Slashdot Mirror

If Data and Lore had been configured with different host keys, a whole lot of anguish could have been avoided.

When a signal transmission is detected from Data's quarters, Wesley Crusher arrives to investigate. He finds Lore, now impersonating Data, who explains that he had to incapacitate his brother after being attacked. Wesley is doubtful, but since Lore and Data were misconfigured with identical host keys, he has little option but to pretend to accept the explanation.

Understanding Secure Shell Host Keys

SecureCRT also seems to have a Linux version.

I do really miss SecureCRT

Why?.

Wireshark runs on Linux, Mac OS X, BSD, and Solaris.

According to its page, SecureCRT runs on MacOSX and Linux.

And what's the advantage of SecureFX over e.g. Filezilla?

It is funny that you mention it. I use version 3.4.8 as well.

My license issue date is 5/11/2001, and with that issue date version 3.4.8 is the newest I can grab.

I am not sure what your issue date is, but if it is on or after 6/1/2001 then you can get SecureCRT 4.0.x:
http://www.vandyke.com/pricing/upgrades/securecrt_securecrt_el.html

If I had only waited to get my license for another 30 days...

In SecureCRT (even non-secured one), I use its sz and rz for Zmodem file transfers. I don't need to load up SFTP, SCP, etc. especially when in a hurry.

FYI, it is already in the wishlist, but it is years old and low priority. Le PuTTY exists, but it is an ugly hack and old (last updated in 2006). :(

I still use it with SecureCRT and Le PuTTY (wished it was updated again and better since it is just a hack) in Windows. SyncTERM has it too, but crappy.

I recalled SFTP can't do resume downloads and uploads when I last tried it, years ago. So I use good old Z-modem's sz and rz commands through SSH(1-2) connections with SecureCRT clients (wished PuTTY could do it and SyncTERM's Z-modem seems to be broken [never worked correctly]). FTP can do resumes too, but obviously insecured. Are there any other popular/common protocols that will transfers, with resume support, securedly on various platforms (Apple Mac, Windows, and Linux/UNIX)?

He likes the interface better.

That's exactly right. There's a nice GUI to configure it and manage all of my saved sessions. For example, one can choose the font to use for a session by pointing and clicking at it. Better clients, such as SecureCRT, have better management of sessions, including grouping them into folders (necessary when you have 100+ hosts), scripting for sessions (for auto login, etc), searching and saving of all session history, tabbed interface with the ability to move tabs into and out of new windows, clone tabs, ability to have multiple sessions open in tabs at once with a single click, great GUI-based key generation and management.

Most important for me, SecureCRT supports zmodem for file transfers. I can type "sz " in a shell and the file will be sent from the remote system to my desktop. I can type "rz" and I'm prompted with a file requester to select files to send to the remote host. It's much faster than dicking around with opening another shell and dealing with scp or sftp.

• A tabbed interface
• Integrated scp/sftp interface (Putty's is a separate program with a command-line only interface)
• Zmodem file transfers. Extremely useful as I have to ssh through multiple servers to reach the one I want, and to get a file back to my desktop involves multiple scp's.

Vandyke's CRT and SecureCRT, and SyncTERM have Z-Modem support. I still use rz and sz commands in these clients to upload and download off Linux and UNIX systems. It beats scp.exe, sftp, etc. AND I can resume too. I wished PuTTY would add it, but they won't so far.

My short list:

Anything by VanDyke software. This stuff just bleeds "professional": http://www.vandyke.com/

Now, how to turn Windows into a fully armed and operational battlestation:

Download Microsoft Windows Services for UNIX, aka Interix:
http://www.microsoft.com/windowsserversystem/sfu/d ownloads/default.asp

Install using the NetBSD pkgsrc guide for Interix:
http://www.netbsd.org/Documentation/pkgsrc/platfor ms.html#interix

Now patch it (a necessary step):
http://www.duh.org/interix/hotfixes.php

Now, download and install the latest Interix bootstrap binaries from ftp://ftp.netbsd.org/pub/pkgsrc/packages/bootstrap -pkgsrc/

Grab pkgsrc-current from ftp://ftp.netbsd.org/pub/pkgsrc/current

Now go to town!

(Just don't forget to ALT-ENTER your C Shell terminal, with green on black text, natch)

SecureCRT supports ActiveX scripting which means you can useany scripting language supported by WSH on your machine (like, say, ActivePerl). I think it will accomplish goal.

I use SecureCRT on a daily basis.

When you're editing the properties of a session, you can check the "Logon script" box and choose a logon script to use for that session. You can do that either per-session, or as a global setting so it happens for all of your sessions.

