Close Window


A Monthly Newsletter – September 2006

Out here in old New Mexico, it's time to visit the state fair, where the two maxims are "It always rains during the fair" and "Forget the diet – who wants a deep-fried Snickers bar?" In the same spirit of getting what you want – and what you need – this month we continue poking around in the new SecureCRT® and SecureFX® releases, explaining how host-key checking has been improved and how commands can be cloned. Plus, an archive piece on how dynamic port forwarding can simplify your maintenance and support issues.


1. Feature: X.509-Validated Host Keys You Can Trust (More)
2. Heard On The Forums: Cloning Commands In SecureCRT Windows
3. Did you know? ALT+O = OK
4. From the Archives: Dynamic Port Forwarding
5. New And Current Releases

Online Resources

1.Feature: X.509-Validated Host Keys You Can Trust (More)

For network administrators, Secure Shell host keys are both a security issue and a usability issue. Proper use and management of host keys is critical to preventing man-in-the-middle attacks. Determining that you are connecting to the "right" server requires some work for both the end user and the system administrator. With SecureCRT 5.2 and SecureFX 4.0, things are changing for the better. The trick is using X.509 certificates for host keys.

Verifying host keys typically depends on users being trained to validate a host key against some trusted source. Alternatively, a sys admin can pre-populate a host-key database for their end users. When an unknown host key is received, or an existing host key has been changed, a mysterious message appears asking the user to accept or reject the host key. This is the moment of vulnerability to a man-in-the-middle attack: the temptation may be too strong to just click "accept", whether or not there is enough information to make the right decision.

With X.509, instead of "I sure hope this host key is OK", the SecureCRT and SecureFX Secure Shell clients can validate the host-key certificate with a private, in-house or a public, third-party certification authority, which vouches for the certificate's authenticity. Based on this higher level of trust, the client is able to automatically validate a host key. Of course, to make such a verification transaction possible, the server needs to be configured to use X.509 certificates as host keys, and the client must be able to validate the X.509 host keys.

In SecureCRT 5.2 and SecureFX 4.0, X.509 host key validation has been simplified even further. If the host-key certificate is valid, the host key is automatically accepted. Assuming you have a Secure Shell server such as VShell® that is configured to use an X.509 certificate as its host key, your users will be able to take warnings about unrecognized host keys as seriously as they should.

The following resources are a good place to start for anyone who wants a better understanding of security and host keys.

"Understanding Secure Shell Host Keys", VanDyke Software – An introduction to the security issues around host keys focusing particularly on Secure Shell, and explaining the host-key mechanism from an end-user's perspective.

"Challenge-response authentication", Wikipedia – A general introduction to authentication security, for those who want to be sure of the basic concepts and terminology.

2. Heard On The Forums: Cloning Commands In SecureCRT Windows

Forum member pablo1999 posted to the beta forum to ask if there is a way in SecureCRT 5.2 to broadcast commands to multiple windows. Two methods are suggested: first, via scripting in the 5.2 beta software, or if you are using version 5.1 and later releases, using the chat window with the context menu (right click) command "Send Chat to all windows".

To read the complete forum thread, visit the forum web site.

3. Did you know? ALT+O = OK

Do you ever find yourself using SecureCRT's Zmodem, wishing you didn't have to take your fingers off the keyboard to reach for the mouse button and click "OK" in the dialog? When you're working in the SecureCRT Zmodem dialog, the standard Windows "Enter" key doesn't work, but you can use the keyboard mnemonic ALT+O.

In case you've become rusty with some of the other SecureCRT keyboard accelerators, here is a quick review. There is also more information about shortcut keys and mapping keys in the SecureCRT Help.

    ALT+C Connect
    ALT+B Connect in Tab
    ALT+Q Quick Connect
    ALT+P Start SFTP in Tab
    ALT+G Go to Chat Window
    CTRL+INS Copy
    SHIFT+INS Paste
    CTRL+SHIFT+V Paste
    CTRL+TAB Move through multiple SecureCRT session tabs. (In SecureCRT 5.2 you can set an option to have CTRL+TAB switch to the most recently used tab.)
    CTRL+SHIFT+TAB Cycles backwards through the sessions
    CTRL+F4 Closes the active tab
    ALT+1 (2, 3, 4, 5, 6, 7, 8, 9, & 0) Jump directly to one of the first ten tabs

4. From the Archives: Dynamic Port Forwarding

This month's archive tip on dynamic port forwarding in SecureCRT 5.x releases is to help network admins smooth the path of network life. Read our December 2005 "Overview of Dynamic Port Forwarding with SecureCRT" to learn how to route port forwarding through a SOCKS5 server to reduce the number of local port forwards.

5. New And Current Releases

The September 21st beta 3 release of SecureFX 4.0 supports secure transfers using SSL, and also has transfer queues and one-step moves in the SFXCL utility. The beta 3 releases of SecureCRT 5.2 and CRT ™ 5.2 further evolve the tab interface, along with a variety of other improvements.

The September 14th SecureCRT 5.1.4, CRT 5.1.4, and SecureFX 3.1.4 maintenance releases addressed bugs and other issues identified in earlier versions.

Here is a list of the latest official product releases:

  SecureCRT 5.1.4
  SecureFX 3.1.4
  CRT 5.1.4
  VShell 2.6.2 Server for Windows
  VShell 2.6.2 Server for UNIX
    Red Hat Linux 7.x
    Red Hat Linux 8.x
    Red Hat Linux 9.x
    Red Hat Enterprise v2.1/v3
    Solaris 8
    FreeBSD 4.8/5.3/5.4
    HP-UX 11
    Mac OS X 10.2
    AIX 4.3/5.2/5.3

All VanDyke Software products may be downloaded and evaluated free for 30 days. Licenses include one year of free upgrades and access to our expert technical support.

Pass it along! If you find this monthly newsletter helpful and informative, forward it to co-workers or friends, or tell them where to sign up.


RSS Feeds Now Available

Links to VanDyke Software pages with RSS feeds:

Subscription Information

You received this e-mail because you subscribed to VanDyke Software News when you visited our web site or downloaded a VanDyke Software product. Click here to unsubscribe or change your e-mail address.

Don't miss out on important product news. If your ISP or e-mail client filters incoming e-mail, please add the domain to your list of approved senders to make sure you receive the newsletters and product announcements to which you've subscribed.

IT professionals who are responsible for network administration and end user access where security is critical rely on VanDyke Software's rock solid and easy to configure software. VanDyke Software consistently delivers accurate, responsive support, and addresses our customers' evolving needs with timely product enhancements.

Mailing Address

  VanDyke Software, Inc.
  4848 Tramway Ridge Drive, NE
  Suite 101
  Albuquerque, NM 87111 USA

Got questions, comments, or ideas? E-mail or use the web forms by clicking on "Got a question or comment?" on any page on our web site, as you'll see on our What's New page.


VanDyke Software, CRT, SecureCRT, SecureFX, and VShell are trademarks or registered trademarks of VanDyke Software, Inc.

All other products and services mentioned are trademarks or registered trademarks of their respective companies.

Close Window