THE GSW Subscription=
System Signature - IMPORTANT PLEASE READ
Provi=
de Log
Files To GSW Technical Support=
Table of Figure= s
Figure 1: GSW Server Products Block Diagram<= o:p>
Figure 2: GSW Telnet Server Block Diagram<= o:p>
Figure 3: GSW SSH2 Server Block Diagram<= o:p>
Figure 4: Installation Welcome Screen<= o:p>
Figure 5: Installation – Choose Desti= nation Folder<= o:p>
Figure 6: Installation – Command Shell Status Lines<= o:p>
Figure 7: Installation Complete<= o:p>
Figure 8: GSW UTS Program Group<= o:p>
Figure 9: SSH2 Installation Status<= o:p>
Figure 10: Floating License – Paralle= l Port= <= o:p>
Figure 11: Floating License - USB Port= <= o:p>
Figure 13: Floating License - Installation = Splash Screen<= o:p>
Figure 14: Floating License – HW Key Initial Installation Welcome Screen.. <= o:p>
Figure 15: Floating License - License Agree= ment= <= o:p>
Figure 16: Floating License - Accept License Agreement<= o:p>
Figure 17: Floating License - HW Key - Installation Status<= o:p>
Figure 18: Floating License Drivers Success= ful Installation<= o:p>
Figure 19: Registration – SSH Shield = is not registered for use<= o:p>
Figure 20: GSW Registration - Initial Scree= n<= o:p>
Figure 21: Registration - Serial Number App= lied<= o:p>
Figure 22: Registration Successful Screen<= o:p>
Figure 23: Registration Verification<= o:p>
Figure 24: Registration - Verify that FIPS = 140-2 is Enabled<= o:p>
Figure 25: Control Panel - GSW SSH2 Services Started<= o:p>
Figure 26: GSW True FIPS 140-2 Connection &= #8211; Server and Client<= o:p>
Figure 27: FIPS 104-2 Option Enabled<= o:p>
Figure 28: Desktop Client "-i" op= tion issued<= o:p>
Figure 29: Enable FIPS 140-2 on GSW Mobile Clients<= o:p>
Figure 30: Verify FIPS 140-2 Compliant Connections<= o:p>
Figure 31: Installation Folder Layout of th= e GSW UTS<= o:p>
Figure 32: Installation Folder Layout of th= e GSW SSH2 Shield<= o:p>
Figure 33: GSW SSH2 Desktop Client= <= o:p>
Figure 34: GSW PPC 2003 Client= <= o:p>
Figure 35: GSW PPC 2003 Client – Opti= ons<= o:p>
Figure 36: GSW PPC 2003 Client - SAPConsole= - SSH2<= o:p>
Figure 37: Psion-Teklogix Initial Screen<= o:p>
Figure 38: Psion-Teklogix – Session M= enu Items<= o:p>
Figure 39: Psion-Teklogix Connection Settin= gs<= o:p>
Figure 40: Psion-Teklogix – Save Sett= ings<= o:p>
Figure 41: Psion-Teklogix running SAP via SAPConsole<= o:p>
Figure 42: Psion-Teklogix Save Client Setti= ngs Menu<= o:p>
Figure 43: 3rd Party Client – SecureC= RT – SAPConsole<= o:p>
Figure 44: 3rd Party Client - PuTTY - Unico= de<= o:p>
Figure 45: 3rd Party Client - F-Secure SSH = Client= <= o:p>
Table of Tables
Table 1: GSW Software versions required for FIPS 14= 0-2<= o:p>
Table 2: Device Operating System Versions Required for FIPS 140-2<= o:p>
Table 3: GSW SSH2 Client Platforms<= o:p>
Table 4: FIPS 140-2 certificate links<= o:p>
Table 5: Version Upgrade Pricing with GSW Subscription Plan<= o:p>
Table 6: Version Upgrade Pricing Without Subscription Plan<= o:p>
Typographic Convention=
s
Italics: =
&nb=
sp; =
are
used to emphasize certain words, especially new terms or phrases when they =
are
introduced.
Initial Caps Bold: &=
nbsp; &nbs=
p; Words that appear in i=
nitial
caps boldface represent menu options, buttons, icons or any object that you=
may
click.
Co=
urier: =
&nb=
sp; This
font represents anything you must type.
"<enter>&qu=
ot; &=
nbsp; &nbs=
p; &=
nbsp; This
represents the enter key.
Terms/Abbreviations
UTS =
&nb=
sp; =
GSW
Universal Terminal Server
Windows &=
nbsp; &nbs=
p; &=
nbsp; Refers
to Microsoft Windows Operating Systems 98/ME/NT =
&nb=
sp; =
&nb=
sp; 4.0/XP/VISTA/2000/2003/2008
unless otherwise noted.
Features at a Gl= ance
Offering Secure Remote Logon, Secure Data Exchan=
ge,
Secure Network Services and Secure Access to your Application
on an Insecure Network
Georgia SoftWorks S=
SH2
Server
|
AES-256, 3DES, BLOWFISH and other Ciphers Supported
Defaults provide strong encryption &nbs=
p; No
Certificate provision required <= o:p>
<= o:p>
<= o:p>
<= o:p>
<= o:p>
<= o:p> |
Overview
The
GSW Secure Shell (SSH2) Server provides Secure Remote Access to your Windows
Host including Secure Remote Logon, Data Exchange, and Access to you
Application on an Insecure Network
Thank=
you for
purchasing the Georgia SoftWorks (GSW) SSH2 Server for Windows NT/XP/VISTA/=
2000/2003/2008.
