NEWS YOU CAN USE FROM VANDYKE SOFTWARE
Just what are IT professionals looking for in a Secure Shell (SSH2) server? We asked beta testers of our VShell 2.2 SSH2 server this question. This month we share with you some of their answers.
Don't miss a free SANS webcast on advanced Secure Shell techniques on September 3rd. Also, read a time-saving tip from a SecureCRT® and VShell user who uses VCP, a command-line file transfer utility, to perform automated uploads in conjunction with Outlook.
The official releases of VShell 2.2 servers for Windows and UNIX are now available as well as maintenance releases for VShell 2.1.6, SecureCRT 4.0.8, and CRT 4.0.8.
1. Feature - What IT Professionals Want in an SSH Server
Want to increase your knowledge of Secure Shell techniques? Don't miss
the SANS Institute's complimentary First Wednesday Webcast, "Six
Advanced SSH Techniques", Wednesday, September
Learn how to use SSH's encryption and authentication to protect more than remote command-line sessions. Topics covered will include copying files, port forwarding, and running graphical applications over SSH. You'll also learn about using SSH keys and backups over SSH as well as running commands on multiple remote machines simultaneously.
VanDyke is sponsoring this webcast and we'll present an overview of VShell 2.2 for UNIX and Windows.
Sign up for the September 3rd SANS webcast today at:
To access SANS webcasts you must have a SANS portal account. If you do not have a portal account, you may sign up for one at: http://portal.sans.org.
ADVANCED SSH TECHNIQUES
Over 300 beta sites participated in testing VShell 2.2, our Secure Shell server for Windows and UNIX. We asked beta testers about what they need in a Secure Shell server, their platform preferences, most frequently used features, and need for advanced authentication methods.
Here's what some of your fellow IT professionals had to say.
Secure Shell server solutions seemed to be popular among system administrators, programmers, and webmasters in industries ranging from high tech consulting, ISP/web hosting, telecommunications, and computer software to more vertical industries like healthcare, banking and finance, and automotive. The majority of these IT professionals have multiple sites to manage.
Many beta testers wanted to know what advantages VShell offers over OpenSSH,
or were looking for ways to standardize their SSH servers on one product.
These IT professionals also needed
Here are some of the reasons that beta testers wanted to evaluate VShell 2.2:
Two hundred forty-five of the testers ranked their top five most needed
platforms for SSH2. Windows came out the winner with 45 percent needing
an SSH2 solution--not surprising since
The majority of participants use SSH2, though a few still use SSH1. File
transfer is used most often, ranking higher than both port forwarding
and shell access. Password authentication
Based on feedback during the beta test, we added features to VShell to
increase the IT professional's ability to fine-tune access and privileges
and provide a wider range of
"In a hosting environment clients want to be able to drag and drop
file transfer in bulk. This is not possible unless you have some kind
of SSH capable client. Unfortunately,
"One of the issues we have in our environment is properly
limiting users' accounts to perform only those tasks we'd like them to
use (preventing interactive logins but allowing file-transfer, for example).
This would allow us to establish multiple levels of service-control for
". . . This is the real problem that I need to solve: how do I allow a shell user to log into the system securely, but trap their shell access so that they can't get past their home directory on the tree. Another term commonly used is "chrooting". Changing the root directory for a login session. Typically this is done for certain daemons that may have too many security holes." Technical consultant
Beta testers didn't specifically ask for this feature, but 27 percent of the participants indicated that they currently use Agent in their environments. The addition of Agent support seemed to have an impact on the number people signing up for beta testing.
A number of beta testers wanted a wider range of authentication methods
and platform support. Kerberos v5 support via GSSAPI was added and we
ported VShell to FreeBSD. Future releases
Are you currently using or considering an OpenSSH or commercial Secure Shell server solution? We'd like to hear your comments about our findings.
Send us an e-mail at:
This month's tip was submitted to us by a customer who is using VCP,
a command-line file transfer utility included with SecureCRT, to perform
automated uploads in conjunction with Microsoft Outlook. Each day he was
manually selecting files and adding the date to the filenames. Now he
To get a sample script and read more about a simple way to automate tasks using VCP with another application go to:
If we use your tip, we'll send you a VanDyke t-shirt and an Amazon.com gift certificate!
This month's pick is "Honeypots: Tracking Hackers," by Lance Spitzner (Addison-Wesley, 2002, ISBN 0321108957).
Here's an excerpt from the book cover:
"'Honeypots: Tracking Hackers' is the ultimate guide to this rapidly growing, cutting-edge technology. The book starts with a basic examination of honeypots and the different roles they can play, and then moves on to in-depth explorations of six specific kinds of real-world honeypots: BackOfficer Friendly, Specter, Honeyd, Homemade honeypots, ManTrap®, and Honeynets...
With this book you will gain an understanding of honeypot concepts and
architecture, as well as the skills to deploy the best honeypot solutions
for your environment. You will arm yourself with the expertise needed
to track attackers and learn about them on your own. Security professionals,
The accompanying CD-ROM includes white papers, source code, and evaluation copies of software and data captures of real attacks. A number of the book's screenshots feature SecureCRT.
Visit Lance Spitzner's web site for the book at:
The official releases of VShell 2.2 Secure Shell servers for Windows and UNIX are now available. VShell 2.2 increases your choices for enterprise-wide authentication methods by introducing support for Kerberos v5 authentication via GSSAPI. VShell 2.2 provides you with more options to fine-tune your server and environment and limit access to sensitive areas.
To find out more about VShell 2.2, visit:
New maintenance releases are available for VShell 2.1.6, SecureCRT 4.0.8, and CRT 4.0.8.
You can download new releases at:
For quick access to previous official releases, go to:
Here are our latest official product releases:
VShell 2.2 Servers for Windows and UNIX
To download any of our current releases, go to:
Let us know what you think about this issue. Was the tip useful? Did you like the feature? Is there a topic you'd like to see us write about? Send us an e-mail at:
VanDyke Company News is an opt-in mailing list. If you prefer not to receive e-mail like this from us, or need to change your e-mail address, go to:
with the following message in the body of your e-mail:
VanDyke Software, AbsoluteFTP, CRT, Entunnel, SecureCRT, SecureFX, and VShell are trademarks or registered trademarks of VanDyke Software, Inc.
All other products and services mentioned are trademarks or registered
trademarks of their respective companies.