GSW Power Features – Telnet/SSH Server for Windows

The Georgia SoftWorks Universal Terminal Server is the core server software module that is the foundation for the GSW protocol and application interface such as Telnet and SSH. Products based on the GSW UTS demonstrate the reliability, flexibility, consistency, performance and rich feature set required for demanding commercial environments.

nautizx4Feature packs such as the Power Feature Pack, the Session Administrator, the Emulations/Compatibility Pack, and the Failure Detection/Recovery Pack set the GSW UTS apart from other Telnet Servers on the market.

The GSW UTS Power Features Expand the Telnet/SSH to meet and exceed the most demanding industrial and commercial environments.

Power Features:

Team Services – Breakthrough collaboration technology for SSH/Telnet. Share, Swap, Transfer and Recover sessions. All initiated from the client device. There is no system administrator intervention require, and all can be performed in under 60 seconds.

Automatic Logon – Accelerate User Logon. It’s safe – there are no passwords transferred across networks. This feature allows you to pre-configure a list of IP addresses that will be able to connect and log on without any User ID, Password or Domain prompting when using the Georgia SoftWorks SSH/Telnet Clients or 3rd party clients.

True Client Side Printing – This feature allows documents to be printed at locations that are easily accessible by each user. Traditionally, default printing using Telnet/SSH is always location to the server, which can be inconvenient to the user. GSW overcomes this traditional problem by providing true client side printing – printing the way you want it! This allows you to print to portable Bar Code Printers, Pass through Printing, and much more.

Logon Scripting – Logon Scripting is an advanced feature that allows the system administrator unmatched control over the user sessions. Associated with each User Login is a directory that will execute batch files upon connecting. Logon Scripting provides automatic execution of the batch file upon the login of the user. Logon scripts are often used to map drives, establish network connections, change directories, set environment variables, run TSR’s and launch applications. When an application is launched via a logon script the User is automatically deposited into the application upon successful logon.

Programmatic Interface – This feature allows you to programmatically take control of the Input/Output to/from the client. Developers may take advantage of the programmatic interface to the Georgia SoftWorks SSH/Telnet Server for Windows. Programmatic, language independent access to the SSH/Telnet Server allows developers to write an application that (when run under the SSH/Telnet Server environment) takes control of its input and/or output from/to the client. This can be utilized to create a custom or highly specialized communications application. The SSH/Telnet Server still maintains critical functionality such as logon, security, application launch and termination. Normally the application before it terminates will release control to the SSH/Telnet server.

Client Identity and Uniqueness – This feature allows you to know the exact identity of the client device connected. This is useful is many environments, and required in others.

GSW Event Logging The Event Logging Feature maintains useful Telnet/SSH Server activity information in the Event Log. The System Administrator can use information in the Event log for generating reports. The logging of various events can be optionally enabled or disabled.

Special Refresh Character – The User Definable Refresh Character will cause SSH/Telnet to repaint the screen data. This is useful in environments that may occasionally drop characters such as RF Terminals.

UTS GUI Configuration Tool – The GSW Configuration Tool allows the use of an intuitive Windows Explorer style graphical user interface to set configuration parameters that reside in the registry in addition to creation of folders, scripts and the creation/modification of UTS environment variables.


The Georgia SoftWorks Telnet Server for Windows and SSH Server for Windows offers a robust amount of features available, including Power Features, Session Administrator Features, the Security Pack, Emulations, Legacy Pack, Utility Pack, Failure/Recovery Pack, Super Clients Pack and Performance Pack.

Two of the Session Administrator Features are the Session Monitoring Feature and the Session Shadowing Feature. What’s the difference between the two?sa_select_shadowing

Session Monitoring: Allows the administrator to identify an active user session to monitor and observe dynamic screen activity EXACTLY as it appears to the user.

Session monitoring is the method used to locally observe the display on a remote SSH/Telnet session. As the data is displayed on the remote SSH/Telnet client, an exact copy is sent to the Session Monitor too. The display is exactly the same as the display being presented to the remote session. Session Monitoring is transparent to the client being monitored and does not impact their performance.

Session Shadowing: Monitoring with the added capability of interactive output. Take control of a session from the convenience of your workspace.