Your logon script can contain as many aliases as you'd like.

Try SecureFX from VanDyke Software. I've been using their SecureCRT/SecureFX combo for a year or so now and it works great. Both are command-line scriptable as needed.

You just encrypt the passwords but not the data, if IIRC. Maybe think about something using the SSH protocol.

On Windows, the easiest solution/least expensive solution is probaby via Cygwin as another poster stated using SFTP from OpenSSH. If you need commercial software, I'd strongly recommed SecureFX from Van Dyke Software. Scriptable interface, supports FTP, SFTP and FTP over SSL. From the command line, I believe it doesn't support FTP over SSL but I could be wrong.

How are you going to get the windows boxes to do this without openning up SMB to the world unencrypted. (Hint you pretty much can't without a firewall box extern to windows)

Either way you don't know what you are talking about so I suggest you clam up.

-- MarkusQ

i agree that putty is probably the best *free* terinal emulator for windows, but there's a lot to be said for some of the commercial emulators; specifically vandyke's securecrt.

and for Linux - postfix, squirrelmail, screen, apache, mysql, squid, php, courier-imap, rsync, cvs - in no particular order

posted this list at my blog too - First Ten Programs

SecureCRT
http://www.vandyke.com/

Indispensable window shell program, port redir, and serial terminal too (for jacking into a switch/router console port from your laptop)

Here are my most favorite windows apps. Some are free. All at least have trials. They are in no particular order.

Firewall: BlackIce
Virus Scanner: AVG Anti-Virus
Instant Messaging: Trillian
Movie Player: BSPlayer
Web Browser: Slim Browser
Mail Client: The Bat!
Taskbar Improvement: True Launcher Bar
SpyWare Protection: Spybot Search & Destroy
File Compression: Win Rar
Hex Editor: Hex Workshop
Audio Player: Winamp
Ternimal Emulator (telnet/ssh/etc): SecureCRT

Of the programs mentioned in this thread that I've looked at, there's not a one that passes all the relevant tests. And Terminal.app does better than most at some of them, like the character set test and Xterm window-modify features.

My favorite terminal emulation program, PC-compatible only alas, is VanDyke's SecureCRT, which does well on vttest and comes with a nice terminal font set. (Luckily I'm at a school with a site license; regular individual price is $99.)

It comes with Solaris right now. You can also get it for Linux. Why?

It's useful when the ssh client has it built in because you get pretty much the same speed and the ability to download between clients.

By the way, I know about two zmodem-enabled ssh clients:
1) SecureCRT - nonfree/Windows only.
2) Zssh - open-source, cross-platform.

The actual applications which initiate the transfer are called "rz" and "sz."

SecureCRT takes forever to start up.

So I suppose SP1 is to XP as beer is to me: a tool to slow your reaction time. Too bad it doesn't make XP more attractive...

Tried it, then tried SecureCRT, and never went back to putty.

You may want to have a look at vandyke.com; their VShell SSH server has a 'personal' edition which works very well for systems management and is cheaper than the SSH product. I've used their products for years on the server as well as client-side, and found them very reliable, as well as very well-behaved Windows services...

Damnit, I was about to post that link. All my karma are belong to you now.

anyway, vshell

I am using the commercial SecureCRT from Vandyke. I have never had any problems with the client and it supports everything a administrator needs...

It's shareware.. If I only knew how my Ikey 1000 works with SecureCRT ...

SecureFX implements FTP-over-SSH2 and SFTP. All I had to do was turn on "Subsystem SFTP" on the servers, give each exec a DSA key and install this program. It was ~$60/seat when we bought it - we only bought 5 seats, one for each consultant - and it's easy enough for our Windoze users handle.

Basically, it looks just like and FTP client to the user. I just set the initial directory to our samba-shared directory path and bingo! You can drag-and-drop and whatnot. Only thing to worry about is getting users to upload the file again when they've made their changes (we've had files get out of sync that way).

One annoyance - it uses SSH.COM's SSH engine so you have to generate DSA keys with the client program and convert the public key to OpenSSH format for use on the server. Minor annoyance.

It supports many other protocols besides SSH too.

Goto: www.vandyke.com/products/securefx

I use SecureCRT everyday and it rocks! I've never used SecureFX (thier premier file transfer program), but I get what I need from CRT and it's $30 cheaper (it's a terminal, but has z-modem).

• Zmodem was the way to transfer files (I still use it in Linux with CRT!)
  
• HS/Link came along with bi-transfer support and chat during transfer
  
• Procomm/Qmodem/Telemate(sp?)
  