The GSW SSH2 Server provides unparalleled performance and includes the powe=
rful
features needed to achieve operational objectives in demanding commercial a=
nd
industrial environments. The growing concern that sensitive data must not be
available to unauthorized third parties demands that a client can securely
access the remote server. This is especially important for RF access to a
server.
Strong
“End to End” encryption is employed with the GSW SSH2 Server.
A Fede= ral Information Processing Standards Publication (FIPS) 140-2 compliant option = is available and may be purchased for the GSW SSH2 Server. This standard specifies the securi= ty requirements that will be satisfied by a cryptographic module utilized with= in a security system protecting sensitive or valuable data. This option is avail= able to Federal agencies, including the US Military. The option is also available for purchase by other organizations such as state governments, educational = and research institutions, commercial businesses and other entities with the ne= ed or desire to comply with this security requirement for cryptographic modules standard.
The G=
SW SSH2
Server is useful in a wide variety of environments that require Secure Remo=
te
Access and Strong Encryption that include:
· = ; RF Application, Barcode Scanner, etc. (Wareh= ousing, Inventory, Medical, etc.)
· = ; SAP AG’s SAPConsole
· = ; Application Service Providers (ASP)
· = ; System Administration
· = ; Legacy Applications
· = ; Software Development and more!
The GSW SSH2 provides=
SSH2
(SSH version 2) operation rather than the older iteration SSH1 (SSH version=
1)
operation. In addition to being faster, smaller and more flexible, SSH2
provides significant security improvements. Even though SSH1 implementations
exist, they are becoming fewer and are usually not recommended as a choice.=
GSW
has chosen to provide the strongest, fastest and version of SSH – SSH=
2.
An extremely importan=
t aspect
of the GSW SSH2 Server is the ease of installation. Complex and lengthy
security configuration has been either eliminated or reduced to a minimum in
order to get your application up and running fast without forsaking perform=
ance
or compromising desired security. You do not have the administrative comple=
xity
of public/private keys and certificates when using the GSW SSH2 Server defa=
ult
settings.
Secure Remote Login, =
Secure
Access to the Application and ensuring Data Integrity are the primary areas=
for
concern when securing an application and the GSW SSH2 Server is optimized to
address these needs.
Secure Remote Login
The GS=
W SSH2
server only allows connections from SSH2 clients. This ensures that all user data is
encrypted prior to leaving the local client device. The data is decrypted at
the remote GSW SSH2 Server. This includes authentication data such as the username and password that is required to Login to the remote server. The
encryption is transparent, and thus the user will not perceive much, if any,
variance between operation of a telnet and SSH2 client.
The SS= H2 connection ensures that the Login and Authentication data is encrypted so t= hat a malicious party can not intercept the sensitive information.
Secure Access to Your Application (=
Secure
Data Exchange)
Since =
the
connection between the SSH2 client and the GSW SSH Server is encrypted, the
data transmitted is not readable by unauthorized parties. When the User is authenticated, a =
shell
is started (cmd.exe), where the user can perform remote command execution or
start applications. All data transmitted between the client and the server =
is
encrypted. No one can “snoop” the connection and intercept clear
text data because none exists!
Data Integrity
Data I=
ntegrity
is essential for secure data exchange.&nbs=
p;
The data received must be exactly the same as the data sent; otherwi=
se
an unauthorized party may have modified the data during the transmission. T=
he
SSH2 Transport layer ensures that the data received has not been modified f=
rom
the data sent. This is accomplished by including a message authentication c=
ode
(MAC) with each packet transmitted. The MAC is determined prior to encrypti=
on
using the contents of the packet, a “Shared Secret” between the
SSH2 client and SSH2 server and a packet sequence number.
Ease of Use
&=
nbsp; &nbs=
p;
Many
of the complex and lengthy configurations issues are automatically defined =
by
the GSW SSH2 Server. It has been observed that an overwhelming majority of
customers do not need nor desire to set every possible option available for
SSH2 Security.
Most
customers want the strongest security that is practical to implement. Throu=
gh
much dialog with our resellers and customers that use RF environments a main
theme emerged. The requirement to “Keep it secure – simply̶=
1;
was paramount.
The
installation of the GSW SSH2 Server is very quick. You will have users
connecting with the security of powerful SSH2 encryption much sooner than
expected.
· =
&nb=
sp;
No Encryption Method has to be specified.
Many environments must ensure that the Windows
Username and Password are encrypted as well as the data. GSW SSH2 Server
provides complete confidentiali=
ty by
defaulting to a very strong encryption method.
The GSW =
SSH2
Server defaults to AES-256.
AES-256 is the generally accepted strongest
encryption standard offered by SSH2 – it is the Advanced Encryption
Standard using a 256 bits cryptographic key. This is also known as the Rijn=
dael
algorithm which is a symmetric block cipher capable of using cipher keys th=
at
have 128, 192 and 256 bit lengths to process data blocks of 128 bits.
The GSW SSH2 server can be configured to refuse a
connection if the SSH2 client can not operate with AES-256. Weaker encrypti=
ons
only compromise the security of the connection so only
the strongest encryption can be configured to
ensure the strongest protection - while maintaining exceptional
performance. AES-256 encrypti=
on is
available on almost all SSH2 clients. Of course other encryptions are suppo=
rted
such as 3DES and Blowfish. The GSW SSH2 server will negotiate with the clie=
nt
to agree on the algorithm unless configured otherwise.
&mi=
ddot; =
&nb=
sp;
No manual installation of certificates needed
Additionally it has been identified that the
administrative requirements for public and private certificate installation=
is
not needed or desired. In fact, the installation of certificates on RF devi=
ces
would be complex and cumbersome at best.&n=
bsp;
No public/private key generation or administration is required.
