SecureCRT^®

Command-line utilitiesWML

Securely automate your routine file transfer, shell, and public-key administration tasks with this suite of standalone CLI utilities. Save time by using these commands in batch files or shell scripts for setting up new users, updating configurations, backing up files, and rotating logs. On Windows, the standalone VRALib COM API lets customers create scripts for SSH2 connections.

Keyword highlighting enhancementsWML

You now have even more granular control over attributes such as bold and reverse, and the "Match case" option, which can be applied to individual keywords. Entering complex regular expressions for keyword highlighting is easier with an increased character limit for keywords, a larger keyword text box in the Edit Keyword dialog, and the ability to resize the Keyword List Properties dialog.

SSH2 algorithm supportWML

SecureCRT now supports the x509v3-rsa2048-sha256 algorithm for authentication (RFC 6187) and the ability to use the algorithms rsa-sha2-512-cert-v01@openssh.com and rsa-sha2-256-cert-v01@openssh.com as OpenSSH certificate types. On Windows, SecureCRT supports using rsa-sha2-256 and rsa-sha2-512 public-key algorithms as raw SSH2 keys for CAPI certificates (RFC 8332) as well as using x509v3-ecdsa-sha2 algorithms from RFC 6187 for keys in the CAPI store and as raw SSH2 keys.

Auto check for updatesWML

Ensure you are running the latest version of SecureCRT by checking for updates automatically at startup. When this option is selected, SecureCRT automatically checks for an update that is valid with the current license.

Administrative options (Windows)W

New administrative options help enforce security best practices such as disabling non-secure file transfers, Expect/Send logon actions, and logon scripts. To simplify installation, administrators can now suppress the prompt for a configuration passphrase the first time SecureCRT runs.

SSH1 and SSH2 supportWML

Both SSH1 and SSH2 are supported in a single client, providing the maximum in flexibility when connecting to a range of remote servers.

User authenticationWML

SecureCRT supports password, public key, Kerberos v5 (via GSSAPI), and keyboard interactive when connecting to SSH2 servers. Public key support includes RSA (up to 16,384 bits), Ed25519, ECDSA (RFC 5656), DSA, PuTTY PPK, OpenSSH certificates, and X.509 including smart cards (PIV/CAC). For SSH1 servers, password, public key, and TIS authentications are supported.

Credentials ManagerWML

The Credentials Manager simplifies local password management within SecureCRT and SecureFX. Rather than specifying credentials for each saved session, sessions can reference an entry in the local Credentials Manager, making it easier to update stored passwords. This is especially helpful when monthly, weekly, or even daily password changes are required.

Public Key AssistantWML

Support for Public Key Assistant makes uploading public keys to an SSH2 server simple and safe for end users.

Support for GSSAPI secured key exchangeWML

Mechanisms supported depend on GSSAPI provider.

SFTP in a tabWML

Open an SFTP tab to the same SSH2 session without having to re-authenticate to perform file transfer operations using an interactive, text-based SFTP utility. Drag and drop files and folders onto the SFTP tab to start SFTP file transfers faster.

Encryption ciphers: Strong encryptionWML

SecureCRT supports ChaCha20/Poly1305, AES-GCM, AES-128-CTR, AES-192-CTR, AES-256-CTR, AES-128, AES-192, AES-256, Twofish, Blowfish, 3DES, and RC4, when connecting to SSH2 servers. For SSH1 servers, Blowfish, DES, 3DES, and RC4 are supported.

Password and passphrase cachingWML

SSH2 session passwords and passphrases can be cached, so that you don't have to reauthenticate to access the same server again while SecureCRT is running.

Port forwardingWML

Tunnel common TCP/IP protocols (for example, POP3, IMAP4, HTTP, SMTP) via SecureCRT to a remote Secure Shell server using a single, secure, multiplexed connection.

Dynamic port forwardingWML

Dynamic port forwarding simplifies how TCP/IP application data is routed through the Secure Shell connection. Instead of configuring port forwarding on a per-application basis in SecureCRT, each application is configured to use a SOCKS server on a local host port. SecureCRT opens a port on the local host and acts as a SOCKS server for any SOCKS-compatible application, even those that use multiple ports, such as FTP.

InteroperabilityWML

OpenSSH-compatible host key fingerprint support and RSA host key support enhance SecureCRT's interoperability with a variety of Secure Shell servers. Public keys can be exported in OpenSSH format and can be exported from PKCS #11.

