OpenSSH can seem like a great idea when considering security options for networked devices. Open source secure shell alternatives are widely used, readily available, and best of all, they’re free!
But are they, really?
Mocana NanoSSH is specifically developed for embedded devices. At first glance, choosing between “free” and “something I have to pay for” can seem like an easy choice, but in reality, “free” can wind up costing you much, much more in the long run.
Some challenges of using OpenSSH in non-PC environments include:
Portability - OpenSSH was designed for desktop systems, and it was never designed to be “slim”. OpenSSH contains redundant code, resulting in a product often too bulky for memory-constrained devices. Porting can take days, or even weeks, to adapt the code to networked device platforms.
Maintenance - OpenSSH is a socket/stream interface that needs to hook directly into the open source function calls. With any new release, Open SSH needs to be re-coded, requiring further costly development time.
Security – An engineer without extensive crytpo experience can inadvertently create new holes and vulnerabilities in the application they are attempting to secure. Additionally, OpenSSH has a history of security implementation flaws; some that go many months before being fixed.
Quality – Open source code quality varies from project to project, and none of the projects integrate best-practices QA procedures. It’s strictly “use at your own risk”. That means when you’re integrating open source code into your commercial product, you don’t only have to test and debug your own code, you have to test and debug theirs as well.
Support - As a voluntary project, OpenSSH relies on mailing lists to take the place of professional documentation and support. When something goes wrong, there’s no one to call. You post a question in a forum, and then hope someone posts an answer.
In comparison, NanoSSH addresses these issues in a fast, lightweight package that is high on performance and incredibly easy to install.
NanoSSH was specifically designed and optimized for memory-constrained devices -- it has a considerably smaller footprint, and doesn’t require extensive adaptation to a non-PC environment.
NanoSSH’s API-based foundation is backwards compatible, and requires no time-consuming, repeated integration.
NanoSSH's accelerated SSH throughput typically performs 4x better than open source SSH.
NanoSSH is available off the shelf for dozens of operating systems, and with our clear documentation, NanoSSH can be ported to new OS’s in under two hours. NanoSSH’s optimized SSH can even run without an RTOS.
Mocana's developer support team is available 24/7/365 to answer any questions regarding SSH encryption, general device security design, or any product within the Mocana device security framework.
All of Mocana’s security products are continually monitored by our engineers – in the event that an issue arises that affects integrity, Mocana notifies customers, releases a patch, and will even send an entire new library, if needed – typically within hours.
When time, effort, and ongoing maintenance are factored in, NanoSSH has a demonstrably lower total cost of ownership than OpenSSH. It’s also much faster, much smaller, and much easier to deal with overall.