Shadowing is similar to Monitoring except interactive input is allowed. This means that you can provide input to another SSH or Telnet session. This is a powerful training and quality assurance tool. A user may need assistance in using their application and you can shadow their SSH or Telnet session providing input where they have difficulty.

Configure the GSW Telnet Server and SSH Server Accessiblity Filters

The GSW Universal Terminal Server (Telnet Server and SSH Server for Windows) provides the flexibility to control who is allowed access to your server.

Only if a connection attempt meets your configured access criteria is it allowed. Georgia SoftWorks connection restriction configuration has thorough filtering capabilities straining out connection attempts that do not meet your specifications.

Configurable Filters and Restriction Options:

SSH2 Administrators can restrict users to SSH Clients (both 3rd party clients and GSW clients), or only allow connections from GSW SSH clients (both FIPS 140-2 compliant and non-FIPS 140-2 compliant).

FIPS 140-2 – This feature allows connections only from the Georgia SoftWorks FIPS 140-2 SSH Clients. This is a high level of security that the system administrator can configure. Many times the system administrator will insist that End-to-End FIPS 140-2 compliance is the only allowable option.

IP Address – Remote access may be limited only to specific IP addresses. The system administrator may optionally restrict connections via telnet based on the Host IP address.

User Name – Restriction based on the user ID is useful when there are a defined set of users that are allowed access to the Windows Server via SSH/Telnet.

3rd Party Client – This feature allows connections only from the Georgia SoftWorks SSH/Telnet Client. This is another level of security that the system administrator can configure. Many times the system administrator will not want users using any generic client to connect to his or her system.

Encryption – This feature allows connections only from the encrypted Georgia SoftWorks Telnet Client. This is another level of security that the the system administrator can configure. Many times the system administrator wants to ensure that ALL connections to the Georgia SoftWorks UTS are encrypted.

Time of the Day – This option can restrict access based on the time of the day.

Connection count – This feature specifies the number of connections allowed. Many times administrators want to limit the total number of connections to be a smaller value than thenumber of connections purchased.

Connection Count by : USERNAME – System administrators may want to limit the number of simultaneous logons for specific User Ids. This is especially useful for ASP environments where an entire company, department or group is assigned a single User Id that everyone shares. Reasons for limiting the number range from server resource allocation to purchased access.

Connection Count by : IP ADDRESS – The system administrator may want to limit the number of simultaneous logons from specific IP Addresses. This is especially useful for ASP environments where many users access the GSW UTS from locations that can be identified by a specific IP Address. The system administrator may want to limit the number of simultaneous connections for a variety of reasons that range from server resource allocation to purchased access.




How to Browse the Internet Securely by Tunneling through an SSH Server on the Cloud

The GSW Business Tunnel is a versatile and secure connectivity tool that allows you and your coworkers secure access to required network services that are often risky due to non-secure Tunnel_boxlocations or impossible due to firewall configurations.

With the GSW Business Tunnel, secure tunnels are built over a network between the Business Tunnel Software and an SSH Server. Each tunnel may contain one or more channels where encrypted traffic is encapsulated and is sent through an encrypted channel providing the security you need to confidently connect over a wifi network.

Scenario: Matt is on vacation, but his company needs him to run payroll today. He does not want to risk accessing payroll via non-secure internet access.

Solution: Matt can create a secure tunnel for his laptop to access his companies payroll website.Case: Matt is on vacation. But his company needs him to run payroll today. He does not want to risk accessing payroll via non-secure internet access. Matt can create a secure tunnel for his laptop to access his companies payroll website. He can securely browse the internet using the GSW Business Tunnel by using a generic SSH Server on the Amazon Cloud. By setting up the Tunnel, the Channel within the Tunnel and the browser configuration on your computer, Matt can be set up to browse securely within minutes.

Setting up the Tunnel –tunnelsettings

  1. Set the address of the SSH Server Host. This is provided when you set up your Amazon Cloud.
  2. Set the Authentication Requirements. This is the logon ID and the private key provided when you set up the Amazon Cloud.

Setting up the Channel –

  1. Select Dynamic Port Forwardingchannelsettings
  2. Use the loopback address
  3. Choose an available port for the local port.