Component Architecture
The GSW SSH2 is composed of:
§ § The GSW UTS is the software module that contains the core software for the GSW Server products, and the majority of the Advanced Feat= ures for the GSW Server Products <= /span>
![](3D"SSH2_usersguide_files/image001.gif")
Figure 1: GSW Server Products Block Diagr= am
The GSW UTS standard option for the Protocol and Interfa=
ce
is the Telnet Interface. This configuration is marketed and sold as the GSW
Telnet Server.
![](3D"SSH2_usersguide_files/image002.gif")
Figure 2: GSW Telnet Server Block Diagram=
The
GSW UTS SSH2 interface is installed by applying the GSW SSH2 Shield to the =
GSW
UTS. The GSW SSH2
Shield disconnects the Telnet Protocol Interface and installs=
the
SSH2 Interface.
This c=
onfiguration
is marketed and sold as the GSW SSH2 Server
![](3D"SSH2_usersguide_files/image003.gif")
Figure 3: GSW SSH2 Server Block Diagram
Installation
Overview
When
you purchased the GSW SSH2 Server you either:
- Own a GSW Telne=
t Server
and are upgrading to the SSH2
Server
&nbs=
p; OR
- Are new customer
purchasing the GSW SSH2 Server[1].
If
you own a GSW Telnet Server and are upgrading to the SSH2 Server then:
- You must have G=
SW
Telnet Server Version 6.50 or higher installed. This is required to ob=
tain
the GSW UTS. Even though you are installing the GSW Telnet Server, the
Telnet Interface becomes disabled when the SSH2 Shield is installed. If
you have an older version then you will need to upgrade to the Version
6.50 or higher before you can apply the SSH2 Shield.
- You next instal=
l the GSW
SSH2 Shield
- Register the GS=
W SSH2
Server.
If
you are purchasing a new GSW SSH2 Server then:
- You will receiv=
e the
current version of the GSW Telnet Server. Install the GSW Telnet Server
according to the Installation Instruction in the GSW UTS User Manual. =
You
do not need to register the Telnet Server at this time. Registration t=
akes
place after the installation of the GSW SSH2 Shield.
- You next instal=
l the
GSW SSH2 Shield
- Register the GS=
W SSH2
Server.
NOTE: The GSW SSH2 Server
requires registration. The registration for the GSW UTS is not sufficient f=
or
the GSW SSH2 Server.
Procedure
Instal= lation of the GSW SSH2 Server software is simple and quick. From Windows NT/XP/VIS= TA/2000/2003/2008 perform the following:=
![](3D"SSH2_usersguide_files/image005.jpg")
Figure 4: Installation Welcome Screen<= o:p>
1.&n=
bsp;
C:\Program Files\Georgia SoftWorks\Georgia SoftW=
orks
SSH2 SHIELD.
You may change the installation dir=
ectory
at this time. Note: Make sure that the users of =
the
SSH2 Server have full access to the installation directory.
![](3D"SSH2_usersguide_files/image006.jpg")
Figure=
5: Installation – Choose Destination Folder=
<=
span
style=3D'font-family:"Times New Roman"'>&nb=
sp; Select
the Program Folder for the SSH2 Server. Click
Next.
<= o:p>
<=
span
style=3D'mso-fareast-font-family:Garamond;mso-bidi-font-family:Garamond'>
![](3D"SSH2_usersguide_files/image007.gif")
Figure=
6: Installation – Command Shell Status Lines
3.&n=
bsp;
![](3D"SSH2_usersguide_files/image008.gif")
Figure 7: Installation Complete
Please view the readme.txt file as it may contain late breaki=
ng
information about the SSH2 Server that has not yet made it into the User
Manual. Release notes are also contained in the readme.txt![](3D"SSH2_usersguide_files/image009.jpg")
Figure 8: GSW UTS Program Group
Ins=
tallation
will result in the Georgia SoftWorks program group item “Installation
Status” showing GSW SSH2 as installed. Additionally the version of the
GSW SSH Shield is displayed along with the status of the server and other
Georgia SoftWorks software that may be installed.
![](3D"SSH2_usersguide_files/image010.jpg")
Figure 9: SSH2 Installation Status
Registration
=
The GSW SSH2 Server is licensed for a single ser=
ver.
The license must be activated for the software to operate. To activate the li=
cense
a valid
Two methods exist to=
obtain
a valid Serial Number.
- Registration via Floating License (default
method)
The Serial Number is pre-programmed into a speci=
fic
hardware key that came with your purchase. The hardware key connects to a
parallel or USB port on the server. See page 11 for details on registration via the Floating Lice=
nse.
- Registration via Software Serial Number.
This method exists for environments that do not support Parallel or USB ports. In brief this entails providing GSW with a machine specific Product ID. A Serial Number is generated based on the Prod= uct ID. This is usually performed via email, fax or telephone. See page 18 for details on Software registration.
Floating License – Overview<= /h2>
The Ge=
orgia
SoftWorks Floating License provides the flexibility to rapidly move the GSW
SSH2 Server from one machine to another.&n=
bsp;
If you are unable to use the Floating License - skip this section=
and
go to the section on Registration via Software Serial Number on page 18=
.
NOT=
E: When a SSH2 Server Pack is purcha=
sed
(SSH2 Server and GSW Telnet
Server), the same physical Floating License will contain valid Serial Numbe=
rs
for both products.
With t=
he
Floating License NO software registration is required for the SSH2
Server to operate.
Common
scenarios where the Floating License is useful include:
·
Laboratory
usage in a development or test environment where the SSH2 Server&=
nbsp;
is required for short periods of time on any particular machine and =
then
moved to a new machine.
