VShell® Server for Windows and UNIX

Whether your needs focus on remote access and administration or secure file transfer, the VShell server has a full range of capabilities.

Try Before You Buy

Every release can be evaluated free of charge for 60 days.

VShell® 4.4 Server

Whether your needs focus on secure file transfer or remote access and administration, the VShell server for Windows, Linux, and Mac has a full range of capabilities that enable you to:

  • Provide strong, multi-protocol security for data in transit
  • Control user access to features and files
  • Set up and configure easily
  • Monitor and log events with automation support
  • Tune licensing to your requirements with connection-based editions

 

New in VShell 4.4

New
WWin MMac UUnix

New edition: Enterprise with HTTPS file transfer for WindowsW

A new enterprise-level edition of VShell with HTTPS allows your staff, customers, and partners to transfer files easily using a web browser, eliminating the need for end-user training. Streamline the administrative cost of secure file transfer – no client software is needed and there are no browser plugins to install. Users connect via HTTPS to view folder contents, upload and download files, and more. Automated file transfers can be scheduled using HTTPS command-line tools such as cURL.

SFTP virtual roots (Windows)W

Protect your internal SFTP server from Internet threats or leverage an external SFTP server by seamlessly transferring end-user connections from VShell to the target server. After authenticating the connections, VShell transparently transfers file operations to a separate SFTP server. Files are uploaded and downloaded without ever being written to the VShell server's disk, assisting with standards compliance and reducing the disk space required by the VShell host machine.

Improved virtual roots user interface (Windows)W

The Virtual Roots category of the VShell Control Panel has been completely redesigned to accelerate virtual root configuration and improve usability. See at a glance which users and groups have access to your file system, which folders they can see, and what file operation permissions they have. Edit properties in place without opening a dialog.

Internal user databaseWMU

Eliminate the need to create system accounts for end users when accounts are only needed for VShell access. Simplify future migrations by letting VShell automatically include your users and groups when you move the VShell configuration to a new server.

Now on the UNIX/Linux and Mac versions in addition to Windows.

Specify deny hosts failure time (Windows - SSH2 SFTP and FTPS)W

Ward off brute force attacks by specifying the amount of time in which a certain number of authentication failures from a particular IP address will be tolerated. Any further authentication attempts by that IP address will be immediately disconnected. Optionally, re-allow connection attempts from a previously denied IP address after a certain amount of time.

Support for encrypt-then-MAC (EtM) algorithmsWMU

Support has been added for encrypt-then-MAC (EtM) algorithms, including SHA2 and UMAC.

Allow or deny specific SFTP commandsWMU

Choose whether to allow or deny specific SFTP commands on a per-user or per-group basis, including SETSTAT, FSETSTAT, RMDIR, REMOVE, RENAME, and LINK.

Please see History.txt in the VShell program group for additional information on other changes and bug fixes.

Secure File Transfer

SFTP, FTPS, and FTP file transfersWMU

Configure VShell to act as an SFTP server, an FTPS server, or both.
With FTPS, plaintext FTP may also be allowed to support legacy devices.

Enterprise Edition for Windows with HTTPS file transferW

An enterprise-level edition of VShell with HTTPS allows your staff, customers, and partners to transfer files easily using a web browser, eliminating the need for end-user training. Streamline the administrative cost of secure file transfer – no client software is needed and there are no browser plugins to install. Users connect via HTTPS to view folder contents, upload and download files, and more. Automated file transfers can be scheduled using HTTPS command-line tools such as cURL.

Multiple virtual root directoriesWMU

The VShell virtual root capability lets you assign different root directory access points to users or groups. Allows fine-grained control over user access permissions and the ability to specify the user's home directory.

SFTP virtual rootsW

Protect your internal SFTP server from internet threats or leverage an external SFTP server by seamlessly transferring end-user connections from VShell to the target server. After authenticating the connections, VShell transparently transfers file operations to a separate SFTP server. Files are uploaded and downloaded without ever being written to the VShell server’s disk, assisting with standards compliance and reducing the disk space required by the VShell host machine.

SCP file transfersWMU

SCP file transfers using clients operating as a secure RCP replacement that forwards a remote execution request to SCP over SSH2 (not SFTP).

Automated secure file transfersWMU

Use vcp, vsftp, vsh, or any SFTP, SCP, or FTPS clients to automate and schedule unattended file transfers.

Remote Access and Administration

WWin MMac UUnix

Administer servers remotely and securelyWMU

Securely access and administer web, mail, database, and application servers.

Accomplish common administrative tasksWMU

With existing secure shell utilities, add new users to the network, check print queues, and control services. Use text-oriented editors (e.g., EDIT and vi) to edit files on the remote system.

Remotely execute commands as a different userW

Give VShell users permission to remotely execute commands as a different user without full admin privileges. The administrator controls who can remotely execute commands, which commands are executed, and what account is used.

