Secure Server Management Report

Janina Sajka janina at afb.net
Mon Oct 1 14:40:59 EDT 2001 

Dear Colleagues:

This report summarizes my explorations of functionality and accessibility
in current SSH clients for Windows. As you will recall, I (and others)
have strongly advised against using telnet and ftp for administration of
ACB's remote web server simply because these applications are insecure.
Rather, SSH is recommended because it provides the same functionality but
in a manner where all of the information transmitted across the public
Internet has been secured with strong data encryption. This is
particularly important for usernames and passwords which allow access to
system level functions on this remote server. And, such security
precautions have only become more important since the events of September
11 last.

Fortunately, the news for ACB is very good. I will point you to a fully
accessible and fully featured ftp client with full support for ssh2--the
current standard. This should take care of the need to move files back and
forth very nicely. The news for command line access isn't quite as good,
though it is still not bad. Herewith the details:

1.)	File Transfer Agents

There is really only one choice here. CuteFTP Pro 1.0 has absolutely everything ACB needs to manage files on its remote
server securely. CuteFTP Pro stands head and shoulders above the competition both on accessibility and on ftp features.
It is, unfortunately, not a free software program, but it is very excellent all the way around. Be sure you get CuteFTP
Pro 1.0, and not the older CuteFtp 3.5 or 4.0 clients which do NOT support ssh. A free 30 day trial copy can be
downloaded from GlobalScape, the manufacturer of CuteFTP Pro at:

http://www.globalscape.com/download/index.shtml

My second, and very viable, choice for managing these files remotely is the DOS command line utilities that are
available in the SSH for Windows 32-bit operating environments client available free of charge to nonprofits at

	http://www.ssh.com

Regretably, the Windows utilities in this package are only partially accessible. But, they are also only partly as
capable as Cute FTP -- lacking such important features as "resume upload." Still, the DOS ports of the unix commands scp
and sftp will work very well for anyone who still has good speech access to DOS;

2.)	Terminal Access

The options for a good command line on the web server are not as clear as for file management. Fortunately, though,
there are very good secure substitutes for telnet, and their accessibility is probably no less than the accessibility
for the various telnet clients. Let me explain:

Not unlike the circumstances in available telnet clients, available ssh clients range from fully accessible clients to
not so accessible ones. And, the reasons for this are substantially the same because, after the connection is made, what
telnet presents onscreen is no different than what ssh presents onscreen.

So, if you think that telnet is accessible on Windows, you will likely get the same level of accessibility from the
SSH Client for Windows available from:

	http://www.ssh.com

In order to get the same functionality, however, you will likely need to apply whatever set files are associated with
your Windows telnet client to this SSH application.

If, on the other hand, you are able to run in DOS, you will find the command line version which comes with this
application vastly superior. This DOS client simply works with asap or vocal-eyes.

CONCLUSIONS

The Windows CuteFTP Pro 1.0 client should be used for secure remote file management;

The DOS SSH2.EXE client from ssh.com should be used for secure remote terminal access;

The telnet server should be removed from the web server;

FTP access should be limited to anonymous access only;

ADDITIONAL NOTES

There is yet another SSH application available on Windows called PuTTY. While it is not as accessible, in my view, as
the applications named above, it could be as accessible if a competent programmer were to fix the interface. This is
possible because PuTTY is an open source application. The source code, documentation, and current executables for PuTTY
can be found at:

http://www.chiark.greenend.org.uk/~sgtatham/putty/

Respectfully Submitted,


-- 
	
				Janina Sajka, Director
				Technology Research and Development
				Governmental Relations Group
				American Foundation for the Blind (AFB)

Email: janina at afb.net		Phone: (202) 408-8175

Chair, Accessibility SIG
Open Electronic Book Forum (OEBF)
http://www.openebook.org

Will electronic books surpass print books? Read our white paper,
Surpassing Gutenberg, at http://www.afb.org/ebook.asp

Download a free sample Digital Talking Book edition of Martin Luther
King Jr's inspiring "I Have A Dream" speech at
http://www.afb.org/mlkweb.asp

Learn how to make accessible software at
http://www.afb.org/accessapp.asp

More information about the Speakup mailing list