VShell^® Server

SFTP, FTPS, and FTP file transfersWML

Configure VShell to act as an SFTP server, an FTPS server, or both.
With FTPS, plaintext FTP may also be allowed to support legacy devices.

HTTPS file transferWML

VShell Enterprise Edition with HTTPS allows your staff, customers, and partners to transfer files easily using a web browser, eliminating the need for end-user training. Streamline the administrative cost of secure file transfer — no client software is needed and there are no browser plugins to install. Users connect via HTTPS to view folder contents, upload and download files, and more.

WebDAV supportWML

VShell Enterprise Edition with HTTPS allows users to connect with a WebDAV client to upload and download files securely. Users can take advantage of WebDAV functionality to edit and collaborate on content.

Multiple virtual root directoriesWML

The VShell virtual root capability lets you assign different root directory access points to users or groups. Allows fine-grained control over user access permissions and the ability to specify the user's home directory.

SFTP virtual rootsW

Protect your internal SFTP server from internet threats or leverage an external SFTP server by seamlessly transferring end-user connections from VShell to the target server. After authenticating the connections, VShell transparently transfers file operations to a separate SFTP server. Files are uploaded and downloaded without ever being written to the VShell server’s disk, assisting with standards compliance and reducing the disk space required by the VShell host machine.

SCP file transfersWML

SCP file transfers using clients operating as a secure RCP replacement that forwards a remote execution request to SCP over SSH2 (not SFTP).

Automated secure file transfersWML

Use vcp, vsftp, vsh, or any SFTP, SCP, or FTPS clients to automate and schedule unattended file transfers.

Administer servers remotely and securelyWML

Securely access and administer web, mail, database, and application servers.

Accomplish common administrative tasksWML

With existing secure shell utilities, add new users to the network, check print queues, and control services. Use text-oriented editors (e.g., EDIT and vi) to edit files on the remote system.

Remotely execute commands as a different userW

Give VShell users permission to remotely execute commands as a different user without full admin privileges. The administrator controls who can remotely execute commands, which commands are executed, and what account is used.

Start unattended batch jobsWML

VShell support for remote command execution allows unattended jobs to be started with any Secure Shell (SSH2) client.

Access controlWML

On an individual or group basis, allow or deny access to VShell services such as SFTP, SCP, FTPS, FTP, HTTPS, HTTP, shell, remote execution, and port forwarding.

SSH2 supportWML

VShell SSH2 support offers cross-platform security when connecting from remote clients for shell, SFTP and SCP file transfer, or port forwarding access. Connect with Secure Shell clients including SecureCRT, SecureFX, and a wide variety of other standard tools.

Data encryptionWML

VShell supports ChaCha20/Poly1305, AES-GCM, AES-128-CTR, AES-192-CTR, AES-256-CTR, AES-128, AES-192, AES-256, Twofish, Blowfish, 3DES, and RC4, for connections by SSH2 clients. For SSH1 clients, Blowfish, DES, 3DES, and RC4 are supported.

Data integrityWML

Message authentication codes (MACs) protect the integrity of each message sent over the network (preventing replay or insertion attacks). Support for SHA2-512, SHA2-256, SHA1, SHA1-96, MD5, MD5-96, UMAC-64, UMAC-128, SHA2-512-EtM, SHA2-256-EtM, SHA1-EtM, UMAC-64-EtM, and UMAC-128-EtM is included.

Data compressionWML

Configurable data compression helps improve transfer speeds over slower network links.

Host identity verificationWML

Unique server host key proves its identity to a client as a "known" host (preventing a man-in-the-middle attack). DSA (ssh-dss), RSA (ssh-rsa), and ECDSA (ecdsa-sha2-nistp) host key algorithms supported.

Port forwardingWML

Forward TCP/IP ports to securely access standard data traffic like POP3 and SMTP over the Internet and intranets through a single, secure, multiplexed channel.

Deny Host fileWML

VShell tracks failed authentications by IP address. Once an IP address has been added to the Deny Host list, VShell will not allow future connections from that address. On Windows SFTP and FTPS, ward off brute force attacks by specifying the amount of time in which a certain number of authentication failures from a particular IP address will be tolerated. VShell will then add the offending IP address to its list of denied hosts and any further authentication attempts will be immediately disconnected. On Windows, you can specify the number of failures allowed during a certain time period, and re-allow connections after a specified amount of time.

Windows account and LDAP server integrationW

Native integration with Windows user accounts and groups (local and domain). Login to VShell using credentials provided by an external LDAP server. Control access to VShell functionality.

Internal user databaseWML

Configure VShell-specific users and groups. These VShell-defined users and groups are separate from system accounts. The internal accounts can be given access to all file transfer, remote shell and execute, and port forwarding services. Eliminate the need to create system accounts for end users when accounts are only needed for VShell access. Simplify future migrations by letting VShell automatically include your users and groups when you move the VShell configuration to a new server.

Jail shellML

Two configuration options, ChrootUsers and ChrootGroups, combine to restrict users and members of groups to their home directory with any shell, SFTP, or subsystem operation.

IPv6 supportWML

Transparent support for IPv6 allows you to move to the new protocol whenever you are ready.

Command-line utilitiesWML

Automate routine tasks using command-line utilities: vsftp for an interactive SFTP command line, vsh for command-line shell access, vcp for command-line file transfer, and vkeygen to generate public/private keys.

VRALib API for scripting SSH2 sessionsW

The VRALib API allows scripting of SSH2 connections through a Windows COM interface. Supported operations include full control over SSH2 connections, sending a command to an SSH2 server and getting the output produced by the command, tunneling/port forwarding, file transfers using SFTP, remote file management, adding host keys to a host key database, and adding keys to the SSH2 authentication agent.

