Slashdot Mirror
SSH Secure Services on Windows 2K/XP?
jstockdale asks: "Lately I've been working on the security of the few Windows boxes I administer, specifically XP and 2000 stations. I havn't had much of a problem finding decent solutions for file/email/disk encryption (besides the fact that PGP is no longer selling their products), or for smartcard or smartcard+biometric solutions (besides the limitations on key size (2048-bit RSA maximum) and flexability). However when it comes to SSH services for remote administration, windows filesharing, and SFTP for file transfers I have hit a dead end. I have looked into SSH but their SSH for Windows Servers only runs on 2000, and costs $565. I ask what solutions have /.er's found in the realm of ssh network encryption, and also in integrating all these components simply and effectively."
Works just dandy
cygwin
"Survival of the fittest Max, and we've got the fucking gun!" - Pi
www.cygwin.com
Please use [ informative / summarizing ] SUBJECT LINES
Flame me here
openssh works fine under cygwin. that is what we use.
Non impediti ratione cogitationis.
You can get Putty here: http://www.chiark.greenend.org.uk/~sgtatham/putty/ .
http://www.vandyke.com/products/vshell/
Non, je ne veux pas coucher avec toi ce soir.
If you need what SSH provides, buy the damn thing and get it over with. You'd spend a helluva lot more than 10 hours getting something else working - or even just looking for something else.
I've been running a Bitvise WinSSHD server for a while and it works just fine. Integrates with the Windows login also, which is a nice plus. Easy to install, configure, and use.
I installed cygwin on my PC at work a couple of weeks ago (after the /. article). SSH client and server both work fine.
What's wrong with cygwin?
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
I don't know if Cygwin opens other security holes in windows. Haven't heard anything about it.
It has Apache, MySQL, Postgres...
XFree86... bunch of stuff.
Please use [ informative / summarizing ] SUBJECT LINES
Flame me here
My question is sort of off-topic, but I don't really know where to ask it: Where is the Windows programming community? How do Windows programmers get their information and help? I am familiar with how to get information for *nix programming: just search the web, look up the manpages, and post questions on the mailing lists/newsgroups. But I have a hell of a time writing Windows programs because I can't seem to find the mutual support network that is so common in the *nix world.
Like everyone says, cygwin is the winner.
You might want to check here for some hints on installation. (In addition to the user guide and readmes of course).
You may want to have a look at vandyke.com; their VShell SSH server has a 'personal' edition which works very well for systems management and is cheaper than the SSH product. I've used their products for years on the server as well as client-side, and found them very reliable, as well as very well-behaved Windows services...
There's lots of options available for SSH on Win32, a simple Google search turns them up. Specifically there's a free zipfile out there called ssh-win32.zip that contains a basic SSH terminal that works well. There's also GPL port-attempts of the unix commandline ssh tools, some of which work ok. In the cheapware/shareware category there's stuff like SecureCRT and F-Secure SSH. The list goes on and on... apparently some people like PuTTY.
11*43+456^2
Search the web, look up things in the MSDN Library, and post questions on the mailing lists/newsgroups. =)
Rather than some *cough* *cough*....I wish to actually try to provide some help. I've been using Remotely Anywhere for remote administration of my win2k network. It does a lot more than it sounds like you're asking for, but it is extremely useful and runs an ssh server. It is relatively cheap, but not free. Website
According the the link provided:
SSH Secure Shell for Windows Servers provides strong Secure Shell version 2 connectivity, encryption and authentication for servers running Windows NT 4.0, 2000 and XP.
CuteFTP pro has excellent very good Sftp cababilities, I use it all the time between work and home.
Works fine for win2k, XP, and is cheap to buy.
______
Jaylen
As a few people have mentioned OpenSSH is supported on Windows via CygWin. What hasn't been mentioned is that OpenSSH supports smartcards through the use of libsectok. I use it with Schlumberger Cyberflex Access cards.
I don't know whether libsectok has been built on Windows before, but it uses the standard /dev/tty interface so it should be too difficult to get working.
Although, I have had problems that if you try and resize the rxvt it stops responding, and stupid Windows doesn't kill the children if you kill the rxvt so you end up with dead processes hanging around if you're not careful, but in principle it all works fine. ssh, scp, the lot. It all interoperates with Unix beautifully.
In unison, now: "Windows Security" : ....