X.509 supportWML

Smart card-based public-key authentication using X.509-compatible certificates supports highly secure two-factor authentication. SecureCRT supports the PKCS #12 (.pfx) standard file format for X.509 certificates and private keys (Windows). PKCS #11 is also supported, allowing a cryptographic token interface to be used. X.509 host key checking automatically accepts the host key if the certificate is valid.

OpenSSH key format supportWML

Generate keys in OpenSSH format or convert VanDyke Software format private keys to OpenSSH format so that the same keys can be used with other Secure Shell clients.

OpenSSH Agent forwardingWML

Agent forwarding support allows transparent authentication to multiple linked servers after the first SSH server has authenticated the user.

SSH Agent supportWML

Once you register keys with Agent, re-authentication is automatic even if SecureCRT has been closed. Keys can be added and removed using Manage Agent keys on the Tools menu. Keys can be specified to preload into SSH2 agent when SecureCRT starts.

Host key managementWML

SecureCRT allows host keys to be viewed, imported, and exported.

X11 forwardingWML

Encrypt X11 sessions to secure remote X applications that are being displayed on the local machine.

Data compressionWML

Variable compression levels from 1 to 9 are supported. When zlib@openssh.com compression is specified, compression starts after authentication, preventing unencrypted passwords from being cached by the zlib library.

Wide range of terminal emulationWML

VT100, VT102, VT220, VT320, ANSI, SCO ANSI, TN3270, TVI910, TVI925, Wyse 50/60, Xterm, and Linux console, with support for ANSI color with color schemes.

Xterm extensionsWML

Xterm extensions for changing the title bar and for sending basic mouse events to the remote host are supported. SecureCRT also delivers 256-color and 24-bit color (True Color) Xterm support.

Character attributesWML

Full terminal emulation support for character attributes including VT line drawing symbols, bold, underline, reverse and blink (and double-width and double-height fonts on Windows only).

Unicode supportWML

Unicode support includes the ability to display character sets from multiple languages, including Japanese, Chinese, and Korean multi-byte character sets, and support for right-to-left reading order languages.

80/132-column supportWML

Supports automatic switching between 80 and 132-column display. Different fonts can be configured for the 80 and 132-column modes.

National Replacement Character SetWML

Terminal sessions display international characters using NRCS if supported by the host application.

Configurable rows and columnsWML

SecureCRT supports a wide range of configuration from the standard 24 rows, 80 columns to as many as 32,000 columns. An "On resize" option rewraps text in the terminal area when the SecureCRT window is resized.

Raw protocol modeWML

This option, which is helpful for troubleshooting, allows for no (or little) interpretation of data from the remote system.

Window size changeWML

For SSH2, SSH1, or Telnet servers supporting the NAWS extension, SecureCRT informs the remote system anytime the window is resized and the rows and columns change. For applications like Vi and Emacs, this ensures that SecureCRT stays in sync with the remote system without manually adjusting the remote's settings.

Create keyboard mappingsWML

Map keyboard combinations on a per session basis. Create mappings for any key combination — not just function keys — without an external keymap file.

Flexible keyboard mappingsWML

Create customized accelerators by mapping user-specified keyboard combinations to send a user-specified string, run a script, perform a menu or scrollbar operation, send a Telnet command, or launch external programs (like your favorite editor, cmd.exe, or regedit) on the local machine.

Graphical keymap editorW

A graphical editor provides an easy mechanism for creating keymap files that can be shared between users and systems.

Personal data folderWML

Optionally store logon credentials separate from other session data. This makes it safer to store sessions in the cloud or on a network drive and makes it easier to share sessions with colleagues.

Named firewallsWML

Name different firewall configurations and use them on an individual session basis.

Color schemesWML

Predefined terminal color schemes, including Solarized, are provided. Create and save additional color schemes with customized foreground, background, and ANSI colors.

128,000-line scrollbackWML

The scrollback buffer can be configured to save up to 128,000 lines. Being able to review the history of the current session can be a life saver. From the scrollback, both copying to the clipboard and printing are supported.

Emacs modeWML

If you commonly use Emacs, you can configure your session to use the ALT key as the meta key.

Command windowWML

Provides a mechanism for composing a line (or more) of text before sending to the remote system. The Command window also supports history, which allows previous commands to be viewed, edited, and sent. Commands can be sent to the active session, all sessions, selected tab groups, or visible sessions. A "Send characters immediately" mode makes it possible in one or multiple sessions to stop commands using CTRL+C, edit files using an editor such as vi, send escape sequences, and do tab completion.

