Installation
of the GSW SSH2 Server software is simple and quick. From Windows NT/XP/VISTA/2000/2003/2008
perform the following:
1. Run the setup.exe program. The Welcome screen
of the setup program is displayed and you are reminded and urged to exit all
windows programs before continuing. You are also reminded that you must have administrative privileges to install this
program. Click Next.
Figure
4: Installation Welcome
Screen
1.
A screen is displayed
indicating the folder where the GSW SSH2 Shield will be installed. The default
is:
C:\Program
Files\Georgia SoftWorks\Georgia SoftWorks SSH2 SHIELD.
You may change the installation directory
at this time. Note: Make sure that the users of the SSH2 Server have full
access to the installation directory.
Figure 5:
Installation – Choose Destination Folder
Select the Program Folder for the
SSH2 Server. Click Next.
2.
A shell opens a window with
installation status lines similar to the figure below.
Figure 6:
Installation – Command Shell Status Lines
3.
Now the Setup is
complete! Click Finish and Now its time to register the SSH2 Server!
Figure 7: Installation Complete
Please view the readme.txt file as it may contain late breaking
information about the SSH2 Server that has not yet made it into the User
Manual. Release notes are also contained in the readme.txt
file.
Figure 8: GSW UTS Program Group
Installation will result in the Georgia SoftWorks program
group item “Installation Status” showing GSW SSH2 as installed. Additionally
the version of the GSW SSH Shield is displayed along with the status of the
server and other Georgia SoftWorks software that may be installed.
Figure 9: SSH2 Installation Status
The GSW SSH2 Server is licensed for a single server.
The license must be activated for the software to
operate. To activate the license a valid Serial Number is required and is examined
periodically by the SSH2 Server software. The Serial Number also allows new
versions to be downloaded and installed for the duration of your subscription
plan.
Two
methods exist to obtain a valid Serial Number.
- Registration
via Floating License (default method)
The
Serial Number is pre-programmed into a specific hardware key that came with
your purchase. The hardware key connects to a parallel or USB port on the server.
See page 11 for details on registration via the Floating License.
- Registration
via Software Serial Number.
This
method exists for environments that do not support Parallel or USB ports. In
brief this entails providing GSW with a machine specific Product ID. A Serial
Number is generated based on the Product ID. This is usually performed via
email, fax or telephone. See page 18 for details on Software registration.
The Georgia
SoftWorks Floating License provides the flexibility to rapidly move the GSW
SSH2 Server from one machine to another. If you are unable to use the
Floating License - skip this section and go to the section on Registration via
Software Serial Number on page 18.
NOTE: When a SSH2 Server Pack is purchased
(SSH2 Server and GSW Telnet Server), the same physical Floating License will
contain valid Serial Numbers for both products.
With the
Floating License NO software registration is required for the SSH2
Server to operate.
Common
scenarios where the Floating License is useful include:
·
Laboratory usage
in a development or test environment
where the SSH2 Server is required for short periods of time on any particular
machine and then moved to a new machine.
·
Backup Servers in
a production environment.
Typically multiple SSH2 Servers are purchased for backup systems, however with
a Floating License the Hardware Key can be quickly moved from the primary
machine to the backup without any other registration requirements.
·
Environments where
a failed server must be replaced or rebuilt and immediately restored to
operation with full SSH2 Server capability.
The Georgia
SoftWorks Floating License is a hardware key that connects to a female
parallel port connector or USB Port on the server. The parallel port Floating License
does not impact functionality of the port for other uses. The parallel hardware
key acts as a pass-through allowing normal connections to the other side of the
key.
The Georgia
SoftWorks Floating License is a hardware key that can be ordered for a Parallel
or USB Port.
|
Parallel Port Floating License
|
USB Floating License
|
|
Figure 10: Floating License –
Parallel Port
The Parallel Port Floating License is a Pass Through
allowing normal function of the port.
|
Figure 11: Floating License -
USB Port
Not attached to a
Server
|
|
The Parallel Port Floating License connects to a female
parallel port on the server and does not impact functionality of the port for
other uses. It acts as a pass though allowing normal connections to the other
side of the key.
|
USB LED Lights when Installed
|
Figure 12:
Floating License - Hardware Key
The SSH2
Server will recognize the presence of the key and activate the software with
the proper date for which free version upgrades can be obtained. It does not
matter which parallel or USB port on the server the Hardware Key is installed,
as all ports will be scanned for the installation of the key.