There is a freeware windows scp program callled, not surprisingly, winscp. It is freeware and uses some code from Putty. Everyone I know has found this program very useful. Main web page: http://winscp.vse.cz/eng/ and download here: http://winscp.vse.cz/eng/download.php I found version 2.0 to be quite stable even though it is called beta.
this guy packages openssh and cygwin hooks into one installer, we use it for all kinds of admin.
My unit recently started using the SSH product and had issues with it. When SFTP'ing files from our windows boxes to our *nix servers random sections of text files would mysteriously dissapear. Also the term client has been flaky for me, when I'm in emacs (my editor of choice) and I backscroll it will occasionally insert random sections of my backscroll into my emacs buffer... So if you go with SSH for Windows clients, watch your text ftp's and save before you scroll up ;)
They who would give up an essential liberty for temporary security, deserve neither liberty nor security
OpenSSH on Cygwin. It's free. I'm not sure if Cygwin provides enough unixy hooks to support sftp, but I'd imagine it does...
putty is a nobrainer to install and use and now does tunneling.
:-)
ssh under cygwin is also fine.
It's not really a difficult problem, unless you are looking for a good product that you actually have to pay for.
If you're looking for fingerprint login that integrates well with Win2k, check into the DigitalPersona U.are.U stuff.
I have their inexpensive "UareU Pro" system, and it works great for (literally) one-touch Win2k logins. You can integrate it with your domain server to make fingerprint logins universal, but even just on a local workstation, it works fine.
Unfortunately, zero Linux support.
You can use the fingerprint biometrics for an encrypted virtual drive with additional software, but without any documentation or peer review of their encrypted storage, it's impossible to evaluate their security.
This is slightly off topic, but I'm curious as to why you went with 3rd party solutions for encryption and smartcard support instead of using Windows Server, which has those capabilities built in. Mostly I'm curious about the limitations of Windows Server products (this is not a troll, and I'm not interested in flames about M$).
I always thought of PGP as a personal resource, not something capable of effectively encrypting entire network environments. Why do you choose not to use the EFS capabilities of Windows, which, to my knowledge, are very secure and transparent to the user (provided (s)he has permission to decrypt).
The same question applies to Smartcard technology. Windows supports the PKINIT protocol, RSA and CryptoAPI etc. You can install Certificate Authority software as part of your install. Why specifically go with cryptoflex?
And specifically regarding your SSH question, it's not SSH but Windows Server supports Remote Access services via which you could set up a VPN and have a secure connection to the company servers.
Please share your knowledge.
Last time I had a Windows problem, I did look on the net (DejaNews). What I found were that several other people had the same problem, but nobody had posted a solution.
Maybe this was because there was no solution!
www.networksimplicity.com
It's just OpenSSH ported using cygwin, but it's meant to be installed on machines without cygwin, and it is really easy.
Then setup TightVNC for remote access. You can make ssh tunnel any connection so you can send VNC through ssh.
-matt
Try this link -
http://www.freessh.org/windows.html
I have been using the ssh server by Network Simplicity and it works fine.
Horn_Dog
For the server side use SSH from cygwin and for the client side I really like TTSSH as an extension to Teraterm. It also looks like there is now a TTX SSL and an SSL OTP available too. By the way, all of these have source available.
The RDP protocol is encrypted by default.
I'm guessing that your point was that there are fewer servers than clients, but you have to realise that you don't know what he does for a living.
I personally work to support a network of thousands of Linux and Windows servers. Definitly more servers than clients owned by us.
You can run both CMD and bash via OpenSSH on Windows with Cygwin. It works reliably, and there's quite a few useful command line utilities for the newer versions of windows (2000, XP), especially if you grab the resource kits. However, if you have the bandwidth (and hopefully you do) why not run terminal services?
In my opinion the best places to find out information about Microsoft technologies and products are
PS: So this post isn't offtopic I'll add something about SSH. OpenSSH in Windows is possible if one installs Cygwin.
While attending a security session put on by the SANS institute, they had a REALLY cool solution for protecting machine to machine communication in an 'unsafe' network environment.
They used a feature of IPSEC that didn't encrypt the packets, but CRC'd them anyway. Then they configured the machines that were supposed to listen to the outside world (Business logic servers/ database servers) to punt all packets that didn't have an IPSEC crc on 'em.
The system does the decoding at IIRC the 2nd or 3rd layer, using some very efficient code Microsoft got from Cisco. The teacher reported pounding on a laptop on a 100mbit segment with 6 orther attacking computers and the laptop registered about 12% utilization whil punting illegal packets.