Use environment variables in pathsW

Use environment variables like APPDATA, TEMP, and USERPROFILE in paths specified in SecureCRT global and session options, making it easier to move/copy settings to other machines and to create configurations that will work for multiple users.

Multiple session editingWML

The Session Manager allows multiple sessions to be selected and then edited, making it easy to do things like change the passwords for a group of sessions.

Import/export sessionsWML

An import/export tool makes it easier to create a backup or copy SecureCRT settings from one machine to another. Optionally, just the button bars can be imported and exported. A text file import wizard facilitates importing sessions from CSV, TSV, or other delimited text files. Previously, sessions had to be imported manually or with a script.

Tabbed sessionsWML

Tabbed sessions reduce desktop clutter and make it easy to switch between sessions. Launch new tabs in the current window from a URL or command line. Send an active tab to a new window, clone a tabbed session in a new window, or drag and drop sessions between windows.

Tab groupsWML

Get more done in less time using tab groups. Switch easily between sessions organized in tabs. Or create a temporary tab group so you can work in one tab while monitoring command output from another tab.

TilingWML

Tiled sessions make it easier to compare multiple sessions or view output when sending commands to all sessions via the Command window. Sessions can be tiled or cascaded. A vertical or horizontal orientation can be selected.

Session ManagerWML

The dockable Session Manager lets you quickly connect to sessions. The Session Manager pane can be positioned on the left, right, top, or bottom of the SecureCRT window or undocked as a modeless dialog. The "classic" Connect dialog is still supported. The Session Manager filter bar helps locate sessions quickly in the session database.

Active Sessions ManagerWML

Working with a large number of connections is made easier with the dockable Active Sessions Manager. See at a glance the connection status of all open sessions. Use the filter bar to quickly locate specific sessions as well as local shells, scratchpads, and open scripts.

Session customizationWML

Sessions can be organized in nested folders. Organize hundreds of named sessions using standard copy and paste or drag and drop. Folders or multiple sessions can be launched in tabs with a single click. With "Use auto session" enabled, select a single session, multiple sessions, or folders of sessions to automatically connect on startup. Local shell sessions and scratchpads (Windows) can also be specified as auto sessions. With "Remember and connect to sessions from last use" enabled, the sessions opened the last time SecureCRT ran will be automatically connected on start up.

Button barWML

Map buttons to just about any action: send a configuration command, run a script, use a menu function, send a protocol command, or launch an external program like your favorite editor or the system activity monitor. You can also create different button bars for specific sessions or operations. Colors can be assigned to button icons to add time-saving visual cues.

Command ManagerWML

Streamline repetitive tasks with the dockable Command Manager, which makes it easy to organize commands into named folders, filter commands by name, and launch them with a double click or by pressing Enter. Commands and command folders can also be shared with the button bar and vice versa.

Session status informationWML

Tab status indicators display connection status using icons (all platforms) or background colors (Windows only) to display whether a session is connected, disconnected, has received new input, or no new activity, and when the tab is locked. A script status indicator shows you when a script is running in tabbed and tiled sessions.

URL and Google search supportWML

URLs can be quickly opened in a web browser through the context menu or a hotkey. The context menu can also initiate a Google search on selected text, such as an error number.

Simple automated logonsWML

The initial logon username and password can be configured in order to automate logons quickly without the need to learn a scripting language.

Quick ConnectWML

The Quick Connect dialog allows you to connect to a host with just a server name—no configuration required.

Connect barWML

The Connect bar provides a text entry box to connect to a session quickly without opening a dialog. Autocomplete filters sessions in a drop down list as you type so you can find saved session faster. The Connect bar supports SecureCRT command-line options.

Clipboard copy and pasteWML

Select terminal text by row and column area. With the Auto Copy option on, text is automatically copied to clipboard after the text is selected. Quickly paste text into a session by using the option to paste on right or middle mouse click. A copy ANSI text to clipboard option preserves ANSI color and font data.

Multi-line paste dialogWM L

To help prevent errors, a paste confirmation dialog option displays contents of the paste buffer, which can be edited before pasting multiple lines of text into a session. The confirmation dialog can also be resized.

Customize the toolbar and menuW

Modify the toolbar and menu to suit your needs by dragging and dropping toolbar and menu items.

Anti-idleWML

SecureCRT can be configured to use protocol specific IDLE NOOP options or send a user-defined sequence after a specified interval to eliminate idle disconnections.