Start unattended batch jobsWMU

VShell support for remote command execution allows unattended jobs to be started with any Secure Shell (SSH2) client.

General

WWin MMac UUnix

Access controlWMU

On an individual or group basis, allow or deny access to VShell services such as SFTP, SCP, FTPS, FTP, HTTPS, HTTP, shell, remote execution, and port forwarding.

SSH2 supportWMU

VShell SSH2 support offers cross-platform security when connecting from remote clients for shell, SFTP and SCP file transfer, or port forwarding access. Connect with Secure Shell clients including SecureCRT, SecureFX, and a wide variety of other standard tools.

Data encryptionWMU

VShell supports ChaCha20/Poly1305, AES-GCM, AES-128-CTR, AES-192-CTR, AES-256-CTR, AES-128, AES-192, AES-256, Twofish, Blowfish, 3DES, and RC4, for connections by SSH2 clients. For SSH1 clients, Blowfish, DES, 3DES, and RC4 are supported.

Data integrityWMU

Message authentication codes (MACs) protect the integrity of each message sent over the network (preventing replay or insertion attacks). Support for SHA2-512, SHA2-256, SHA1, SHA1-96, MD5, MD5-96, UMAC-64, UMAC-128, SHA2-512-EtM, SHA2-256-EtM, SHA1-EtM, UMAC-64-EtM, and UMAC-128-EtM is included.

Data compressionWMU

Configurable data compression helps improve transfer speeds over slower network links.

Host identity verificationWMU

Unique server host key proves its identity to a client as a "known" host (preventing a man-in-the-middle attack). DSA (ssh-dss), RSA (ssh-rsa), and ECDSA (ecdsa-sha2-nistp) host key algorithms supported.

Port forwardingWMU

Forward TCP/IP ports to securely access standard data traffic like POP3 and SMTP over the Internet and intranets through a single, secure, multiplexed channel.

Deny Host fileWMU

VShell tracks failed authentications by IP address. Once an IP address has been added to the Deny Host list, VShell will not allow future connections from that address. On Windows SFTP and FTPS, ward off brute force attacks by specifying the amount of time in which a certain number of authentication failures from a particular IP address will be tolerated. VShell will then add the offending IP address to its list of denied hosts and any further authentication attempts will be immediately disconnected. On Windows, you can specify the number of failures allowed during a certain time period, and re-allow connections after a specified amount of time.

Windows account and LDAP server integrationW

Native integration with Windows user accounts and groups (local and domain). Login to VShell using credentials provided by an external LDAP server. Control access to VShell functionality.

Internal user databaseWMU

Configure VShell-specific users and groups. These VShell-defined users and groups are separate from system accounts. The internal accounts can be given access to all file transfer, remote shell and execute, and port forwarding services.

Jail shellMU

Two configuration options, ChrootUsers and ChrootGroups, combine to restrict users and members of groups to their home directory with any shell, SFTP, or subsystem operation.

IPv6 supportWMU

Transparent support for IPv6 allows you to move to the new protocol whenever you are ready.

Command-line utilitiesWMU

Automate routine tasks using command-line utilities: vsftp for an interactive SFTP command line, vsh for command-line shell access, vcp for command-line file transfer, and vkeygen to generate public/private keys.

VRALib API for scripting SSH2 sessionsW

The VRALib API allows scripting of SSH2 connections through a Windows COM interface. Supported operations include full control over SSH2 connections, sending a command to an SSH2 server and getting the output produced by the command, tunneling/port forwarding, file transfers using SFTP, remote file management, adding host keys to a host key database, and adding keys to the SSH2 authentication agent.

Allow or deny specific SFTP commandsWMU

Choose whether to allow or deny specific SFTP commands on a per-user or per-group basis, including SETSTAT, FSETSTAT, RMDIR, REMOVE, RENAME, and LINK.

Mouse supportW

VShell provides mouse support for character-based applications running in a command window.

Server Configuration

WWin MMac UUnix

General server configurationWMU

Configure general server options like listening port, keepalives, idle timeout period, and command shell.

Windows Control PanelW

Configure VShell for maximum security through an easy-to-use graphical control panel.

VShellConfig utilityW

A Windows command-line utility that allows editing of virtual roots, access control lists (ACLs), file and folder access permissions, and the VShell user database. VShellConfig can import and export configurations to save time when backing up or moving VShell.

FiltersWMU

Configure which hosts can connect by IP address, hostname, or netmask; configure which port forwarding requests are allowed.

Idle timeout optionWMU

Allows timing out sessions after a configurable idle time.

Bandwidth throttlingWMU

Server bandwidth can be configured (throttled) on a global, user/group, or location basis.