"Draco dormiens nunquam titillandus."
Now that Microsoft has woken up to the need for improved security it is imperative that they should have SSH as an integral part of .NET Server and back-port it, Security Configurator and Analysis-style, to W2K Server and NT4 Server.
SSH, SFTP and SCP would be wonderful tools to have. Just yank out Telnet, yank out IIS FTP Server and so forth and put this in instead. Terminal Services is fine and all but sometimes you need to do remote file transfers. The current alternatives MS provides are just not any good.
Knowledge is power. Knowledge shared is power multiplied.
I've been using Network Simplicity's Openssh package to admin several win2k servers, plus tunneling for VNC. Works ace, no compliants. One thing, VNC gets kind of fussy about connecting to localhost ports that are tunneled, it requires a little tweaking on the server (WinVNC) side to make it work (you need to add a localloopback key). There's a registry hack that allows it, details on ORL's VNC site. Tunneling Terminal Server works without any modifications.
-- Bird in the Bush: The Renewable Energy Blog http://www.birdinthebush.org
You possibly are approaching this problem in a "like UNIX" sort of way, however security on Windows system depends more on all encompassing technologies like L2TP or IPSec: Take a look at IPSec. It separates encryption and payload integrity from the application, and of course works with all applications because they're unaware that it's acting as a pipe between systems. If you're concerned about performance then get yourself a NIC that offloads encryption processing. Note that your system can be configured to only allow connections to certain services if an IPSec connection has already been established: Launch an MMC console (Start/Run/mmc.exe) and add the snap-in "IP Security Policies" for the local computer and play around: The possibilities are endless.
Next time you're at your local book store, take a look for the Microsoft training book for their exam number 70-220 : Designing Windows 2000 Network Security. Because XP is 2000 with a nice GUI it is entirely relevant.
I've found the F-Secure products to be very good. They also have excellent documentation and tech support.
The OpenDirectory (or at least Google's listing of it) gave me a list of two SSH servers (not exactly comprehensive I admit but. . . .)
One of which was WinSSHD which has a $95 business license.
Need help treating your acne? Come here!
How about filesystem encryption for Linux? Something that works effectively, well enough that it can be used in the real world. The kernel loopback encryption would be perfect, except it breaks with each kernel release and an indefinite time must be waited for patches - and patches might make old data unreadable. Is there any practical solution?
Second all of the above.
For configuring sshd, see http://tech.erdelynet.com/cygwin-sshd.html.
What part of "gestalt" don't you understand?
...by using cygwin and this very informative site.
Our company had to set up a complete production system that was redundant and had to be administered remotely (120 miles away). That is why we went with Solaris servers and OpenSSH/VanDyke Windows client, and tossed MS for the servers out. Of course, we were fortunate enough that none of our applications had to run on a specific platform (web server, weblogic, Oracle, C++, and Java).
... maybe a little) but when it came right down to brass tacks, Unix is far easier and has far more options to administer remotely than Windows. That darn command line thing where I can change any setting easily from using a 24K dialup modem is a godsend when doing remote administration.
Why am I telling you all this?? Not to bash MS. I ask that you look really close at your requirements and remote administration. Do they say 'I have to run on Windows??'. If not, maybe it's time to look elsewhere for solutions.
Nothing to do with security or scalability or reliability (ok
If you have to have a Windows solution, I saw a lot of good ones above that we use, Cygwin and VanDyke being my favorite.
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.
I too am an administrator of many Windows boxen and am very security conscious . The absolute best information I have found about Windows Security, was from this Oreilly book: Securing Windows NT/2000 Servers for the Internet
A Checklist for System Administrators I know its primarilly about creating Windows Bastion hosts, but there is an aweful lot of general Windows security and remote administration information as well. Every Windows sysadmin needs to give it a read!
Rule of Life Number 2: Remember, it can all go to hell at any minute. --Jimmy Buffet
but what does ssh have over Terminal Services?