SOCKS v4 and v5WML

Support for both SOCKS v4 and v5 for use with Telnet, Telnet/TLS (Windows), SSH1, or SSH2. When using SOCKS v5, optional firewall authentication is supported.

TIS and Wingate proxyWML

Generic proxies from the TIS firewall toolkit and Wingate are supported for use with Telnet.

HTTP proxyWML

Telnet, Telnet/TLS (Windows), SSH1, and SSH2 connections can be configured to connect via an HTTP proxy that supports the Connect command. Proxy setup is simplified with support for unauthenticated and basic HTTP proxies.

Local proxy commandWML

The "Proxy command" firewall type allows a local proxy command to be run when connecting to a remote server.

Dependent session optionWML

Link a session to an SSH1 or SSH2 session that it depends on, which allows connection to a jump host before connecting to other sessions.

Zmodem, Xmodem, Ymodem, and KermitWML

Use Zmodem, Xmodem, Ymodem, and Kermit to upload and download files over any protocol.

Send, receive ASCIIWML

Send ASCII sends file contents to host as terminal input, Receive ASCII saves host output to a file.

SFTP in a tabWML

You can open an SFTP tab to a connected SSH2 session without having to re-authenticate to perform file transfer operations using an interactive, text-based SFTP utility.

Drag and drop file transferWML

Start an SFTP file transfer faster by dragging and dropping files and folders onto the SFTP tab.  You can also drag files onto the session tab and choose between ASCII, Xmodem, Ymodem, Zmodem, and Kermit (ASCII and Xmodem support single file transfer; Ymodem and Zmodem support multiple file transfers. Transferring folders is not supported.)

Send Binary transfer optionWML

Transfer binary files when the remote system doesn't support Zmodem.

Built-in TFTP serverWML

Lock the built-in server via IP address to the client router for increased security as compared to running a separate TFTP server. Automatically start the TFTP server when SecureCRT starts or when a session connects, use TFTP to deploy firmware upgrades on network equipment, and backup or revert configurations on network devices.

Multiple ActiveX scripting languagesW

Use multiple scripting languages to control SecureCRT including VBScript, JScript, and PerlScript.

Python scriptingWML

Apply the widely used Python language to SecureCRT automation.

Scripting functionsWML

Scripting functions allow you to write login scripts, send text to sessions, transfer files, work with tabs, and perform other activities.

Script recorderWML

Quickly create a script to automate routines using the script recorder, which records keystrokes, including function keys, and then generates VBScript or Python code (Windows) or a Python script (Mac, Linux).

Script editor tabW

Save time by using the built-in script editor with syntax highlighting to create and modify local scripts. Scripts can be edited in a tab or tile and then run in a different tab or tile.

Session log file optionWML

Session logging to a file can be toggled on and off from the menu. SecureCRT can be configured to start logging upon connecting to the remote site. Custom log data gives you the ability to specify strings to be logged upon connect, disconnect, and on each line.

Parameter substitutionsWML

Dynamic log filename generation supports substitution of date, time, session, and environment variables. If a log file path does not already exist, it will be created automatically.

Log rotationWML

There is an option to create a new log file at midnight by setting a variable in the log file name to write log output to a new file daily.

Command-line optionWML

A command-line parameter /LOG allows a log file to be specified on the command line.

Host-based printingWML

SecureCRT includes robust host-based printing support for applications such as Pine that allow printing to the local printer.

Basic printingWML

Print screen, print selection, and auto print are available from both the menu and toolbar.

Session or global print settingsWML

Printing settings can be set globally or on a per-session basis. Settings include page margins, printer font, which printer to use, as well as advanced options for special host-based printing environments.

Real-time keyword highlightingWML

Highlight keywords in the session window to identify errors in log files or streaming output and to highlight prompts. Specifying keyword colors on an individual basis lets you color code output to make specific strings stand out. Keyword attributes (bold, reverse video, and color) can be combined. Regular expressions can be specified as keywords, making it easier to highlight strings like IP addresses. Also, substrings and phrases can be matched.

RDP supportW

Consolidate network connections from within SecureCRT by connecting RDP sessions in tabs or tiles.

IPv6 supportWML

IPv6 addresses can be specified as session hostnames.

Screen font scalingWML

The font optionally grows or shrinks when resizing the SecureCRT window.

Call SecureCRT from web browserWM

SecureCRT can be set up to be your default Telnet application for use with most web browsers.

