SSHLock

A safer and powerful alternative to traditional password-based access mechanisms.

SSHLock is a software security product that implements the innovative security concept described in : SSHLock: a secure access mechanism - A white paper, by Franck Porcher, PhD.

SSHLock mimics the key features found in real security access locks (eg. bank entries) to provide IT systems with a super-secure access mechanism called an "sshlock".

An sshlock is essentially a restricted pass-thru device between the outside world and the computer's content -two environments that should not be in direct contact with one another. It is secured at both ends by tight monitor and control access mechanisms, just like bank's security doors, designed to screen access requests and make unauthorized entries impossible.

SSHLock brings's a wealth of security features that turn your computers into impenetrable bastion hosts, providing a safe, easy and reliable access for authorized people while transparently defeating attackers' attempts to break in.

SSHLock is a powerful and desirable alternative to the vulnerable traditional password-based access mechanisms.

DOWNLOAD

Download SSHLock

Due to on-going transfer of our content distribution and back-end processing, our Downloading and Sales operations are momentarily suspended.

We are planing to resume full operation last quarter of 2017.

You are welcome to leave us your details below should you want to be personally notified when these services resume. In the event the you have no mailer configured within your machine, please email us directly at: Franckys.IT@gmail.com

SSHLock

What is it ?

SSHLock is an innovative security product, a safer and powerful alternative to "standard" SSH and password-based access mechanisms.

Designed to eliminate the threats posed by password mechanisms, SSHLock transparently upgrades computers into bastion hosts virtually impossible to break in and steal valuable content from.

SSHLock is not a repair kit aimed at fixing a compromised computer.

SSHLock is a preventive security product specifically designed to ensure your are not becoming the next cybercrime statistic, either as an individual or as a sysadmin in charge of your company's valuable IT systems.

 

How SSHLock protects you ?

Password attacks are the simplest and the most common means to break in IT systems. Unless we ourselves become a cybercrime victim, we may never know just how much of a problem malicious hacking is :

  • Over 27 million Americans have fallen victim to computer identity theft over the past five years.
  • Nearly three quarters of all Americans have fallen victim to some type of cybercrime.
  • Year 2008 alone saw an estimated one trillion dollars worth of intellectual property stolen as a result of cyber-criminals gaining access to confidential data stored on enterprise systems worldwide.

The main causes for this situation are the vulnerabilities that plague the traditional password-based authentication mechanism that still is today, by far, the most common way to access a computer :

  • Single point of failure
  • Use of weak cryptography

SSHLock protects you by removing these vulnerabilities and causing the problem to disappear !

 

How SSHLock works ?

SSHLock works by mocking-up thru software the key features found in real Security Access Locks (eg. bank entries) to provide IT systems with a super secure access mechanism called an "sshlock".

An "sshlock" (cf. diagram on the right) is essentially a restricted pass-thru device (i.e. a "buffer") between the outside world and the computer's content -two environments that should not be in direct contact with one another.

The "sshlock" (cf. diagram on the right) is secured at both ends by tight monitor and control access mechanisms designed to screen access requests and make unauthorized entries impossible (just like a bank's security doors).

 

Where & When to use SSHLock ?

As a safer and powerful alternative to traditional password-based access mechanisms, SSHLock is the ultimate secure access solution in countless situations where protecting investments is paramount.

The following are obvious scenarios where using SSHLock shines:

  • To protect your corporate servers (web, database, email, storage, load-balancers, firewalls...), for local and remote access.
  • To protect your computing resources in the Cloud (e.g. virtualized, shared or dedicated servers, for instance e-commerce solutions, web servers, databases servers). Though full access is generally granted by your provider via SSH, replacing SSH with SSHLock in this scenario will considerably increase the access security to your resources.
  • To protect your workstations, at home or at work.

 

 

Due to on-going transfer of our content distribution and back-end processing, our Downloading and Sales operations are momentarily suspended.

