Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 03-17-2017, 06:38 AM
jjx jjx is offline
Registered User
 
Join Date: Sep 2008
Posts: 37
Massive Password change

As administrators we are forced to update our passwords often (every 40 days). Access to all devices is controlled through Active Directory (AD). So a change to AD password force a massive password change to more than 800 devices.

Is there a way to apply this change to all sessions?
I cant do it though "Default Session Options > SSH2 > AUthentication > Password" because not all sessions are SSH2 and I have sessions with different usernames.
Reply With Quote
  #2  
Old 03-17-2017, 10:20 AM
jjh jjh is offline
VanDyke Customer Support
 
Join Date: Feb 2004
Posts: 807
Hi jjx.

There are a couple of ways to change the password for
multiple sessions at once. Both of them involve the
technique that you described. The first one I'll tell you
about probably won't work for you because it will affect ALL
of your sessions.

If you open your Global Options to the Default Session
category, you can click the "Edit default settings" button,
then use the technique that you described to change your
saved password. When you make a configuration change to you
Default session, you will see a popup message asking you if
you would like to make that change to all of your existing
sessions. Your Default session is what all new sessions and
Quick Connect sessions are based on. Since this option
would potentially affect all of your sessions, it probably
won't work for you.

Your other option would involve you doing some setup in the
session manager to put all of your sessions that use SSH2
and share the same password into one folder. Then you could
right click the folder and choose "Properties" to open a
Session Options dialog that would affect all of the sessions
together. You could also hold down the Ctrl key while you
select each session and right click the selected sessions to
do the same thing. It shouldn't matter that the usernames
are different if the password are all the same. If the
sessions with the different username also used a different
password, you could create a folder just for those and do
the same thing.

Another way to separate your SSH2 sessions from your other
session or separate sessions that use one password from the
ones that use another password might be to use separate
Config folders and different desktop shortcuts that would
use each one. Here's how you could do that:
  • First, create an empty folder named Config somewhere on your hard drive
  • Next, make a copy of the desktop shortcut you use to launch SecureCRT
  • Right click the new shortcut and choose "Properties"
  • The Target for the shortcut points to SecureCRT.exe. Add a /F flag, then
    the path to your new, empty Config folder. The Target now might look
    something like this:

    "C:\program Files\Vandyke Software\SecureCRT\SecureCRT.exe" /F "C:\MySecureCRTFiles\Config"
Now when you launch SecureCRT using the new Config folder,
it will become populated with the files and folders that
SecureCRT needs. You can populate that config folder with
the sessions that you want to remain together and just use
that shortcut and change all of the sessions using one of
the methods from above.

Does this give you some ideas about your options for
changing password in multiple sessions at once?

Thanks

JJH
Reply With Quote
  #3  
Old 03-17-2017, 01:58 PM
jjx jjx is offline
Registered User
 
Join Date: Sep 2008
Posts: 37
Yes, these are the solutions that I have thought (grouping sessions based on access or credentials). However, none of these solutions is feasible.

I have all sessions categorized depending on location, device type etc (more than 1200 sessions). I can't manage 4 different sessions for each device splited to different places. It would escalate really fast and its prone to mistakes.

Actually I opened this topic to imply a feature request.
It would be a really nice addition if SecureCRT could implement something like a repository for credentials. Or at least a list of username/passwords centrally managed (and updating)
Reply With Quote
  #4  
Old 03-18-2017, 09:46 AM
jjh jjh is offline
VanDyke Customer Support
 
Join Date: Feb 2004
Posts: 807
Thanks for your feature request. I have created an entry
for you in our feature request database. We will post
something here should a version of SecureCRT become
available with a substitution database for logon actions
that would make it easier for you to change passwords for
multiple sessions without having to make your session
manager configuration more complicated. If you would like
to be informed via e-mail, please send a message to
support@vandyke.com referencing this forum thread.

JJH
Reply With Quote
  #5  
Old 03-20-2017, 03:30 PM
jjx jjx is offline
Registered User
 
Join Date: Sep 2008
Posts: 37
Thank you

Many colleagues have referred to this feature; it should be a great addition.
Also, many programs already have this functionality (Remote Desktop Managers, etc) and it is very efficient!!
Reply With Quote
  #6  
Old 03-21-2017, 12:00 PM
Casey Casey is offline
Registered User
 
Join Date: Oct 2011
Posts: 114
By chance is the password/login info currently stored in the session's INI file?

If it is and it's the same in all your other session INI files, then perhaps you could update just one session, grab the new string from the INI file, and then use one of those 'search and replace' apps to scan all you INI and replace "password=abc" with "password=xyz".


