VShell® Server for Windows and UNIX

Whether your needs focus on remote access and administration or secure file transfer, the VShell server has a full range of capabilities.

Try Before You Buy

Every release can be evaluated free of charge for 30 days.

VShell® 4.3 Server for Windows and UNIX

Whether your needs focus on remote access and administration or secure file transfer, the VShell server has a full range of capabilities that enable you to:

  • Provide strong, multi-protocol security for data in transit
  • Control user access to features and files
  • Set up and configure easily
  • Monitor and log events with automation support
  • Tune licensing to your requirements with connection-based editions


New in VShell 4.3

WWinMMac UUnix

LDAP server user authenticationW

Login to VShell using credentials provided by an external LDAP server.

Manage user public keysW

Easily add, remove, and view user and common public keys via the new manage-public-key interface.

Additional encryption optionsWMU

Support for ChaCha20-Poly1305 authenticated encryption cipher.

UNIX virtual directory access permissionsMU

Fine-grained control over virtual directory access permissions on UNIX. Specific file and folder access permissions can be set on a per user, per virtual directory basis.

UNIX virtual directory homeMU

Specify which virtual directory a user will be placed in upon connecting.

Key Features

WWinMMac UUnix

Multiple virtual root directoriesWMU

The VShell virtual root capability lets you assign different root directory access points to users or groups. Allows fine-grained control over user access permissions and the ability to specify the user's home directory.

Windows account integrationW

Native integration with Windows user accounts and groups (local and domain). Control access to VShell functionality.

Access controlWMU

Grant access to VShell services by authorized users or groups. On an individual or group basis, allow or deny access to VShell services such as shell, SCP, SFTP, FTPS, and port forwarding.

Authentication choicesW

Choose from a number of authentication mechanisms including public key, Kerberos, and X.509 digital certificates to create a more secure two-factor authentication strategy.

FTPS optionWMU

Choose between Secure Shell SSH2 and FTP over TLS according to your network standards.

Internal user databaseW

Configure VShell-specific users and groups through the VShell Control Panel User Database page. These VShell-defined users and groups are separate from Windows System accounts. The internal accounts can be given access to all file transfer, remote shell and execute, and port forwarding services.

Secure File Transfer

WWinMMac UUnix

SCP file transfersWMU

SCP file transfers using clients operating as a secure RCP replacement that forwards a remote execution request to SCP over SSH2 (not SFTP). Honors settings for logging, ACLs, and SFTP roots.

Automated secure file transfersWMU

Use vcp, vsftp, vsh, or any SFTP or SCP clients to automate and schedule unattended file transfers.

Remote Administration

WWinMMac UUnix

Administer servers remotely and securelyWMU

Securely access and administer web, mail, database, and application servers.

Accomplish common administrative tasksWMU

With existing secure shell utilities, add new users to the network, check print queues, and control services. Use text-oriented editors (e.g., EDIT and vi) to edit files on the remote system.

RunAs CommandsW

Give VShell users permission to remotely execute commands as a different user without full admin privileges. The administrator controls who can remotely execute commands, which commands are executed, and what account is used.

Start unattended batch jobsWMU

VShell support for remote command execution allows unattended jobs to be started with any Secure Shell (SSH2) client.


WWinMMac UUnix

SSH2 supportWMU

VShell SSH2 support offers cross-platform security when connecting from remote clients for shell, file transfer, or port forwarding access. Connect with Secure Shell clients including SecureCRT, SecureFX, and a wide variety of other standard tools.

Data encryptionWMU

Encrypt the data using a wide selection of ciphers including AES-128-CTR, AES-192-CTR, AES-256-CTR, AES-128, AES-192, AES-256, Twofish, Blowfish, 3DES, and RC4. RSA (up to 16,384 bits) and DSA public-key authentication and X.509 (Windows) certificate authentication methods are also supported.

Data integrityWMU

Message authentication codes (MACs) protect the integrity of each message sent over the network (preventing replay or insertion attacks). Support for SHA2-512, SHA2-256, SHA1, SHA1-96, MD5, MD5-96, UMAC-64 is included.

Data compressionWMU

Configurable data compression helps improve transfer speeds over slower network links.

Host identity verificationWMU

Unique server host key proves its identity to a client as a "known" host (preventing a man-in-the-middle attack). DSA (ssh-dss), RSA (ssh-rsa), and ECDSA (ecdsa-sha2-nistp) host key algorithms supported.

Port forwardingWMU

Forward TCP/IP ports to securely access standard data traffic like POP3 and SMTP over the internet and intranets through a single, secure, multiplexed channel.

Deny Host fileWMU

VShell for Windows and UNIX now tracks failed authentications by IP address. Once an IP address has been added to the Deny Hosts file, VShell will not allow future connections from that address.

Jail shellMU

Two configuration options, ChrootUsers and ChrootGroups, combine to restrict users and members of groups to their home directory with any shell, SFTP, or subsystem operation.

IPv6 supportWMU

Transparent support for IPv6 allows you to move to the new protocol whenever you are ready.

Command-line utilitiesWMU

Automate routine tasks using command-line utilities: vsftp for an interactive SFTP command line, vsh for command-line shell access, vcp for command-line file transfer, and vkeygen to generate public/private keys.

