If you're still administering *NIX servers over the Internet using rsh or telnet, stop right now. OpenSSH is an inexpensive improvement well worth the minimal effort required to install and configure it. You can also use SSH to set up simple "circuit level" VPNs.

Lisa Phifer
VP Core Competence, Inc.

It's midnight and you've just been paged. Your largest, multi-domain web server is on the blink. You quickly rshell or telnet in to fix the problem. In doing so, you've probably just transferred sensitive information—your root password—over the public Internet. What's to stop a wily hacker from sniffing your password, then masquerading as you to exploit your server? If you're security-savvy, you've used something like Secure Shell (SSH) to avoid this common breach of security.

Originally designed as a secure replacement for *NIX "r" commands—rsh, rlogin, rcp—SSH uses strong authentication and encryption to secure management sessions. But somewhere along the way, SSH morphed. Today, SSH2 is a general-purpose secure tunneling protocol. As such, it can be used to construct a type of virtual private network sometimes referred to as a circuit-layer VPN.

In this article, we take a hands-on look at the two faces of SSH2: the open source *NIX implementation freely available from OpenSSH, and a trio of commercial Windows clients sold by F-Secure (formerly DataFellows), SSH Communications, and VanDyke Technologies. We'll show you how to enable secure administration and create a circuit-layer VPN with OpenSSH. We'll also illustrate multi-vendor compatibility between OpenSSH and these three Windows clients.