Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 04-23-2015, 08:15 AM
vtphilk vtphilk is offline
Registered User
 
Join Date: May 2010
Posts: 40
Disable Session Files Encryption

Upon installing 7.3.3 (Upgrade from 7.1) after first launch I get promted if I want to choose a passphrase to encrypt my session data.

While I appreciate this option it is a major problem for my solution as I share my session files with other co-workers daily.

We will be deploying the upgraded version soon to many users and would like an option to not prompt users to choose a passphrase. Is there a way to accomplish this with a install option or something? I'm worried people are going to choose a passphrase then encrypt the session data making it not share able!
Reply With Quote
  #2  
Old 04-23-2015, 08:55 AM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi vtphilk,

When you first launch SecureCRT 7.3.3, you are provide with two options. The most secure option would be to provide a passphrase, but saving passwords is still not recommended. The second, non-default option is to provide no passphrase.

If you are saving sensitive data like passwords or using logon actions, and using 7.3.3, all of your colleagues will also have to be using 7.3.3. If you have configured a passphrase, your colleagues will have to use the same passphrase. If you opt to use the second option and not use a passphrase, they will have to do the same.

If you are not saving sensitive data like passwords, or using logon actions, then you should not see a difference when using 7.3.3.

Does this help to clarify how to use the new feature?

Also, we don't have an option for deploying SecureCRT with a pre-defined option for the new passphrase functionality. We will post here if we add this in the future.

If you would like to be notified directly, please complete and submit the form at the following location:
Submit Feature Request
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730

Last edited by rtb; 04-23-2015 at 11:20 AM. Reason: Responding to the question.
Reply With Quote
  #3  
Old 09-21-2015, 11:20 PM
vtphilk vtphilk is offline
Registered User
 
Join Date: May 2010
Posts: 40
Todd any update on this? have you come up with a way to response via silent installer to choose the pass phrase option or not? This is a deal breaker for upgrade to the latest release and we just purchased a fairly large license to upgrade many of our techs..

Please advise
Reply With Quote
  #4  
Old 09-22-2015, 09:35 AM
rtb rtb is offline
VanDyke Technical Support
 
Join Date: Aug 2008
Posts: 4,306
Hi vtphilk,

This is not yet an option, but the feature request was created back in April and the SecureCRT product director is aware of your interest in the capability. We will post here if we add an option to deal with the configuration passphrase prompt in some automated way when SecureCRT is first launched.

I can't say if this would be a deployment option or an administrative template option, but it seems more suited to the latter.

It is also important to note that opting to not use a configuration passphrase doesn't remove the encryption from sensitive data that is stored. It is just possible that using no configuration passphrase will not be as strong as the option to provide a configuration passphrase.
__________________
--Todd

VanDyke Software
Technical Support
support@vandyke.com
505-332-5730

Last edited by rtb; 09-22-2015 at 09:44 AM.
Reply With Quote
  #5  
Old 02-08-2016, 12:51 PM
jbd1300 jbd1300 is offline
Registered User
 
Join Date: Dec 2014
Posts: 18
Disable Session Files Encryption - Entire Config Session File

I would like to piggy back off of this ask.

I would like to push a copy of my session file to a centralized location, such as to a network share. I am storing the Config file on a private network that only my dept can get too, however the encryption process is taking quite a while, when opening for the first time. I have now let the encryption process run for 8 hours, and it hasn't stopped. The only way I am able to cancel, is by ending the process in task manager. After re-opening SecureCRT, it locks up, and will not respond. Is there a way to disable encryption on Config session files when storing on a network share? The sessions are being stored in a secure network, and there are no passwords being kept, so the encryption process is not needed for my project. The version I am running is Version 7.3.4 (build 839). However another note is the users that will be using these sessions files range from version 5 to the current 7.3.4.


Thanks

jbd1300
Reply With Quote
  #6  
Old 02-08-2016, 01:22 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,449
Hi jbd1300,

You cannot use the config passphrase anyway if some users have older versions of SecureCRT. You also won't be able to share the config via the split config functionality since that is also available only in later versions of SecureCRT (see below).