·
Backup
Servers in a production environment.
Typically multiple SSH2 Servers are purchased for backup systems, however w=
ith
a Floating License the Hardware Key can be quickly moved from the primary
machine to the backup without any other registration requirements.
·
Environments
where a failed server must be replaced or rebuilt and immediately restored =
to
operation with full SSH2 Server capability.
The Ge=
orgia
SoftWorks Floating License is a hardware key that connects to a female
parallel port connector or
The Ge=
orgia
SoftWorks Floating License is a hardware key that can be ordered for a Para=
llel
or
|
|
USB Floating License=
|
|
Figure 10: Floating License – The Parallel Port Floating License is a Pass Through allowing normal function of the port. |
Figure 11: Floating License - Not attac= hed to a Server |
|
The Parallel Port Floating License connects to a female parallel port on the ser= ver and does not impact functionality of the port for other uses. It acts as = a pass though allowing normal connections to the other side of the key. |
USB LED Lights when Installed |
![](3D"SSH2_usersguide_files/image012.jpg")
![](3D"SSH2_usersguide_files/image014.jpg")
![](3D"SSH2_usersguide_files/image016.jpg")
Figure=
12: Floating License - Hardware Key
The SS=
H2
Server will recognize the presence of the key and activate the software with
the proper date for which free version upgrades can be obtained. It does not
matter which parallel or USB port on the server the Hardware Key is install=
ed,
as all ports will be scanned for the installation of the key.
The Fl=
oating
License currently is installed using the manufacturer (Aladdin) of the hard=
ware
key’s setup program. It is described below. The name of the hardware =
key
is HASPHL and you will see it displayed in the setup screens.
Floating License – Hardware Key Install= ation Instructions
1.&n=
bsp;
Note: If you are using a USB Floating
License on a Windows NT system run the file aksnt4usb.exe
prior to the following steps.
2.&n=
bsp;
3.&n=
bsp;
HASPUserSetup.exe program and follow the installation
instructions. (After installa=
tion
of the hardware key install the SSH2 Server as described on page 6.)
You
will first see the Aladdin Splash Screen. The Aladdin Splash Screen will
display for about 5 seconds.
![](3D"SSH2_usersguide_files/image017.jpg")
Figure=
13: Floating License - Installation Splash Screen=
4.&n=
bsp;
![](3D"SSH2_usersguide_files/image018.jpg")
Figure=
14: Floating License – HW Key Initial Installation
Welcome Screen
=
As
the dialog indicates, if you have any running application please close them
now.
Click Next
![](3D"SSH2_usersguide_files/image019.jpg")
Figure 15: Floating License - License Agr=
eement
Read the license agreement and select “I accept the
license agreement”, and then Click
Install.
![](3D"SSH2_usersguide_files/image020.jpg")
Figure 16: Floating License - Accept Lice=
nse
Agreement
5.&n=
bsp;
![](3D"SSH2_usersguide_files/image021.jpg")
Figure
17: Floating License - HW Key - Installation Status<=
/span>
6.&n=
bsp;
Click Finish.
![](3D"SSH2_usersguide_files/image022.jpg")
Figure 18: Floating License Drivers Succe=
ssful
Installation
7.&n=
bsp;
NOTE:=
On
some systems you may have to reboot the server after installation. If the
Floating License is not recognized (by the GSW SSH2) after installing the
driver, please reboot the server.
Removing Floating License – (Hardware K= ey)
In the=
event
that you need to remove the Floating License (Aladdin HaspHL) please use the
Windows Control Panel Add/Remove Programs administrative utilities.
NOTE: Removing the Floating License will
disable the SSH2 Server.
Registration via Software Serial Number
To run=
the GSW
SSH2 Server you must first register the software. (This registration is =
NOT
required if you installed the Floating License, Page 11=
) Registration via Software Serial =
Number
entails just a few steps that involve obtaining the Product ID and providing
this Identification to Georgia SoftWorks so a Serial Number can be generated. Georgia SoftWorks will provide=
you
with the Serial Number based on the Product ID. When you enter the Serial N=
umber
into the Registration Tool, click Register.
NOTE: Read System Signature chapter at the end of manual (pag=
e 53).
How to Register the Software
To run=
the
registration software -
·
Start button on the task ba=
r;
select Programs, then Georgia SoftWorks UTS Server and t=
hen Registration.
Prior
to registering the SSH2 Server, a reminder dialog is presented indicating t=
hat
the SSH Shield is not registered.
![](3D"SSH2_usersguide_files/image023.gif")
Figure 19: Registration – SSH Shiel=
d is
not registered for use
The
GSW SSH2 Server will be fully functional for a Trial Period of 30 days with=
out
requiring registering when installed for the first time on a system. Click OK
IMPORTANT NOTE:
If you already own a GSW Telnet Server and you want to run a 30 day trial of
the GSW SSH2 Server then you will need to request a 30 day trial serial num=
ber
from Georgia SoftWorks. Pleas=
e save
a copy of the current SERIAL NUMBER for your telnet server prior to install=
ing
a 30 trial GSW SSH2 Server. In the event that you do not purchase the GSW S=
SH2
Server prior to the expiration of the trial you will need to apply your
original serial number to re-activate the original GSW Telnet Server.
Next, the registration screen is displayed. The Registration program
automatically fills in the Product Information fields as shown in the figure
below. Complete the Customer Information fields as shown in the figure belo=
w.
Note:
The Product Information Name an=
d Version must contain valid data or=
it
will not generate a correct Product ID.
