Whether your needs focus on secure file transfer or remote access and administration, the VShell server has a full range of capabilities that enable you to:
On Windows, SFTP virtual roots now support public-key authentication.
For convenience on Windows, test user access to virtual roots directly from the VShell Control Panel.
Resize the VShell Control Panel to better accommodate your configuration settings.
Configure VShell to act as an SFTP server, an FTPS server, or both. With FTPS, plaintext FTP may also be allowed to support legacy devices.
VShell Enterprise Edition with HTTPS allows your staff, customers, and partners to transfer files easily using a web browser, eliminating the need for end-user training. Streamline the administrative cost of secure file transfer — no client software is needed and there are no browser plugins to install. Users connect via HTTPS to view folder contents, upload and download files, and more.
VShell Enterprise Edition with HTTPS allows users to connect with a WebDAV client to upload and download files securely. Users can take advantage of WebDAV functionality to edit and collaborate on content.
The VShell virtual root capability lets you assign different root directory access points to users or groups. Allows fine-grained control over user access permissions and the ability to specify the user's home directory.
Protect your internal SFTP server from internet threats or leverage an external SFTP server by seamlessly transferring end-user connections from VShell to the target server. After authenticating the connections, VShell transparently transfers file operations to a separate SFTP server. Files are uploaded and downloaded without ever being written to the VShell server’s disk, assisting with standards compliance and reducing the disk space required by the VShell host machine.
SCP file transfers using clients operating as a secure RCP replacement that forwards a remote execution request to SCP over SSH2 (not SFTP).
Increase the security of your VShell server by restricting file uploads by file type. Allow only desired file types or deny unwanted file types.
Use vcp, vsftp, vsh, or any SFTP, SCP, or FTPS clients to automate and schedule unattended file transfers.
Securely access and administer web, mail, database, and application servers.
With existing secure shell utilities, add new users to the network, check print queues, and control services. Use text-oriented editors (e.g., EDIT and vi) to edit files on the remote system.
Give VShell users permission to remotely execute commands as a different user without full admin privileges. The administrator controls who can remotely execute commands, which commands are executed, and what account is used.
VShell support for remote command execution allows unattended jobs to be started with any Secure Shell (SSH2) client.
On an individual or group basis, allow or deny access to VShell services such as SFTP, SCP, FTPS, FTP, HTTPS, HTTP, shell, remote execution, and port forwarding.
VShell SSH2 support offers cross-platform security when connecting from remote clients for shell, SFTP and SCP file transfer, or port forwarding access. Connect with Secure Shell clients including SecureCRT, SecureFX, and a wide variety of other standard tools.
VShell supports ChaCha20/Poly1305, AES-256-GCM, AES-128-GCM, AES-256-CTR, AES-192-CTR, AES-128-CTR, AES-256, AES-192, AES-128, and Twofish. For SSH1 clients, 3DES is supported but disabled by default.
Message authentication codes (MACs) protect the integrity of each message sent over the network (preventing replay or insertion attacks). Support for UMAC-128-EtM, UMAC-64-EtM, SHA2-512-EtM, SHA2-256-EtM,SHA1-EtM, UMAC-128, UMAC-64, SHA2-512, SHA2-256, and SHA1. MD5 is supported but disabled by default.
Configurable data compression helps improve transfer speeds over slower network links.
Unique server host key proves its identity to a client as a "known" host (preventing a man-in-the-middle attack). Ed25519 (ssh-ed25519), RSA (ssh-rsa), ECDSA (ecdsa-sha2-nistp), and DSA (ssh-dss) host key algorithms are supported.
Forward TCP/IP ports to securely access standard data traffic like POP3 and SMTP over the Internet and intranets through a single, secure, multiplexed channel.
VShell tracks failed authentications by IP address. Once an IP address has been added to the Deny Host list, VShell will not allow future connections from that address. On Windows SFTP, FTPS, and HTTPS, ward off brute force attacks by specifying the amount of time in which a certain number of authentication failures from a particular IP address will be tolerated. VShell will add the offending IP address to its list of denied hosts and any further authentication attempts will be immediately disconnected. On Windows, you can specify the number of failures allowed during a certain time period, and re-allow connections after a specified amount of time.
Native integration with Windows user accounts and groups (local and domain). Login to VShell using credentials provided by an external LDAP server. Control access to VShell functionality.
Configure VShell-specific users and groups. These VShell-defined users and groups are separate from system accounts. The internal accounts can be given access to all file transfer, remote shell and execute, and port forwarding services. Eliminate the need to create system accounts for end users when accounts are only needed for VShell access. Simplify future migrations by letting VShell automatically include your users and groups when you move the VShell configuration to a new server.