User Authentication

WWin MMac UUnix

Secure user authenticationWMU

Control access to servers and networks using existing usernames and passwords or choose other enterprise-wide authentication methods.

Authentication settingsWMU

Configure authentication options by limiting the number of failed attempts, setting a timeout period for completed authentications, and setting the required authentication methods.

Allowed/required list for authentication methodsWMU

Specify which authentication methods are allowed or required when users connect to the server: password, public key, GSSAPI or keyboard-interactive authentication.

Kerberos v5 authentication via GSSAPIWMU

Kerberos via GSSAPI increases interoperability while enhancing the security of enterprise-wide network authentication.

Public-key-only authenticationWMU

Automate unattended file transfers and batch jobs. Can also streamline logon process for users.

Keyboard interactive authenticationMU

Keyboard-interactive allows you to customize authentication using PAM plugins. PAM plugins can, for example, enable password expiration enforcement policies or the use of SecurID cards.

RADIUS server support for SecurID authenticationW

VShell for Windows allows authentication through RADIUS servers using SecurID or other methods. RADIUS support is implemented through keyboard-interactive authentication.

X.509 certificate authentication methodW

Comply with organization-wide PKI policies designed to protect critical information and overcome identity theft and electronic fraud.

Automation

WWin MMac UUnix

Automation triggersWMU

Configurable trigger conditions allow automated responses to server events: including failed authentication, login, logout, upload, and download, as well as file/folder create, delete, and rename. Trigger actions include commands, sending email, file copy/move, and SFTP transfers.

Logging & Monitoring

WWin MMac UUnix

Monitor active VShell sessionsW

VShell Monitor is a real-time connection monitoring tool that allows an administrator to view active connections to the VShell server.

Server message loggingWMU

Selected server messages may be logged in the VShell log file, sent to the Windows system log or a remote syslog/syslog-ng server. Message groups include errors, warnings, informational, connection, authentication, SFTP, port forward, debug, LSA, and FTPS.

Windows event logW

VShell error and warning messages as well as selected other message groups are sent to the system event log.

syslog supportWMU

All log messages can be sent to a remote syslog or syslog-ng server.

W3C logging optionWMU

The W3C extended log file format option allows the use of third party log tools to analyze VShell activity.

VShell Editions

WWin MMac UUnix

VShell licenses are categorized into four separate "Editions" which determine the protocols and maximum number of allowed concurrent client connections to VShell. VShell license editions allowing fewer concurrent connections are priced lower than editions that allow a larger number of concurrent connections.

VShell Administrator ServerWMU

Allows two concurrent client connections, and is designed primarily for remote system administration use.

VShell Workgroup ServerWMU

Allows ten concurrent connections, and is intended to serve the needs of a large group of users.

VShell Enterprise ServerWMU

Supports an unrestricted number of concurrent connections for a substantial user community.

Enterprise with HTTPS for WindowsW

Easy file transfer by users with a web browser; deploy to large numbers of locations or users without purchasing or configuring client software.

License Comparison

License Edition Concurrent client connections allowed SSH2 and SFTP FTPS and FTP HTTPS and HTTP All other features
Administrator 2  
Workgroup 10  
Enterprise Unlimited  
Enterprise with HTTPS for Windows Unlimited

During the 60-day evaluation period, VShell for Windows can be configured to emulate any of the four editions. By default, it emulates the Enterprise with HTTPS for Windows edition. On Unix and Mac, VShell emulates the Workgroup edition during the evaluation period.

Note: "Client connections" is not the same as "users". The number of concurrent client connections is the number of connections where the client has successfully authenticated to VShell, regardless of the user account associated with the authentication. Two separate connections to the VShell service will count as two concurrent connections even if the same user account is used for authentication in each case.

Support

WWin MMac UUnix

Try before you buy free evaluation copyWMU

Official VShell software releases can be downloaded and evaluated for 60 days without charge.

Open beta software releasesWMU

Beta software releases can be downloaded and evaluated for 60 days without charge.

One-year software updatesWMU

All registered users receive a year of software updates. An option with three years of updates is also available.

One-year technical supportWMU

All registered users receive a year of technical support by email from VanDyke Support. An option with three years of technical support is also available.

Software maintenance availableWMU

Software updates and support are available after the first year.

Standards

WWin MMac UUnix

FIPS 140-2 supportW

VShell uses a FIPS 140-2 validated cryptographic library. VShell can be installed in "FIPS Mode", which allows only FIPS-approved algorithms.

U.S. Rehabilitation Act Section 508 complianceWMU

Section 508 requires Federal agencies to make their electronic and information technology accessible to people with disabilities. VShell Server has been registered as a compliant product with the Section 508 database. Voluntary Product Accessibility Template (VPAT) documents detailing this compliance are available in Acrobat PDF format here: view the VShell Server VPAT.

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.