We are planing to resume full operation last quarter of 2017.

 
 

Available for

SSHLock's access mechanism
SSHLock's layered access architecture

Security Features

12 reasons to adopt SSHLock !

SSHLock installs a virtual Security Access Lock into your computer.

Its secure layered access architecture (see diagram on the left) is designed to remove all threats associated with password security attacks, making any attempt to break in your machines and steal your valuable content virtually impossible.

SSHLock brings the following security benefits out-of-the box :

  • It disables the vulnerable password-based authentication access mechanism.
  • It transparently upgrades your IT systems into bastion hosts virtually impossible to break in.
  • It enforces a unique point of passage into the system as a sophisticated and mandatory two-stage access mechanism based on independent SSH layers wotking cooperatively working in series.
  • It provides a restricted confinement set-up as a honey-pot to trap and reject unauthorized users.
  • It employs the strongest public-key cryptography available today, and removes the threats associated with weak passwords.
  • It eliminates the single point of failure associated with traditional password-based access mechanism.
  • It eliminates verification, the process by which an attacker can verify the validity of guessed / generated access keys.
  • Its layered access architecture protects the system's valuable system accounts from being directly exposed to the network.
  • The credentials required to access an SSHLock-protected system (two strong passphrase-protected cryptographic key-pairs; knowledge of the TCP/IP ports, sshlock account and command proxy used by the SSHLock service; knowledge of the enabled local accounts) are orders of magnitude stronger than that of the standard password-based authentication access mechanism – often a simple, weak password.

However, this extra security does not have to come at a cost.

SSHLock seamlessly integrates with your computing platform :

  • SSHLock is easy to install.
  • SSHLock supplies a complete user interface to administer all aspects of SSHLock, and as easy to use as that of SSH.
  • SSHLock supplies a pass-thru mode, a mechanism that makes it a breeze to automatically connect to an SSHLock-protected system, and specifically designed to hide the complexities of manually passing thru an sshlock.

Try it online !

And win your race against crackers !

We are working hard towards completing a live, online sandbox where you could play your mind installing and running SSHLock. However they are a few challenges on the path -- security and scalability for instance --  and it might just take us a little while more before this is completed.

In the midtime, there are a few acceptable substitutes:

  • Download the software for free and install it on your machine. Review the options, install keys, etc. This will already provide you with a good hands-on the SSHLock technology ;)
  • Buy and install a license, then enjoy a fully unbridled SSHLock engine !
  • Register to one of our seminars and get yourself fully acquainted with the SSHLock technology without any ties attached.

Available for

Try SSHLock online
Install  SSHLock

Install SSHLock

Is that enough tools ?

1. Download the SSHLock tarball

Pick-up the tarball that closely corresponds to your hardware platform (e.g. i386, x86_64) and your Operating System.
For example : sshlock-1.26-freebsd-x86_64-20161218-024039.tar.gz

2. Extract the SSHLock tarball

$ tar xvzf sshlock-1.26-freebsd-x86_64-20161218-024039.tar.gz

3. Check the integrity of the SSHLock software

$ cd sshlock
$ ./INSTALL.sh -c

The SSHLock software installer will report to you if there is some incompleteness regarding your software distribution (e.g. missing Unix commands) or an OS mismatch.

4. Install the SSHLock software

$ cd sshlock
$ sudo ./INSTALL.sh

Upon a successful SSHLock software installation, you can safely remove the directory where you extracted the SSHLock tarball.

Running SSHLock

Like 2+2... well, almost !

1. Review the SSHLock usage

$ cd ~
$ sshlock -h

2. SSHLock' your machine

$ cd ~
$ sudo sshlock -C \
               -N "public.DNS.name.of.this.machine" \
               [-p custom-port] \
               [-u custom-sshlock-accountname] \
               [-w custom-cmdproxy-name]

3. Install your cryptographic keys to allow SSHLock to grant you access

$ sudo sshlock \
          -i $my_identity \
          -K $my_ED25519_public_key_file \
          -k local-account \
          -P $passphrase

4. Install your SSHLock Product License(s)

To buy your SSHLock Product License, please see "License" below.

