In my spare time I remotely support my wife's office via VPN into a Windows Server. I am about to purchase a wireless broadband service which doesn't support VPN.
I don't want to open up the remote desktop ports directly, and I would like to set up an SSH tunnel into the network, and if necessary then VPN over the top of that.
What is the best windows SSH Server implementation to use on a Windows 2003 Server, or should I just be using sshwindows?
We've been using Bitvise WinSSHD for a few years now and have been very happy with it. It's free for "Non-Commercial/Personal" use, but even the for-pay version is not terribly expensive. It's nice because it's designed specifically for Windows and supports just about any type of authentication you would throw at it (AD, Kerberos, self-contained user db, etc). Installation and Upgrades are a breeze. Initial config has a nice GUI and I believe most of the config is also scriptable as well. Their site gives a more complete feature list.
*Edit: Looks like Bitvise decided to rename the product to Bitvise SSH Server
I have been evaluating KpyM SSH Server and it looks pretty good and is BSD-licensed with source. It is based on cryptlib fundementally and creates a Window Station for each session which is why it is one of the few open source SSH solutions that works correctly with PowerShell.
We have been using OpenSSH compiled for Interix/SFU/SUA for the last several years. The downside is that OpenSSH doesn't play all that nicely with PowerShell which is an annoyance and it requires the full POSIX subsystem from Services for Unix 3.5 or the Subsystem for Unix Applications (Win2k3 R2 and later).
Years ago we used to use Vandyke and it worked well.
Bitvise WinSSHD is very nice. Supports aes256 and aes128 out of the box. It is not open source but it is free (with AD integration crippled) for personal use and very reasonable $100 USD per server for commercial use. Can be configured to use powershell as the default shell and powershell works correctly. WinSSHD has very granular configuration per-account and per-group and per client IP and per client DNS. There are logon and logoff actions that can be configured per account or group. Supports OpenSSH public key files. Exposes an automation API. Write logs to the Windows event log and/or text file. Still has a small and light service process.
I would use the one from cygwin.
This is not directly answering your question, but I think that SSL is as secure as SSH and you could also use stunnel or socat ( http://www.dest-unreach.org/socat/ ) to open a certifacte-authenticated ssl-encrypted port for remote desktop. Socat would authenticate using ssl client certificates and forward the traffice towards the rdp port. On your machine you would do the same in reverse. The man page has samples for this and socat is available for windows
One option is OpenSSH for Windows:
OpenSSH for Windows is a free package that installs a minimal OpenSSH server and client utilities in the Cygwin package without needing the full Cygwin installation.
The OpenSSH for Windows package provides full SSH/SCP/SFTP support. SSH terminal support provides a familiar Windows Command prompt, while retaining Unix/Cygwin-style paths for SCP and SFTP.
I have always had good experiences with Van Dyke's software (they make IMO the best Windows SSH client). For Windows SSH server use, they have what they call VShell Server.
Personally, I'd avoid the Cygwin variants. I've had problems with OpenSSH running as a service blocking windows updates. Fine for non-production servers, but not something you want to rely on for your remote access solution if you're trying to apply those very updates.
I have found FortressSSH to be a fast and reliable solution. They have even been through Microsoft certification for Windows
