VShell Goes Beyond Telnet and FTP
October 4, 2007
VShell Secure Shell Server: Secure replacement for telnet and FTP.
It's very easy to snoop on the Internet. The network is, after all, a public system where data is funneled across numerous machines of unknown integrity. It is also very easy to encrypt data, so long as the right tools for the job are on hand. There is no one magic bullet for encrypting every kind of data.
VanDyke's VShell Server is designed to encrypt data for remote shell access and file transfer, more commonly known as SSH and SFTP.
Using SSH, administrators can get non-graphical command-line access to a target server (Windows or Unix/Linux) for running programs or performing other management tasks, much like old-fashioned telnet, but with secure encryption. Similarly, SFTP or secure FTP keeps file transfers (and the login credentials used to initiate them) away from prying eyes. Both functions are available from free open source software like OpenSSH, but VanDyke has built VShell with administrator friendly enhancements not found in basic open source implementations.
The Windows version of VShell 3 is a 15MB download that occupies about the same amount of diskspace. Installation is quick and painless with the standard InstallShield wizard. The VShell server is administered via a local interface, and it does not support remote administration through a graphical client. The administrative interface is clean and easy to follow. Although some configurations, like certificate maps, require some technical understanding, the integrated help system is thorough and well-written.
Administrators can choose from a wide array of encryption algorithms to support, including RC4, 3DES, Blowfish, Twofish, and AES 128/195/256 bit. FIPS 140-2 mode restricts the server and clients to modes officially recognized as secure by the U.S. Federal Information Processing Standard.
VShell does not create or manage users itself but instead relies on system authentication or, in the case of a Windows domain, Active Directory. However, granular privileges can be applied on a per-user basis. Users can be limited in their ability to log in, execute programs, transfer files using sftp or scp, and use port forwarding. Access to the VShell server can also be limited by network IP filters. New in version 3 is the ability to listen for incoming connections on only specified IP addresses, in cases where the server may be reachable by more than one address (such as LAN and Internet, or multiple Internet IPs).
When transferring files, users can be "jailed" to limited directory spaces. Users can transfer files using either SFTP or SCP, depending on whether one or both are enabled. Integrated SCP support is new to VShell version 3, although many would say the difference between it and SFTP is marginal; both essentially perform the same function, although anecdotal reports suggest SCP may be faster on some systems.
Event triggers offer an active method for tracking server activity. You can define triggers for a variety of events, including file transfer completion or failure. In version 3, login/logout, and file and folder management actions can function as triggers. Each trigger is defined as a system command with parameters, which allow for infinite possibilities. However, it might be even nicer if VShell integrated some popular actions such as triggering an e-mail alert.
Version 3 brings several new features to Windows-based servers, including 64-bit support and import/export of VShell configuration settings for backup and migration. VShell is available in three editions, Administrator, Workgroup and Enterprise. The main difference in the versions is their support for concurrent connections. VanDyke considers multiple logins of either the same or different users as concurrent connections, and the Administrator edition supports a maximum of two.
Pros: Turnkey encryption; Simple administration; Flexible event triggers.
Reviewed by: Aaron Weiss