Once your transaction is completed, you will receive an email to invite you to proceed with installing the SSHLock Product Licenses you just bought on your machines (SSHLock licenses never expire. You need one license per machine to protect).

We have worked hard to make the process of installing SSHLock Product Licenses as simple and transparent as possible. The email you will receive will include a master-code. To install an SSHLock license on a machine, given you already have installed the SSHLock software, simply start SSHLock on the machine and provide the email address that was used for buying the licenses as well as the master-code as shown below (the "," between the email address and the master-code is mandatory):

$ sudo sshlock -S -L "email@address,master-code"

To review the SSHLock Product License on a given machine, simply run the following command:

$ sudo sshlock -S -P

Please let us know of any concern you may have, or any difficulty you may experience in installing and using SSHLock. We can help you in several different ways!

Enable SSHLock to start automatically

$ sudo sshlock -I

Harden SSHLock (if you are paranoid as I am)

$ sudo sshlock -H

Uninstalling SSHLock

$ sudo sshlock-installer -u
Running SSHLock
Licensing SSHLock

Product Licenses

Can't you simply give it to me ?

As a young and independant software engineering company specialized in releasing high quality innovative software products, the product licenses you buy from us are our only source of income to recoup our investment and to keep going with what we love to do best.

The price of our software products is set reasonably low so anyone genuinely interested can afford it. You need a single SSHLock Product License per machine you want to protect with SSHLock. SSHLock licenses never expire, and can easily be transfered from a machine to another, or reinstated upon a platform software reinstallation.

Our general policy is to turn all our products into Open-Source software once we have recouped our initial investment (plus a little bonus to help us fund our next products). To remain absolutely independant, we refuse any kind of sponsorship : as individuals and corporate IT sysadmins, you are our only sponsors!

Some companies fund their work by maintaining two versions of their products, usually a full-featured commercial version and a free downgraded Open-Source version. We dislike the ethics behind the idea : not only does this cost more resources to produce and maintain without any added value (someone has to pay for this extra work somehow, usually you ;) ), but we believe it also fuels the "caste war", something we oppose.

When SSHLock becomes open source, hopefully in a year or two, maybe sooner, everyone will have free access to the full-version at no cost.

I am convinced. Please take me where I can buy a SSHLock Product License.

Terms of Use

The "Terms of Use" pertaining to the use of the SSHLock software product are consigned in the file "LICENSE" that comes bundled with the software. Though we have kept it simple and really short (no salmigondis here), we still recommend you spend a few minutes to read it.

Buy SSHLock

Thank you !

Paying with PayPal is secure and fast. PayPal is the number one, most secure and most renowned solution for securely buying on line.

Buying with PayPal is easy : you buy online from millions of websites from 200+ countries all around the globe, using your choice of PayPal payment at checkout : your bank account, your credit card, your Visa Debit card, or your PayPal balance.

Paying with PayPal is secure : you log in to shop online with just your email and password. You can forget entering all your credit card numbers and leave these precious credentials behind you. PayPal never shares your financial information with merchants.

Using PayPal is free to you. The seller is the one charged to securely handle your payment.

Shopping with PayPal is safe : PayPal protects your eligible purchases, so if an eligible item doesn’t show up, or turns out to be different than described, we’ll help sort things out with the seller.

Modus Operandi

  • Please carefully choose the email address you will be using. It will serve us to uniquely identify you as a customer. We will use it to send you a receipt for your purchase as well as the master-code to retrieve your licenses from our SAM-server.
  • Please carefully choose the number of licenses you need. It is always possible to buy more later. As long as you use the same email address, you are the same customer to us!
  • When you are ready, simply click the "Buy Now" button associated with your selection. You will have the option to cancel your sale.
  • This will take you to PayPal Front-End Processing to handle the financial transaction for us.
  • When the transaction completes, you will receive two emails. One to send you a receipt for your purchase. The second to send you the master-code you need to retrieve your licenses from our SAM-server.
  • When you reach that stage, please refer here to install your licenses on your machines

Privacy

During the whole process, we never have access to any of your banking or financial details.

