VShell® Server

Whether your needs focus on remote access and administration or secure file transfer, the VShell server has a full range of capabilities. Available on Windows, Linux, and Mac.

Try Before You Buy

Every release can be evaluated free of charge for 60 days.

VShell® 4.6 Server

Whether your needs focus on secure file transfer or remote access and administration, the VShell server for Windows, Linux, and Mac has a full range of capabilities that enable you to:

  • Provide strong, multi-protocol security for data in transit
  • Control user access to features and files
  • Set up and configure easily
  • Monitor and log events with automation support
  • Tune licensing to your requirements with connection-based editions


New in VShell 4.6

WWin MMac LLinux

HTTPS Single Sign On (SSO) (Windows only)W

Provide your Windows users with a convenient way to log on to VShell Enterprise Edition with HTTPS without entering a username or password. SSO reduces helpdesk workload by decreasing the risk of accidental VShell account lockouts and resulting password reset requests.

Enhanced automatic file renaming capabilitiesWML

Customize names of files or folders when moving or copying files in response to file operations.  Standardize or specialize names by inserting dates, timestamps, usernames, session IDs, protocol, pre-defined text, and more.

Automatically send email with file transfer summary (Windows only)W

Use logout triggers to send email notifications with the number of files uploaded, the list of files uploaded, the number of files downloaded, and the list of files downloaded during the session.

Automatically run commands that use file transfer summary variablesWML

Use logout triggers to run commands or scripts using the number of files uploaded, the list of files uploaded, the number of files downloaded, and the list of files downloaded during the session.

Algorithm supportWML

VShell now supports the rsa-sha2-256 and rsa-sha2-512 algorithms (RFC 8332) for host keys and public-key authentication.

SSH2 extension negotiationWML

For clients that support extension negotiation as specified in RFC 8308, upon request VShell will now send the list of available public-key algorithms.

Specified character restrictionWML

Configure VShell to prevent clients from using specific characters in file and directory names.

Platform supportL

Support has been added for Ubuntu 20.04 LTS and Red Hat Enterprise Linux 8.

Secure File Transfer

WWin MMac LLinux

SFTP, FTPS, and FTP file transfersWML

Configure VShell to act as an SFTP server, an FTPS server, or both.
With FTPS, plaintext FTP may also be allowed to support legacy devices.

HTTPS file transferWML

VShell Enterprise Edition with HTTPS allows your staff, customers, and partners to transfer files easily using a web browser, eliminating the need for end-user training. Streamline the administrative cost of secure file transfer — no client software is needed and there are no browser plugins to install. Users connect via HTTPS to view folder contents, upload and download files, and more.

WebDAV supportWML

VShell Enterprise Edition with HTTPS allows users to connect with a WebDAV client to upload and download files securely. Users can take advantage of WebDAV functionality to edit and collaborate on content.

Multiple virtual root directoriesWML

The VShell virtual root capability lets you assign different root directory access points to users or groups. Allows fine-grained control over user access permissions and the ability to specify the user's home directory.

SFTP virtual rootsW

Protect your internal SFTP server from internet threats or leverage an external SFTP server by seamlessly transferring end-user connections from VShell to the target server. After authenticating the connections, VShell transparently transfers file operations to a separate SFTP server. Files are uploaded and downloaded without ever being written to the VShell server’s disk, assisting with standards compliance and reducing the disk space required by the VShell host machine.

SCP file transfersWML

SCP file transfers using clients operating as a secure RCP replacement that forwards a remote execution request to SCP over SSH2 (not SFTP).

Automated secure file transfersWML

Use vcp, vsftp, vsh, or any SFTP, SCP, or FTPS clients to automate and schedule unattended file transfers.

Remote Access and Administration

WWin MMac LLinux

Administer servers remotely and securelyWML

Securely access and administer web, mail, database, and application servers.

Accomplish common administrative tasksWML

With existing secure shell utilities, add new users to the network, check print queues, and control services. Use text-oriented editors (e.g., EDIT and vi) to edit files on the remote system.

Remotely execute commands as a different userW

Give VShell users permission to remotely execute commands as a different user without full admin privileges. The administrator controls who can remotely execute commands, which commands are executed, and what account is used.

Start unattended batch jobsWML

VShell support for remote command execution allows unattended jobs to be started with any Secure Shell (SSH2) client.


WWin MMac LLinux

Access controlWML

On an individual or group basis, allow or deny access to VShell services such as SFTP, SCP, FTPS, FTP, HTTPS, HTTP, shell, remote execution, and port forwarding.

