WWinMMac LLinux
SSH1 and SSH2 supportW
M
L
Both SSH1 and SSH2 are supported in a single client, providing
the maximum in flexibility when connecting to a range of remote
servers.
User authenticationW
M
L
SecureCRT supports password, public key, Kerberos v5 (via GSSAPI), and keyboard interactive when connecting to SSH2 servers. Public key support includes RSA (up to 16,384 bits), Ed25519, ECDSA (RFC 5656), DSA, PuTTY PPK, OpenSSH certificates, and X.509 (Windows) including smart cards (PIV/CAC). For SSH1 servers, password, public key, and TIS authentications are supported.
Public Key AssistantW
M
L
Support for Public Key Assistant makes uploading public keys to
an SSH2 server simple and safe for end users.
Support for GSSAPI secured key exchangeW
M
L
Mechanisms supported depend on GSSAPI provider.
SFTP in a tabW
M
L
Open an SFTP tab to the same SSH2 session without having
to re-authenticate to perform file transfer operations using an
interactive, text-based SFTP utility. Drag and drop files and folders onto the SFTP tab to start SFTP file transfers faster.
Encryption ciphers: Strong encryptionW
M
L
SecureCRT supports ChaCha20/Poly1305, AES-GCM, AES-128-CTR, AES-192-CTR, AES-256-CTR, AES-128, AES-192, AES-256, Twofish, Blowfish, 3DES, and RC4, when connecting to SSH2 servers. For SSH1 servers, Blowfish, DES, 3DES, and RC4 are supported.
Password and passphrase cachingW
M
L
SSH2 session passwords and passphrases can be cached, so that you don't have to reauthenticate to access the same server again while SecureCRT is running (also the Activator utility on Windows)
Port forwardingW
M
L
Tunnel common TCP/IP protocols (for example, POP3, IMAP4, HTTP, SMTP) via SecureCRT to a remote Secure Shell server using a single, secure, multiplexed connection. Port forwarding configuration has been integrated into the tree-based Session Options dialog allowing easier configuration for securing TCP/IP application data.
Dynamic port forwardingW
M
L
Dynamic port forwarding simplifies how TCP/IP application data is routed through the Secure Shell connection. Instead of configuring port forwarding on a per-application basis in SecureCRT, each application is configured to use a SOCKS server on a local host port. SecureCRT opens a port on the local host and acts as a SOCKS server for any SOCKS-compatible application, even those that use multiple ports, such as FTP.
InteroperabilityW
M
L
OpenSSH-compatible host key fingerprint support and RSA host key support enhance SecureCRT's interoperability with a variety of Secure Shell servers. Public keys can be exported in OpenSSH format and can be exported from PKCS #11.
X.509 supportW
M
L
Smart card-based public-key authentication using X.509-compatible certificates supports highly secure two-factor authentication. SecureCRT supports the PKCS #12 (.pfx) standard file format for X.509 certificates and private keys (Windows). PKCS #11 is also supported, allowing a cryptographic token interface to be used. X.509 host key checking automatically accepts the host key if the certificate is valid.
OpenSSH key format supportW
M
L
Generate keys in OpenSSH format or convert VanDyke Software format private keys to OpenSSH format so that the same keys can be used with other Secure Shell clients.
OpenSSH Agent forwardingW
M
L
Agent forwarding support allows transparent authentication to multiple linked servers after the first SSH server has authenticated the user.
SSH Agent supportW
M
L
Once you register keys with Agent, re-authentication is automatic even if SecureCRT has been closed. From 6.6 on, keys can be added and removed using Manage Agent keys on the Tools menu.
Host key managementW
M
L
SecureCRT allows host keys to be viewed, imported, and exported.
X11 forwardingW
M
L
Encrypt X11 sessions to secure remote X applications that are being displayed on the local machine.
Data compressionW
M
L
Improves the performance of encrypted dialup connections — variable compression levels from 1 to 9. When zlib@openssh.com compression is specified, compression starts after authentication, preventing unencrypted passwords from being cached by the zlib library.