AutoSSH

AutoSSH is an UNIX/Linux ssh automation software. Like our AutoSFTP, not only it allows you to automate ssh, but also it provides better protection to the password or passphrase used. And one of programs (asshc) also does an audit log for commands it runs. It's fully compatible with OpenSSH software, can use the options which ssh uses.

In our case studies, you can find what's the security risks and our solutions in UNIX cross server job: it will save your company lots of money in operation, and in the same time enhance the security of your mission critical UNIX system.

So why using our AutoSSH is more secure?

Here are the reasons:



The software uses very sophisticated encryption key generation algorithm for the encryption of the password or passphrase, and uses the standard 256-bit AES for the encryption.

The software has a built in anti-Trojan Horse capability, so even if a malicious person with root privilege replaces the ssh program or the libraries used by ssh to try stealing the password or passphrase, he/she would fail. So, if you use our AutoSSH, the OpenSSH Ebury Trojan will not cause trouble to your security: you would detect the Trojan when you run jobs with our AutoSSH.

It has anti-system call tracer capability, others won't be able to use system call tracer, like strace on Linux, tusc on HP-UX and truss on AIX and Solaris, to capture the password or passphrase.

On Solaris and Linux, AutoSSH is able to detect the otherwise very dangerous password/passphrase stealing tool dtrace, to prevent password/pass phrase to be stolen by malicious person who uses dtrace.

The following is an sample of an encrypted password/pass phrase file content, dumped using "od -c":
0000000 3 Z a i M h x W Y J g 9 T K W 343

0000020 251 n | 9 ' 267 217 H y l 254 310 003 303 9 264

0000040 274 225 217 023 211 321 4 223 204 335 354 6 X 1 333 221

0000060 317 354 253 363 A 227 275 216 273 V 216 w 024 242 023 250

0000100 235 j O 032 201 312 ( 370 027 T ] \t ~ 362 365

0000117
In AutoSSH, each encrypted password/pass phrase file is only usable by the account who created the file on the system, not other accounts on the system or copied the file to another machine to use it.

Not only use AutoSSH will make your password or pass-phrase more securely protected, the asshc program in the package also logs the commands it runs for auditing purpose. So with this program, you can let system/database/application administrators to run commands on critical remote machine, and after that, check what they did from the /var/adm/assh.log file.

AutoSSH allows you to use it without have the password or pass-phrase pre-encrypted, but under that usage, AutoSSH will lost the capability to combat trojan horse attack, so should be used with care.