Close Window


A Monthly Newsletter - July 2003

Do you manage a large network, work in an environment that has implemented Kerberos, or want to move toward single sign-on? In this issue, find out how Kerberos authentication via GSSAPI can provide secure logon access and the ability to centrally manage user authentication. Also read about how one SecureCRT® user has come up with some inventive uses for the chat window.

The beta 9 releases of VShell™ server for Windows® 2.2 and VShell server for UNIX® 2.2 are now available. Also available are new maintenance releases for SecureFX® 2.1.6 and Entunnel™ 1.0.6.


1. Feature - Simplifying Authentication with Kerberos via GSSAPI
2. Tips - Innovative Uses of the Chat Window
3. VanDyke in the News - Computerworld Reviews SecureCRT
4. Case Study - Agfa Sys Admins Get Access with Secure Shell
5. New Releases
6. Current Releases

____________________________________ NEW WHITE PAPER ____________________________________

Don't miss our soon to be published white paper on Access Control. You'll get an overview of existing techniques for controlling access and a look at how to fine-tune your control over user and group access privileges with new features in our VShell Secure Shell server for Windows and UNIX.

Learn how you can provide shell access, SFTP file transfer, and port forwarding for TCP/IP application data with the granular control your security policies demand. With VShell
Access Control Lists (ACLs) you can now say "yes" to requests for access to Secure Shell services. Give your administrators unrestricted access while limiting your marketing group to file transfer privileges only. Allow road warriors to connect to your mail server with port forwarding and transfer files only to their home directory.

While you're there, take a look at the new VShell server 2.2 which is now available for Red Hat Linux, Sun Solaris, and FreeBSD as well as Windows. Versions for IBM AIX, HP-UX, and Mac OS X are currently under development.

Learn more about VShell server 2.2 for Windows and UNIX:

______________________________ SIGN UP TODAY! ________________________________

1. Feature - Simplifying Authentication with Kerberos via GSSAPI

If you are managing a large network, work in an environment that has implemented Kerberos, or are moving toward single sign-on, combining Secure Shell (SSH2™) with Kerberos authentication can give you both secure logon access and the ability to centrally manage user authentication.

SecureCRT 4.0 and VShell 2.2, our SSH2 server, now support Kerberos authentication via the GSSAPI standard. Using GSSAPI for authentication with the SSH2 protocol is a developing standard, currently in IETF draft, that allows authentication using Kerberos v5.

Kerberos is an open-standards network authentication protocol developed at MIT to replace unencrypted password authentication. Kerberos authentication via GSSAPI in a Secure Shell environment can provide a number of benefits not found in password or public-key authentication including single sign-on, more secure host authentication, and simpler, centralized management.

Single sign-on, or reduced sign-on, is one benefit of using Kerberos. You type in your credentials once, and then any application that uses Kerberos can be authenticated. Users who authenticate with their Kerberos credentials can forward their credentials to a remote machine over Secure Shell. This "single sign-on" provided by Kerberos reduces the motivation for users to create their own single sign-on (of sorts) by storing their passwords in clear text configuration files.

Combining Kerberos and Secure Shell also avoids problems associated with maintaining "known_host" files, which are used in Secure Shell to authenticate the server to the client.
Users tend to accept any key offered by the server the first time they connect, opening themselves up to man-in-the-middle attacks. With Kerberos, the client and server mutually authenticate to each other, which is an advantage when administering many machines and a large known_host file.

Kerberos eliminates the need for a user to distribute their public keys to all machines to which they want to connect - a big advantage for network administrators. With public-key authentication, when an individual leaves the company, or you need to change keys, all the keys must be deleted from the
user's accounts. Kerberos allows you to authenticate, add, and delete users from one location.

VShell 2.2 is the first Secure Shell server to include built-in support for Kerberos via GSSAPI. Patches are available to add GSSAPI support to open source Secure Shell implementations, but they must be downloaded and recompiled with changes to the Secure Shell server or the patch.

Read more about Kerberos support in VShell 2.2 at:

SecureCRT 4.0 supports Kerberos through the GSSAPI standard, but this feature has not been available in the user interface. In the upcoming releases of both SecureCRT 4.1 and SecureFX 2.2,
GSSAPI support will be a fully integrated and documented feature.