![](3D"SSH2_usersguide_files/image024.jpg")
Figure 20: GSW Registration - Initial Scr=
een
Note that the Customer Information =
and
Serial Number in the Registration Information may be already filled. This w=
ill
be the case if the GSW UTS has previously been registered and operating as =
the
GSW Telnet Server.
1.<=
span
style=3D'font:7.0pt "Times New Roman"'> Please complete the Customer Information , =
Purchased
From and the Application software fields in the Registration Screen. =
2.<=
span
style=3D'font:7.0pt "Times New Roman"'> The registration information must be
provided to Georgia SoftWorks to obtain the Serial Number. Several methods =
are
available for your convenience.
<=
span
style=3D'mso-list:Ignore'>1.&n=
bsp; Save the information to a file and =
email
it to Georgia SoftWorks - Preferred
method.
Please save (usin=
g the Save to file button on the registration screen) this information to a <=
span
style=3D'mso-tab-count:1'> &=
nbsp; file
and email to Georgia SoftWorks registration@georgiasoftworks.com
OR
<=
span
style=3D'mso-list:Ignore'>2.&n=
bsp; Print the information and Fax it to
Georgia SoftWorks
&=
nbsp; &nbs=
p; Please
print (using the Print button =
on the
registration screen) this information and fax to =
Georgia Sof=
tWorks
- 706.265.1020
&nb=
sp; Once
Georgia SoftWorks receives the information, we can generate a Serial Number=
on
demand. =
; &n=
bsp; We
will reply back via Fax or email. You may close the registration program at
this time.
3.<=
span
style=3D'font:7.0pt "Times New Roman"'> When the Serial Number is provided =
run
the Registration Program again and enter the Serial Number. The easiest met=
hod
to get the serial number is to highlight the returned Serial Number and cop=
y (ctrl-c).
Then position the mouse in the Serial Number field in the Registration
Information box and paste (ctrl-v).
![](3D"SSH2_usersguide_files/image025.jpg")
Figure 21: Registration - Serial Number A=
pplied
4.<=
span
style=3D'font:7.0pt "Times New Roman"'> Click
Register.
![](3D"SSH2_usersguide_files/image026.gif")
Figure 22: Registration Successful Screen=
5.<=
span
style=3D'font:7.0pt "Times New Roman"'> Click
OK.
Now the software is registered.
You will notice that in this case t=
he
Parameter field in the registration form is set to 3000, SSH Shield. This
indicates that the SSH2 Server is installed and registered and is enabled f=
or
3000 sessions.
![](3D"SSH2_usersguide_files/image027.jpg")
Figure 23: Registration Verification
If you have purchased the Federal
Information Processing Standards Publications (FIPS 140-2) option you can
verify that it is enabled by viewing the registration screen as shown below=
in Figure
24. Please note that the GSW SSH2 Server must be
installed for the FIPS option to be available. GSW True FIPS 140-2 compliant
connections can be identified using the GSW Session Administrator in the GSW
UTS Server. Please see the GS=
W UTS
Users Guide for further details.
![](3D"SSH2_usersguide_files/image029.jpg")
Figure
IMPORTANT:
READ SYSTEM SIGNATURE CHAPTER AT END OF MANUAL (page 53
You may now run the Georgia SoftWor=
ks
SSH2 Server. Note that you will be able to obtain Free Updates until the da=
te
specified
GSW = SSH2 Server
Using the Installation Status Program Item within
Georgia SoftWorks UTS program group, you can view the Installation Status of
the GSW UTS and SSH2 Server. Another useful utility is to use the Windows
Control Panel to view and alter the status of the GSW SSH and the GSW UTS
services.
![](3D"SSH2_usersguide_files/image030.gif")
Figure 25: Control Panel - GSW SSH2 Servi=
ces
Started=
The Georgia SoftWorks GSW_SSHD service and the G=
eorgia
SoftWorks Universal Terminal Server should both have a status of Started an=
d a
Startup Type of Automatic.
Using the Windows Services utility is the recomm= ended method to start and stop the GSW services when required.
GSW = FIPS 140-2 Compliant Option
GSW provides a Federal Information
Processing Standards Publication (FIPS) 140-2 compliant option for those
entities with requirements to meet cryptographic module security standards =
to
protect sensitive and valuable data. FIPS standards are either mandated or
recommended for use in federal government information technology (IT) syste=
ms.
Georgia SoftWorks undertook a purpo=
sed
and specific development effort in order to provide required FIPS 140-2
compliant SSH2 server and client software to the United States Military.
Soft= ware Requirements
In addition to the development requ=
ired
for FIPS 140-2 compliance of the GSW server and client software, the GSW mo=
bile
clients must run on an operating system that is FIPS 140-2 certified or pro=
vides
a cryptographic module that has been certified.
In order that your SSH2 connections= are FIPS 140-2 compliant you must ensure that you have the minimum GSW software versions as well as the proper Windows Mobile/CE operating system version.<= /span>
Software Requirements for FIPS Compliancy
|
GSW Software |
Version |
|
|
Certificate= |
|
GSW UTS Ser= ver GSW SSH2 Se= rver |
7.50+ |
|
|
# # |
|
7.50+ |
|
|
||
|
GSW Desktop= Clients |
7.50+ |
|
|
# |
|
GSW CE/Mobi= le Clients |
7.50+ |
|
|
|
| =
|
=
|
=
|
=
|
=
|
Table 1: GSW Software versions required for FIPS 140-2
|
Required Device Operating System for Mobile/CE Clients |
|
|
|
Certificate= |
|
Windows CE = 5.0 Depends on = Vendor - Made available to OEMs via Windows U= pdate 061211_KB911762 |
|
|
|
# |
|
Windows Mob= ile 5.0 |
|
|
|
# |
|
Windows CE = 6.0 |
|
|
|
# |
|
Windows Mob= ile 6.0 |
|
|
|
# |
|
Windows Mob= ile 7.0 |
|
|
|
|
Table 2: Device Operating System Versions Required for FIPS 140-2
The significant aspect of the client device oper=
ating
system is that the version of the cryptographic module rsaenh.dll must be N=
IST
(National Institute of Standards and Technology) certified, which begins wi=
th
build 14343.0.0. With Windows CE 5.0 extra attention should be taken to ens=
ure
the version of rsaenh.dll. This may require contacting the device vendor to
determine the correct version number of that cryptographic module.