Setting up your Browser Configuration –

  1. Enable the Proxy Server
  2. Click on Advanced (this opens the proxy settings)
  3. Configure the Proxy Address and Port Number. The channel configuration for the local address and local ort is used in the browser configuration. These must match.
  4. Click OK, OK, and Apply!proxysettings

Matt can now use the GSW Business Tunnel to securely browse the internet connecting an SSH Sever to the Amazon Cloud.

Questions about the GSW UTS (Telnet and SSH) Security

Security is serious business! Don’t be afraid to ask questions about Telnet and SSH. You want to clearly understand what you are purchasing.

SSH Server Security Q&A:

Question: A vendor claims to use SSH but when I look closely, it does not look like it is being used END to END.

Answer: Some companies claim to have SSH but when you examine their claim, SSH may only be used within the server but things change to proprietary from the server to the devices, which is where the data is most vulnerable.  In this case the weakest link is the transmission of data from the server to the device, making the entire solution unsecure. When evaluating security software keep an eye out for the words end-to-end and proprietary mixed.fips140

Question: When should I use Proprietary Encryption Protocols?

Answer: Almost never. Your application should be designed in such a way that a standard cryptographic protocol can be used. Don’t be fooled by companies intermixing words like proprietary or customer encryption with terms such as AES, 3DES, Blowfish, etc. What this means is that the vendor is using standard cryptographic algorithms mixed up with their own proprietary cryptographic algorithm. Encryption algorithms are just a small part of a cryptographic protocol. You can bet the weak link is the  proprietary component. MAJOR RED FLAG

Question: A vendor claims to have FIPS 140-2 but they don’t have a FIPS 140-2 compliant client.

Answer: Again as unfortunate as it is, some companies claim to have features when they simply just do not. They may be compliant on parts of the server, but if its not FIP 140-2 complaint on the client then its not compliant END to END.

Question: Why is proprietary Encryption a Red Flag?

Answer: Existing Cryptography for our industry is quite good dues to dedicated, highly skilled mathematicians and the best cryptographers at security agencies such as the NSA (National Security Agency) and first class universities. Good cryptography algorithms require complicated mathematics in addition to expensive technologies for development. Algorithm acceptance requires testing and scrutiny of many brilliant people as well as industry peer review and time in the field.

Commercial software vendors typically venture in to the proprietary cryptographic arena to save time or money. A few “sharp” engineers creating a proprietary cryptographic algorithm is not remotely comparable to established cryptographic algorithms standardized by dedicated agencies, often looking 20+ years into the future. At best it is arrogant when software vendors believe they can do a better job than the professional cryptographers; at worst customer systems are breached.

Question: Our vendor says they developed their own cryptographic protocol?

Answer: Run, Run, Run as fast as you can! Encryption protocols are extremely difficult to design and are not for the faint of heart.  This is a very dangerous situation because there is a false sense of security. Developers often believe they have correctly implement a cryptographic protocol or encryption algorithm only to late find out that many significant potential exploits and other security risks exist after many months of deployment. There is no replacement for many years of public scrutiny and testing. .

Question: Our vendor refuses to give details of their cryptographic protocol design on the grounds that it jeopardizes the security of the solution?

Answer: All standard cryptographic protocols are described in detail on the level of design. Your vendor is trying to achieve security by obscurity. This simply does not work because of all the hardware and software tracing tools available to determined hackers. Security by obscurity can never work.


For more information on the Georgia SoftWorks UTS (Telnet Server and SSH Server), please visit our website or give us a call!



SSH Server Setup for Digital Certificate Authentication (4 Step Process)

SSH Server Setup for Digital Certificate Authentication (4 Step Process)

The Georgia SoftWorks’ SSH Server Certificate Based Authentication is a better and more secure solution for commercial environments. Passwords are risky and weak. While plain public keys are superior to passwords, for client authentication plain public keys lack a convenient method of matching them to user accounts on which the SSH sessions are expected to run.  The difficulty and complexity required for configuration of public key solutions is daunting for most and impossible for others.  With plain public keys, human mistakes can compromise the security of the solution.


A Digital Certificate (also known as public key certificate or identity certificate) binds an identity to a public key value. It is an excellent method of verifying the identity while the configuration and setup is much simpler to understand and easier to manage.


Georgia SoftWorks researched and developed an innovative, easy to use, and secure implementation a ‘validation and mapping’ method. All of the configuration is done through a GUI with wizard style dialogs reminiscent of IIS certificate-to-user account mapping. The solution preserves all of the cryptographic strength of the public key solution, adds convenient, well scaling, certificate-to-user account mapping options while eliminating the time consuming, error-prone, and potentially insecure setup.


