VanDyke Software Forums

VanDyke Software Forums (
-   General (
-   -   Disable Session Files Encryption (

vtphilk 04-23-2015 08:15 AM

Disable Session Files Encryption
Upon installing 7.3.3 (Upgrade from 7.1) after first launch I get promted if I want to choose a passphrase to encrypt my session data.

While I appreciate this option it is a major problem for my solution as I share my session files with other co-workers daily.

We will be deploying the upgraded version soon to many users and would like an option to not prompt users to choose a passphrase. Is there a way to accomplish this with a install option or something? I'm worried people are going to choose a passphrase then encrypt the session data making it not share able!

rtb 04-23-2015 08:55 AM

Hi vtphilk,

When you first launch SecureCRT 7.3.3, you are provide with two options. The most secure option would be to provide a passphrase, but saving passwords is still not recommended. The second, non-default option is to provide no passphrase.

If you are saving sensitive data like passwords or using logon actions, and using 7.3.3, all of your colleagues will also have to be using 7.3.3. If you have configured a passphrase, your colleagues will have to use the same passphrase. If you opt to use the second option and not use a passphrase, they will have to do the same.

If you are not saving sensitive data like passwords, or using logon actions, then you should not see a difference when using 7.3.3.

Does this help to clarify how to use the new feature?

Also, we don't have an option for deploying SecureCRT with a pre-defined option for the new passphrase functionality. We will post here if we add this in the future.

If you would like to be notified directly, please complete and submit the form at the following location:
Submit Feature Request

vtphilk 09-21-2015 11:20 PM

Todd any update on this? have you come up with a way to response via silent installer to choose the pass phrase option or not? This is a deal breaker for upgrade to the latest release and we just purchased a fairly large license to upgrade many of our techs..

Please advise

rtb 09-22-2015 09:35 AM

Hi vtphilk,

This is not yet an option, but the feature request was created back in April and the SecureCRT product director is aware of your interest in the capability. We will post here if we add an option to deal with the configuration passphrase prompt in some automated way when SecureCRT is first launched.

I can't say if this would be a deployment option or an administrative template option, but it seems more suited to the latter.

It is also important to note that opting to not use a configuration passphrase doesn't remove the encryption from sensitive data that is stored. It is just possible that using no configuration passphrase will not be as strong as the option to provide a configuration passphrase.

jbd1300 02-08-2016 12:51 PM

Disable Session Files Encryption - Entire Config Session File
I would like to piggy back off of this ask.

I would like to push a copy of my session file to a centralized location, such as to a network share. I am storing the Config file on a private network that only my dept can get too, however the encryption process is taking quite a while, when opening for the first time. I have now let the encryption process run for 8 hours, and it hasn't stopped. The only way I am able to cancel, is by ending the process in task manager. After re-opening SecureCRT, it locks up, and will not respond. Is there a way to disable encryption on Config session files when storing on a network share? The sessions are being stored in a secure network, and there are no passwords being kept, so the encryption process is not needed for my project. The version I am running is Version 7.3.4 (build 839). However another note is the users that will be using these sessions files range from version 5 to the current 7.3.4.



bgagnon 02-08-2016 01:22 PM

Hi jbd1300,

You cannot use the config passphrase anyway if some users have older versions of SecureCRT. You also won't be able to share the config via the split config functionality since that is also available only in later versions of SecureCRT (see below).

Changes in SecureCRT 7.2 (Beta 1) -- October 8, 2013

New features:

  • Added a global option to store personal data such as usernames and passwords in a location separate from the rest of the session data, which allows personal data to be kept private while other configuration data is stored on a network drive or on the cloud so that it can be used on different systems or shared with colleagues.

Changes in SecureCRT 7.3.3 (Official) -- March 31, 2015

New features:

  • Previous versions of SecureCRT supported saving passwords and other sensitive data. In order to improve the security of this feature, SecureCRT now requires a passphrase to be created the first time version 7.3.3 runs. This passphrase will be used to encrypt and decrypt sensitive data stored in the session database, such as passwords and send/expect logon scripts.

That really leaves only one option available to you for sharing the config when some users have to use a much older version of SecureCRT:


I am storing the Config file on a private network that only my dept can get to ...
If you have no means to upgrade the users that have SecureCRT v5, it may be best if the config to be shared comes from the older version, as not all features of SecureCRT v7.3.x are going to be "backwards compatible".

Then, the best way to share the config folder in your environment is probably going to be as explained in this post.

jbd1300 02-08-2016 03:50 PM

1 Attachment(s)
Hi bgagnon,

Thank you for responding quickly to the thread.

I do not create a passphrase or a split config functionality, and it still by default goes through the encryption process, how do I disable this feature?

Please reference attached .png file, for further explanation.

This "SecureCRT is encrypting your sensitive data. This operation cannot be canceled" task have been going on for over 8 hours. I do not want to encrypt anything, and I can't find anywhere in "global options" to disable this feature.



vtphilk 02-08-2016 09:34 PM

Another comment, In 8.x is the plan to FORCE people to encrypt? Currently, in 7.3.5 there is an option to NOT encrypt. But I installed the 8.x beta and seems it forces encryption am I missing something?

Thats really going to be a bummer as it will be the end of our $k's of support dollars to vandyke because we will have no reason to upgrade past 7.x.

I appreciate you are trying to get folks more secure but you have to appreciate legacy environments where we have already worked around the encryption issue to solve the issue to our satisfaction.

bgagnon 02-09-2016 07:22 AM

Hi jbd1300,

The sensitive data is *always* encrypted in the session INI files. The strength of the encryption is based on whether you use the config passphrase option or not. I am not sure why you are experiencing the issue you posted about. Even the largest config I could imagine should not take 8 hours to encrypt. :(

It seems likely your files may be in a mixed state and that could be the cause of the hang (at the time that you posted).

Since this discussion is sensitive in nature, please send an email to and include "Attn Brenda - Forum Thread #11953" in the subject line. Please include the version and serial number of your SecureCRT installation in the email.

bgagnon 02-09-2016 07:38 AM

2 Attachment(s)
Hi vtphilk,

I am not sure what you are referencing. The config passphrase mechanism in v8.0 is the same as v7.3.x beginning with v7.3.3. The dialogs were changed (in v7.3.5) to provide further explanation because many customers were confused as to which option would work best for them.

Please attach a screenshot of the dialog you experienced in v8.0 that you believe *forces* encryption (noting again, as I put in my prior post to jbd1300 that encryption *is* always present, this mechanism just changes the strength of the encryption).

Do you not see a dialog similar to what I have attached where you have the option to choose to use a passphrase or not use a passphrase? (Note also that your prior choice -- in an earlier version -- could affect the dialog you see. The dialog I attached, named SecureCRT735, is what is displayed when using a *default, new* configuration in v7.3.5 through v8.0b2.)

All times are GMT -6. The time now is 10:13 PM.