The Floating
License currently is installed using the manufacturer (Aladdin) of the hardware
key’s setup program. It is described below. The name of the hardware key is
HASPHL and you will see it displayed in the setup screens.
1.
Plug the hardware key
onto the parallel or USB port on the server.
Note: If you are using a USB Floating
License on a Windows NT system run the file aksnt4usb.exe
prior to the following steps.
2.
Copy the files from
the Floating License folder(hardkey) on the provided CD to the hard drive on
your sever.
3.
Run the HASPUserSetup.exe program and follow the installation
instructions. (After installation of the hardware key install the SSH2 Server
as described on page 6.)
You
will first see the Aladdin Splash Screen. The Aladdin Splash Screen will
display for about 5 seconds.
Figure 13:
Floating License - Installation Splash Screen
4.
The next screen displayed
is the Aladdin Welcome Screen.
Figure 14:
Floating License – HW Key Initial Installation Welcome Screen
As the dialog indicates, if you have any running
application please close them now.
Click Next
Figure 15:
Floating License - License Agreement
Read the license agreement and select “I accept the license
agreement”, and then Click Install.
Figure 16:
Floating License - Accept License Agreement
5.
An installation
status progress meter is quickly displayed.
Figure
17: Floating License - HW Key - Installation Status
6.
When the installation
of the Aladdin Hasp Device driver is complete the screen below is displayed. Click
Finish.
Figure 18:
Floating License Drivers Successful Installation
7.
Plug the hardware key
onto the parallel or USB port on the server.
NOTE: On
some systems you may have to reboot the server after installation. If the
Floating License is not recognized (by the GSW SSH2) after installing the
driver, please reboot the server.
In the event
that you need to remove the Floating License (Aladdin HaspHL) please use the
Windows Control Panel Add/Remove Programs administrative utilities.
NOTE: Removing the Floating License will
disable the SSH2 Server.
To run the GSW
SSH2 Server you must first register the software. (This registration is NOT
required if you installed the Floating License, Page 11) Registration via Software Serial Number entails just a few
steps that involve obtaining the Product ID and providing this Identification
to Georgia SoftWorks so a Serial Number can be generated. Georgia SoftWorks
will provide you with the Serial Number based on the Product ID. When you enter
the Serial Number into the Registration Tool, click Register.
NOTE: Read System Signature chapter at the end
of manual (page 53).
To run the
registration software -
·
Select the Start
button on the task bar; select Programs, then Georgia SoftWorks UTS
Server and then Registration.
Prior
to registering the SSH2 Server, a reminder dialog is presented indicating that
the SSH Shield is not registered.
Figure 19:
Registration – SSH Shield is not registered for use
The GSW SSH2 Server will be fully functional for a Trial
Period of 30 days without requiring registering when installed for the first
time on a system. Click OK
IMPORTANT NOTE: If you already own a GSW Telnet Server
and you want to run a 30 day trial of the GSW SSH2 Server then you will need to
request a 30 day trial serial number from Georgia SoftWorks. Please save a
copy of the current SERIAL NUMBER for your telnet server prior to installing a
30 trial GSW SSH2 Server. In the event that you do not purchase the GSW SSH2
Server prior to the expiration of the trial you will need to apply your
original serial number to re-activate the original GSW Telnet Server.
Next, the registration screen is displayed. The Registration program
automatically fills in the Product Information fields as shown in the figure
below. Complete the Customer Information fields as shown in the figure below.
Note: The Product Information Name and Version
must contain valid data or it will not generate a correct Product ID.
Figure 20: GSW
Registration - Initial Screen
Note that the
Customer Information and Serial Number in the Registration Information may be
already filled. This will be the case if the GSW UTS has previously been
registered and operating as the GSW Telnet Server.
1.
Please complete the Customer
Information , Purchased From and the Application software fields in
the Registration Screen.
2.
The registration
information must be provided to Georgia SoftWorks to obtain the Serial Number.
Several methods are available for your convenience.
1.
Save the information
to a file and email it to Georgia SoftWorks - Preferred method.
Please
save (using the Save to file button on the registration screen)
this information to a file and email to Georgia SoftWorks registration@georgiasoftworks.com
OR
2.
Print the information
and Fax it to Georgia SoftWorks
Please print (using the Print
button on the registration screen) this information and fax to Georgia
SoftWorks - 706.265.1020
Once
Georgia SoftWorks receives the information, we can generate a Serial Number on
demand. We will reply back via Fax or email. You may close
the registration program at this time.
3.
