• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Win2k3 SSH Server : freeSSHd vs winSSHd

B

b4u

Golden Member
Hi,

I'm looking into installing one of the following products on a Windows 2003 Standard server:

freeSSHd (http://www.freesshd.com/)
winSSHd (http://www.bitvise.com/winsshd)

My needs:
- Tunnel Remote Desktops and connections to databases (MySQL and SQLServer) through SSH secure encrypted connection;
- Allow for secure file transfers to and from the server;
- I don't want to use windows accounts, just public key authentication;
- Best performance.
- Minimum intrusion on operating system.

My thoughts about the products:

freeSSHd

It's free. It's simple to configure, and looks to have what I need, and seems to use a small footprint on the server.

Lacks better SFTP user management. All SFTP enable users will have access to the same SFTP folder, with full access. For now, I only have 1 user, but this doesn't help on changing that ... I cannot give specific folders and permissions to individual users.

It's a free small product, it's not opensource so being a security-related product, I have some difficulty in trusting that it doesn't have any exploit.

winSSHd

It's free for personal use. It's a bit more complicated to configure, anso because it allows for so many things.

The SFTP feature looks nice. I can give specific folders to each individual user, and with fine-tuned permissions. For example, map one folder for read-only, and another with full access. Again, I only have one user, but in the future I have a software that can adapt to more advanced SFTP user access needs.

Again it's not opensource, so the same security-related difficulty in trusting that it doesn't have any exploit also applies, although it may be not so harder, because it is a more commercial product and so more trustable (??!?!?) ... or maybe it's just me being picky ...



I've tested both, and they seem nice, and have what I need. The only missing feature is a better user management and fold management/permissions on the SFTP on freeSSHd.

Other than that, and my security concerns about backdoors and exploits, they look very similar.

I've tested them both today, and I was pleased with them.

So anyone tried them, or at least that can give an opinion on the subject?

Any opinions are welcomed.

Thanks.
 
Last edited:
yinan said:
You are doing this the really hard way. Why not just set up a VPN using server 2003 RRAS?
Click to expand...

From my understanding, creating a VPN will allow a remote computer to connect to my network securely, but will end up being part of my network. Correct?

What I want is to give access to some services, and still be just a completely separate client.

For example, I will securely Remote Desktop into every network computers (servers and workstations) with SSH tunneling, and also will tunnel into my databases (for administrating).

Also I can have a way of giving storage secure space for remote users, through SFTP.

That's why I thought that SSH and SSH tunneling will provide me with a higher level of security.

That's what I thought ... but I'll be investigating more about RRAS ... it may give me other benefits, or at least some more knowledge (I don't know about RRAS).

Thanks
 
If you are opening any sort of tunnel like you are then you are allowing traffic in.

A VPN will be connected as securely as you set it up as.

A VPN client is still a separate client, but it may or may not be on the same network segment. Also, depending on how you set it up.

I suggested this because you would have to worry about creating multiple tunnel configurations with SSH while with a VPN you could have one and connect to everything that you wanted to.
 
cygwin gives you standard sshd - same as linux/freebsd/osx.

you could run PFSENSE 2.0 in a vmware (or hyper-V) and create a fake vswitch and nat everything on that host too. That's what i'm doing. running a firewall for all vm's, and a pair of firewalls in CARP for dual-wan output. might seem ridiculous but works. hyper-v won't work it doesn't support promiscuous mode in vm's. but esx essentials (buy it before 5.0 comes out - trust me they are going to screw 5.0 users) 4.1 ESXi for $495 rocks. screw paying $2000 for a hardware router. pfsense is designed to operate in a VM (it detects it and installs vmtools). Love it. Testing it now at home with CLEAR and UVERSE with autofailback based on a number of tests (https HEAD, ping loss, interface up/down(wire plug)) all combined. Nothing else comes close. free.
 
yeah it needs vcenter just like hyper-V core needs SCVMM. and free esxi is not compatible with vcenter you need the paid for esxi
 
I could not get ssh tunnelling working with FreeSSHD the last time I tried, and maybe they fixed it by now, but tunnelling works great for one local user with WinSSHD (free). Good enough for secure/encrypted RDP tunnelling sessions for me.

Pay version of WinSSHD support domain/multiple users.

If you want SFTP, you should look into Filezilla SFTP server, open source and free.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top