Secure Shell Safeguards File Transfer

Secure Shell is an Internet standard originally designed to enable secure remote logon. Secure Shell employs state-of-the-art cryptographic technology to safeguard bits in transit and adds port forwarding to securely "tunnel" data between a client and server over an otherwise unsecured network like the public Internet.

Secure Shell begins with strong authentication, using a combination of encrypted passwords and/or RSA/DSA public-keys to verify the identity of the client and server. With Secure Shell, organizations don't have to share easily-compromised text passwords with business partners and suppliers - they can rely on identifiers that are unique and secure, yet easily generated and distributed.

This authentication is combined with flexible access controls that ensure only authorized parties have access to sensitive files. Using Secure Shell, organizations don't need to compartmentalize files on different servers - for example, by dedicating a file server to each business partner. Instead, file servers running VanDyke Software's VShell® combine strong authentication with Windows NT or Windows 2000 file access privileges. Individual Windows groups and users can be given access to SFTP without granting shell or port-forwarding privileges. Once a user has logged into SFTP, VShell enforces Windows security permissions for read/write access for each file and folder.

Secure Shell preserves the confidentiality of all transferred data, including usernames and passwords, directory listings, and file contents. Symmetric ciphers like DES, 3DES, RC4, Twofish, Blowfish or AES can be used to encrypt data sent over a Secure Shell session. Rather than rely on manually-configured keys, Secure Shell employs public-key encryption to generate a random key for each session, used only until the session ends or the key is refreshed. These measures provide very strong protection against eavesdropping when files are transferred over the Internet.

For added protection against modification in transit, the most recent version of Secure Shell (referred to as SSH2) applies keyed Message Authentication Codes (MACs), based on SHA1 and MD5. These data integrity measures eliminate both accidental corruption and malicious tampering of messages exchanged over a Secure Shell session.

To learn more about the Secure Shell standards, protocols, and the cryptographic technologies employed by VanDyke's file transfer products, refer to our Secure Shell Overview.