When the Serial
Number is provided run the Registration Program again and enter the Serial
Number. The easiest method to get the serial number is to highlight the
returned Serial Number and copy (ctrl-c). Then position the mouse in the Serial
Number field in the Registration Information box and paste (ctrl-v).
Figure 21:
Registration - Serial Number Applied
4.
Click Register.
Figure 22:
Registration Successful Screen
5.
Click OK.
Now the
software is registered.
You will
notice that in this case the Parameter field in the registration form is set to
3000, SSH Shield. This indicates that the SSH2 Server is installed and registered
and is enabled for 3000 sessions.
Figure 23: Registration Verification
If you have
purchased the Federal Information Processing Standards Publications (FIPS
140-2) option you can verify that it is enabled by viewing the registration
screen as shown below in Figure 24.
Please note that the GSW SSH2 Server must be installed for the FIPS option to
be available. GSW True FIPS 140-2 compliant connections can be identified using
the GSW Session Administrator in the GSW UTS Server. Please see the GSW UTS
Users Guide for further details.
Figure 24: Registration -
Verify that FIPS 140-2 is Enabled
IMPORTANT: READ SYSTEM SIGNATURE CHAPTER AT END OF
MANUAL (page 53).
You may now
run the Georgia SoftWorks SSH2 Server. Note that you will be able to obtain
Free Updates until the date specified
Using the Installation Status
Program Item within Georgia SoftWorks UTS program group, you can view the
Installation Status of the GSW UTS and SSH2 Server. Another useful utility is
to use the Windows Control Panel to view and alter the status of the GSW SSH
and the GSW UTS services.
Figure 25:
Control Panel - GSW SSH2 Services Started
The Georgia SoftWorks
GSW_SSHD service and the Georgia SoftWorks Universal Terminal Server should
both have a status of Started and a Startup Type of Automatic.
Using the Windows Services
utility is the recommended method to start and stop the GSW services when
required.
GSW provides a
Federal Information Processing Standards Publication (FIPS) 140-2 compliant
option for those entities with requirements to meet cryptographic module
security standards to protect sensitive and valuable data. FIPS standards are
either mandated or recommended for use in federal government information
technology (IT) systems.
Georgia
SoftWorks undertook a purposed and specific development effort in order to
provide required FIPS 140-2 compliant SSH2 server and client software to the
United States Military. Having completed this task, GSW is able to make this
software available to other branches of the Federal government as well as State
governments and other institutions including research, educational and commercial.
In addition to
the development required for FIPS 140-2 compliance of the GSW server and client
software, the GSW mobile clients must run on an operating system that is FIPS
140-2 certified or provides a cryptographic module that has been certified.
In order that
your SSH2 connections are FIPS 140-2 compliant you must ensure that you have
the minimum GSW software versions as well as the proper Windows Mobile/CE
operating system version.
Software Requirements for FIPS Compliancy
|
GSW Software
|
Version
|
|
|
Certificate
|
|
GSW UTS Server
GSW SSH2 Server
|
7.50+
|
|
|
#918
#918
|
|
7.50+
|
|
|
|
GSW Desktop Clients
|
7.50+
|
|
|
#918
|
|
GSW CE/Mobile Clients
|
7.50+
|
|
|
#560,#
825
|
|
|
|
|
|
|
Table 1: GSW Software versions required for FIPS 140-2
|
Required Device Operating
System for Mobile/CE Clients
|
|
|
|
Certificate
|
|
Windows CE 5.0
Depends on Vendor
- Made available to OEMs via Windows Update
061211_KB911762
|
|
|
|
#560
|
|
Windows Mobile 5.0
|
|
|
|
#560
|
|
Windows CE 6.0
|
|
|
|
#825
|
|
Windows Mobile 6.0
|
|
|
|
#825
|
|
Windows Mobile 7.0
|
|
|
|
|
Table 2: Device Operating System Versions Required for
FIPS 140-2
The significant aspect of the
client device operating system is that the version of the cryptographic module
rsaenh.dll must be NIST (National Institute of Standards and Technology)
certified, which begins with build 14343.0.0. With Windows CE 5.0 extra
attention should be taken to ensure the version of rsaenh.dll. This may require
contacting the device vendor to determine the correct version number of that
cryptographic module.
FIPS 140-2 must be enabled on both the GSW SSH2 server and
the GSW clients to complete a FIPS 140-2 compliant connection.