• Busy signals and redialing
  
• BBS mods like WWIV
  
• MUD
  
• Playing DOOM multiplayer (more than two players) the first time with Game Connection with MajorBBS
  
• You knew what "rodent" (think lamer) meant.
  

Try Secure CRT

My suggestion would be to go with Vandyke's SecureFX. Vandyke is the same company that brought us the beloved SecureCRT. Plus its one of the very few Windows graphical SFTP clients. It does ftp over ssl, sftp, and normal ftp with a very simple user interface. It might be alittle pricey but if you've got the money then go for it.

If you're in a UNIX shop and still want graphical you should check out gftp, I know it also does sftp. Good luck and let us know if you find any other good ones!

For Win32 I can recommend SecureFX from Vandyke

Considering you said "on behalf of the web sites that I maintain", I assume you have some degree of control on at least one site outside your ISP.

Why don't you tunnel ? Then you can use whatever port you want.

If you have SSH running on one of these servers - and who doesn't nowadays - you can easily tunnel. Just check your ssh client configurations. If you're running windows, a good client is SecureCRT. If you're running linux, and the other side is windows NT/2000/XP, use this PPtP client

And there's another advantage with tunnelling: You can compress. Unless you have a very fast connection, you'll visibly notice a speed improvement when compressing.

Van Dyke Secure CRT is a really good GUI that support SSH2 with the most advanced encryption and authentication schemes (AES). My favourite features are:

1. Configurable defeat of idle disconnect
2. Configurable word delimiter for cut and paste
3. Use Alt as Meta key for emacs.
4. Can disable scroll-to-bottom on output.
5. Supports OpenSSH private key format (allegedly in new versions, haven't checked)
6. Login scripting

You can probably implement all those features when you use OpenSSH via an Xterm, but it would take you days to research Xwindow configuration and expect scripting language.

The only feature that command line SSH (OpenSSH and the commercial ssh.fi ssh) has is the ability to forward authentication using ssh-agent.

We had this problem too at work, our solution run CRT in wine. It was a pain to configure but works really well now after some trouble shooting. Found one other package that claims to do what you want out of the box but couldn't even get the software to run for me, it was from Pericom-Software.com. Crappy install and just all around seems like pretty poor software but your mileage may vary.

We're down to 30 or so packages in a minimal install.

&ltmonty burns voice&gt Excellent! &lt/monty burns voice&gt

My Red Hat box does serious work... file server, media center, home automation controller. No GUI required or desired. I telnet to it from my game machine (oops, Win98 box). van dyke CRT rules!

Just wanted to add my voice to the chorus... don't forget the command line -- I believe that it's the most powerful UI that we've come up with yet.

Regards, your friendly neighbourhood cranq

I suggest that the State Department provide a list of IP addresses which they want download refused for, and no more than that. It should be possible to get the addresses connecting "Cuba, Iran, Iraq, North Korea and others considered America's foes". This is sufficiently practical to manage and can be smoothly automated. Any more than that and I will certainly see it as excessive government interference in the private sector.

You're kidding, right? I hope so. Your first paragraph stated that any terrorist can easily gain access to encryption software through alternative channels, or even from within the US itself (it isn't hard to visit the US with the sole intention of blowing up the World Trade Center).

No, I'm not kidding. However the purpose is because I expect the US government to continue to have some kind of bureaucracy involved in the exporting process. That's the nature of the beast. Ideally there should be none at all. Realistically I expect there to be some, and my suggestion is what form that should be. Sorry, I should have made that clearer.

Then you casually describe a process that is sufficiently practical to manage and can be smoothly automated. Yeah, right. "Government" and "smoothly automated" should never go together. And even if our government is as capable as you feel it is, to then maintain a list of IP addresses that are from "problem" countries is impossible. And even if it was possible and feasable, it could be easily circumvented:

Of course you're right, it can easily be circumvented. The point I was making was that if the government is going to require we do something to prevent export to those countries, they should allow us to do it in a way that does not impose on those who are not in those countries. For example I just recently downloaded SecureCRT and had to fill in a form attesting that I was located in the United States. I want to get rid of that process altogether. The government may not want to get rid of all processes, hence my suggested alternative.

There is no real solution. Imposing zone-type laws on the Internet will not work in the long run. The Internet was not designed with security as the foremost thought. Reliability and more importantly a de-centralized topology were the goals.

In the long run, I expect that pro-business George W. Bush will become the next president, and these export restrictions will eventually evaporate. Even still, there will probably be some kind of restriction to those "hated" nations. I have no idea what they might be.