Enab= le Option
FIPS 140-2 = must be enabled on both the GSW SSH2 server and the GSW clients to complete a FIPS 140-2 compliant connection.
![](3D"SSH2_usersguide_files/image032.jpg")
<= /span>Figure 26: GSW True FIPS 140-2 Connection – Server and Client
ENAB= LE FIPS 140-2 ON SSH2 SERVER
Proper registration will enable the=
FIPS
option on the SSH2 Server. Vi=
ew the
registration tool to ensure the GSW SSH2 Server is registered with the FIPS
option enabled.
Select the Start button on the task=
bar;
select Programs, then Georgia SoftWorks UTS Server and then Registration. T=
he
current registration information is displayed.
![](3D"SSH2_usersguide_files/image033.jpg")
Figure 27: FIPS 104-2 Option Enabled
In the field you will observe the number of concurrent sessions allowed followed by the text “SSH Shield” indicating that the GSW SSH2 server is installed and FIPS indicating that the FIPS 140-2 option is enabled.
ENAB= LE FIPS 140-2 ON GSW MOBILE/CE and DESKTOP CLIENTS
Desktop
Client
Use the ”
command line parameter when launching on GSW Desktop clients to enable FIPS
140-2 option. Please see the UTS users manual for a description and example=
s of
desktop client command line options.
When FIPS 140-2 enabled GSW desktop=
clients
are launched you will receive=
a
banner indicating that the “-i” command =
line
parameter was issued by the client.
![](3D"SSH2_usersguide_files/image035.gif")
Figure 28: Desktop Client "-i" option issued
Please note that=
to
have a both ends (client and server) FIPS 140-2 compliant, FIPS 140-2 must =
be
enabled on the GSW SSH2 Server too.
Mobile/CE Clients
Enable FIPS140-2 on GSW Mobile/CE clients via the
Encryption list box. The Mobile/CE device screen that you see will be simil=
ar
to the ones below.
![](3D"SSH2_usersguide_files/image037.jpg")
Figure 29: Enable FIPS 140-2 on GSW
Please note that= to have a both ends (client and server) FIPS 140-2 compliant, FIPS 140-2 must = be enabled on the GSW SSH2 Server too.
FIPS= 140-2 Connections
Using the UTS Se=
ssion
Administrator you can verify True GSW FIPS 140-2 compliant connections. An
asterisk “*” will be
prepended to the user name for connections that are FIPS 140-2 compliant for
both the client and the server.
The possibility exists that a third party client may be FIPS 1= 40-2 compliant but it cannot be verified unless it is a GSW client.
![](3D"SSH2_usersguide_files/image038.jpg")
Figure 30: Verify FIPS 140-2 Compliant Connections
.
Inst= allation Layout
The Installation fol=
der of
the GSW UTS is as follows
![](3D"SSH2_usersguide_files/image040.jpg")
Figure 31: Installation Folder Layout of =
the
GSW UTS
The folders of
interest are:
·
&=
nbsp; &nbs=
p; Contains
all the GSW clients for the SSH2 Server and the Telnet =
&nb=
sp; &=
nbsp; Server.
o &nb=
sp;
&=
nbsp; Contains
the GSW Client for Teklogix 753x devices.
o &nb=
sp;
Contains th=
e GSW
Client for ARM devices
o &nb=
sp;
&=
nbsp; Contains
the GSW Client for Intermec CK30 devices
o &nb=
sp;
&=
nbsp; Contains
the GSW clients that run on Windows Desktops.
o &nb=
sp;
=
GSW
Clients for Windows Pocket PC 2002 class devices
o &nb=
sp;
=
GSW
Clients for Windows Pocket PC 2003 class devices.
o &nb=
sp;
&=
nbsp; Contains
the GSW Client for x86 based devices
·
&=
nbsp; &nbs=
p; Contains
the documentation for your viewing or printing.
·
&=
nbsp; &nbs=
p; Contain
the files for the GS Java Client and Applet
·
&=
nbsp; &nbs=
p; Contains
the GSW UTS Log files to provide to the GSW Technical Support &=
nbsp; &=
nbsp; Group
in the event of a problem. See page 54 for=
more
information.
·
&=
nbsp; &nbs=
p; This
is where your logon scripts will reside. See GSW UTS User Manual.
The installation
folder layout of the GSW SSH2 Shield is as follows under the Windows\Program
Files folder.
![](3D"SSH2_usersguide_files/image041.jpg")
Figure 32: Installation Folder Layout of =
the
GSW SSH2 Shield<=
span
style=3D'font-family:"Times New Roman"'>
The Georgia SoftWorks UTS logs fold=
er
contains the GSW SSH2 Server log files to provide to the GSW Technical Supp=
ort
Group in the event of a technical problem.