Figure 26: GSW True FIPS 140-2 Connection – Server and
Client
Proper
registration will enable the FIPS option on the SSH2 Server. View the
registration tool to ensure the GSW SSH2 Server is registered with the FIPS
option enabled.
Select the
Start button on the task bar; select Programs, then Georgia SoftWorks UTS
Server and then Registration. The current registration information is
displayed.
Figure 27: FIPS 104-2 Option Enabled
In the Parameter field you will observe the number of concurrent sessions
allowed followed by the text “SSH Shield” indicating that the GSW SSH2 server
is installed and FIPS indicating that the FIPS 140-2 option is enabled.
Desktop
Client
Use the “–i”
command line parameter when launching on GSW Desktop clients to enable FIPS
140-2 option. Please see the UTS users manual for a description and examples of
desktop client command line options.
When FIPS
140-2 enabled GSW desktop clients are launched you will receive a banner
indicating that the “-i” command line parameter was issued by
the client.
Figure 28: Desktop Client "-i" option issued
Please note that to have a both ends (client and server)
FIPS 140-2 compliant, FIPS 140-2 must be enabled on the GSW SSH2 Server too.
Mobile/CE Clients
Enable FIPS140-2 on GSW
Mobile/CE clients via the Encryption list box. The Mobile/CE device screen that
you see will be similar to the ones below.
Figure 29: Enable FIPS 140-2 on GSW Mobile Clients
Please note that to have a both ends (client and server)
FIPS 140-2 compliant, FIPS 140-2 must be enabled on the GSW SSH2 Server too.
Using the UTS Session Administrator you can verify True GSW
FIPS 140-2 compliant connections. An asterisk “*” will be
prepended to the user name for connections that are FIPS 140-2 compliant for
both the client and the server.
The possibility exists
that a third party client may be FIPS 140-2 compliant but it cannot be verified
unless it is a GSW client.
Figure 30: Verify FIPS 140-2 Compliant Connections
.
The
Installation folder of the GSW UTS is as follows
Figure 31:
Installation Folder Layout of the GSW UTS
The folders of interest are:
·
Clients: Contains
all the GSW clients for the SSH2 Server and the Telnet Server.
o 753x Contains the GSW
Client for Teklogix 753x devices.
o ARMV4CE Contains the GSW Client for
ARM devices
o CK30 Contains the GSW Client
for Intermec CK30 devices
o Desktop Contains the GSW
clients that run on Windows Desktops.
o PPC2002 GSW Clients for Windows
Pocket PC 2002 class devices
o PPC2003 GSW Clients for Windows
Pocket PC 2003 class devices.
o X86 Contains the GSW
Client for x86 based devices
·
Doc: Contains
the documentation for your viewing or printing.
·
GSJC Contain
the files for the GS Java Client and Applet
·
Log Contains
the GSW UTS Log files to provide to the GSW Technical Support Group
in the event of a problem. See page 54 for more information.
·
Scripts This
is where your logon scripts will reside. See GSW UTS User Manual.
The installation folder layout of the GSW SSH2 Shield is as
follows under the Windows\Program Files folder.
Figure 32:
Installation Folder Layout of the GSW SSH2 Shield
The Georgia
SoftWorks UTS logs folder contains the GSW SSH2 Server log files to provide to
the GSW Technical Support Group in the event of a technical problem.
No
configuration is required beyond installation in order for the GSW SSH2 Server
to operate providing secure logon, strong encryption and data integrity on an
insecure network. Optional SSH2 Configuration is provided if necessary. The GSW
SSH2 Server reads configuration values each time the GSW_SSHD service is
started.
Allow only AES-256 Encryption
The default configuration
restricts connections to those clients offering only the strongest encryption
AES-256. In the event you do not want to require the strongest encryption then
the GSW SSH2 Server can be configured to allow the client to negotiate the
encryption.
This
configuration is contained in the registry key bAES256Only which is a flag. The key is:
HKEY_LOCAL_MACHINE\SOFTWARE\Georgia
SoftWorks\GSW_SSHD\Parameters\bAES256Only
The default
value is 1. (Only allow clients with AES-256 to connect)
You may allow
the SSH2 client to negotiate the encryption strength by setting it to 0x0.
The following is a procedure to change the registry key for the AES-256 Encryption Only flag.
Note: You must
be on the Windows NT/XP/VISTA/2000+ system that the Georgia SoftWorks SSH2
Server is installed. However you may connect to the SSH2 Registry from a remote
location.
1.
Click the Start
button at the bottom left corner of your screen.
2.
Click RUN
3.