Thanks to that and the OpenSSH group, I have been able to eliminate all clear-text passwords from my network, AND all my Windows users are happy!

As a note - I've been running OpenSSH 2 for about two weeks now on RedHat 6.1 with no problems.

You Know You've Been Watching Too Much Ranma 1/2 When...

Well, SecureCRT from Van Dyke Technologies is a pretty good SSH program for Win32. Features port forwarding (including X11 packets) for any ports you want, convenient session setup/save, etc. Very good app. Comes with good info in a help file too, so setup is pretty simple.

It's shareware. You can't download it from Van Dyke directly if you're outside the US or Canada, but if you search the "warez" sites I'm sure you can find it, it's pretty popular. If you're so inclined, you could then send Van Dyke a donation. I suppose a donation might make the anonymity of the situation disappear, but I really doubt you're going to get the FBI, NSA, etc banging on your door. After all, it's illegal for the company to export it (under US law), but not illegal for you to import it (under the laws of whatever country you're in) :-)

As for truly international Win32 SSH apps, I don't know of any. Your best bet is probably to just find a copy of a US version somewhere.

Hope this was helpful.

secureCRT form for download

zow Which also provides for ssh

Yes, SecureCRT from VanDyke implements SSH protocol as well as Telnet. Very good terminal emulator.

As an avid (rabid?) vi user, I'm frustrated by the huge distance to the Esc key. Luckily, my terminal program (SecureCRT) lets me turn on an "Emacs mode", where Alt+X sends ESC X. After inserting some text, I just Alt+Enter or Alt+NextCommand and my fingers never need to leave the real keyboard.

I've been using SecureCRT for a while now, and it has served me well. SecureCRT also supports port forwarding, and the latest version does SSH2. Only downfall is that it's $99USD to register it, but it's worth it.

I've been using SecureCRT for a while now, and it has served me well. SecureCRT also supports port forwarding, and the latest version does SSH2. Only downfall is that it's $99USD to register it, but it's worth it.

SecureCRT (vandyke.com) is always available for a download. Granted it dies in 30 days, but god forbid anyone should be away from their own box for that long.


Del

You! Reading this article! Do you use ssh and pgp? If not, why not? You're part of the problem!

If you're not using PGP (yet), drop by http://www.pgpi.com/ and have a look around. http://www.pgpi.com/cgi/download-wizard .cgi will let you easily determine exactly which version of is appropriate for your OS and location. PGP installation is pretty straightforward and there is ample online documentation and tutorials. Not only does PGP become more useful each time a new person starts using it, but the more people we have using PGP routinely the harder it will be to remove our freedom to do so. There's no reason not to use encryption, except for inertia. And I guarantee it's not as hard to install or use as you may be thinking.

Using a nice pgp-aware mailer like mutt is a nice step, too.

If you ARE using telnet or rlogin or ftp, then you have problems now and you don't even realize it. Did you realize that every time you telnet or rlogin or ftp to a remote host that you are transmitting your username and password in clear text? Sniffing passwords is a trivial task, mostly due to the widespread use of insecure protocols such as telnet. ssh is a drop-in, secure alternative for telnet, rlogin, rsh, and ftp. Not only is it secure, but it's easier to use and more featureful as well. On top of security it adds such features as compression, encrypted traffic, encrypted tunnels, and completely automatic and secure X11 forwarding. Plus with RSA Authentication you can eliminate passwords entirely. A cracker can't crack a password that doesn't exist.

Unix users can obtain ssh from ftp://ftp.cs.hut.fi/pub/ssh/ and have it up and running in a matter of minutes. I recommend the 1.2.27 version of ssh (as opposed to the v2 platform) due to licensing difficulties with the v2 platform. Non-unix users have even more options.

For Win32 there's SecureCRT (http://www.vandyke.com) which is an excellent, albeit commercial solution. There's also a very nice, free implementation of ssh which works with Tera Term. You can grab it from http://hp.vector.co.jp/author s/VA002416/teraterm.html

There's even an opensource ssh for win32 at http://www.chiark.greenend.o rg.uk/~sgtatham/putty.html although I must admit that I'm not sure I trust an ssh implementation done by a guy who refuses to implement RSA Authentication.

For Macintosh, I understand that there's a nice plug-in for NiftyTelnet at http://www.lysator.liu.se/~jon asw/freeware/niftyssh/ although I've not used it.

There's never been a better time to be more secure. Simply by installing a couple of easy-to-use applications you could be on your way to a more secure, more private computing experience. Your data is yours, and here are two ways to ensure that it stays that way.

Yeah, I ripped this shamelessly from my .plan -- so sue me, it's still useful information...