VShell® Server

Whether your needs focus on remote access and administration or secure file transfer, the VShell server has a full range of capabilities.

Try Before You Buy

Every release can be evaluated free of charge for 60 days.

VShell® Server

Whether your needs focus on secure file transfer or remote access and administration, the VShell server has a full range of capabilities that enable you to:

  • Provide strong, multi-protocol security for data in transit
  • Control user access to features and files
  • Set up and configure easily
  • Monitor and log events with automation support


New in VShell 4.9

New In icon

SFTP virtual roots

On Windows, SFTP virtual roots now support public-key authentication.


For convenience on Windows, test user access to virtual roots directly from the VShell Control Panel.

Resize the VShell Control Panel to better accommodate your configuration settings.

Secure File Transfer

SFTP, FTPS, and FTP file transfers

Configure VShell to act as an SFTP server, an FTPS server, or both. With FTPS, plaintext FTP may also be allowed to support legacy devices.

HTTPS file transfer

VShell Enterprise Edition with HTTPS allows your staff, customers, and partners to transfer files easily using a web browser, eliminating the need for end-user training. Streamline the administrative cost of secure file transfer — no client software is needed and there are no browser plugins to install. Users connect via HTTPS to view folder contents, upload and download files, and more.

WebDAV support

VShell Enterprise Edition with HTTPS allows users to connect with a WebDAV client to upload and download files securely. Users can take advantage of WebDAV functionality to edit and collaborate on content.

Multiple virtual root directories

The VShell virtual root capability lets you assign different root directory access points to users or groups. Allows fine-grained control over user access permissions and the ability to specify the user's home directory.

SFTP virtual roots (Windows only)

Protect your internal SFTP server from internet threats or leverage an external SFTP server by seamlessly transferring end-user connections from VShell to the target server. After authenticating the connections, VShell transparently transfers file operations to a separate SFTP server. Files are uploaded and downloaded without ever being written to the VShell server’s disk, assisting with standards compliance and reducing the disk space required by the VShell host machine.

SCP file transfers

SCP file transfers using clients operating as a secure RCP replacement that forwards a remote execution request to SCP over SSH2 (not SFTP).

Restrict file types

Increase the security of your VShell server by restricting file uploads by file type. Allow only desired file types or deny unwanted file types.

Automated secure file transfers

Use vcp, vsftp, vsh, or any SFTP, SCP, or FTPS clients to automate and schedule unattended file transfers.

Remote Access and Administration

Administer servers remotely and securely

Securely access and administer web, mail, database, and application servers.

Accomplish common administrative tasks

With existing secure shell utilities, add new users to the network, check print queues, and control services. Use text-oriented editors (e.g., EDIT and vi) to edit files on the remote system.

Remotely execute commands as a different user (Windows only)

Give VShell users permission to remotely execute commands as a different user without full admin privileges. The administrator controls who can remotely execute commands, which commands are executed, and what account is used.

Start unattended batch jobs

VShell support for remote command execution allows unattended jobs to be started with any Secure Shell (SSH2) client.


Access control

On an individual or group basis, allow or deny access to VShell services such as SFTP, SCP, FTPS, FTP, HTTPS, HTTP, shell, remote execution, and port forwarding.

SSH2 support

VShell SSH2 support offers cross-platform security when connecting from remote clients for shell, SFTP and SCP file transfer, or port forwarding access. Connect with Secure Shell clients including SecureCRT, SecureFX, and a wide variety of other standard tools.

Data encryption

VShell supports ChaCha20/Poly1305, AES-256-GCM, AES-128-GCM, AES-256-CTR, AES-192-CTR, AES-128-CTR, AES-256, AES-192, AES-128, and Twofish. For SSH1 clients, 3DES is supported but disabled by default.

Data integrity

Message authentication codes (MACs) protect the integrity of each message sent over the network (preventing replay or insertion attacks). Support for UMAC-128-EtM, UMAC-64-EtM, SHA2-512-EtM, SHA2-256-EtM,SHA1-EtM, UMAC-128, UMAC-64, SHA2-512, SHA2-256, and SHA1. MD5 is supported but disabled by default.

Data compression

Configurable data compression helps improve transfer speeds over slower network links.

Host identity verification

Unique server host key proves its identity to a client as a "known" host (preventing a man-in-the-middle attack). Ed25519 (ssh-ed25519), RSA (ssh-rsa), ECDSA (ecdsa-sha2-nistp), and DSA (ssh-dss) host key algorithms are supported.

Port forwarding

Forward TCP/IP ports to securely access standard data traffic like POP3 and SMTP over the Internet and intranets through a single, secure, multiplexed channel.

Deny Host file

VShell tracks failed authentications by IP address. Once an IP address has been added to the Deny Host list, VShell will not allow future connections from that address. On Windows SFTP, FTPS, and HTTPS, ward off brute force attacks by specifying the amount of time in which a certain number of authentication failures from a particular IP address will be tolerated. VShell will add the offending IP address to its list of denied hosts and any further authentication attempts will be immediately disconnected. On Windows, you can specify the number of failures allowed during a certain time period, and re-allow connections after a specified amount of time.

Windows account and LDAP server integration (Windows only)

Native integration with Windows user accounts and groups (local and domain). Login to VShell using credentials provided by an external LDAP server. Control access to VShell functionality.

Internal user database

Configure VShell-specific users and groups. These VShell-defined users and groups are separate from system accounts. The internal accounts can be given access to all file transfer, remote shell and execute, and port forwarding services. Eliminate the need to create system accounts for end users when accounts are only needed for VShell access. Simplify future migrations by letting VShell automatically include your users and groups when you move the VShell configuration to a new server.

IPv6 support

Transparent support for IPv6 allows you to move to the new protocol whenever you are ready.