Launch a remote command on connectingWML

A session option allows a remote command or application to be launched as soon as the session connects, which makes it easy to have a session dedicated to a specific task.

Local shell sessionWML

Local shell is supported on all platforms, making it easy to work on the local system without having to leave SecureCRT. On Windows 10 and Windows Server 2019 or later, you can open a tabbed CMD or PowerShell session.

Execute local shell commandWML

Do port knocking or run a batch script before connecting to a session using the execute local shell command option.

Serial device supportWML

Use SecureCRT to connect to serial devices through COM ports. When configuring serial sessions only, valid COM ports are shown in the Session Options dialog. On Windows, the ability to access a remote system through a named pipe makes it easier to connect to virtual machines.

Hex viewWML

A hex view helps to debug serial communication. The Hex View window shows hex data independently for each connected session, making it easier to work with multiple Serial sessions. A selection made on the hexadecimal pane or the ASCII pane is reflected in the other pane and the ASCII pane can also be hidden.

Scratchpad tabW

Use the configurable scratchpad tab or tile to write notes or copy and paste configuration commands or other text without having to open a separate editor. Scratchpad contents can be saved to a file.

TAPI supportW

Create, configure, and save session options for TAPI devices including modem, country code, phone numbers, and redial.

Alpha transparencyWML

Specify the transparency level for the active and inactive windows so that you can view what's behind a SecureCRT window or easily compare the contents of two SecureCRT windows.

Delay optionsWML

Configure both the number of milliseconds to pause between characters and/or between lines. A character send delay option to wait for a text prompt allows data to be sent as fast as the system can handle.

FIPS 140-2 supportW

When an administrative option to run in "FIPS Mode" is set, SecureCRT uses a FIPS 140-2 validated cryptographic library and only allows FIPS-approved algorithms.

Session lockingWML

Lock sessions with a password while connected. While a session is locked, it cannot be typed in or closed. Optionally, the session output can be hidden.

File-based configurationW

Create a controlled SecureCRT environment by customizing toolbars, menus, and the keyboard shortcuts they contain. Create custom toolbars with buttons to open sessions, invoke scripts, and send strings. Add custom commands to the Windows system menu and contextual menus.

Multiple platform supportWML

SecureCRT is available for commonly used Windows, macOS, and Linux platforms. For a complete listing of supported platforms, see the System Requirements page.

Easy install and setupW

Automatically set up program group, desktop, and Start menu shortcuts. Install only the protocols you need. Standard uninstaller is included.

Auto check for updatesWML

Ensure you are running the latest version of SecureCRT by checking for updates automatically at startup. When this option is selected, SecureCRT automatically checks for an update that is valid with the current license.

MSI installersW

MSI support allows you to distribute the applications through your distributions server using Group Policy and to automate installs through SMS or other install programs.

Command-line optionsWL

Define startup behavior for SecureCRT including configuration folder, session, hostname, protocol, options, launch new sessions in tabs in the current window, and many other settings.

Integration with SecureFX®WML

When both clients are installed together using the bundle installer, SecureFX and SecureCRT can share global options, session options, and the host key database so you only need to perform operations like setting application defaults, connection settings, or accepting a server's host key once. SecureFX and SecureCRT can share passwords and passphrases while either application is running. Click on a toolbar button to launch the other application and connect to the current active session.

Command-line utilitiesWML

Securely automate your routine file transfer, shell, and public-key administration tasks with this suite of standalone CLI utilities. Save time by using these commands in batch files or shell scripts for setting up new users, updating configurations, backing up files, and rotating logs. On Windows, the standalone VRALib COM API lets customers create scripts for SSH2 connections.

Try before you buy free evaluation copyWML

Official software releases can be downloaded and evaluated for 30 days without charge.

Open beta software releasesWML

Beta software releases can be downloaded and evaluated for 30 days without charge.

One-year software updatesWML

All registered users receive a year of software updates. An option with three years of updates is also available.

One-year technical supportWML

All registered users receive a year of technical support by email from VanDyke Support. An option with three years of technical support is also available.

Software maintenance availableWML

Software updates and support are available after the first year for multi-computer licenses.

U.S. Rehabilitation Act Section 508 complianceW

Section 508 requires Federal agencies to make their electronic and information technology accessible to people with disabilities. SecureCRT has been registered as a compliant product with the Section 508 database. Voluntary Product Accessibility Template (VPAT) documents detailing this compliance are available in Acrobat PDF format here: view the SecureCRT VPAT.