vrijdag 30 december 2011

SSH (sftp) SERVER ON WINDOWS SERVER 2008

A client asked me to write a document about the possibilities for an sftp server on a Windows Server 2008. This feature isn't incluced in Windows Server and so we had to search for third party software and test different tools in order to make our choice. I didn't find much blogs around about the comparison between the different tool so I thought it would be useful to post it on a blog...


Introduction

Secure Shell (SSH) is a program that lets you log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. When using SSH, the entire login session, including transmission of password, is encrypted and therefore is very secure.
you can also turn your Windows PC (server) into a Secure FTP (SFTP) server. SFTP is a program that uses SSH to transfer files. Unlike standard FTP, it encrypts both commands and data, preventing passwords and sensitive information from being transmitted in clear text over the Internet. It is similar to FTP, but because it uses a different protocol, you must use a FTP client that supports SFTP.

Tools
There are many different software that can be used to turn your server into a SFTP server. The following list contains the most popular software available.
Freeware:
  • SSHWindows / OpenSSH
  • FreeSSHd and FreeFTPd
  • SilverSHielD SSH/SFTP Server
  • Filezilla
  • WinSCP

Payware:
  • WinSSHD

Features overview
Name
SSH1
SSH2
Interface
Download
SSHWindows / OpenSSH
yes
yes
Command line
link
FreeSSHd and FreeFTPd
no
yes
console
link
SilverSHielD SSH/SFTP Server
no
yes
console
link
Filezilla
yes
yes
console
link
WinSSHD
no
yes
console
link
Serv-U
yes
yes
console
link
SSHWindows / OpenSSH

OpenSSH for Windows is a free package that installs a minimal OpenSSH server and client utilities in the Cygwin package without needing the full Cygwin installation.
The OpenSSH for Windows package provides full SSH/SCP/SFTP support. SSH terminal support provides a familiar Windows Command prompt, while retaining Unix/Cygwin-style paths for SCP and SFTP.
The OpenSSH for Windows package is a repackaging of the OpenSSH port to the Cygwin environment. While not a native Windows port, this goal of this distribution has been to run the OpenSSH client and server programs with as little of the Cygwin environment as possible. This helps Windows administrators who might be unfamiliar with the Unix environment and helps users with access to the Windows command line interface. As with the OpenSSH and Cygwin packages, this software is also being distributed free to any user who is looking for a more secure way to remotely administer their Windows machines.
General Features
  • Windows NT Service SupportWindows Command Prompt support for SSH Terminal
  • SCP/SFTP server support
  • Command-line clients included 
FreeSSHd / FreeFTPd

What is freeSSHD?
freeSSHd, like it's name says, is a free implementation of an SSH server. It provides strong encryption and authentication over insecure networks like Internet. Users can open remote console or even access their remote files thanks to buit-in SFTP server.
What is freeFTPd?
freeFTPd is a FTP/FTPS/SFTP server that enables user to access remote files over TCP/IP network such as Internet. Unlike FTP, FTPS and SFTP protocols provide security and strong encryption of data - great for insecure network.
SilverShield

SilverSHielD is an award-winning SSH (SSH2) and SFTP server for Windows. It is free for non-commercial use. SilverSHielD Pro costs only $39.95 and entitles you to free lifetime updates and upgrades.
The Pro edition differs from the Free edition only by 2 details.
  • The Pro edition can be used for commercial purposes
  • It removes the 3 connection and 1 client limit
Featurures:
  • Authentication
  • Keyboard-interactive
  • Password-based (NEW! Also supports Windows/AD account authentication!)
  • Public-Key (supports multiple keys per user!
     
     Additional security settings:
  • Ability to set the maximum number of concurrent connections (Pro edition only)
  • Ability to force a delay upon new connection, for anti-hammering
  • Put the client IP in tarpit after a definable number of failed authentication attempts
  • Limit access only to certain IP addresses or networks
  • Per-folder permissions on virtual folder
  • Virtual folders can be hidden (but still perfectly functional)
  • Per-user IP security
  • Auto-disable user account after a cetrain date/time
  • SafeUp™ server-side file-transfer protection technology
Functions and subsystems:
  • Secure Shell/Command (SSH2)
  • Forwarding
  • SFTP (supports files larger than 4 GB!)
  • Compression (Zlib)
  • Powerful script-based event handling subsystem, with support for 4 major scripting languages (NEW!)
Administration:
SilverSHielD runs as a system service and local/remote administration is performed though a modern Management Console, included in the download package, which establishes a secure channel with the SilverSHielD server and allows remote configuration of one or many servers
Alternatively you can take advantage of the Command-Line Interface (CLI) to integrate SilverSHielD management into your workflow, even using 3rd party management tools (provided such tools can call a command line application)
Unlike many other competing products, SilverSHielD isn't loaded with tons of (often useless) features; instead it's focused on simplicity and ease of use, and of course on security and reliability.
And it's free of charge if 3 simultaneous connection from a single client is sufficient for you and if you don't use it for commercial purposes. If you need to allow more than one client connection at a time or to use it for commercial purposes, you can purchase the Pro edition. Anyway your free edition will never expire and all our free edition users are entitled to lifetime updates and upgrades.
  