Command-line utilities

Automate routine tasks using a suite of standalone command-line utilities: vsftp for interactive SFTP file transfer, vsh for shell access, vcp for file transfer, and vkeygen to generate public/private keys.

VRALib API for scripting SSH2 sessions (Windows only)

The VRALib API allows scripting of SSH2 connections through a Windows COM interface. Supported operations include full control over SSH2 connections, sending a command to an SSH2 server and getting the output produced by the command, tunneling/port forwarding, file transfers using SFTP, remote file management, adding host keys to a host key database, and adding keys to the SSH2 authentication agent.

Allow or deny specific SFTP commands

Choose whether to allow or deny specific SFTP commands on a per-user or per-group basis, including SETSTAT, FSETSTAT, RMDIR, REMOVE, RENAME, and LINK.

Mouse support (Windows only)

VShell provides mouse support for character-based applications running in a command window.

Server Configuration

General server configuration

Configure general server options like listening port, keepalives, idle timeout period, and command shell.

VShell Control Panel (Windows only)

On Windows, configure VShell for maximum security through an easy-to-use graphical control panel.

CUCM configuration wizard (Windows only)

A wizard facilitates easier configuration of VShell to receive file uploads (backups) from Cisco Unified Communications Manager (CUCM).

VShellConfig utility (Windows only)

A Windows command-line utility that allows editing of virtual roots, access control lists (ACLs), file and folder access permissions, and the VShell user database. VShellConfig can import and export configurations to save time when backing up or moving VShell.

Connection filters

Configure which hosts can connect by IP address, netmask, hostname, or domain name. Configure which SSH2 port-forwarding requests are allowed.

Idle timeout option

Allows automatic disconnect of sessions after a configurable idle time.

Bandwidth throttling

Server bandwidth can be configured (throttled) on a global, user/group, or location basis.

User Authentication

Secure user authentication

Control access to servers and networks using existing usernames and passwords or choose other enterprise-wide authentication methods.

Authentication settings

Configure authentication options by limiting the number of failed attempts, setting a timeout period for completed authentications, and setting the required authentication methods.

Allowed/required list for authentication methods

Specify which authentication methods are allowed or required when users connect to the server: password, public key, GSSAPI, or keyboard-interactive authentication.

Kerberos v5 authentication via GSSAPI

Kerberos via GSSAPI increases interoperability while enhancing the security of enterprise-wide network authentication.

Public-key-only authentication

Automate unattended file transfers and batch jobs. Can also streamline logon process for users.

RADIUS server support for SecurID authentication (Windows only)

VShell for Windows allows authentication through RADIUS servers using SecurID or other methods. RADIUS support is implemented through keyboard-interactive authentication.

X.509 certificate authentication method (Windows only)

Comply with organization-wide PKI policies designed to protect critical information and overcome identity theft and electronic fraud.

HTTPS Single Sign On (SSO) (Windows only)

Provide your Windows users with a convenient way to log on to VShell Enterprise Edition with HTTPS without entering a username or password. SSO reduces helpdesk workload by decreasing the risk of accidental VShell account lockouts and resulting password reset requests.



Triggers allow automated responses to server events, including failed authentication, no virtual roots, login, logout, upload, download, file/folder creation, deletion, renaming, and addition of files to a folder. Trigger actions include commands and file copy/move. On Windows, email notifications can be sent, and files automatically transferred to another SFTP server.

Enhanced automatic file renaming capabilities

Customize names of files or folders when moving or copying files in response to file operations.  Standardize or specialize names by inserting dates, timestamps, usernames, session IDs, protocol, pre-defined text, and more.

Automatically send email with file transfer summary (Windows only)

Use logout triggers to send email notifications with the number of files uploaded, the list of files uploaded, the number of files downloaded, and the list of files downloaded during the session.

Automatically run commands that use file transfer summary variables

Use logout triggers to run commands or scripts using the number of files uploaded, the list of files uploaded, the number of files downloaded, and the list of files downloaded during the session.

Folder monitor (Windows only)

Detect when new files are created, moved, or copied to a particular folder and initiate actions such as automatic transfer to another SFTP server.

Logging & Monitoring

Monitor active VShell sessions (Windows only)

VShell Monitor is a real-time connection monitoring tool that allows an administrator to view active connections to the VShell server.

Server message logging

Selected server messages may be logged in the VShell log file, sent to the Windows system log or a remote syslog/syslog-ng server. Message groups include errors, warnings, informational, connection, authentication, SFTP, FTPS, HTTPS, port forward, debug, and LSA.

Windows event log (Windows only)

VShell error and warning messages as well as selected other message groups are sent to the system event log.

syslog support

All log messages can be sent to a remote syslog or syslog-ng server.


Try before you buy free evaluation copy

Official VShell software releases can be downloaded and evaluated for 60 days without charge.

Open beta software releases

Beta software releases can be downloaded and evaluated for 60 days without charge.

One-year software updates

All registered users receive a year of software updates. An option with three years of updates is also available.

One-year technical support

All registered users receive a year of technical support by email from VanDyke Support. An option with three years of technical support is also available.

Software maintenance available

Software updates and support are available after the first year.


FIPS 140-2 support (Windows only)

VShell uses a FIPS 140-2 validated cryptographic library. VShell can be installed in "FIPS Mode", which allows only FIPS-approved algorithms.

U.S. Rehabilitation Act Section 508 compliance

Section 508 requires Federal agencies to make their electronic and information technology accessible to people with disabilities. VShell Server has been registered as a compliant product with the Section 508 database. Voluntary Product Accessibility Template (VPAT) documents detailing this compliance are available in Acrobat PDF format here: view the VShell Server VPAT.

VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.