Because we respect you privacy, we are not asking personal details. The only information we need from you is your email, which we use as a Client ID to send you important details regarding your purchase and the installation of your licenses on your machines. Your email is private data and we commit ourselves to never use, sell or redistribute it in any form.

 
 

Pricing

Number of licenses Discount Unit Price (USD) Bundle Price (USD) PayPal fast and secure
1 29 USD 29 USD Buying this item is momentarily suspended
3 5% 28 USD 83 USD Buying this item is momentarily suspended
5 12% 25 USD 125 USD Buying this item is momentarily suspended
10 20% 23 USD 230 USD Buying this item is momentarily suspended
50 30% 20 USD 1000 USD Buying this item is momentarily suspended
>50 For bulk quantity (more than 50 licenses), you are welcome to contact us directly at: Franckys.IT@gmail.com

Buying SSHLock
SSHLock's support

Technical support

You're really sure you need help ?

Our engineers team is committed to help you with your particular situation, your needs, or with any difficulty you may encounter in installing or using SSHLock.

When it comes to value for money, we believe the best support you will get from us will come from enrolling into our dedicated live, online SSHLock seminars.

However, we are open to consider any form of custom technical support you feel will support you better, for instance -- but not limited to :

  • Degressive flat rate support including a given number of incidents (tickets).
  • Monthly unlimited support.
  • Yearly unlimited support.
  • Unlimited support, over time and in number of incidents.
  • Custom development of extra features.
  • Support of your hardware platform.
  • Travel to your branches anywhere in the world to assist in deploying SSHLock and providing in-house training.
  • ...

Should you prefer to receive a customized support plan to match your agenda, you are most welcome to contact us by email and provide us with a preliminary description of your needs (please refer to our email address in the footer below). We will follow-up with appointment suggestions for a video conference to discuss them further.

Online seminars

Let's get together !

A great experience.

As an integral part of our support offer, our live, online seminars are, by far, the best and most casual way to get your hands on SSHLock technology and gain invaluable knowledge and Case-Based experience in learning, setting it up, and using it.

Experience one of the most user-friendly video-conference platform, and engage with our high-tech, easy going IT engineers to master the ins and outs of this innovative security technology from the comfort of your home or your workplace. Save money and time by reducing travel, while retaining the benefits of face-to-face exchange.

You will have the opportunity to try SSHLock in a real situation, to meet technical people from around the world who are sharing the same paramount concern for IT security, and to exchange your valuable knowledge while gaining from others' experience in setting and using SSHLock.

Flexible settings.

Our SSHLock online seminars are two-hours long, and limited to ten persons in order to maximize your experience. All registrants participate in the same video-conference using the device of their choice :  a desktop computer, a laptop, a tablet or even a mobile phone. The simplicity of use remains the same regardless of the device, offering unprecedented possibilities concerning interaction and data sharing to all.

Our schedules are never pre-set, but dynamically configured to best arrange everyone's agenda, including out-of business hours, week-ends and holidays.

Quality training.

Most our seminars will be lead by SSHLock's team leader, computer scientist Dr. Franck Porcher, PhD., and author of the SSHLock innovative concept. Dr. Franck Porcher has proudly accumulated thousands of hours of professional training and teaching IT courses in an University's master degree during the last twenty years.

Program

We offer two different seminars to accomodate most needs.

