- PowerToys for Windows 10 and Windows 11 - Mon, Jan 30 2023
- Azure Recovery Services vault: Ironing out the confusion - Fri, Jan 20 2023
- Regex in VSCode - Tue, Jan 17 2023
This post was sponsored by VanDyke Software. In this raffle you can win a single SecureCRT license with one year of updates valid for the Windows, Mac, or Linux version. The value is $99 USD. The deadline of this contest is September 18, 2012. If you want to have a chance to win this license, please send an email with the subject “SecureCRT” to .
I once worked as a systems administrator for a university research center. The client operating system base consisted of 50 percent Microsoft Windows, 25 percent Mac OS X, and 25 percent Red Hat Linux. In the server room we had a similar distribution of Windows Server, Mac OS X Server, and Red Hat Enterprise Linux machines.
When I needed a remote command prompt, which protocol and tool do you think I used? Telnet? I think not—many of the projects that the research center staff were involved in dealt with top secret government contracts. Thus, I needed to ensure that my own client/server administrative traffic was encrypted and secure.
Microsoft RDP, Apple Remote Access protocol, or Windows Remote Management (WinRM) were all too proprietary and had too much overhead. Yes, I needed something simple, time-tested, and secure.
That means I employed Secure Shell (SSH).
As you know, SSH, which is formally defined in Request for Comments (RFC) 4251, is an industry standard remote access protocol that operates by default on TCP port 22. By using an SSH client, we can establish an encrypted remote command prompt session with any TCP/IP host that runs the SSH daemon (server), including routers, switches, firewalls, wireless access points, and of course, honest-to-goodness server computers.
Of all the SSH clients I’ve used over the past 15 years, I have historically been very impressed with SecureCRT by VanDyke Software. SecureCRT offers Windows, Linux, and Mac administrators a Cadillac level of comfort in using the old SSH protocol.
If there is a downside to SecureCRT, it is the fact that there is a license cost; the product is neither open source nor freeware. However, if you are a command line-based systems administrator like I am, you see the purchase of a premium software license for a quality SSH client as a worthwhile investment.
For obvious reasons, in this review we focus on using SecureCRT in a Microsoft Windows Server environment.
Installation and configuration
You can download a fully functional 30-day trial version of SecureCRT by visiting the VanDyke Software Web site.
The installation file weighs in at a tiny 15 MB, and the installation is a simple click-click-click procedure. Remember that this is client software, so in order to use SecureCRT to make a SSH connection to a remote host, we need an SSH server.
You might recall that Microsoft has never bundled an SSH server in any version of Windows, so we must perform some research and locate a small footprint yet stable and secure SSH server. Two freeware SSH servers that I have used quite a bit over the years are the following:
Another option is VShell from VanDyke Software which is not free but can be evaluated for 30 days.
Configuring a Windows-based SSH server is beyond the scope of this blog post. However, if you’d like me to write something up for you on this subject, please let me know in the comments. I’m always happy to oblige!
At first launch, you are prompted to create a connection profile. Subsequent launches of the software display the Connect dialog box, from which you can start an existing profile session or define a new connection entry. The Connect dialog box is shown in the following screen capture:
SecureCRT 7 Connect dialog box
Let’s explain the function of the two toolbar buttons that I called out in the previous figure:
- A: This is the Connect button, and is used to display the Connect dialog box you see in the foreground
- B: This is the New Session button, and is used to define a new connection profile in SecureCRT 7
Creating a new session requires answering the following questions:
What type of connection do you want to establish? SecureCRT for Windows supports the following connection protocols:
What is the identity of the remote host? Here we specify the SSH server’s hostname, port number, firewall type, and SSH account username
That’s all there is to it from a client connection standpoint. Assuming that the connection protocol parameters and user account authentication were successful, you’ll have a remote command prompt on the target server.
Common question: which Windows security context is used for SSH connections in Windows. The short answer is, “The currently logged-on user on the target machine.” Be careful with this, and keep in mind the IT security principle of least privilege. This identity issue is depicted in the following screen capture:
SSH security context in Windows
To modify connection-related parameters, open the Connect dialog box, right-click the connection profile in question, and select Properties from the shortcut menu. The Session Options configuration dialog appears.
SecureCRT session configuration
Pay particular attention to the SSH2 configuration settings in the option tree. Here is where we can tweak the target SSH server’s IP address, port number, and (importantly) the authentication and public key infrastructure (PKI) key exchange method(s). Depending upon the setup of your target server, you may be required to make some edits here before you can make a successful connection.
Some of the features that differentiate SecureCRT from its much more basic competition include the following:
- Tabbed, multi-session display: We can load multiple SSH sessions in a single window and quickly switch among them
- Built-in SFTP client: Once we’ve connected to an SSH server, we can spawn a separate tab and use Secure FTP (SFTP) to perform secure file transfers
- Built-in TFTP server: The on-board Trivial File Transfer Protocol (TFTP) server means we can backup and restore router and firewall OS images, for instance, with ease and convenience
- Scripting support: We can automate repetitive tasks by feeding script files to SecureCRT
This final bullet point bears further discussion. SecureCRT can load and interpret script files that are written in the following scripting languages:
We can use the SecureCRT Script menu (shown in the following figure) to browse to where our automation script is located and run it in-place. Think of the time-saving potential this “scriptability” has for you! (Hint: how many of us like to configure switch interface IP addresses manually?)
SecureCRT 7 scripting support
Licensing and support
SecureCRT is available for Windows, Mac and Linux. The cost for a single-user license with one year of free updates and support is USD $99 as of this writing in August 2012. If you want a larger purchase, you can check out the linked pricing page for those additional details.
Because many countries have laws that govern the international transfer of encryption software, please read the VanDyke Software export information page prior to making a purchase.
VanDyke Software SecureCRT 7 is a solid piece of software. If you spend much of your day working in command line-based administration, then you owe it to yourself to invest in a quality SSH client. For further information, please check out one of the following resources from the VanDyke Software Web site.
- SecureCRT Frequently Asked Questions (FAQ)
- SecureCRT How-to Tutorials
- SecureCRT Tips and Tricks
- VanDyke Support
- VanDyke User Forums