SSH2 supportWML

VShell SSH2 support offers cross-platform security when connecting from remote clients for shell, SFTP and SCP file transfer, or port forwarding access. Connect with Secure Shell clients including SecureCRT, SecureFX, and a wide variety of other standard tools.

Data encryptionWML

VShell supports ChaCha20/Poly1305, AES-256-GM, AES-128-GCM, AES-256-CTR, AES-192-CTR, AES-128-CTR, AES-256, AES-192, AES-128, and Twofish. For SSH1 clients, 3DES is supported but disabled by default.

Data integrityWML

Message authentication codes (MACs) protect the integrity of each message sent over the network (preventing replay or insertion attacks). Support for UMAC-128-EtM, UMAC-64-EtM, SHA2-512-EtM, SHA2-256-EtM,SHA1-EtM, UMAC-128, UMAC-64, SHA2-512, SHA2-256, and SHA1. MD5 is supported but disabled by default.

Data compressionWML

Configurable data compression helps improve transfer speeds over slower network links.

Host identity verificationWML

Unique server host key proves its identity to a client as a "known" host (preventing a man-in-the-middle attack). Ed25519 (ssh-ed25519), RSA (ssh-rsa), ECDSA (ecdsa-sha2-nistp), and DSA (ssh-dss) host key algorithms are supported.

Port forwardingWML

Forward TCP/IP ports to securely access standard data traffic like POP3 and SMTP over the Internet and intranets through a single, secure, multiplexed channel.

Deny Host fileWML

VShell tracks failed authentications by IP address. Once an IP address has been added to the Deny Host list, VShell will not allow future connections from that address. On Windows SFTP, FTPS, and HTTPS, ward off brute force attacks by specifying the amount of time in which a certain number of authentication failures from a particular IP address will be tolerated. VShell will add the offending IP address to its list of denied hosts and any further authentication attempts will be immediately disconnected. On Windows, you can specify the number of failures allowed during a certain time period, and re-allow connections after a specified amount of time.

Windows account and LDAP server integrationW

Native integration with Windows user accounts and groups (local and domain). Login to VShell using credentials provided by an external LDAP server. Control access to VShell functionality.

Internal user databaseWML

Configure VShell-specific users and groups. These VShell-defined users and groups are separate from system accounts. The internal accounts can be given access to all file transfer, remote shell and execute, and port forwarding services. Eliminate the need to create system accounts for end users when accounts are only needed for VShell access. Simplify future migrations by letting VShell automatically include your users and groups when you move the VShell configuration to a new server.

Jail shellML

Two configuration options, ChrootUsers and ChrootGroups, combine to restrict users and members of groups to their home directory with any shell, SFTP, or subsystem operation.

IPv6 supportWML

Transparent support for IPv6 allows you to move to the new protocol whenever you are ready.

Command-line utilitiesWML

Automate routine tasks using command-line utilities: vsftp for an interactive SFTP command line, vsh for command-line shell access, vcp for command-line file transfer, and vkeygen to generate public/private keys.

VRALib API for scripting SSH2 sessionsW

The VRALib API allows scripting of SSH2 connections through a Windows COM interface. Supported operations include full control over SSH2 connections, sending a command to an SSH2 server and getting the output produced by the command, tunneling/port forwarding, file transfers using SFTP, remote file management, adding host keys to a host key database, and adding keys to the SSH2 authentication agent.

Allow or deny specific SFTP commandsWML

Choose whether to allow or deny specific SFTP commands on a per-user or per-group basis, including SETSTAT, FSETSTAT, RMDIR, REMOVE, RENAME, and LINK.

Mouse supportW

VShell provides mouse support for character-based applications running in a command window.

Server Configuration

WWin MMac LLinux

General server configurationWML

Configure general server options like listening port, keepalives, idle timeout period, and command shell.

VShell Control PanelW

On Windows, configure VShell for maximum security through an easy-to-use graphical control panel.

CUCM configuration wizardW

A wizard facilitates easier configuration of VShell to receive file uploads (backups) from Cisco Unified Communications Manager (CUCM).

VShellConfig utilityW

A Windows command-line utility that allows editing of virtual roots, access control lists (ACLs), file and folder access permissions, and the VShell user database. VShellConfig can import and export configurations to save time when backing up or moving VShell.

Connection filtersWML

Configure which hosts can connect by IP address, netmask, hostname, or domain name. Configure which SSH2 port-forwarding requests are allowed.

Idle timeout optionWML

Allows automatic disconnect of sessions after a configurable idle time.

Bandwidth throttlingWML

Server bandwidth can be configured (throttled) on a global, user/group, or location basis.

User Authentication

WWin MMac LLinux

Secure user authenticationWML

Control access to servers and networks using existing usernames and passwords or choose other enterprise-wide authentication methods.