1. Hands-On SSHLock

Goal
The goal of this seminar is to acquaint you with the SSHLock technology and show you hands-on how to install it and run it in a real situation. Every option of the software will be presented and discussed. We strive to provide you with clear, complete, practical knowledge and information.
Your benefit
You will feel utterly confident in further installing and running SSHLock on any of your machines, at home or at work.
Audience
This seminar is open to anyone interested in gaining knowledge about the SSHLock technology. There are no ties attached: you don't have to buy SSHLock to participate. Simply register and you are in!
Prerequisites
You will maximize your output if you have had time to read our seminal paper (above) and feel comfortable with it.
Language
We are bilingual. The talk will be given in English (US) or in French (France) at the discretion of the participants.
Description
  • Introduction to the SSHLock technology.
  • Presentation of the SSHLock software bundle, and where to download it.
  • Choosing the right SSHLock tarball (software distribution), and downloading it.
  • Installing the software.
  • Understanding how the software works and how it grants access: OpenSSH, identities and public crypto-keys.
  • Reviewing SSHLock various options.
  • Generating and installing crypto-keys.
  • Understanding SSHLock's simple licensing concept.
  • Getting and installing a SSHLock license.
  • Starting SSHLock, and manually connecting to an SSLocked-machine.
  • Using SSHLock pass-thru mode for ease of use.
  • Hardening and Auto-Start.
  • Questions and Answers.

2. Support and TroubleShooting SSHLock

Goal
The goal of this seminar is to address, review and solve face-to-face, case-by-case, all the difficulties brought to the seminar by the attendants in their day-to-day use of the SSHLock technology.
As experts in our own software, we will strive to provide each attendant with a satisfactory resolution, presenting clear, complete, practical knowledge and information.
Your benefit
Not only will you have your particular situation reviewed and possibly resolved on the spot, you will also gain a lot of knowledge and experience in assisting in the resolution of the problems of other participants.
Audience
If you have deployed SSHLock on your machines and you are facing some difficulties in making it install or run as expected, or you have particular needs to fullfill that the standard SSHLock version does not address out-of-the box, then this is the right seminar to attend.
Apart from that, everyone is welcome to attend. Each seminar will certainly bring its own lot of shared knowledge and experience, much like a workshop.
Prerequisites
You will maximize your output if you have already acquainted yourself with the SSHLock technology. In any case, having read our seminal paper (above) and feeling comfortable with it is a plus.
Language
We are bilingual. The talk will be given in English (US) or in French (France) at the discretion of the participants.
Description
  • Tour de table of the difficulties encountered by each participant.
  • Real-time proposal of a problem resolution order.
  • Review and resolution of each participant's problem, as per the order agreed upon above.
  • Questions and Answers.

Pricing.

69 USD per participant, per seminar.

How to register ?

  • 1. Choose the seminar you wish to attend, between "Hands-On SSHLock" or "Support and TroubleShooting SSHLock"
  • 2. Buy a ticket below, and make sure to provide valid details, which we will use to further communicate with you.

Upon receiving your registration, we will contact you to propose you a range of possible dates to choose from.

Thank you!

Buy a seminar ticket

SSHLock's live seminars
FAQ

FAQ

Any questions ?

This section will fill-in as need arise.

Reporting BUGS

Do they really bite ?

Despite our genuine dedication to produce bullet-proof high-quality code, and the necessary time we take to extensively testing it, there is always the possibility of some hidden issues, hopefully minor.

Before reporting a problem, please make sure you have consulted our FAQ and have not found any satisfactory solution to your problem.

To report to us what you believe to be a dysfunctional behavior, please run the following code and send us the resulting file at our email contact below (see footer). We will analyze the situation and get back to you.

$
$ {
$   uname -a;
$   id -u ; id -un;
$   ls -l /etc/sshlock.conf;
$   cat /etc/sshlock.conf;
$   sshlock -V;
$   sudo sshlock -dPslTc
$  } &> "/tmp/sshlock-bugreport-$(date "+%Y%m%d%-H%M%S-%z-%s")"
$

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Reporting bugs