Type REGEDT32
4.
Click OK
5.
Select Windows item
HKEY_LOCAL_MACHINE
6.
Select the menu item Edit
7.
Move the mouse
pointer and click Find
8.
Type bAES256Only
9.
Click on Find Next
10.
Select the menu item Edit
and then click on Modify
11.
Enter the new value
for the Allow AES-256 Only flag and click OK
The new
value will take effect when the GSW SSHD service is restarted.
The default port number is port 22. You
can change the port number to the port of your choice.
Important: Be sure that you also change the port
number on the SSH2 clients to the same port number configured on the SSH2
Server.
In the
event you want to change the SSH2 port on the server you can do so by changing
the following registry key.
This
configuration is contained in the registry key usGSWSSHDPort which is a number. The key is:
HKEY_LOCAL_MACHINE\SOFTWARE\Georgia
SoftWorks\GSW_SSHD\Parameters\usGSWSSHDPort
The default
value is 22.
This following
is a procedure to change the registry key for the SSH2 port number.
Note: You must
be on the Windows NT/XP/VISTA/2000+ system that the Georgia SoftWorks SSH2
Server is installed. However you may connect to the SSH2 Registry from a remote
location.
1.
Click the Start
button at the bottom left corner of your screen.
2.
Click RUN
3.
Type REGEDT32
4.
Click OK
5.
Select Windows item
HKEY_LOCAL_MACHINE
6.
Select the menu item Edit
7.
Move the mouse
pointer and click Find
8.
Type usGSWSSHDPort
9.
Click on Find Next
10.
Select the menu item Edit
and then click on Modify
11.
Enter the new value
for the SSH2 Port number and click OK
The new
value will take effect when the GSW SSHD service is restarted.
The SSH2 Server RSA Private
Key is in an encrypted file and is in the PEM format.
This configuration is
contained in the registry key szServerRSAKeyFile which
is a text string.
You can change the location
by modifying the registry key.
The key is:
HKEY_LOCAL_MACHINE\SOFTWARE\Georgia
SoftWorks\GSW_SSHD\Parameters\szServerRSAKeyFile
The default value is the
installation folder for the GSW SSH2 Shield.
C:\Program
Files\Georgia SoftWorks\Georgia SoftWorks SSH Shield\sshd_rsa.key
The following is a procedure
to change the Location of SSH2 Server RSA Private Key.
Note: You must be on the
Windows NT/XP/VISTA/2000+ system that the Georgia SoftWorks SSH2 Server is
installed. However you may connect to the SSH2 Registry from a remote location.
1.
Click the Start button at
the bottom left corner of your screen.
2.
Click RUN
3.
Type REGEDT32
4.
Click OK
5.
Select Windows item
HKEY_LOCAL_MACHINE
6.
Select the menu item Edit
7.
Move the mouse pointer and click Find
8.
Type szServerRSAKeyFile
9.
Click on Find Next
10. Select the menu item Edit and then click on Modify
11. Enter the new value for the Server RSA Key Location
and click OK
The
new value will take effect when the GSW SSHD service is restarted.
The SSH2 Server DSA Private
Key is in an encrypted file and is in the PEM format.
This configuration is
contained in the registry key szServerDSAKeyFile which
is a text string.
You can change the location
by modifying the registry key.
The key is:
HKEY_LOCAL_MACHINE\SOFTWARE\Georgia
SoftWorks\GSW_SSHD\Parameters\szServerDSAKeyFile
The default value is the
installation folder for the GSW SSH2 Shield.
C:\Program
Files\Georgia SoftWorks\Georgia SoftWorks SSH Shield\sshd_dsa.key
Note: You must be on the
Windows NT/XP/VISTA/2000+ system that the Georgia SoftWorks SSH2 Server is
installed. However you may connect to the SSH2 Registry from a remote location.
1.
Click the Start button at
the bottom left corner of your screen.
2.
Click RUN
3.
Type REGEDT32
4.
Click OK
5.
Select Windows item
HKEY_LOCAL_MACHINE
6.
Select the menu item Edit
7.
Move the mouse pointer and click Find
8.
Type szServerDSAKeyFile
9.
Click on Find Next
10. Select the menu item Edit and then click on Modify
11. Enter the new value for the Server DSA Key Location
and click OK
The new
value will take effect when the GSW SSHD service is restarted.
Internal SSH2 Activity Logging FLAG for Debugging.
In the event that GSW
Technical Support requires additional information you may need to turn on SSH2
internal activity logging.