Authentication settingsWML

Configure authentication options by limiting the number of failed attempts, setting a timeout period for completed authentications, and setting the required authentication methods.

Allowed/required list for authentication methodsWML

Specify which authentication methods are allowed or required when users connect to the server: password, public key, GSSAPI, or keyboard-interactive authentication.

Kerberos v5 authentication via GSSAPIWML

Kerberos via GSSAPI increases interoperability while enhancing the security of enterprise-wide network authentication.

Public-key-only authenticationWML

Automate unattended file transfers and batch jobs. Can also streamline logon process for users.

Keyboard-interactive authenticationML

Keyboard-interactive allows you to customize authentication using PAM plugins. PAM plugins can, for example, enable password expiration enforcement policies or the use of SecurID cards.

RADIUS server support for SecurID authenticationW

VShell for Windows allows authentication through RADIUS servers using SecurID or other methods. RADIUS support is implemented through keyboard-interactive authentication.

X.509 certificate authentication methodW

Comply with organization-wide PKI policies designed to protect critical information and overcome identity theft and electronic fraud.


WWin MMac LLinux


Configurable trigger conditions allow automated responses to server events, including failed authentication, login, logout, upload, and download, as well as file/folder creation, deletion, and renaming. Trigger actions include commands and file copy/move. On Windows, email notifications can be sent, and files automatically transferred to another SFTP server.

Folder monitorW

Detect when new files are created, moved, or copied to a particular folder and initiate actions such as automatic transfer to another SFTP server.

Logging & Monitoring

WWin MMac LLinux

Monitor active VShell sessionsW

VShell Monitor is a real-time connection monitoring tool that allows an administrator to view active connections to the VShell server.

Server message loggingWML

Selected server messages may be logged in the VShell log file, sent to the Windows system log or a remote syslog/syslog-ng server. Message groups include errors, warnings, informational, connection, authentication, SFTP, FTPS, HTTPS, port forward, debug, and LSA.

Windows event logW

VShell error and warning messages as well as selected other message groups are sent to the system event log.

syslog supportWML

All log messages can be sent to a remote syslog or syslog-ng server.

VShell Editions

WWin MMac LLinux

VShell licenses are categorized into four separate "Editions" which determine the protocols and maximum number of allowed concurrent client connections to VShell. VShell license editions allowing fewer concurrent connections are priced lower than editions that allow a larger number of concurrent connections.

VShell AdministratorWML

Allows two concurrent client connections, and is designed primarily for remote system administration use.

VShell WorkgroupWML

Allows twenty-five concurrent connections, and is intended to serve the needs of a large group of users.

VShell EnterpriseWML

Supports an unrestricted number of concurrent connections for a substantial user community.

VShell Enterprise with HTTPSWML

Easy file transfer by users with a web browser; deploy to large numbers of locations or users without purchasing or configuring client software.

License Comparison

License Edition Concurrent client connections allowed SSH2 and SFTP FTPS and FTP HTTPS and HTTP All other features
Administrator 2  
Workgroup 25  
Enterprise Unlimited  
Enterprise with HTTPS Unlimited

During the 60-day evaluation period, VShell for Windows can be configured to emulate any of the four editions. By default, it emulates the Enterprise with HTTPS edition.

On Linux and Mac, VShell emulates the Enterprise with HTTPS edition during the evaluation period.

Note: "Client connections" is not the same as "users". The number of concurrent client connections is the number of connections where the client has successfully authenticated to VShell, regardless of the user account associated with the authentication. Two separate connections to the VShell service will count as two concurrent connections even if the same user account is used for authentication in each case.


WWin MMac LLinux

Try before you buy free evaluation copyWML

Official VShell software releases can be downloaded and evaluated for 60 days without charge.

Open beta software releasesWML

Beta software releases can be downloaded and evaluated for 60 days without charge.

One-year software updatesWML

All registered users receive a year of software updates. An option with three years of updates is also available.

One-year technical supportWML

All registered users receive a year of technical support by email from VanDyke Support. An option with three years of technical support is also available.

Software maintenance availableWML

Software updates and support are available after the first year.


WWinMMac LLinux

FIPS 140-2 supportW

VShell uses a FIPS 140-2 validated cryptographic library. VShell can be installed in "FIPS Mode", which allows only FIPS-approved algorithms.

U.S. Rehabilitation Act Section 508 complianceWML

Section 508 requires Federal agencies to make their electronic and information technology accessible to people with disabilities. VShell Server has been registered as a compliant product with the Section 508 database. Voluntary Product Accessibility Template (VPAT) documents detailing this compliance are available in Acrobat PDF format here: view the VShell Server VPAT.

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.