Shelling Out for VShell
VShell: Secure shell server VanDyke's VShell is a secure shell server that is simple to install, is straightforward to configure, and runs on multiple platforms. But how valuable are these attributes when a free and equally viable alternative is available?
Remote administration of systems is vital to the efficient care and feeding of today's complex networks. Diving in front of the nearest desktop PC in a dorm room in New York City to restart a crashed Web site on a server in Taiwan isn't only de rigueur these days, it's very cool to boot. But remotely controlling a machine in a closet in the same room can be just as critical. However you cut it, remote administration is powerful, extending a virtual cable between a keyboard at your fingertips and a CPU anywhere in the world. But with this power comes a huge vulnerability.
For years, the telnet protocol was the standard for remote command access. Without any encryption whatsoever, every keystroke along that virtual tether could be sniffed and intercepted to a hacker's delight. Unfortunately, this made it possible to expose very sensitive information, from superuser passwords to critical filenames and locations. And worse, it left the door open for others to enter and "administer" the machine for their own ends.
Secure shell is a fully encrypted mechanism for remote command line control. It comes in several varieties, such as SSH1 and SSH2 (although SSH2 is widely accepted to be the preferred secure shell protocol). VanDyke's VShell is a secure shell server for Windows and Unix-like platforms for hosting secure command line access to host machines from a secure client (such as VanDyke's own SecureCRT).
The slim 3.5 MB VShell download expands to a smidgen more than 5 MB when installed. The straightforward InstallShield process handles the details and generates the cryptography keys needed to accept secure connections from clients.
Configuring VShell is easy because the program has little to do. Its main purpose is to create a secure channel between client and host. However, VShell does allow its host to place some constraints on what a remote administrator may do. The Access Control window lets you set privileges based on users defined in the Windows user database, a feature new to version 2.2. A user may be allowed or disallowed access to logon, shell (command line) access, remote execution of files, secure file transfer (SFTP), and local and remote port forwarding.
The strength of encryption ciphers can be selected from a variety of choices. Although VShell's defaults should be sufficient, there may be cases where you will want to tune both the secure client and server to a specialized cipher. In that vein, this latest release of VShell adds Kerberos v5 support.
SFTP support lets the remote user transfer files to the host. It is a simple form of FTP with the added benefit of encryption. But SFTP itself is not as flexible a protocol for large batches of file transfers as a stand-alone secure FTP server. VShell 2.2 does allow you, for example, to restrict SFTP access to users' own home directories.
As is usual for servers, VShell can log virtually every remote action from connection attempts to SFTP activity to warnings. Highly active hosts may want to rotate or trim down on logging to preserve disk space.
In the Unix realm, many platforms include secure shell servers that provide functionality similar to VShell (e.g., OpenSSH server). OpenSSH itself is freely redistributable, whereas VShell runs at least in the hundreds of dollars. Yet, VanDyke has been producing secure clients and servers for some time and has built a solid reputation. This is an especially important factor in security products. OpenSSH has been subject to several known exploits in the past, leading to the unfortunate irony that hosts that chose OpenSSH to improve security wound up inviting trouble precisely because of that choice. By no means does this make OpenSSH a bad choice -- it has been upgraded and tightened and continues to serve secure connections on many Unix-like systems.
But VanDyke has something of value with VShell, which is easy to install and configure, and provides strong security for a modest price in a most sensitive endeavor -- remote administration.Pros: Simple to install and set up crypto keys; Straightforward configuration and access controls; Good value for security
Cons: Web-based remote administration interface would be nice; Freely available alternatives in wide use
Reviewed by: Aaron Weiss
Original Review Date: 10/8/2003
Original Review Version: 2.2