Conf= iguration
No configuration is required beyond
installation in order for the GSW SSH2 Server to operate providing secure
logon, strong encryption and data integrity on an insecure network. Optional
SSH2 Configuration is provided if necessary. The GSW SSH2 Server reads
configuration values each time the GSW_SSHD service is started.
=
Allow
only AES-256 Encryption
The default configuration restricts connections =
to
those clients offering only the strongest encryption AES-256. In the event =
you
do not want to require the strongest encryption then the GSW SSH2 Server ca=
n be
configured to allow the client to negotiate the encryption.
This configuration is contained in the registry key bAES256Only which is a flag. The key is:=
&nbs=
p; HKEY_LOCAL_MACHINE\SOFTWARE\Georgia
SoftWorks\GSW_SSHD\Parameters\bAES256Only
&=
nbsp; The
default value i=
s 1.
(Only allow clients with AES-256 to connect)
You may allow the SSH2 client to negotiate the encryption strength by setting i= t to 0x0. =
The following is a procedure to =
change the registry key for the AES-256 Encryption Only flag=
.
Note:
You must be on the Windows NT/XP/VISTA/2000+ system that the Georgia SoftWo=
rks
SSH2 Server is installed. However you may connect to the SSH2 Registry from=
a
remote location.
1.&n=
bsp;
Start button at the bottom=
left
corner of your screen.
2.
RUN
3.&n=
bsp;
4.&n=
bsp;
OK
5.&n=
bsp;
HKEY_LOCAL_MACHINE
6.&n=
bsp;
Edit
7.&n=
bsp;
Find
8.&n=
bsp;
bAES256Only
9.&n=
bsp;
Find Next
10.&=
nbsp; Select the menu item Edit and then click on Modify
11.&=
nbsp; Enter the new value for the Allow A=
ES-256
Only flag and click OK
The new value will take effect when= the GSW SSHD service is restarted.
Change the SSH2 Port Number.
&= nbsp;
The default port number is port 22.=
You
can change the port number to the port of your choice.
Important:
Be sure that you also change the port number on the SSH2 clients to the same
port number configured on the SSH2 Server.
This configuration is contained in the registry key usGSWSSHDPort = which is a number. The key is:
HKEY_LOCAL_MAC=
HINE\SOFTWARE\Georgia
SoftWorks\GSW_SSHD\Parameters\usGS=
WSSHDPort
The
default value is 22.
This
following is a procedure to change the registry key for the SSH2 port numbe=
r.
Note:
You must be on the Windows NT/XP/VISTA/2000+ system that the Georgia SoftWo=
rks
SSH2 Server is installed. However you may connect to the SSH2 Registry from=
a
remote location.
1.
Start button at the bottom=
left
corner of your screen.
2.
RUN
3.
&n=
bsp;
4.
OK
5.
HKEY_LOCAL_MACHINE
6.
Edit
7.
Find
8.
usGSWSSHDPort
9.
Find Next
10.
Edit and then cl=
ick on
Modify
11.
OK
The
new value will take effect when the GSW SSHD service is restarted.
Location o= f SSH2 Server RSA Private Key.
The SSH2 Server RSA Private Key is in an encrypt=
ed
file and is in the PEM format.
This configuration is contained in the registry =
key szServerRSAKeyFile which is a text string.
You can change the location by modifying the reg=
istry
key.
The key is:
HKEY_LOCAL_MACHINE\SOFTWARE\Georgia
SoftWorks\GSW_SSHD\Parameters\szServerRSAKeyFile
The default value is the installation folder for=
the
GSW SSH2 Shield.
=
C:\Program
Files\Georgia SoftWorks\Georgia SoftWorks SSH Shield\sshd_rsa.key
The following is a procedure to change the Locat=
ion of
SSH2 Server RSA Private Key.
Note: You must be on the Windows NT/XP/VISTA/200=
0+
system that the Georgia SoftWorks SSH2 Server is installed. However you may
connect to the SSH2 Registry from a remote location.
1.
Click the Start button at the bottom left c=
orner
of your screen.
2.
Click RUN
3. Type REGEDT32 <= o:p>
4.
Click OK
5.
Select Wind=
ows
item HKEY_LOCAL_MACHINE
6.
Select the =
menu
item Edit
7.
Move the mo=
use
pointer and click Find
8.
Type szServerRSAKeyFile
9.
Click on Find Next
10.
Select the =
menu
item Edit and then click on Modify
11.
Enter the n=
ew
value for the Server RSA Key Location and click OK
The n=
ew value
will take effect when the GSW SSHD service is restarted.
Location of SSH2 Server DSA Private Key= .
The SSH2 Server DSA Private Key is in an encrypt=
ed
file and is in the PEM format.
This configuration is contained in the registry =
key szServerDSAKeyFile which=
is a
text string.
You can change the location by modifying the reg=
istry
key.
The key is:
=
HKEY_LOCAL_MACHINE\SOFTWARE\Georgia SoftWorks\GSW_SSHD\Parameters<=
/span>
=
C:\Program
Files\Georgia SoftWorks\Georgia SoftWorks SSH Shield\sshd_dsa.key
Note: You must be on the Windows NT/XP/VISTA/200=
0+
system that the Georgia SoftWorks SSH2 Server is installed. However you may
connect to the SSH2 Registry from a remote location.
1.
Click the Start button at the bottom left c=
orner
of your screen.
2.
Click RUN
3.
Type REGEDT32
4.
Click OK
5.
Select Wind=
ows
item HKEY_LOCAL_MACHINE
6.
Select the =
menu
item Edit
7.
Move the mo=
use
pointer and click Find
8.
Type szServerDSAKeyFile
9.
Click on Find Next
10.
Select the =
menu
item Edit and then click on Modify
11.