Is it more "secure"? It seems that win2k has very little command prompt ability and most people don't even know anything other then a few basics... So I guess my question I guess is Why?
latealy ive bean warking on teh secarity of teh few windows boxes i administar liek expee and zk stations i have had much of a problem finding decant solutions far file emale disk ancryption stuped suck pgp si no longar sealling tehlr products, ar far stupiedcard ar smartypantcardtbiomealctrric solutions besides teh limitations on key sise zoa8-bit rsaa maximum and flexability wehn it comes too ssh services far remot administration stuped windows filesharing and sfptp far file transfers i have hit a prox mine i have looked into sshhh but tehlr ssshh far winblows servers only runs on 2000 and costs ssgs and si hard too fing on kasaa i ask what solutions have /.er's fuond in teh realm of ssh netwark ancryption, and also in integrating all tehse componants simply and effectivealy
If voting were effective, it would be illegal by now.
winssh from bitvise is your inexpensive first class sshd solution, I've used it on 2000 and XP winssh.com
I see that everyone wants to use cygwin, but there is also OpenSSH for windows that's been ported by Network Simplicity, you can go and get it at http://www.networksimplicity.com/openssh/
It's reliable, doesn't require cygwin to be installed, runs as a service on NT4/win2k. It's also command line, and I've used it with GNU CVS as well.
I personally use Stunnel on a few boxes, linux/windows/freebsd. It basically wraps your connection with ssl. You set it up on both servers, then connect to localhost:port and it forwards to the remote server ssl encrypted. Like ssh tunnels, but its a stand alone program. Also very transparent to the user.
TLSwrap is another ssl wrapper, used for ftp, but can be used for other ports.
Safetp seems to be a popular one with the college kids. Ive tested it out, and it does encrypt your session, and any ftp client will work since it encrypted the port.
Personally, I dont want command line on windows, I want a GUI for windows. Tight VNC isnt encrypted, but you can use stunnel to take care of that. But I find remote desktop, using rdp 5.1, is fast as hell(compared to tightvnc) and is designed for windows. Very usable over a modem too.
I Love computers and networking, 500 solutions to 1 problem.
You can download cygwin for free from cygwin.com. It includes both the client and the server for ssh. You can set up ssh as a service that runs even prior to login, so it's the real deal. All drives are accessible through the shell via the invisible /cygdrive/c, /cygdrive/d, etc directory. All the rest is explained on the Cygwin site. I believe commercial support for Cygwin is offered by Redhat, but it's worth noting that they have a very responsive free support list, frequented by all the major developers/porters.
Give it a go. I think you'll be impressed.
Says the RIAA: When you EQ, you're stealing bass!
Comment removed based on user account deletion
The Microsoft licensing agreement for windows XP says that you cannot use other remote desktop sharing unless it's the one built into windows, and if you are looking for security, you better off just giving someone your information and saving them 5 minutes of work.
Try http://www.networksimplicity.com/openssh. Currently at 3.4p1. Works quite well actually.
Based on OpenSSH portability code, currently at 3.4p1. Look at http://www.networksimplicity.com/openssh. Comes with windows installer/unistaller. Fairly good docs and they guy is very prompt in maintaining it. I've used it before works quite well if you have an OpenSSH environment on the unix side (I do, and key management is a pain....)..
I see to remember a problem with the cygwin sshd was that due to the cygwin libs users didn't have partitioned memory, i.e. I could log in as "userA" and have access to the administrators/another users memory space. The would be a BIG problem when using ssh-agent and the like (or just about any program really!)
Has this been fixed yet?
I've looked at BestCrypt, Scramdisk, and DiskCrypt.
What have you found that works for you?
Get off my launchpad!
As a long-time NT administrator (original NT 3.1 beta tester), no Windows system goes on my network without Cygwin . In recent years, they've added XFree86 4.x (which works flawlessly nowdays), and other goodies like OpenSSH.
And on Win/NT versions (NT, 2K, XP), you can setup OpenSSH in full server mode which is especially sweet for automation. You can find more information on how to configure OpenSSH as a server on NT/2K/XP here.
There is not a week that goes by without me needing something (let alone another user on our local support list) that Cygwin doesn't solve quickly and effectively. Again, that's why its on all my Windows systems by default.
-- Bryan "TheBS" Smith
Independent Author, Consultant and Trainer
- PuTTY
is an SSH1+SSH2 implementation. PSCP, an
scp-style
program for Windows, is also available.
- TTSSH (SSH1)
is an SSH1-only implementation, by Robert O'Callahan.
- Cygwin (POSIX software on top of Windows)
- MSSH
- OpenSSH for Windows
- Secure iXplorer
- WinSCP
The following clients are recommended for interoperating with OpenSSH from Mac machines:PuTTY is available under the MIT licence (BSD-like).