Kerberos v5 is available from MIT as well as many commercial vendors and is built into Microsoft Windows 2000 and Windows 2003 servers. To learn more about Kerberos, you can visit the following web sites:


Kerberos FAQ

To read the IETF draft for GSSAPI key exchange in Secure Shell, go to:

Microsoft Knowledge Base Article 248758 contains useful information including links to related IETF drafts and RFCs as well as three white papers that you might be interested in reading:;en-us;248758

________________________ VSHELL FOR UNIX BUG HUNT ____________________________

Want a free t-shirt? Report a bug in our new VShell Secure Shell server for UNIX and we'll send you a t-shirt. Or win a free server license! VShell for UNIX has many cool features including ACLs, triggers, and Kerberos support via GSSAPI. Report a significant bug in one these areas and you'll get a free t-shirt and one free server license.

For more details on how to participate in our bug hunt contest, go to:

This offer has expired.

________________________ REPORT A BUG - WIN A T-SHIRT ! _________________________

2. Tips - Innovative Uses of the Chat Window

This issue's tip was submitted by a SecureCRT user who has found some innovative uses for the SecureCRT chat window. This customer has even saved on his cell phone bill!

Here are some of the ways this customer is using the chat window:

  • Type in real time over a slow connection.
  • Use the chat window as a notepad window when assembling shell commands.
  • Reduce the amount of data sent by using the chat window to send a line or paragraph at a time instead of a character at a time.

Read more about how to use the chat window to save time and get rid of some hassles at:

Do you have a product tip you'd like to share? Send us your tip at:

If we use your tip, we'll send you a VanDyke t-shirt and an gift certificate!

3. VanDyke in the News - Computerworld Reviews SecureCRT

SecureCRT 4.0 was recently reviewed in the Computerworld Security Log User Review (July 7, 2003).

The review mentions the Public Key Assistant and session management features new in SecureCRT 4.0.

Read the review at:,10801,82735,00.html

If you're using an older version of SecureCRT, see the new capabilities you get in SecureCRT 4.0 at:

4. Case Study - Agfa Sys Admins Get Access with Secure Shell

When Agfa-Gevaert corporate headquarters in Mortsel, Belgium, needed to provide secure system administration of critical business systems, they wanted a solution with both a simple user interface and a high level of functionality and customization.

Tim Groenwals, Global Security Technology Manager for Agfa-Gevaert Global Information and Communication Services, investigated various shell access and file transfer solutions. "We went with SecureCRT and SecureFX," said Groenwals. "They give us all the functionalities we require - and a lot more. We like that the products are highly customizable. They've got a nice GUI, lots of features. It's a good package."

Read more about how Agfa system administrators use SecureCRT and SecureFX for secure remote access and secure file transfer at:

5. New Releases

The beta 9 releases of VShell Server 2.2 for Windows and UNIX are now available. VShell Server for UNIX 2.2 (beta 9) introduces support for FreeBSD. VShell Server 2.2 increases your choices for enterprise-wide authentication methods by introducing support for Kerberos v5 authentication via GSSAPI. VShell 2.2 provides you with more options to fine-tune your server and environment and limit access to sensitive areas.

To find out more about VShell Server 2.2, visit:

New maintenance releases are available for SecureFX 2.1.6 and Entunnel 1.0.6.

You can download new releases at:

For quick access to previous official releases, go to:

6. Current Releases

Here are our latest official product releases:

VShell Server for Windows 2.1.5
SecureCRT 4.0.7
SecureFX 2.1.6
Entunnel 1.0.6
CRT™ 4.0.7
AbsoluteFTP® 2.0.5

To download any of our current releases, go to:

To download OpenSSH 3.5p1, an extended version of OpenSSH that supports the public-key subsystem, visit:

All VanDyke Software products may be downloaded and evaluated at no cost for 30 days. Licenses include one year of free upgrades and unlimited access to our expert technical support.

Pass it along! If you find this monthly newsletter helpful and informative, forward it to co-workers or friends, or tell them where to sign up.

What do you think?

Let us know what you think about this issue. Was the tip useful? Did you like the feature? Is there a topic you'd like to see us write about? Send us an e-mail at:

Subscription Information

VanDyke Company News is an opt-in mailing list. If you prefer not to receive e-mail like this from us, or need to change your e-mail address, go to:

You may also send an e-mail message to:

with the following message in the body of your e-mail:

unsubscribe vandyke-company-news


VanDyke Software, AbsoluteFTP, CRT, Entunnel, SecureCRT, SecureFX, and VShell are trademarks or registered trademarks of VanDyke Software, Inc.

All other products and services mentioned are trademarks or registered trademarks of their respective companies.

Close Window