On an individual or group basis, allow or deny access to VShell services such as SFTP, SCP, FTPS, FTP, HTTPS, HTTP, shell, remote execution, and port forwarding.
VShell SSH2 support offers cross-platform security when connecting from remote clients for shell, SFTP and SCP file transfer, or port forwarding access. Connect with Secure Shell clients including SecureCRT, SecureFX, and a wide variety of other standard tools.
VShell supports ChaCha20/Poly1305, AES-256-GCM, AES-128-GCM, AES-256-CTR, AES-192-CTR, AES-128-CTR, AES-256, AES-192, AES-128, and Twofish. For SSH1 clients, 3DES is supported but disabled by default.
Message authentication codes (MACs) protect the integrity of each message sent over the network (preventing replay or insertion attacks). Support for UMAC-128-EtM, UMAC-64-EtM, SHA2-512-EtM, SHA2-256-EtM,SHA1-EtM, UMAC-128, UMAC-64, SHA2-512, SHA2-256, and SHA1. MD5 is supported but disabled by default.
Configurable data compression helps improve transfer speeds over slower network links.
Host identity verification
Unique server host key proves its identity to a client as a "known" host (preventing a man-in-the-middle attack). Ed25519 (ssh-ed25519), RSA (ssh-rsa), ECDSA (ecdsa-sha2-nistp), and DSA (ssh-dss) host key algorithms are supported.
Forward TCP/IP ports to securely access standard data traffic like POP3 and SMTP over the Internet and intranets through a single, secure, multiplexed channel.
Deny Host file
VShell tracks failed authentications by IP address. Once an IP address has been added to the Deny Host list, VShell will not allow future connections from that address. On Windows SFTP, FTPS, and HTTPS, ward off brute force attacks by specifying the amount of time in which a certain number of authentication failures from a particular IP address will be tolerated. VShell will add the offending IP address to its list of denied hosts and any further authentication attempts will be immediately disconnected. On Windows, you can specify the number of failures allowed during a certain time period, and re-allow connections after a specified amount of time.
Windows account and LDAP server integration (Windows only)
Native integration with Windows user accounts and groups (local and domain). Login to VShell using credentials provided by an external LDAP server. Control access to VShell functionality.
Internal user database
Configure VShell-specific users and groups. These VShell-defined users and groups are separate from system accounts. The internal accounts can be given access to all file transfer, remote shell and execute, and port forwarding services. Eliminate the need to create system accounts for end users when accounts are only needed for VShell access. Simplify future migrations by letting VShell automatically include your users and groups when you move the VShell configuration to a new server.
Transparent support for IPv6 allows you to move to the new protocol whenever you are ready.
Automate routine tasks using a suite of standalone command-line utilities: vsftp for interactive SFTP file transfer, vsh for shell access, vcp for file transfer, and vkeygen to generate public/private keys.
VRALib API for scripting SSH2 sessions (Windows only)
The VRALib API allows scripting of SSH2 connections through a Windows COM interface. Supported operations include full control over SSH2 connections, sending a command to an SSH2 server and getting the output produced by the command, tunneling/port forwarding, file transfers using SFTP, remote file management, adding host keys to a host key database, and adding keys to the SSH2 authentication agent.
Allow or deny specific SFTP commands
Choose whether to allow or deny specific SFTP commands on a per-user or per-group basis, including SETSTAT, FSETSTAT, RMDIR, REMOVE, RENAME, and LINK.
Mouse support (Windows only)
VShell provides mouse support for character-based applications running in a command window.