"PuTTY is a free implementation of Telnet and SSH for Win32 platforms, written and maintained primarily by Simon Tatham, who lives in Great Britain."
"TTSSH is a free SSH client for Windows. It is implemented as an extension DLL for Teraterm Pro. Teraterm Pro is a superb free terminal emulator/telnet client for Windows, and its source is available. TTSSH adds SSH capabilities to Teraterm Pro without sacrificing any of Teraterm's existing functionality. TTSSH is also free to download and use and its source is available too, with an open source license. Furthermore, TTSSH has been developed entirely in Australia [...]."
OpenSSH (SSH1 and SSH2 protocol) with Cygwin can run on Windows using the portable version of OpenSSH.
MSSH from the Metropolitan State College of Denver supports Windows 95 and Windows 98, supporting SSH1 protocol.
Another OpenSSH running on top of Windows..
Secure iXplorer is graphical front end to PuTTY's pscp.exe.
WinSCP is a scp(1) program for Windows, with PuTTY integrated into it.
"NiftyTelnet 1.1 SSH r3 is an enhanced version of Chris Newman's NiftyTelnet 1.1 application which adds support for encrypted terminal sessions using the SSH (Secure Shell) protocol. Please read the included Readme file before distributing this version."
"MacSSH is a modified version of BetterTelnet with SSH2 support. [...] The only SSH2 client for MacOS that I could find is a commercial product thats costs more than $100, and it crashes my Mac when closing a session... Since it's best to do things by oneself, here's MacSSH."
The problem with using things like IPSEC is that you need IPSEC servers which are your choke points, unless you want to have a configuration nightmare and manage thousands of independant IPSEC configs on thousands of machines-- totally not practical. SSH gives you many handy things like X forwarding/arbitrary port forwarding, the ability to load a password into memory (via ssh-agent) and use it for automatic, passwordless authentication, file transfers (both with things like scp and sftp, and it can be used for a transport agent for things like rsync/unison, etc). It's easier to poke a SINGLE hole through a firewall on any port you want, with no compatability issues. Built in (variable) compression, very handy for speeding up your X sessions, as well as things like IMAP/POP mail transfers, etc. Using something like IPSEC, how can you say "I want to compress all IMAP and POP mail to hostA, but not web traffic on hostA, and I want X compressed to hostB, but not to hostC?" All of these things are easy to do with SSH.
With SSH I can use one standard protocol/app set that will run on everything from cell phones to PDAs to huge servers, running all kinds of OS's, generally at little to no cost. Show me an IPSEC solution that can do that. SSH requires no kernal mods, or even anything that must be installed as a root/administrator on any platform. The code is open, and free for you to mod as well. If you must have VPN type functionality you CAN do things like PPP over SSH if you must, although this isn't the highest performing option, it is possible.
The one thing SSH *IS* missing is the ability to forward UDP traffic.
-- I speak only for myself.
I use Bitvise WinSSHD.
Aside from dropping you straight to the Win2k command prompt, it has
BestCrypt has been around for quite some time. Some years ago, they also had a hardware version (the hardware helped speed things up). It's just like PGPDisk but with more features and it's the original. http://www.jetico.com They even have a Linux version. One of the few things I wished they add is the ability for ppl to write algorithms for it without a compiler (via a scripting language) though it'll take a performance hit.
Serv-U http://www.serv-u.com/ has completely re-worked there FTP server and has SFTP options avalable. FlashFXP http://www.flashfxp.com has V2RC1 of their FTP client out which supports SFTP. I've played with both and they work very well and offer 128 bit SSL encryption for both data and control connections.
so, I don't put windows on the internet. who does? So, have a linux box which DOES NOT route and is locked down to the best of your ability. Run SSH and let it do X11 forwarding. Install rdesktop on the linux box. SSH to your host, rdesktop to your windows server. I do this over dialup, various DSL, through VPN beautiful and simple.
Robert Liebsch Systems Psychiatrist, Network Sociologist, Security Criminologist
You might want to take the one-day class on securing Windows 2000 currently being run in various cities by the SANS Institute or you won't have to worry about having secure remote access to your server(s) -- someone else will.
It won't help to have the best encryption in the world securing your front door to a system that has 120 vulnerabilities in the default install!