You can activate the internal
SSH2 activity logging by modifying the following registry key.
This
configuration is contained in the registry key bEnableWODLog
which is a flag. The key is:
HKEY_LOCAL_MACHINE\SOFTWARE\Georgia
SoftWorks\GSW_SSHD\Parameters\bEnableWODLog
The default
value is 0.
Note: You must
be on the Windows NT/XP/VISTA/2000+ system that the Georgia SoftWorks SSH2
Server is installed. However you may connect to the SSH2 Registry from a remote
location.
1.
Click the Start
button at the bottom left corner of your screen.
2.
Click RUN
3.
Type REGEDT32
4.
Click OK
5.
Select Windows item
HKEY_LOCAL_MACHINE
6.
Select the menu item Edit
7.
Move the mouse
pointer and click Find
8.
Type bEnableWODLog
9.
Click on Find Next
10.
Select the menu item Edit
and then click on Modify
11.
Enter the new value
for the Enable Activity Logging and click OK
The new
value will take effect when the GSW SSHD service is restarted.
Internal SSH2 Activity Log file location for Debugging.
In the event that GSW
Technical Support requires additional information you may need change the SSH2
internal activity log file location.
You can
modify the internal SSH2 activity log file name and location by modifying the
following registry key.
This
configuration is contained in the registry key szWODLogFile
which is a text string. The key is:
HKEY_LOCAL_MACHINE\SOFTWARE\Georgia
SoftWorks\GSW_SSHD\Parameters\szWODLogFile
The default
value is the log folder in the GSW UTS Installation directory. Usually this is:
C:\GS_UTS\log
NOTE: bEnableWODLog must be set to 1 for the log file to
operate.
Note: (you
must be on the Windows NT/XP/VISTA/2000+ system that the Georgia SoftWorks SSH2
Server is installed. However you may connect to the SSH2 Registry from a remote
location).
1.
Click the Start
button at the bottom left corner of your screen.
2.
Click RUN
3.
Type REGEDT32
4.
Click OK
5.
Select Windows item
HKEY_LOCAL_MACHINE
6.
Select the menu item Edit
7.
Move the mouse
pointer and click Find
8.
Type szWODLogFile
9.
Click on Find Next
10.
Select the menu item Edit
and then click on Modify
11.
Enter the new value
for the Activity Log File Name and Location and click OK
The new
value will take effect when the GSW SSHD service is restarted.
After Installation, Registration, and Configuration the GSW
SSH2 Server is ready to use.
See User Manual for the GSW Universal Terminal Server for
information on the powerful features available to the GSW SSH2 Server.
In addition to
the GSW SSH2 clients, the Georgia SoftWorks SSH2 Server is compatible with all
SSH2 compliant third party clients.
All the
powerful and popular GSW Client options and features described in the GSW UTS
are available for the GSW SSH2 server except where specifically noted. Georgia
SoftWorks offers SSH2 Clients for the following platforms:
Table
3: GSW SSH2 Client Platforms
Please see the
Georgia SoftWorks UTS User Guide for detailed description of client features
and options.
In general the
GSW client installation procedures and features described in the GSW UTS User
Manual are applicable to the GSW SSH2 Clients. The strongest AES-256
Encryption is automatically selected.
To invoke the
GSW SSH2 Client, use the GS SSH2 Client shortcut in the GSW UTS program group.
When connecting with the GSW SSH2 desktop client you will get a logon banner
similar to the one displayed below. The Host, Username, Password, and domain
prompts are presented.
Figure 33: GSW
SSH2 Desktop Client
GSW provides
SSH2 clients for Pocket PC Class Devices. Installation is as described in the
GSW UTS User Manual. Items specific to the GSW SSH2 Pocket PC clients are noted
below.
Upon
installation of the GSW UTS PPC2003 client you have the connection
configuration similar as pictured below. The main item of interest is the Port
selected to use for the SSH2 connection. The normal port used for SSH2
connections is port 22. Please configure as identified.
Port 22 is used for SSH2 connections
|
|
Figure 34: GSW
PPC 2003 Client
To enable SSH2 encryption click on the Options button.
After clicking on the Options Button the
following screen is displayed. The encryption combo box allows the options No
encryption, 40-bit, 128-bit, SSH2 and FIPS SSH2. Options selected that do not
fit into the context of the GSW Server will result in a failed connection. For
example, selecting FIPS SSH2 encryption when the GSW SSH2 server does not have
FIPS enabled.