Enter the n=
ew
value for the Server DSA Key Location and click OK
The new value will take effect when the GSW =
SSHD
service is restarted.
Internal SSH2 Activity Logging FLAG for Debugging.
&= nbsp;
In the event that GSW Technical Support requires
additional information you may need to turn on SSH2 internal activity loggi=
ng.
You can activate the internal SSH2 activity logg=
ing by
modifying the following registry key.
This
configuration is contained in the registry key bEnableWODLog
which is a flag. The key is:
HKEY_LOCAL_MACHINE\SOFTWARE\Georgia SoftWorks\GSW_SSHD\Par=
ameters\bEnableWODLog
The default value is 0.
Note: You must be on the Windows NT=
/XP/VISTA/2000+
system that the Georgia SoftWorks SSH2 Server is installed. However you may
connect to the SSH2 Registry from a remote location.
1.<=
span
style=3D'font:7.0pt "Times New Roman"'> Click the Start button at the bottom left corner of your screen.
2.<=
span
style=3D'font:7.0pt "Times New Roman"'> Click RUN
3.<=
span
style=3D'font:7.0pt "Times New Roman"'> Type
4.<=
span
style=3D'font:7.0pt "Times New Roman"'> Click OK
5.<=
span
style=3D'font:7.0pt "Times New Roman"'> Select Windows item HKEY_LOCAL_MACHINE
6.<=
span
style=3D'font:7.0pt "Times New Roman"'> Select the menu item Edit
7.<=
span
style=3D'font:7.0pt "Times New Roman"'> Move the mouse pointer and click
8.<=
span
style=3D'font:7.0pt "Times New Roman"'> Type
bEnableWODLog<=
/span>
9.<=
span
style=3D'font:7.0pt "Times New Roman"'> Click on Find Next
10.=
Select the menu item Edit and then click on Modify
11.=
Enter the new value for the Enable
Activity Logging and click OK
The
new value will take effect when the GSW SSHD service is restarted.
Internal SSH2 Activity Log file location for Debugging.
&= nbsp;
In the event that GSW Technical Support requires=
additional
information you may need change the SSH2 internal activity log file locatio=
n.
You
can modify the internal SSH2 activity log file name and location by modifyi=
ng
the following registry key.
This configuration is contained in =
the
registry key szWODLogFile
which is a text string. The key is:
HKEY_LOCAL_MACHINE\SOFTWARE\Georgia
SoftWorks\GSW_SSHD\Parameters\szWO=
DLogFile
The default value is the log folder=
in
the GSW UTS Installation directory. Usually this is:
&=
nbsp; C:\GS_UTS\log
NOTE:
bEnableWODLog must be set to 1 for the log file to
operate.
Note: (you must be on the Windows N=
T/XP/VISTA/2000+
system that the Georgia SoftWorks SSH2 Server is installed. However you may
connect to the SSH2 Registry from a remote location).
1.<=
span
style=3D'font:7.0pt "Times New Roman"'> Click the Start button at the bottom left corner of your screen.
2.<=
span
style=3D'font:7.0pt "Times New Roman"'> Click RUN
3.<=
span
style=3D'font:7.0pt "Times New Roman"'> Type
4.<=
span
style=3D'font:7.0pt "Times New Roman"'> Click OK
5.<=
span
style=3D'font:7.0pt "Times New Roman"'> Select Windows item HKEY_LOCAL_MACHINE
6.<=
span
style=3D'font:7.0pt "Times New Roman"'> Select the menu item Edit
7.<=
span
style=3D'font:7.0pt "Times New Roman"'> Move the mouse pointer and click
8.<=
span
style=3D'font:7.0pt "Times New Roman"'> Type
szWODLogFile
9.<=
span
style=3D'font:7.0pt "Times New Roman"'> Click on Find Next
10.=
Select the menu item Edit and then click on Modify
11.=
Enter the new value for the Activit=
y Log
File Name and Location and cl=
ick OK
The
new value will take effect when the GSW SSHD service is restarted.
Using the= GSW SSH2 Server Software
After Installati=
on,
Registration, and Configuration the GSW SSH2 Server is ready to use.
See User Manual =
for
the GSW Universal Terminal Server for information on the powerful features
available to the GSW SSH2 Server.
SSH2= Clients
In addition to the GSW SSH2 clients=
, the Georgia SoftWorks SSH2 Server is
compatible with all SSH2 compliant third party clients.
GSW =
SSH2
CLIENTS
All the powerful and popular GSW Cl=
ient
options and features described in the GSW UTS are available for the GSW SSH2
server except where specifically noted. Georgia SoftWorks offers SSH2 Clien=
ts
for the following platforms:
|
Method
to Launch Client |
||
|
Window
98/ME |
Yes |
Program Group Shortcu=
t |
|
Windows
NT 4.0 |
Yes |
Program Group Shortcu=
t |
|
Yes |
Program Group Shortcu=
t |
|
|
Yes |
Program Group Shortcu=
t |
|
|
Windows
|
Yes |
Program Group Shortcu=
t |
|
Windows 2003 |
Yes |
Program Group Shortcu=
t |
|
|
|
|
|
Windows
CE .NET 4.2 |
Yes |
Device Desktop Shortc=
ut |
|
No |
|
|
|
Yes |
Device: Start|Programs|GSW Telnet and SSH |
|
|
Teklogix 7535 devices=
(Windows CE .NET 4.2)=
|
Yes |
Device Desktop Shortc=
ut |
|
Java Client |
No |
|
|
Java Applet |
No |
|
<=
span
style=3D'font-family:"Times New Roman"'>Table 3: GSW SSH2 Client Platforms