Changes in SecureCRT 7.2 (Beta 1) -- October 8, 2013
----------------------------------------------------

New features:

  • Added a global option to store personal data such as usernames and passwords in a location separate from the rest of the session data, which allows personal data to be kept private while other configuration data is stored on a network drive or on the cloud so that it can be used on different systems or shared with colleagues.

Changes in SecureCRT 7.3.3 (Official) -- March 31, 2015
-------------------------------------------------------

New features:

  • Previous versions of SecureCRT supported saving passwords and other sensitive data. In order to improve the security of this feature, SecureCRT now requires a passphrase to be created the first time version 7.3.3 runs. This passphrase will be used to encrypt and decrypt sensitive data stored in the session database, such as passwords and send/expect logon scripts.

That really leaves only one option available to you for sharing the config when some users have to use a much older version of SecureCRT:

Quote:
I am storing the Config file on a private network that only my dept can get to ...
If you have no means to upgrade the users that have SecureCRT v5, it may be best if the config to be shared comes from the older version, as not all features of SecureCRT v7.3.x are going to be "backwards compatible".

Then, the best way to share the config folder in your environment is probably going to be as explained in this post.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #7  
Old 02-08-2016, 03:50 PM
jbd1300 jbd1300 is offline
Registered User
 
Join Date: Dec 2014
Posts: 18
Hi bgagnon,

Thank you for responding quickly to the thread.

I do not create a passphrase or a split config functionality, and it still by default goes through the encryption process, how do I disable this feature?

Please reference attached .png file, for further explanation.

This "SecureCRT is encrypting your sensitive data. This operation cannot be canceled" task have been going on for over 8 hours. I do not want to encrypt anything, and I can't find anywhere in "global options" to disable this feature.

Thanks

jbd1300
Attached Images
File Type: png Encryption Process.png (38.6 KB, 385 views)

Last edited by jbd1300; 02-08-2016 at 04:02 PM.
Reply With Quote
  #8  
Old 02-08-2016, 09:34 PM
vtphilk vtphilk is offline
Registered User
 
Join Date: May 2010
Posts: 40
Another comment, In 8.x is the plan to FORCE people to encrypt? Currently, in 7.3.5 there is an option to NOT encrypt. But I installed the 8.x beta and seems it forces encryption am I missing something?

Thats really going to be a bummer as it will be the end of our $k's of support dollars to vandyke because we will have no reason to upgrade past 7.x.

I appreciate you are trying to get folks more secure but you have to appreciate legacy environments where we have already worked around the encryption issue to solve the issue to our satisfaction.
Reply With Quote
  #9  
Old 02-09-2016, 07:22 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,449
Hi jbd1300,

The sensitive data is *always* encrypted in the session INI files. The strength of the encryption is based on whether you use the config passphrase option or not. I am not sure why you are experiencing the issue you posted about. Even the largest config I could imagine should not take 8 hours to encrypt.

It seems likely your files may be in a mixed state and that could be the cause of the hang (at the time that you posted).

Since this discussion is sensitive in nature, please send an email to support@vandyke.com and include "Attn Brenda - Forum Thread #11953" in the subject line. Please include the version and serial number of your SecureCRT installation in the email.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #10  
Old 02-09-2016, 07:38 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,449
Hi vtphilk,

I am not sure what you are referencing. The config passphrase mechanism in v8.0 is the same as v7.3.x beginning with v7.3.3. The dialogs were changed (in v7.3.5) to provide further explanation because many customers were confused as to which option would work best for them.

Please attach a screenshot of the dialog you experienced in v8.0 that you believe *forces* encryption (noting again, as I put in my prior post to jbd1300 that encryption *is* always present, this mechanism just changes the strength of the encryption).

Do you not see a dialog similar to what I have attached where you have the option to choose to use a passphrase or not use a passphrase? (Note also that your prior choice -- in an earlier version -- could affect the dialog you see. The dialog I attached, named SecureCRT735, is what is displayed when using a *default, new* configuration in v7.3.5 through v8.0b2.)
Attached Images
File Type: png SecureCRT735.png (46.7 KB, 382 views)
File Type: png SecureCRT734.png (30.0 KB, 425 views)
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 04:51 PM.