SSHield SSH (617)
SSHield is a standards based secure shell (SSH / IETF SECSH) protocol implementation designed specifically for embedded and real-time operating systems such as VxWorks, pSOS and embedded variants of Linux. It includes client and server components, secure FTP (SFTP), secure copy (SCP) and multiple authentication methods. It is a member of the SSecure family of network security products offered by TeamF1.
- SSH protocol client and server support with both SSHv1 and SSHv2
- Includes sftp client and server as well as scp with flexible library-style API
- Works with standard SecureShell client/server implementations on other platforms
- Supports password authentication in addition to public-key user authentication
- Supports external Kerberos, RADIUS and X.509 digital certificate authentication
- Supports custom authentication mechanisms
- Port Forwarding for X11 and legacy applications
- Supports data compression, multi-tasking support, and has APIs for target-based key generation
- FIPS 140-2 Ready
- Includes modular, FIPS-certified crypto to scale out unneeded ciphers and hashes
- Overridable PRNG functionality
- Uses abstracted file IO system with IO layer built on top of standard
- Native OS socket interface
- Native support for various VxWorks versions including 5.3.x, 5.4.x, 5.5.x, 6.x, and AE/AE653, pSOS 2.x/3.x, and Linux kernels 2.4 and 2.6
- Requires no special OS source modifications
- Integrated with host tools for platform build and install methodology
- Enhanced memory management and partition support
- Export classified
- Support for CPU types of either endian-ness including PowerPC, MIPS, X86, ARM/XScale, SH
- Available in full-source format
- Configurable choice of encryption and authentication methods
- Overridable PRNG functionality
- Hooks to use configurable datasources in lieu of file-systems
- Configurability for proprietary external authentication mechanisms
- Customizable hardware assist functionality
- Complete scalability of unwanted components and ciphers
- SSLimSecure SSL: Secure Socket Layer & TLS
- V-IPSecure IPSec & IKE: Network Layer Security
- FireFly: IP-Filtering Firewall
- AuthAgent Kerberos / RADIUS: Kerberos / RADIUS authentication
SSHield is a robust, standards based, small-footprint Secure Shell (IETF SECSH) implementation for real-time and embedded operating systems such as VxWorks and embedded versions of Linux. Its unique, advanced features include a suite of secure applications such as secure copy (scp), secure FTP (sftp and sftpd), a built-in version of modular FIPS-certified crypto libraries, and support for multiple authentication mechanisms.
The SSHield implementation of the SSHv1 protocol uses RSA based authentication and encryption using public-key cryptography. Its SSHv2 implementation can use either RSA and DSA based authentication and provides additional methods for encryption, including the Advanced Encryption Standard (AES).
SSHield supports the following encryption ciphers and is further capable of supporting others from the included crypto library or new ones as they are developed:
- AES (FIPS certified)
- 3DES (FIPS certified)
SSHield also provides hmac-sha1 (FIPS certified) and hmac-md5 hashing methods for message integrity protection.
Besides supporting RSA/DSA public-key, X.509 digital certificate, and password/passphrase authentication out of the box, SSHield also includes hooks for customizing the authentication to plug in to various authentication standards such as RADIUS, Kerberos, or other proprietary authentication schemes including hardware tokens and biometric-based methods.
SSHield's port forwarding feature is a powerful generic tunneling feature that allows the transparent and secure forwarding of TCP connections from one network node to another. Using this powerful mechanism, legacy insecure applications can be secured by redirecting traffic through the encrypted tunnel provided by SSHield.
SSHield includes flexible APIs to access the functionality of SFTP secure ftp (client and server) as well as SCP secure copy enables the use of secure file transfer functionality in embedded applications without tedious command line processing.
For applications needing a new command-line interface (CLI) layer, SSHield includes an optional utility function library to generate commands and hook them up to internal application management functionality with ease. For applications that need to secure an existing CLI, the CLI utility library can be scaled easily to reduce resource requirements. SSHield also integrates well with existing CLI based device management frameworks that may already be in place. It has pre-defined interfaces for Rapid Control® CLI and WIND® Manage for CLI allowing for drop-in integration with these products, and can work with other CLI libraries including proprietary ones.
SSHield is compliant with the IETF definition of the SECSH protocol, and is interoperable with freely available and commercial implementations of this protocol. It is also compliant with the T1 Standard on Management Plane Security, a requirement for many OEMs in the telecommunication industry. It has been extensively validated against various SSH clients and servers, SFTP clients and servers, and SCP implementations on embedded and non-embedded platforms including those on Windows®, Solaris®, UNIX®, and Linux. SSHield-enabled connected embedded devices can easily work with other SECSH implementations on a local network or across the Internet.
If you are interested in more information on how Wind River partners with this company, click here.