Filezilla 
FileZilla Server supports FTP and FTPS (FTP over SSL/TLS). It includes numerous functionalities, including:
  • Upload and download bandwidth limits
  • Compression
  • Encryption with SSL/TLS (for FTPS)
  • Message log (for debugging and real-time traffic information)
  • Limit access to internal LAN traffic or external internet traffic only
  • Virtual file system
A user connections manager in FileZilla Server — displayed along the bottom of the window — allows the administrator to view currently connected users and their uploads/downloads. At present, there are two operations the owner of the server can do to those transfers — to "kill" the client session or to "ban" the user's IP address. This manager shows the real-time status of each active file transfer.

 WinSSHD
WinSSHD is a SSH server for all Windows NT-series operating systems. Supported platforms include Windows 2000, XP, 2003, Vista, 2008, and 7. Both 32-bit and 64-bit versions of Windows are supported. Even Windows NT4 is still supported by WinSSHD 4.
Features:
  • Secure remote access via console (vt100, xterm and bvterm supported)
  • Secure remote access via GUI (Remote Desktop or WinVNC required)
  • Secure file transfer using SFTP and SCP (compatible with all major clients)
  • Secure TCP/IP connection tunneling (port forwarding)

You can try out WinSSHD risk-free. After installing, you are free to evaluate WinSSHD for up to 30 days. If you then decide to continue using it, you have to purchase a license.
When the personal edition is chosen during installation, WinSSHD can be used free of charge by non-commercial personal users.
More information about pricing can be found here: http://www.bitvise.com/winsshd-pricing
 
Serv-U

Serv-U is a Windows and Linux-based multi-protocol FTP, SFTP and HTTP file server. It allows files to be shared over the Internet via unencrypted protocols like FTP and HTTP or securely via FTPS, SFTP, or HTTPS. Using a built-in web service the software can be configured remotely from any location with Internet access and a web browser, and two built-in file transfer clients allow for file management without requiring pre-installed FTP/SFTP client software.
Features:
  • Files accessible by FTP, FTPS, SFTP, HTTP, HTTPS listeners which can be bound to any locally assigned - IPv4/IPv6 address
  • Full UNICODE Support
  • IPv6 Support
  • 32-bit and 64-bit versions
  • SSH Public Key Authentication
  • FIPS 140-2 Encryption (Certificate #1051)
  • Domain-based collections of users/groups, accessible through the use of Virtual Hosts
  • Web-based server administration (locally or remotely by HTTP)
  • Complete IP Address or FQDN-based ACL support
  • User/group storage in ODBC databases
  • Email notifications, batch file triggering and balloon tips based on custom event triggers
  • File ACLs configurable for users, groups, domains or entire server
  • Virtual Path support for "virtual file system"
  • Statistics module to view utilization by individual users/groups
  • Highly detailed and granular logging
  • Customizable FTP command responses
  • UTF-8 support
  • Individual session observation support ("spy" on active sessions)
  • Detailed password policy enforcement
  • Granular traffic shaping controls
  • Custom HTTP interface logos
  • Automatic blocking of brute force attacks by IP address
  • Transfer resume support
  • Fully Integrated API
  • Multilingual Web Client, supports remote access of files via HTTP/HTTPS in English, German, Italian,   French, Spanish, Portuguese, Swedish, Finnish, Norwegian, Russian, Danish, Simplified Chinese, Traditional Chinese and Japanese.

A free version is available for download, but a license is needed in order to use Sftp.
Prices:
http://www.serv-u.com/pricing.asp
The Serv-U Management Console provides quick and easy access to each of the File Server's configuration options. The Navigation menu in the bottom-left corner is accessible from any page and also allows direct access to these pages.

The built-in Web Client is included with all Serv-U editions and allows clients to access your File Server using their Web browser.

 
Conclusion

In my opinion, I would not suggest SSHWINDOWS / OPENSSH since it has no graphical user interface. Serv-U is really user friendly and has lots of possibilities but is too expensive. Filezilla has some known bugs when using SFTP, so I won’t consider using that one either. So that leaves us with FreeSSHd/FreeFTPd, SilverSHield and WinSSHD. All three of them only support ssh2, not ssh1. SilverSHielD has a nice Office 2010 look and feel. FreeSSHd/FreeFTPd both have installation issues. I’ve tried installing both apps with local admin rights and domain admin accounts and with both apps I got the error that I didn’t have admin rights. WinSSHD has a more difficult pricing list, so I would prefer SilverSHielD, since it only costs $ 39 and you are licensed forever, and it is very easy to set up and configure.


Sources:
http://www.openssh.com/
http://www.freesshd.com/
http://www.k2sxs.com/silvershield/
http://filezilla-project.org/
http://www.bitvise.com/winsshd
http://www.serv-u.com/
http://en.wikipedia.org

Gepost door op 5 opmerkingen:
Labels:
Abonneren op: Posts (Atom)