An SSH server, cdssshd, is included with the firewall. This can be configured like a regular TCP proxy, except that the relay server field should be left blank. cdssshd is an independent implementation by CEQURUX Technologies of a subset of the SSH protocol, and is not subject to the licence restrictions of the F-Secure SSH implementation.
You will need to install the client's public key on the firewall. This is usually stored in ~/.ssh/identity.pub on the client side machine. This key must be installed as an RSA key for the trusted friend using the Windows remote key admin program, or by installing it on the firewall and adding it to the key database with the command:
addkey -t rsa -u friendID -i filename
You can then use a normal SSH client program to connect with a command line of the form:
ssh -P -c blowfish -l friendID firewallIP
You must instruct your SSH client to use Blowfish or triple-DES encryption, and RSA authentication. cdssshd does not currently support other encryption or authentication methods.
Note that this server will not work in the USA, where the RSA digital signature algorithm is protected by a patent. This restriction will fall away in September 2000.