4 Easy Steps for your Quick Start Server Setup!


Steps for One-to-One Mapping (Maps individual certificates to individual user accounts):


1.      Logon as Administrator to the computer running the SSH Server


2.      Install the root CA(s) and intermediate CA(s) for all certificates that will be used by the client software.


3.      Copy all certificates that you want to allow to be used for logon to a location accessible to the server (a local or network drive). Make sure you use .cer files for the server and PFX files for the client (you may have to perform separate export procedures for the .cer and PFX file).


4.      Run the GSW Certificate Mapping Tool and configure the ‘One-to-One’ digital certificate to user account mapping rules.



Steps for Many-to-One Mapping (Creates an association between multiple certificates and a user account):


1.      Logon as Administrator to the computer running the SSH Server.


2.      Install the root CA(s) and intermediate CA(s) for all certificates which will be used by the client software.


3.      Run the GSW Certificate Mapping Tool and configure the ‘Many-to-One’ digital certificate to user account mapping rules.


4.      Optional (but STRONGLY recommended): Use the GSW Certificate Mapping Tool to configure a Certificate Trust List.



GSW Reseller Le Consult Reaches 15 Years Selling Telnet Server for Windows

Georgia SoftWorks (GSW) thanks Germany’s Le Consult for 15 years of partnership as an authorized reseller of the GSW Telnet Server for Windows and SSH Server for Windows.

Since 2002, Le Consult has been an authorized reseller of the GSW Telnet Server for Windows and SSH Server for Windows. Located in Kamp-Lintfort, Germany, Le Consult provides businesses with reliable and flexible security options.

“Georgia SoftWorks is a perfect partner for doing professional business even across the Atlantic. Stable solutions with forward-looking development that fill the needs of small, medium and large enterprises in Europe. Thanks to the whole team of Georgia SoftWorks for the cooperation in the last fifteen years,” said Stephan Lemkens of LE Consult.

LE Consult customers primarily utilize the GSW telnet server in order to connect their handhelds to SAP. SAP users enjoy the GSW Universal Terminal Server (UTS) ease of operation as well as specialized features that include mobile printing and Session Monitoring to maximize the return on investment. The Georgia SoftWorks UTS is the industrial quality software foundation supporting the suite of GSW server products including the GSW Telnet Server, the GSW SSH Server for Windows, the Session Administrator and numerous remote access utilities. The UTS offers many features that will benefit SAP users. For example, in most instances the user will want SAPConsole to automatically launch when the SSH/Telnet session is connected. This is easily done via the GSW Logon Scripts.

f7ead-atlas_logo“We are proud to celebrate this 15 year milestone with Le Consult,” said Matt Kittrell of GSW. “Our reseller relationships are very important to us at GSW, and these long-term partnerships are a huge testament to both companies and the solutions that are being provided.”

Georgia SoftWorks is a software development company located in Dawsonville, GA, who has gained worldwide recognition for their development of the GSW Telnet Server for Windows and SSH Server for Windows. They have end users and resellers on every continent, except Antarctica.

“The Georgia SoftWorks Telnet Server for Windows has been designed and developed to meet the needs of commercial and industrial applications,” Le Consult states on their website. “For many years, the GSW Telnet Server has been the most stable and fastest solution for Windows and is therefore recommended by and for SAP.”

About Georgia SoftWorks:
Established in 1991, Georgia SoftWorks is a privately held software development company recognized for creating high performance data communications, system and telecommunications applications. Georgia SoftWorks has obtained a worldwide presence with its industrial SSH/Telnet Server for Microsoft Windows. GSW’s long-term commitment to SSH/Telnet has led to the pioneering of major features such as Session Shadowing, Session Monitoring, Graceful Termination, Automatic Logon, Logon Scripting and more recently Team Services technology which allows mobile device users to transfer, swap, share and recover mobile device sessions. GSW has also provided the very first SSH Server to provide Digital Certificate Authentication with Internet Information Server (IIS) like certificate to user account mapping. This includes ‘One-to-one’ and ‘Many-to-one’ mapping methods and also support certificate trust lists (CTL).