In times of universal deceit, telling the truth gets you modded -1 Troll
I had a similar issue. My solution was to host all shared files on a Linux server running Samba. I then set up SSH tunnels for the WINS/NetBIOS ports. Windows clients didn't know it was secure, but I did. Most Windows clients wouldn't know if their stuff was secure or not anyways...
...and replace Win2k with Linux.
;-)
OK, granted this was on my home PC, but still, why buy an expensive knock-off of what u can get for cheap?
When it comes down to it, everyone is wedded to windows for some damn reasons, but usually, if you can convince the Powers That Be to let you do the research, you can prolly plan towards replacing such servicecs with open-source solutions.
Sure, you can't walk into CompUSA or Best Buy to buy them, but why be like all the other lemmings???? Lately, my guiding philosophy has been to face the damn cliff and simply refuse to leap off it.
The last lemming standing and staring down at the wrecked bodies of his brethren gets the gold.
Or, in the case of Linux, the herring.
Mmmmmm... Bold, yet refreshing!
Well, as I recently found out, the Encrypted File System in Windows 2000 doesn't encrypt the file names. So if you want to use it to hide things like pr0n pictures or something, you're fucked :-)
Anyone who uses the brilliant NTFSDOS tool can access the encrypted directories and list all the file names, which in the above example would be things like 'bigtit001.jpg'. In that case the encrypted content doesn't need to be known to inflict damage, the filename is enough to piss off your boss/wife/whatever ;-)
Of course, NTFSDOS is incapable of showing the contents of the files.
With this I meant that NTFSDOS can not open encrypted files, normal unencrypted files on NTFS work fine, of course. Also, the link for this program is here.
GekkePrutser
http://www.bitvise.com has a great SSH (2) server.
http://www.intellipool.se/ - Intellipool Network Monitor
-- Ed Avis ed@membled.com
Try out WinSSHD from Bitvise.
I've had very good experiences with this one, and it's got a 30 day evaluation program.
-- debian linux - vim powered
Secure * Windows ? is that not an Oxymoron?
[alk]
You know, beginner technical questions like this should be posted to comp.security.ssh or something. Not on a giant billboard like slashdot.
- Go to the cygwin site and click on the "install now" box on the side of the screen. Run the setup.exe program off the site (don't bother to save it somewhere, it gets updated almost weekly).
- Tell it to install from the internet. Choose a mirror. It'll download a list of packages. Choose the Net | OpenSsh package. If you want to run the server, you might also want to choose everything in the Admin section. I also find Net | rsync more useful than the scp that comes with openssh.
- Once the install is complete, fire it up and run ssh-host-config to set up the server. It'll ask you a bunch of simple questions, generate your hostkey, and stick the server in the startup scripts.
With just this, the whole install takes about 32MB.Enjoy!
OpenSSH For Windows is what I use. It works pretty well. The Server only works on NT/2000 I think, but the client works on everything.
http://www.networksimplicity.com/openssh/
FDISK ... install linux/*bsd :-)
WinSSHD from http://www.bitvise.com is pretty inexpensive (cheaper than VShell) and works flawlessly for me.
Comment removed based on user account deletion
Freeware SSH and SCP for Windows 9x, NT, ME, 2000 and XP By John Fitzgibbon
I have built an online web portal for just these things (In perl). BTW, for Windbloze, use cygwin.
It is an administrative interface that lets you enter the name or ip of an ssh server, a username, and password. From there, you login and it gives you a directory listing of the home dir of the user (on the remote system) via a web based file manager. It has editting capabilities, delete, copy, archive, mail, etc, etc, etc, and runs without any java, javascript, frames, or cookies. Just straight HTML 3.0.....
It's really great, but I have not finished it yet, the major parts are done, but I don't want to let it out till it's 100%.
Also, it has a webterm that I made, and will let you travel the tree easily (in file view mode). It will be up in a couple of months and I will post it on freshmeat.net
The site that hosts most of my stuff is
http://www.fixyoursink.net
One of the coolest web apps that I have made is popdot. It's an emailer that was built off of ATDOT, and is a simple emailer front end for your apached web server. You specify the pop server and your pop users can login and check mail, send mail, send attachements etc etc... All of this once again without java junk or any of the other "web pitfalls" that the major corps have "devised".
Peace.
Thanks, Steve
...at remotelyanywhere.com is dirt-cheap compared to others, does not rely on the cygwin junk, and provides a full ssh1/ssh2/sftp implementation as well as a bunch of other admin stuff.