VRALib API for scripting SSH2 sessionsW

The VRALib API allows scripting of SSH2 connections through a Windows COM interface. Supported operations include full control over SSH2 connections, sending a command to an SSH2 server and getting the output produced by the command, tunneling/port forwarding, file transfers using SFTP, remote file management, adding host keys to a host key database, and adding keys to the SSH2 authentication agent.

Mouse supportW

VShell provides mouse support for character-based applications running in a command window.

Server Configuration

WWinMMac UUnix

General server configurationWMU

Configure general server options like listening port, keepalives, idle timeout period, and command shell.

Windows Control PanelW

Configure VShell for maximum security through an easy-to-use graphical control panel.

VShellConfig utilityW

A Windows command-line utility that allows editing of virtual roots, access control lists (ACLs), file and folder access permissions, and the VShell user database. VShellConfig can import and export configurations to save time when backing up or moving VShell.


Configure which hosts can connect by IP address, hostname, or netmask; configure which port forwarding requests are allowed.

Idle timeout optionWMU

Allows timing out sessions after a configurable idle time.

Bandwidth throttlingWMU

Server bandwidth can be configured (throttled) on a global, user/group, or location basis.

User Authentication

WWinMMac UUnix

Secure user authenticationWMU

Control access to servers and networks using existing usernames and passwords or choose other enterprise-wide authentication methods.

Authentication settingsWMU

Configure authentication options by limiting the number of failed attempts, setting a timeout period for completed authentications, and setting the required authentication methods.

Allowed/required list for authentication methodsWMU

Specify which authentication methods are allowed or required when users connect to the server: password, public key, GSSAPI or keyboard-interactive authentication.

Kerberos v5 authentication via GSSAPIWMU

Kerberos via GSSAPI increases interoperability while enhancing the security of enterprise-wide network authentication.

Public-key-only authenticationWMU

Automate unattended file transfers and batch jobs. Can also streamline logon process for users.

Keyboard interactive authenticationMU

Keyboard-interactive allows you to customize authentication using PAM plugins. PAM plugins can, for example, enable password expiration enforcement policies or the use of SecurID cards.

RADIUS server support for SecurID authenticationW

VShell for Windows allows authentication through RADIUS servers using SecurID or other methods. RADIUS support is implemented through keyboard-interactive authentication.

X.509 certificate authentication methodW

Comply with organization-wide PKI policies designed to protect critical information and overcome identity theft and electronic fraud.

Logging & Monitoring

WWinMMac UUnix

Monitor active VShell sessionsW

VShell Monitor is a real-time connection monitoring tool that allows an administrator to view active connections to the VShell server.

Server message loggingWMU

Selected server messages may be logged in the VShell log file, sent to the Windows system log or a remote syslog/syslog-ng server. Message groups include errors, warnings, informational, connection, authentication, SFTP, port forward, debug, LSA, and FTPS.

Windows event logW

VShell error and warning messages as well as selected other message groups are sent to the system event log.

syslog supportWMU

All log messages can be sent to a remote syslog or syslog-ng server.

W3C logging optionWMU

The W3C extended log file format option allows the use of third party log tools to analyze VShell activity.

Automation triggersWMU

Configurable trigger conditions allow automated responses to server events: failed authentication, login, logout, upload, and download, also file/folder create, delete, and rename. Trigger actions include commands, sending email, file copy/move, and SFTP transfers.

VShell Editions

WWinMMac UUnix

The VShell and VShell with FTPS servers are available in editions designed to meet the needs of every size network and organization. All VShell editions offer the same capabilities but allow you to control costs by deciding how many concurrent connections you need.

VShell Administrator ServerWMU

Allows two concurrent client connections, and is designed primarily for remote system administration use.

VShell Workgroup ServerWMU

Allows ten concurrent connections, and is intended to serve the needs of a substantial group of users.

VShell Enterprise ServerWMU

Supports an unrestricted number of concurrent connections for a large user community.

VShell Server with FTPSWMU

VShell with FTPS adds TLS-based file transfer encryption to provide a protocol alternative. It is also available in Administrator, Workgroup, and Enterprise editions.

VShell Custom ServerWMU

VShell Custom Server allows large customers to deploy VShell with custom configuration of certain options. For more information on the VShell Custom Server please contact VanDyke Software Sales


WWinMMac UUnix

Try before you buy free evaluation copyWMU

Official software releases can be downloaded and evaluated for 30 days without charge.

Open beta software releasesWMU

Beta software releases can be downloaded and evaluated for 60 days without charge.

One-year software updatesWMU

All registered users receive a year of software updates.

One-year technical supportWMU

All registered users receive a year of technical support by email from VanDyke Support.

Software maintenance availableWMU

Software updates and support are available after the first year.


WWinMMac UUnix

FIPS 140-2 supportWMU

VShell uses a FIPS 140-2 validated cryptographic library. VShell can be installed in "FIPS Mode", which allows only FIPS-approved algorithms.

U.S. Rehabilitation Act Section 508 complianceWMU

Section 508 requires Federal agencies to make their electronic and information technology accessible to people with disabilities. VShell Server has been registered as a compliant product with the Section 508 database. Voluntary Product Accessibility Template (VPAT) documents detailing this compliance are available in Acrobat PDF format here: view the VShell Server VPAT.