VanDyke Software Forums

Go Back   VanDyke Software Forums > SecureCRT 5.1/SecureFX 3.1/VShell 2.6 Beta
User Name
Password
FAQ Members List Calendar Search Today's Posts Mark Forums Read

 
 
Thread Tools Display Modes
  #1  
Old 02-07-2006, 10:54 AM
res's Avatar
res res is offline
VanDyke Project Manager
 
Join Date: Feb 2004
Location: VanDyke Software
Posts: 12
VShell 2.6 Beta

Welcome to the VShell 2.6 Beta test. The major new features for 2.6 are:
  • FIPS -- VShell for Windows can now be installed in "FIPS Mode", which uses a FIPS 140-2 validated cryptographic library and only allow FIPS-approved algorithms.
  • RADIUS -- VShell for Windows allows authentication to RADIUS servers using SecurID or other methods. RADIUS support is implemented through keyboard-interactive authentication.
  • VShellConfig -- A Windows command-line utility that allows editing of SFTP roots and access control lists (ACLs).
  • Deny Host File -- This feature has been added to reduce the impact of a dictionary attack. VShell for Windows now tracks failed authentications by IP address and can add these addresses to the Deny Host file after the specified threshold has been reached. Once an IP address has been added to the Deny Host file, VShell will not allow future connections from that address.
Although the new features have been decided for 2.6, you can still post feature requests and they will be considered for future versions of VShell

Please feel free to start new threads and to post polls. I'm looking forward to some good discussion about the betas. Thanks for joining us!
__________________
Robert Stehwien
VanDyke Software
Software Developer
  #2  
Old 02-07-2006, 12:35 PM
toloughlin's Avatar
toloughlin toloughlin is offline
Senior Member
 
Join Date: Feb 2004
Location: Nashua, NH
Posts: 378
Quote:
Deny Host File -- This feature has been added to reduce the impact of a dictionary attack. VShell for Windows now tracks failed authentications by IP address and can add these addresses to the Deny Host file after the specified threshold has been reached. Once an IP address has been added to the Deny Host file, VShell will not allow future connections from that address.
Is this planned for Linux?
__________________
----------------------------------------------
Tom O'Loughlin
  #3  
Old 02-07-2006, 04:08 PM
jpv jpv is offline
Weekend Programmer and CEO
 
Join Date: Nov 2003
Location: VanDyke Software
Posts: 54
Quote:
Originally Posted by toloughlin
Is this planned for Linux?
Not currently. If there is sufficient interest in this feature under Linux, Solaris, etc., it could be added.

--Jeff
  #4  
Old 02-08-2006, 06:41 AM
Ken Ken is offline
Registered User
 
Join Date: Mar 2004
Posts: 8
AllowHosts file too??

DenyHosts file is great. But how about adding an AllowHosts file or specify entries in the AllowHosts file that do NOT get denied.
I'd be hesitant to turn this function on as it could deny connections from a VALID ip. Especially if port forwarding from another machine.
  #5  
Old 02-08-2006, 09:13 PM
jpv jpv is offline
Weekend Programmer and CEO
 
Join Date: Nov 2003
Location: VanDyke Software
Posts: 54
Quote:
Originally Posted by Ken
DenyHosts file is great. But how about adding an AllowHosts file or specify entries in the AllowHosts file that do NOT get denied.
I'd be hesitant to turn this function on as it could deny connections from a VALID ip. Especially if port forwarding from another machine.
This is something we had considered.

If we added this functionality, would you prefer to see this in the same file, a separate file, or configurable through the control panel?

--Jeff
  #6  
Old 02-09-2006, 03:22 AM
kelli.burki's Avatar
kelli.burki kelli.burki is offline
Registered User
 
Join Date: Jan 2004
Location: VanDyke Software
Posts: 33
i'll put one vote in for the Mac ;-)

Quote:
Originally Posted by jpv
Not currently. If there is sufficient interest in this feature under Linux, Solaris, etc., it could be added.

--Jeff
I'll put a vote in for supporting on *nix -- mac specifically. I also like Ken's suggestion for the allow host config option. You might at least consider revising the announcement from:

Deny Host File -- This feature has been added to reduce...

to

...has been added to VShell for Windows...

In my haste (and excitement) i read the announce and quickly downloaded 2.6 for the Mac expecting it to be in *nix without reading the next sentance.

--kelli
  #7  
Old 02-09-2006, 05:17 AM
Ken Ken is offline
Registered User
 
Join Date: Mar 2004
Posts: 8
One way of doing it would be to allow Any Connection Filter of type IP Address would never be entered into the Deny Host file.

If your Connection Filter was Allow/0.0.0.0 then everything would be suspect to the Deny Host if enabled.

If your Connection Filter was Allow/1.2.3.4, Allow/0.0.0.0 then everything other than IP 1.2.3.4 would be suspect to the Deny Host if enabled.

And of course..If your Connection Filter was Allow/1.2.3.4, Deny/0.0.0.0 then there is no reason to even use the "Deny Host" function since ony that 1.2.3.4 will be allowed.

Ken
  #8  
Old 02-14-2006, 02:10 PM
Chris Chris is offline
VanDyke Developer
 
Join Date: May 2004
Location: Albuquerque, NM
Posts: 13
Quote:
Originally Posted by Ken
One way of doing it would be to allow Any Connection Filter of type IP Address would never be entered into the Deny Host file.
Ken,

This functionality has been added to VShell. If you would like to try a pre-release version, please send a request via e-mail to support@vandyke.com with a subject of "Vandyke Forum thread 1262"

Thanks,
Chris
  #9  
Old 02-09-2006, 12:41 PM
toloughlin's Avatar
toloughlin toloughlin is offline
Senior Member
 
Join Date: Feb 2004
Location: Nashua, NH
Posts: 378
Quote:
Originally Posted by kelli.burki
I'll put a vote in for supporting on *nix
I'm all for a Linux version.
I had to change my ssh port to over 24000 to stop the brute dictionary attacks.
__________________
----------------------------------------------
Tom O'Loughlin
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 04:23 PM.


copyright 1995-2017 VanDyke Software, Inc.