Transparent support for IPv6 allows you to move to the new protocol whenever you are ready.
Automate routine tasks using a suite of standalone command-line utilities: vsftp for interactive SFTP file transfer, vsh for shell access, vcp for file transfer, and vkeygen to generate public/private keys.
The VRALib API allows scripting of SSH2 connections through a Windows COM interface. Supported operations include full control over SSH2 connections, sending a command to an SSH2 server and getting the output produced by the command, tunneling/port forwarding, file transfers using SFTP, remote file management, adding host keys to a host key database, and adding keys to the SSH2 authentication agent.
Choose whether to allow or deny specific SFTP commands on a per-user or per-group basis, including SETSTAT, FSETSTAT, RMDIR, REMOVE, RENAME, and LINK.
VShell provides mouse support for character-based applications running in a command window.
Configure general server options like listening port, keepalives, idle timeout period, and command shell.
On Windows, configure VShell for maximum security through an easy-to-use graphical control panel.
A wizard facilitates easier configuration of VShell to receive file uploads (backups) from Cisco Unified Communications Manager (CUCM).
A Windows command-line utility that allows editing of virtual roots, access control lists (ACLs), file and folder access permissions, and the VShell user database. VShellConfig can import and export configurations to save time when backing up or moving VShell.
Configure which hosts can connect by IP address, netmask, hostname, or domain name. Configure which SSH2 port-forwarding requests are allowed.
Allows automatic disconnect of sessions after a configurable idle time.
Server bandwidth can be configured (throttled) on a global, user/group, or location basis.
Control access to servers and networks using existing usernames and passwords or choose other enterprise-wide authentication methods.
Configure authentication options by limiting the number of failed attempts, setting a timeout period for completed authentications, and setting the required authentication methods.
Specify which authentication methods are allowed or required when users connect to the server: password, public key, GSSAPI, or keyboard-interactive authentication.
Kerberos via GSSAPI increases interoperability while enhancing the security of enterprise-wide network authentication.
Automate unattended file transfers and batch jobs. Can also streamline logon process for users.
VShell for Windows allows authentication through RADIUS servers using SecurID or other methods. RADIUS support is implemented through keyboard-interactive authentication.
Comply with organization-wide PKI policies designed to protect critical information and overcome identity theft and electronic fraud.
Provide your Windows users with a convenient way to log on to VShell Enterprise Edition with HTTPS without entering a username or password. SSO reduces helpdesk workload by decreasing the risk of accidental VShell account lockouts and resulting password reset requests.
Triggers allow automated responses to server events, including failed authentication, no virtual roots, login, logout, upload, download, file/folder creation, deletion, renaming, and addition of files to a folder. Trigger actions include commands and file copy/move. On Windows, email notifications can be sent, and files automatically transferred to another SFTP server.
Customize names of files or folders when moving or copying files in response to file operations. Standardize or specialize names by inserting dates, timestamps, usernames, session IDs, protocol, pre-defined text, and more.
Use logout triggers to send email notifications with the number of files uploaded, the list of files uploaded, the number of files downloaded, and the list of files downloaded during the session.
Use logout triggers to run commands or scripts using the number of files uploaded, the list of files uploaded, the number of files downloaded, and the list of files downloaded during the session.
Detect when new files are created, moved, or copied to a particular folder and initiate actions such as automatic transfer to another SFTP server.
VShell Monitor is a real-time connection monitoring tool that allows an administrator to view active connections to the VShell server.
Selected server messages may be logged in the VShell log file, sent to the Windows system log or a remote syslog/syslog-ng server. Message groups include errors, warnings, informational, connection, authentication, SFTP, FTPS, HTTPS, port forward, debug, and LSA.
VShell error and warning messages as well as selected other message groups are sent to the system event log.
All log messages can be sent to a remote syslog or syslog-ng server.
Official VShell software releases can be downloaded and evaluated for 60 days without charge.
Beta software releases can be downloaded and evaluated for 60 days without charge.
All registered users receive a year of software updates. An option with three years of updates is also available.
All registered users receive a year of technical support by email from VanDyke Support. An option with three years of technical support is also available.
Software updates and support are available after the first year.
VShell uses a FIPS 140-2 validated cryptographic library. VShell can be installed in "FIPS Mode", which allows only FIPS-approved algorithms.
Section 508 requires Federal agencies to make their electronic and information technology accessible to people with disabilities. VShell Server has been registered as a compliant product with the Section 508 database. Voluntary Product Accessibility Template (VPAT) documents detailing this compliance are available in Acrobat PDF format here: view the VShell Server VPAT.
VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.