Allow or deny specific SFTP commandsWML

Choose whether to allow or deny specific SFTP commands on a per-user or per-group basis, including SETSTAT, FSETSTAT, RMDIR, REMOVE, RENAME, and LINK.

Mouse supportW

VShell provides mouse support for character-based applications running in a command window.

General server configurationWML

Configure general server options like listening port, keepalives, idle timeout period, and command shell.

Windows Control PanelW

Configure VShell for maximum security through an easy-to-use graphical control panel.

VShellConfig utilityW

A Windows command-line utility that allows editing of virtual roots, access control lists (ACLs), file and folder access permissions, and the VShell user database. VShellConfig can import and export configurations to save time when backing up or moving VShell.

FiltersWML

Configure which hosts can connect by IP address, hostname, or netmask; configure which port forwarding requests are allowed.

Idle timeout optionWML

Allows timing out sessions after a configurable idle time.

Bandwidth throttlingWML

Server bandwidth can be configured (throttled) on a global, user/group, or location basis.

Secure user authenticationWML

Control access to servers and networks using existing usernames and passwords or choose other enterprise-wide authentication methods.

Authentication settingsWML

Configure authentication options by limiting the number of failed attempts, setting a timeout period for completed authentications, and setting the required authentication methods.

Allowed/required list for authentication methodsWML

Specify which authentication methods are allowed or required when users connect to the server: password, public key, GSSAPI, or keyboard-interactive authentication.

Kerberos v5 authentication via GSSAPIWML

Kerberos via GSSAPI increases interoperability while enhancing the security of enterprise-wide network authentication.

Public-key-only authenticationWML

Automate unattended file transfers and batch jobs. Can also streamline logon process for users.

Keyboard-interactive authenticationML

Keyboard-interactive allows you to customize authentication using PAM plugins. PAM plugins can, for example, enable password expiration enforcement policies or the use of SecurID cards.

RADIUS server support for SecurID authenticationW

VShell for Windows allows authentication through RADIUS servers using SecurID or other methods. RADIUS support is implemented through keyboard-interactive authentication.

X.509 certificate authentication methodW

Comply with organization-wide PKI policies designed to protect critical information and overcome identity theft and electronic fraud.

TriggersWML

Configurable trigger conditions allow automated responses to server events, including failed authentication, login, logout, upload, and download, as well as file/folder create, delete, and rename. Trigger actions include commands, sending email, file copy/move, and SFTP transfers.

Folder monitorW

Detect when new files are created, moved, or copied to a particular folder and initiate actions such as automatic transfer to another SFTP server.

Monitor active VShell sessionsW

VShell Monitor is a real-time connection monitoring tool that allows an administrator to view active connections to the VShell server.

Server message loggingWML

Selected server messages may be logged in the VShell log file, sent to the Windows system log or a remote syslog/syslog-ng server. Message groups include errors, warnings, informational, connection, authentication, SFTP, port forward, debug, LSA, and FTPS.

Windows event logW

VShell error and warning messages as well as selected other message groups are sent to the system event log.

syslog supportWML

All log messages can be sent to a remote syslog or syslog-ng server.

W3C logging optionWML

The W3C extended log file format option allows the use of third party log tools to analyze VShell activity.

VShell licenses are categorized into four separate "Editions" which determine the protocols and maximum number of allowed concurrent client connections to VShell. VShell license editions allowing fewer concurrent connections are priced lower than editions that allow a larger number of concurrent connections.

VShell AdministratorWML

Allows two concurrent client connections, and is designed primarily for remote system administration use.

VShell WorkgroupWML

Allows twenty-five concurrent connections, and is intended to serve the needs of a large group of users.

VShell EnterpriseWML

Supports an unrestricted number of concurrent connections for a substantial user community.

VShell Enterprise with HTTPSWML

Easy file transfer by users with a web browser; deploy to large numbers of locations or users without purchasing or configuring client software.

License Comparison

During the 60-day evaluation period, VShell for Windows can be configured to emulate any of the four editions. By default, it emulates the Enterprise with HTTPS edition.

On Linux and Mac, VShell emulates the Enterprise with HTTPS edition during the evaluation period.

Note: "Client connections" is not the same as "users". The number of concurrent client connections is the number of connections where the client has successfully authenticated to VShell, regardless of the user account associated with the authentication. Two separate connections to the VShell service will count as two concurrent connections even if the same user account is used for authentication in each case.

Try before you buy free evaluation copyWML

Official VShell software releases can be downloaded and evaluated for 60 days without charge.

Open beta software releasesWML

Beta software releases can be downloaded and evaluated for 60 days without charge.

One-year software updatesWML

All registered users receive a year of software updates. An option with three years of updates is also available.

One-year technical supportWML

All registered users receive a year of technical support by email from VanDyke Support. An option with three years of technical support is also available.

Software maintenance availableWML

Software updates and support are available after the first year.

FIPS 140-2 supportW

VShell uses a FIPS 140-2 validated cryptographic library. VShell can be installed in "FIPS Mode", which allows only FIPS-approved algorithms.

U.S. Rehabilitation Act Section 508 complianceWML

Section 508 requires Federal agencies to make their electronic and information technology accessible to people with disabilities. VShell Server has been registered as a compliant product with the Section 508 database. Voluntary Product Accessibility Template (VPAT) documents detailing this compliance are available in Acrobat PDF format here: view the VShell Server VPAT.