Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 09-24-2015, 07:03 PM
stovakor stovakor is offline
Registered User
 
Join Date: Sep 2015
Posts: 6
How to automatically accept keys?

A google search shows this has been asked over and over again since 2006.
I don't want to use command line arguments, I'm not scripting anything.

All I want is for secureCRT to automatically accept and save the keys when you SSH to a new host.

Can secure CRT do this or not?
And if not... WHY?
Reply With Quote
  #2  
Old 09-25-2015, 10:37 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 3,976
Hi stovakor,

The entire security of the SSH protocol rests on you being able to validate you really are connecting to the host you think you are instead of putting yourself at risk to exposing your credentials to some "man-in-the-middle" mechanism. See our informational white paper on host keys here.

I have created a feature request on your behalf in our product enhancement database for the ability for SecureCRT to automatically accept host keys (globally). Should a future release of SecureCRT include this feature, notification will be posted here.

If you prefer direct email notification, send an email to support@vandyke.com and include "Feature Request - Forum Thread #12109" in the subject line or use this form from the support page of our website.

As far as WHY, the answer is that most functionality added to our products is driven by customer request and yours is the first request for this functionality within the GUI.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 09-25-2015, 11:37 AM
stovakor stovakor is offline
Registered User
 
Join Date: Sep 2015
Posts: 6
Quote:
Originally Posted by bgagnon View Post
As far as WHY, the answer is that most functionality added to our products is driven by customer request and yours is the first request for this functionality within the GUI.
If there is a config file I can change to affect this change globally I'm fine with that too. It doesn't necessarily need to be in the GUI. Just available in some way without scripting / hacking.

btw, this isn't the first request for the feature
https://forums.vandyke.com/showthread.php?t=456 ( 2005)
https://forums.vandyke.com/showthread.php?t=4051 (2009)
https://forums.vandyke.com/showthread.php?t=4310 (2009)
https://forums.vandyke.com/showpost....27&postcount=4 (not sure why it wasn't added to the GUI 8 years ago with this feature)
Reply With Quote
  #4  
Old 09-25-2015, 11:51 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 3,976
Hi stovakor,

My apologies. You are right, I was not searching with the correct keywords. There are a dozen or so prior requests and I added this thread to that existing feature request.


Quote:
If there is a config file I can change to affect this change globally I'm fine with that too. It doesn't necessarily need to be in the GUI. Just available in some way without scripting / hacking.
It's not clear to me why you associate scripting with hacking (if that is what you mean by the above).

Scripting and using the command-line *are* situations where automation is desirable. That is why /ACCEPTHOSTKEYS exists and that is the situations where it can be used in place of user interaction.

How many people in your organization does not having this functionality affect?

Do you connect *only* to trusted servers where you do not need to verify the fingerprint of the host key?
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #5  
Old 09-25-2015, 10:04 PM
stovakor stovakor is offline
Registered User
 
Join Date: Sep 2015
Posts: 6
Quote:
Originally Posted by bgagnon View Post
There are a dozen or so prior requests and I added this thread to that existing feature request.
Then why hasn't it been implemented? it's already built into your product via command line, its just a GUI thing now. I mean, this has been requested for 10 years!
Quote:
Originally Posted by bgagnon View Post
Do you connect *only* to trusted servers where you do not need to verify the fingerprint of the host key?
Correct. I have over 1,000 switches/routers that my team manages.
Reply With Quote
  #6  
Old 09-28-2015, 01:50 PM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,526
Quote:
Originally Posted by stovakor View Post
Then why hasn't it been implemented? it's already built into your product via command line, its just a GUI thing now. I mean, this has been requested for 10 years!

Correct. I have over 1,000 switches/routers that my team manages.
You are correct that it's supported on the command line, which was needed in order for people to run unattended scripts. It's still not considered a best security practice and that's one of the reasons it hasn't been added to the GUI.

That said, it sounds like a global INI-only-file option to automatically accept host keys would meet your needs. We'll look into implementing that. If you'd like to be informed by email if this gets implemented, please send email to me at Maureen.Jett@vandyke.com.

Maureen
Reply With Quote
  #7  
Old 09-28-2015, 04:54 PM
stovakor stovakor is offline
Registered User
 
Join Date: Sep 2015
Posts: 6
Quote:
Originally Posted by Maureen View Post
That said, it sounds like a global INI-only-file option to automatically accept host keys would meet your needs.
Agreed. Since this is against best practice and an 'advanced' feature keeping it buried in the INI would be reasonable.
Reply With Quote
  #8  
Old 11-02-2015, 05:33 PM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,526
An option to automatically accept host keys has been added to a pre-beta version of SecureCRT. If you'd like to try it, please send email to me at Maureen.Jett@vandyke.com.

Maureen
Reply With Quote
  #9  
Old 11-06-2015, 01:18 PM
stovakor stovakor is offline
Registered User
 
Join Date: Sep 2015
Posts: 6
thank you for the update!
I was just coming back today to check on the status.

Knowing that it has made it into a pre-beta is awesome. Any ETA on when it might be released into a final build?
Reply With Quote
  #10  
Old 11-09-2015, 10:40 AM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,526
It's expected to go beta early next year and be officially released about two months later.

Maureen
Reply With Quote
  #11  
Old 12-22-2015, 07:57 AM
stovakor stovakor is offline
Registered User
 
Join Date: Sep 2015
Posts: 6
Is this timeline still on track?
Reply With Quote
  #12  
Old 12-22-2015, 08:56 AM
Maureen's Avatar
Maureen Maureen is offline
VanDyke Product Director
 
Join Date: Feb 2004
Location: Albuquerque, NM
Posts: 1,526
Yes.

Maureen
Reply With Quote
  #13  
Old 07-26-2016, 03:54 AM
GJB56 GJB56 is offline
Registered User
 
Join Date: Nov 2011
Posts: 20
Has this feature been implemented in V8?
Reply With Quote
  #14  
Old 07-26-2016, 08:52 AM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 3,976
Hi GJB56,

As noted in the history text, this is not considered a security best practice.



Yes, see SecureCRT's version 8.0.x History file here.
  • SSH2: Added an SSH INI-file-only option called "Automatically Accept Host Keys", which allows host keys to be accepted automatically. Note: Enabling this option is not considered a security best practice.

So in your config folder (location of that is found in the General / Configuration Paths category of SecureCRT's Global Options) will be a file named SSH2.ini.

Close all instances of SecureCRT/SecureFX that are running, then edit this line:

From:
D:"Automatically Accept Host Keys"=00000000
To:
D:"Automatically Accept Host Keys"=00000001

Save the change, restart SecureCRT.


As noted in the history text, this is not considered a security best practice.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #15  
Old 06-26-2018, 09:22 AM
pscitpro pscitpro is offline
Registered User
 
Join Date: Jun 2018
Posts: 1
Question Not working in version 8.3.x

Hi -

Has this feature been removed?

PSC
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 07:42 PM.