Home      Learn More     Products       Articles      Team       Press Releases     Investors     Contact  Questions Frequently Asked By Users What is SSH? What is an SSH Tunnel? How can I get access to an SSH server? What can Safe Passage do for me? What type of connections can I secure using Safe Passage? What can't I secure with Safe Passage Can other computers connect to my computer through Safe Passage? Can I secure my peer-to-peer file sharing with Safe Passage? Will my connections be slower through Safe Passage Questions Frequently Asked By Administrators Is there any server licensing required for Safe Passage? What kinds of remote access can Safe Passage allow into our private network? What SSH servers can I use for running an SSH host? What kind of special hardware do I need for the SSH host? How must the corporate firewall be configured to allow users to "Safe Passage" into the private network? Must users always type passwords, or can they use RSA/DSA public key authentication? Can I use my Windows Domain for user-management on my SSH host? Questions Frequently Asked By Users What is SSH? "SSH" is an acronym for the Secure Shell Protocol. SSH is commonly used to securely connect to remote terminals on servers...much like Telnet. The SSH Protocol has much more capability than Telnet. MOST IMPORTANTLY, SSH IS ENCRYPTED, but it also supports file transfer, public-key authentication, and port forwarding. The original specification for SSH can be found here. The current version of SSH, SSH Version 2, is the protocol that Safe Passage utilizes. What is an SSH Tunnel? The SSH2 protocol allows for something called "port forwarding"...more commonly known as "SSH Tunneling". Normally (i.e. using an SSH2 client that is not Safe Passage) a user is required to manually specify a localhost port (a TCP/IP port on the user's computer) that the SSH2 client should listen on. When the SSH2 client receives traffic on that local port, it sends that traffic via the user-configured port forward to the SSH2 server. The server then sends the traffic to a destination host that the user provided during configuration. It's a real pain. Safe Passage dynamically automates all of the SSH port forward configuration, so all you need to specify is your SSH2 host address, login information, and optionally modify Advanced tunnel settings. It's really easy. How can I get access to an SSH Server? There are already over 5 million servers on the Internet that support SSH2 access. There are three main options for getting access to an SSH server that you can use with Safe Passage: Several Internet Service Providers offer accounts with SSH2 Access. See our SSH Accounts page for links. You can run your own OpenSSH Server. The OpenSSH Project offers a FREE SSH Utility suite, including an SSH server. You can run your own commercial SSH server. There are a number of commercial solutions compliant with SSH2, but we really recommend using the OpenSSH Project...it's free, and as good if not better than the commercial solutions. What can Safe Passage do for me? Safe Passage is a VPN (Virtual Private Network) client that uses the Open SSH Standard. By connecting Safe Passage to an SSH2 Server, your TCP/IP and DNS Internet traffic is encrypted, sent to the SSH server, and the server then makes the actual connection to the Internet host you were connecting to (web, file, email, etc.) Because of this secure tunneling, the Internet host you connect to using Safe Passage believes that your IP address is the SSH2 server your connecting to...not your real IP address! The end effect is that Internet hosts think you are connecting to them from somewhere you are not, and private networks believe that you are connecting from a host (your SSH2 server) on their local network. What type of connections can I secure using Safe Passage? Safe Passage can secure any TCP/IP traffic, and DNS queries. Applications that use TCP/IP and or DNS: Web (HTTP/HTTPS) traffic Email Windows Filesharing (Windows 9x/ME/2000/XP/2003/Samba 2.2.7+ hosts) Most video-streaming technologies P2P software (Kazaa, WinMX, Gnutella, etc.) TCP/IP Printers Probably 90% of all Internet software What can't I secure with Safe Passage Applications that use protocols other than TCP/IP and DNS cannot currently be secured by Safe Passage. Applications that do not use TCP/IP or DNS: ping, tracert (ICMP) Voice-over-IP (UDP) NFS (network file system) (UDP) SNMP management tools (i.e. HP OpenView) Can other computers connect to my computer through Safe Passage? No. Can I secure my peer-to-peer file sharing with Safe Passage? Yes. Will my connections be slower through Safe Passage Technically, yes, but the speed loss is minimal, and may not even be noticeable. The main cause of slow downs are limitations on your Internet connection's upload speed (often, broadband connections limit connections to have a faster download and slower upload speed.) Questions Frequently Asked By Administrators Is there any server licensing required for Safe Passage? Safe Passage does not require any special licensing for the SSH host. However, other third-parties (such as your operating system vendor) may require licensing for their products. What kinds of remote access can Safe Passage allow into our private network? Safe Passage can tunnel TCP/IP and DNS traffic to any host that the SSH server can connect to. This includes traffic such as Web, Email, Windows file sharing, RDP, etc. If the SSH server can connect to your internal network, then Safe Passage can tunnel traffic to hosts on that internal network. The same applies to Internet traffic. What SSH servers can I use for running an SSH host? Safe Passage uses SSH version 2. So, any SSH server compatible with the SSH2 standard should work fine. The server from the OpenSSH Project is free, available for most platforms, and has regular security and feature updates. We recommend OpenSSH, but there are several other commercial and non-commercial options. What kind of special hardware do I need for the SSH host? NONE!!! Other VPN's require proprietary VPN gateway hardware or software. Safe Passage uses the open SSH protocol, so any computer that can run an SSH server (OpenSSH runs on most platforms) can serve as the VPN gateway for Safe Passage. How must the corporate firewall be configured to allow users to "Safe Passage" into the private network? The firewall must not obstruct traffic coming from your users to the TCP/IP port that your SSH server is running on. So, if your users are on the Internet, and your SSH server is behind your firewall, you must either open or forward the SSH port (usually port 22) to that SSH server. Additionally, your SSH server must be allowed to connect to the host that you wish users to tunnel traffic to (i.e. printers, file servers, web servers, the Internet, etc.) Must users always type passwords, or can they use RSA/DSA Public-Key authentication? Safe Passage itself cannot manage Public-Key authentication. However, because Safe Passage's SSH client is compatible with the PuTTY Project, a user can configure PuTTY's pageant.exe key manager, and it will work with Safe Passage during authentication. Can I use my Windows Domain for user-management on my SSH host? That depends on the capabilities of the Operating System and SSH server software you are using for your SSH host. When running OpenSSH on Windows, the OpenSSH installation instructions tell how to enable domain accounts for login to SSH. On Linux, there are packages available for authenticating Linux terminals against a Windows Domain (e.g. PAM/Kerberos, SAMBA, etc.) Other operating systems would have similar specific requirements. as VPN for Privacy Through Firewall as VPN for Privacy Through Firewall