Openssh for Windows

Jim Knoble jmknoble at pobox.com
Tue Jul 29 15:35:41 EST 2008 

Circa 2008-07-28 11:08 dixit Peter Stuge:

: On Mon, Jul 28, 2008 at 10:01:51AM -0400, Patel Dippen-CDP054 wrote:
: .. Cygwin / VanDyke
: > 
: > Could I use either of these on high security/ mission critical systems?

  [...]

: > I have Windows Services running on different Windows machines and
: > they talk to each other. I need to protect the communication
: > between these 2 services.
: 
: As others mentioned, an actual VPN product is much more suitable for
: this task. I recommend the open source product OpenVPN which runs
: very well also on Windows. Please see http://openvpn.net/

As no one else has mentioned yet, if the services in question talk to
each other via TCP, then a number of solutions are available, including
OpenSSH with a minimal Cygwin environment (see Corinna Vinschen's
response in this thread for info about OpenSSH's security under Cygwin).
Stunnel is another potential solution <http://www.stunnel.org/>; it
appears to have a Microsoft-native installer (and can allegedly install
as a Microsoft Windows service).

However, if the services communicate via UDP, then you *must* use a
different solution, as neither OpenSSH nor stunnel will tunnel UDP
traffic.  OpenVPN, as Peter mentions, is a high-quality SSL-based VPN
solution that works natively on Microsoft OSes and handles UDP.  As
mentioned previously, IPsec is another candidate.

Of course, there are other ways to handle this as well, including
putting VPN appliances in between the Microsoft systems (this includes
using, say, a Linux or OpenBSD system as a VPN gateway).  That could
bring you more flexibility.

Also, depending on the physical proximity of the systems, you may be
able to simply use a physically separated network to connect them (for
example, dedicated network ports connected via a separate switch or a
crossover cable).

Good luck,
jim

-- 
jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/
(GnuPG key ID: C6F31FFA  >>>>>>  http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
+----------------------------------------------------------------------+
|[L]iberty, as we all know, cannot flourish in a country that is perma-|
| nently on a war footing, or even a near-war footing.  --Aldous Huxley|
+----------------------------------------------------------------------+

More information about the openssh-unix-dev mailing list