ZOC Terminal is a professional and feature-rich SSH client SSH Client for Windows and macOS which lets you access servers using the secure and powerful SSH protocol (also called secure-shell).


SSH related features:
  • Based on semi industry stanard OpenSSH
  • Client supports ciphers like ED25519 and AES-256CTR
  • Password, public key or keyboard interactive authentication
  • Port forwarding (tunneling of connections)
  • Dynamic port forwarding
  • X11 forwarding
  • Proxy support
  • SSH Agent forwarding between client and server
  • Client side SSH key generator
  • SSH Keep-Alive
  • SSH client protocol versions 1 and 2


Other features:
  • Supports Windows 7/8/10 and macOS Sierra
  • Multiple sessions in tabbed window
  • Secure telnet data transfer via SSL
  • Scripting and recording of SSH sessions
  • Powerful scripting language with screen-scrape ability
  • Small memory footprint (RAM and hard drive)
  • Administrator friendly with easy deployment
More...

ZOC Terminal Emulation Screenshots
Read more about our ZOC terminal emulator, check its extensive list of features and terminal emulations (e.g. xterm, VT220, TN3270, ...) or look at ZOC's screenshots.

Or just go ahead and try it. Start your free 30 days of evaluation today and download ZOC Terminal V7.15.2 now.


(The program offers easy and complete
uninstall in case you are not convinced
by the trial.)


     Glossary: SSH Client

Secure Shell (SSH) is a cryptographic protocol that securely transports data over an unsecured network. As the name suggests, its main purpose is to establish a secure connection to a remote shell account.

The SSH client is the software, which the user runs on his local computer to connect to the remote server. Once connected, the ssh-client enables the user to enter commands and perform tasks through the shell of the remote computer.

The Need for an Encrypting Shell Client

When you're working with client/server computing, a general terminal or a terminal emulator is used to send and receive data from the host. Because of this, the terminal or the PC that is running a terminal emulator needs to somehow be connected to the server or mainframe computer.

There are several different methods that can be used to connect the two, but in the past, the most commonly used method of connecting a terminal to a server over a network was Telnet.

Unencrypted transmission via Telnet however presents a serious security risk today, because anybody on the network with some knowledge and tools can monitor the data exchange - even down to details like usernames, passwords.

Because of the ever-increasing demand for security, the SSH (Secure Shell) protocol was developed. SSH uses advanced encryption technology to encrypt every single piece of communication between the client (called SSH client) and the server. Should an unauthorized third party be able to intercept traffic somewhere along the communication path, they will see nothing but completely useless data.

Technical SSH Basics

The basics of the SSH protocol are laid out in RTF 4253. The document describes SSH as a secure transport protocol that provides strong encryption, cryptographic host authentication, and integrity protection.

Or, as RFC 4253 states in its intro:

The Secure Shell (SSH) is a protocol for secure remote login and other secure network services over an insecure network.

This document describes the SSH transport layer protocol, which typically runs on top of TCP/IP. The protocol can be used as a basis for a number of secure network services. It provides strong encryption, server authentication, and integrity protection. It may also provide compression.

Key exchange method, public key algorithm, symmetric encryption algorithm, message authentication algorithm, and hash algorithm are all negotiated.

This document also describes the Diffie-Hellman key exchange method and the minimal set of algorithms that are needed to implement the SSH transport layer protocol.

It hence defines ways to create a shared encryption key in the possible presence of a listener, host and user authentication methods (i.e. ways in which users and server can prove that they are who they claim to be), and possible data compression to more effectively transmit data.

An especially challenging part of encrypting such communication, is the need to negotiation a shared secret (an encryptino key) over a channel that might already be monitored. SSH answers this challenge through the initial key exchange phase of the connection using the older Diffie-Hellman kex method. Never versions now also support ED25519 elliptic curve kex. It is a specific implementation of the Edwards-curve Digital Signature Algorithm (EdDSA), which itself is a variant of Schnorr's signature system with Twisted Edwards curves (math heavy details can be found in the upcoming IETF standard for ED25519.

Symmetrical Encryption

Symmetrical encryption is a type of encryption where a key can be used to encrypt messages to the other party, and also to decrypt the messages received from the other participant. What makes the encryption symmetric the fact that the same key is used for encryption and decryption.

Symmetric encryption usually requires little computing power and is hence used to encrypt larger blocks of data. With SSH, it is used to encrypt the whole data stream.