Lots of 'if' there though...
Reply With Quote
  #7  
Old 03-24-2017, 06:35 AM
jjx jjx is offline
Registered User
 
Join Date: Sep 2008
Posts: 37
Quote:
Originally Posted by Casey View Post
By chance is the password/login info currently stored in the session's INI file?

If it is and it's the same in all your other session INI files, then perhaps you could update just one session, grab the new string from the INI file, and then use one of those 'search and replace' apps to scan all you INI and replace "password=abc" with "password=xyz".


Lots of 'if' there though...
Yes, it should confirm that the username is the one that should be updated and then update the password in encrypted form.
Probably it will work
Reply With Quote
  #8  
Old 06-15-2017, 10:57 AM
jjx jjx is offline
Registered User
 
Join Date: Sep 2008
Posts: 37
Quote:
Originally Posted by jjh View Post
Thanks for your feature request. I have created an entry
for you in our feature request database. We will post
something here should a version of SecureCRT become
available with a substitution database for logon actions
that would make it easier for you to change passwords for
multiple sessions without having to make your session
manager configuration more complicated. If you would like
to be informed via e-mail, please send a message to
support@vandyke.com referencing this forum thread.

JJH
Has this been discussed internally?
Any decision or ideas how to keep passwords in sync with the new security regulations that hit the IT every day?

The only manageable solution I have found is to delete all passwords from the sessions; SecureCRT will popup the password window, an external password manager (ex. Roboform) will attach to the window filling the correct password each time.
Reply With Quote
  #9  
Old 06-15-2017, 04:10 PM
jjh jjh is offline
VanDyke Customer Support
 
Join Date: Feb 2004
Posts: 807
Hi JJX.

A decision hasn't been made as far as adding that functionality to SecureCRT. I have added your inquiry to the entry I created for you in our feature request database and forwarded it to the product manager. Please feel free to keep checking in from time to time. If that functionality does make it into SecureCRT, we will contact you.

Thanks
JJH
Reply With Quote
  #10  
Old 07-04-2017, 02:50 AM
astergiou astergiou is offline
Registered User
 
Join Date: Jul 2017
Posts: 1
Hello

this is totally UNACCEPTABLE.
We are in 2017 and many software suites support central user/password repository.

I have more than 700 sessions that are linked to Active Directory username and password and due to company policies every 60 days my password will change...

What is the way to change 700 sessions????

If you see other suites like Remote Desktop Manager, they offer a central repo that you change the password ONCE.

What is the roadmap of Van Dyke for this feature?
Reply With Quote
  #11  
Old 07-04-2017, 09:33 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 990
Quote:
Originally Posted by astergiou View Post
this is totally UNACCEPTABLE.
We are in 2017 and many software suites support central user/password repository.

I have more than 700 sessions that are linked to Active Directory username and password and due to company policies every 60 days my password will change...
How fortunate! Some companies have policies that forbid saving of passwords at all.

I'm so sorry that SecureCRT in its current form doesn't meet your needs. I'll be sure to let the product manager know that you're really interested in having this feature added to SecureCRT.

Quote:
What is the way to change 700 sessions?
Many ways exist to change the password for multiple sessions, as jjh described in his 03-17-2017 10:20 AM post.

Did you not read through and try those ideas, or are you saying you tried those methods and they didn't work for you?

If you tried using the Default session or multi-selecting sessions in the Session Manager and editing properties there, and it didn't work for you, can you describe what you saw that went wrong?

--Jake
__________________
Jake Devenport
VanDyke Software
Technical Support
YouTube Channel: https://www.youtube.com/vandykesoftware
Email: support@vandyke.com
Web: https://www.vandyke.com/support
Reply With Quote
  #12  
Old 09-06-2017, 09:11 AM
metallicat metallicat is offline
Registered User
 
Join Date: Sep 2017
Posts: 22
I use MacOS and run into a fairly similar problem.
MacOS has Keychain (a password manager) built-in.
What I did was write a simple python script that addressed the issue.
There's a keyring python module that allows to read, write and delete entries from keychain.
If you use some other OS - I'm sure it's possible to find an external password manager with python API and achieve the same results.

Cheers!
Alex.
Reply With Quote
  #13  
Old 10-11-2017, 03:13 AM
ngrison ngrison is offline
Registered User
 
Join Date: Aug 2017
Posts: 22
I would add my vote for this feature request. The way I would really like it, you would be able to define named login/password pairs in the general preferences, and then under each session SSH2 preference a new authentication method would allow you to select the one you need for that particular session. When your password change, just update the appropriate password in the general preferences. Very simple, and you can keep all your sessions organised.

Every company I've worked at is the same, plenty of devices use an AD account, plenty more use a radius or tacacs one, and some others use local. The method above would make it very easy to work in that kind of environment.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 10:29 PM.