Figure 35: GSW PPC 2003
Client – Options
Note: The Yellow SSH2 symbol confirms that the SSH2
protocol is in use.
|
|
Figure 36: GSW PPC 2003 Client - SAPConsole - SSH2
Georgia
SoftWorks provides a Windows CE .NET 4.2 SSH2 client for the Psion-Teklogix
7535 devices. Below are some screen images of the GSW SSH2 Client in action.
Upon launching
from the shortcut on the Teklogix desktop the initial screen (Figure 37) is displayed. From the Initial
Screen you have the menu options File, View, Session and Help.
The Session
menu (Figure 38) item provides the
mechanism to Connect, Disconnect and to configure your session configuration
settings.
By selecting the Session -> Settings the screen below (Figure 39) is presented allowing
configuration of the Host, Port, User, Password and Domain. Selecting the
Options button provides similar options as presented in the GSW Pocket PC 2003
Client (Figure 35).
When the configuration is complete you can save the session
configuration information by using the File menu item (Figure 40). You may recall the configuration and minimize the
amount of data typed to connect. It also provides the flexibility to save
several profiles if needed.
Using the Menu item Session->Connect, the connection is
established and Figure 41 is an
example of a connection to SAP via SAPConsole.
After the work is complete
the session is disconnected by using the Menu item Session->Disconnect.
The GSW SSH2
Server allows connections from 3rd Party SSH2 Clients.
Please see the
Users Manual of the 3rd party SSH2 client of interest for operations
of that client. We have included screen shots from three popular SSH2 clients
operating with the GSW SSH2 Server.
Below is a
screen shot of the SecureCRT SSH2 Client connected to the GSW SSH2 Server and
running SAP via SAPConsole.
Figure 43: 3rd
Party Client – SecureCRT – SAPConsole
Below is a
screen shot of the PuTTY SSH2 Client displaying some of the GSW International
character support.
Figure 44: 3rd Party Client - PuTTY - Unicode
Below is a screen shot of the F-Secure SSH Client connected
to the GSW SSH2 Server and running SAP via SAPConsole.
Figure 45: 3rd
Party Client - F-Secure SSH Client
A user account’s domain
can be specified in the SSH2 client’s user name field. If a domain is not specified
then the GSW UTS will use the default domain configured in the UTS registry. If
a UTS default domain is not configured and a domain is not specified in the
SSH2 client’s user name field then the system will attempt to validate the user
account logon using the local account database.
Use the following syntax
to specify the domain in the SSH2 client’s user name field:
username@domainname
where username
is the name of the user and domainname
is the name of the domain.
If a default domain is
specified in the UTS registry then the domain entered above will take
precedence. Please see the GSW UTS User Manual for more information.
Registry Variables
Many registry variables exist for provisioning the system.
Registry variables are an excellent method to configure software while
utilizing skills already learned by the system administrator. There is no need
to learn yet another interface to provision the software. Here is a list of the
registry variables and a brief description of their use. Please see the
appropriate section in this User Manual for complete descriptions.
All Registry values used by the
Georgia SoftWorks SSH2 Server are stored in the following Registry path.
HKEY_LOCAL_MACHINE\SOFTWARE\Georgia
SoftWorks\GSW_SSHD\Parameters
- bAES256Only
- Allow for AES-256
connections only. Default = 1. (Page 31)
- bEnableWODLog
- Turn Logging ON for SSH
internals activity. Default = 0 (Page 35 )
- dwInactivityTimeout
- Reserved, do not change
- szServerAddress
- Reserved, do not change
- szServerDSAKeyFile
- Location of SSH2 Servers DSA
private key file in PEM format. The
file is encrypted. (Page 34)
- szServerRSAKeyFile
- Location
of SSH2 Servers RSA private key file in PEM format. The
file is encrypted. (Page 33)
- szWODLogFile
- Path and File Name of the
SSH internal activity log file.
To enable the log bEnableWODLog must be set to 1. (Page 36)
- usGSWSSHDPort
- The port number clients
will be connecting to.
Default = 22(decimal) is the standard port assigned to SSH2.
(Page 32)
Additional information about FIPS and NIST can be found
using the following links.
http://csrc.nist.gov/publications/PubsFIPS.html
Certificate
numbers
Table 4: FIPS 140-2 certificate links
The GSW Subscription plan
provides access to the most current versions of the software as well as
priority support.