Asymmetrical (Public/Private Key) Encryption

Asymmetrical encryption differs from symmetrical encryption in the fact that two different keys are used. One (any) of those two is used to encrypt the data and then the other is used to decrypt it. The benefit of this technique is that one party can give the other party a key to encrypt messages to you, but anyone knowing that key will still not be able to decrypt the message again. Such a key is called the public key. The other key, which is not shared and which is then used to decrypt the data block is called the private key.

This also works in the other direction. Data that was encrypted using the private key can only be decrypted using the public key. With SSH this fact can be used to prove identity. If a message is decryptable using the public key, it proves that whoever encrypted the message, is in possession of the private key.

Key Exchange

An especially challenging part of encrypting such communication, is the need to negotiate a shared secret (an encryptino key) over a channel that might already be monitored by a third party.

Think of the problem as such: You need to agree with someone else on a password, but you can only talk to each other about it in the presence of an enemy.

SSH answers this challenge through the initial key exchange phase of the connection using the older Diffie-Hellman kex method. Newer versions now also support ED25519 elliptic curve kex. It is a specific implementation of the Edwards-curve Digital Signature Algorithm (EdDSA), which itself is a variant of Schnorr's signature system with Twisted Edwards curves (math heavy details can be found in the upcoming IETF standard for ED25519.

SSH Client Features and Requirements

In other words, there are many benefits to using a SSH client. On top of the encryption of the data transfer and secure key exchange, the SSH protocol also offers verification that you are connected to the correct computer.

This may seem surprising, but it makes perfect sense. Keep in mind that if somebody were able to control any part of the communication path, they could actually reroute the traffic to another computer. This could then play the role of the computer which you actually wanted to connect to (this is called a man-in-the-middle attack), and could either display fake data or obtain information from the client computer. A feature called known_hosts can prevent this.

A SSH client should also support a variety authentication methods. These include username/password, public/private key, and various custom formats. The latter might include a system where the server could obtain information that only the authorized users know, e.g. by using a SecurID card or by sending an access code to the user's mobile phone.

To be able to connect to various different servers, the ssh client it has to support latest key exchange and encryption protocols, because what seemed unbreakable five years ago, is considered less so today. Most server continually switch to more advanced encryption methods, ssh clients need to support these as well.

Other typical must have features for a ssh client would be:

  • ED25519, ECDSA, RSA and DSA public key authentication
  • Port forwarding (tunneling connections from client to server through the ssh channel)
  • Dynamic port forwarding (SOCKS like)
  • Connection through proxy
  • SFTP file transfer
  • X11 forwarding (allows to run x-windows programs on the remote server)
  • PKCS#11 authentication (this allows authentication through hardware, e.g. smart cards)
  • UTF8 support in terminal emulation

Port-Forwarding:
An important part of the secure shell protocol is a feature called port-forwarding. This feature allows the user to create a connection from the client computer to the server network, which can be used by other programs and where all the connection data is encrypted. This feature is sometimes called tunneling.

Dynamic Port-Forwarding:
The standard port-forwarding feature requires the client to set up the tunnel source port and destination before making the connection. With dynamic port forwarding however, the ssh client sets up a listening port (as with normal port fowarding), but when a program connects to the port, it can tell the ssh client which host and port it wants to be connected with.

SSH Connection via Proxy
In some environments, end user computers are not allowed to access the outside internet directly. In those cases, connection and data exchange is made by way of a ssh proxy which handles the actual connection to the outside network (internet).

X11 Forwarding
X11 is a communication protocol which allows a remote computer to run programs with a graphical user interface on a remote computer. SSH supports a way to tunnel this type of communication between ssh client, thus allowing the user to run X11 software on the server and see the ouput on his computer.

ZOC Terminal, a Modern SSH Client

However, SSH only covers the actual transmission of data between the client and server. But the secure shell client is usually a terminal emulator, i.e. a software that allows a remote computer to receive keyboard input from, and send formatted text (color, cursor placement, etc.) to the user's computer.

Obviously, the client still needs to be able to perform the functions of a terminal emulator (supporting various terminal emulations), but also extra functions like printing, logging, script-automation and so on.

Together with ssh features like latest encryption and public key authentication, port forwarding, tunneling, smart card authentication, etc. this makes ZOC the ideal SSH client.

ZOC Terminal Download

Read more about our SSH client ZOC, check its feature list, look at our ssh client screenshots or start your free 30 days of evaluation today and download ZOC Terminal V7.15.2 now.

DOWNLOAD
ZOC for Windows