In general, Georgia SoftWorks
releases a new version as soon as new features are ready rather than waiting
for quarterly or annual releases. Due to our development and release
generation methods and JIT User Manual production we can release software on a
much more frequent basis than other organizations. As soon as features or
defect resolutions are Alpha and Beta tested we generate a release. This
provides our customers with features much quicker than the “grouping” or
“scheduling” method used by other companies.
The GSW SSH2 Server (and
Rocket Pack, RF DTIO) Subscription grants access to free version upgrades for
the duration of the subscription. The duration is either 1, 2 or 3 years. This
is good as you can obtain new versions of the software at your convenience,
obtaining all new features and defect resolutions.
NOTE: New versions can be downloaded from our web site at
you convenience.
The GSW
Subscription plan is an excellent value. Even if you upgrade the software once
every few years you will save with the subscription.
Version Upgrade Pricing with Subscription Plan
|
|
TIME FROM DATE OF PURCHASE
|
PRICE
|
|
For the Duration of Plan
(1, 2 and 3 year plans are available).
|
Free
|
Table 5: Version Upgrade
Pricing with GSW Subscription Plan
The pricing
for version upgrades without the Subscription is based on the period of time
since the date of the original purchase or last version upgrade.
Version Upgrade Pricing without Subscription Plan
|
|
TIME FROM DATE OF PURCHASE
|
PRICE
|
|
Less than 60 days
|
Free
|
|
Greater than 60 days but less than 1 year
|
50% of the current list
|
|
Greater than 1 year
|
90% of the current list
|
Table 6: Version Upgrade
Pricing Without Subscription Plan
1.
Download the software or use the
supplied CD.
2.
Make sure the SSH2 Server is not
in use.
3.
Run the Setup Program for the
Update as done in the original installation.
4.
You may specify the same or
different installation folder.
Please use the following
procedure when renewing the GSW SSH2 Server or Rocket Pack Subscription.
|
Step
|
Who
|
Action
|
|
1.
|
GSW
|
|
Send notice to customer indicating that the subscription
is about to expire. The notice is sent approximately 4 to 8 weeks prior to
the expiration of the plan.
|
|
2.
|
|
Customer
|
Places order for new subscription
|
|
3.
|
GSW
|
|
Confirms Order
|
|
4.
|
GSW
|
|
Ships current software, documentation and new Floating
License (if applicable)
|
|
5.
|
|
Customer
|
Install new Floating License (and software if desired)
|
|
6.
|
|
Customer
|
Ships OLD Floating License
back to GSW
|
Table 7: Steps
to Renew the GSW Subscription Plan
NOTE: This section only applies to Software Registration
The registration software obtains a system signature that is
unique to your system. This signature is an added security measure to inhibit
unauthorized personnel to obtain working copies of the GSW SSH2 Server.
The signature is comprised of hardware and software
identifiers that exist on your system that make the target system unique. These
identifies are hashed into a Product ID and a Serial Number can be generated
from this Product id.
If major hardware components of your system are removed,
replaced or modified your Serial Number may discontinue to work and you
may need a new Serial Number to obtain access to the SSH2 Server. Please
contact Georgia SoftWorks Technical Support if needed.
In order to
keep Technical Support Free please help keep our cost down.
·
Gather all relevant
system and environment information.
·
Write your question
down. This not only helps us but also helps you in articulating the question.
A typical
sequence when GSW Technical Support needs the logs files are to delete the log
files, reproduce the behavior in question and email the log files, which are
recreated during the test, to GSW Support.
Email Support Tips:
To expedite support for suspected problems please perform
the following test steps below to help us diagnose the issue.
1. Disconnect all users. Make sure that no
other user connects at the time of the test.
2. Wait 5 minutes
3. Delete the Log files
Delete all log files from the GSW
UTS Server installation ‘Log’ subdirectory on the computer running
the GSW Universal Terminal Server. (Usually c:\GS_UTS\Log)
4. To expedite resolution, reboot the Server
if possible
5. Duplicate the problem.
6. The log files are automatically
re-created. Send us the files in an email to support@georgiasoftworks.com
7. Please also include
a. A description of the problem
including User ID’s, Domain and IP Addresses
b. The logon script associated with the user
experiencing the problem. (That is the c_start.bat or the k_start.bat
file that resides in the scripts folder in the GSW UTS directory
c. And of course your contact information.
If the question is not an emergency, please use e-mail at support@georgiasoftworks.com. We
try to respond within 24 hours.
Or Call 706.265.1018 EST, M-F 9:00 a.m. to 5:00 p.m. and have your Product ID ready
