The Secure Shell Protocol (ssh) has become a security umbrella many of us can't imagine doing without. As a remote access tool, ssh offers the security of encrypted connections; as a secure tunneling tool, ssh provides something approaching a compromise between those charged with network security and their user-base, which is never comfortable with some of the restrictions their administrators are forced to impose.
In the UNIX and Macintosh worlds, ssh is ubiquitous and easily obtained. In the Windows world there are several ssh client options, as well, most available at no cost, such as TeraTerm, the Cygwin port, and PuTTY, and NetworkSimplicity's port, which also provides a working OpenSSH server for Windows 2000.
The quality of this collection of clients is uneven. Some exist as afterthoughts to generic telnet clients, with ssh functionality bolted on, and some are outdated enough that they only provide the SSH1 protocol, which has been found to contain serious weaknesses. Others provide full and modern functionality, but little in the way of graphical configuration.
VanDyke's SecureCRT manages to provide both a modern implementation of ssh and ease of use via graphical configuration options, with the main tradeoff most will notice being the cost: $99 for a single license.
Getting and Installing SecureCRT
SecureCRT is available as a timed demo, providing full functionality for 30 days. The download page includes a link to the demo as well as attendant warnings on exporting to (or downloading from) an assortment of sanctioned countries.
Installation is simple enough via a self-extracting installer.
Looking at SecureCRT
ssh itself is a fairly no-nonsense protocol to use: you access a remote ssh server, authenticate by either public key pair or password, and may then either use a text-based shell to do your work or forward X11-based applications to your local machine.
SecureCRT supports both public-key and password authentication (offering helpfully, if less securely, to remember usernames and passwords), and its public key generation wizard makes the process of creating a keypair fairly simple. Readers familiar with our tips on public key authentication with SSH may want to immediately copy their public identity file to a remote server, but incompatibilities in the key format between OpenSSH and SSH2 require a quick trip to the manual, where instructions are given on converting a SecureCRT-generated public identity to an OpenSSH-readable version.
The documentation for SecureCRT is generally helpful, though it's behind the actual functionality of the program as it currently ships in a few places.
Because remote access often involves a lot of variables peculiar to individual hosts, SecureCRT allows for the creation of multiple named sessions, which can be saved for later use. Each of these sessions can also be saved to the desktop as a shortcut, allowing for easy access without having to traverse SecureCRT's (simple) session selection screen.
Two areas where SecureCRT really shines are in its configurability and in the ease with which a secure tunnel can be established.
SecureCRT offers both global and per-session configuration options. The global option set establishes general parameters, such as the default public keypair to use for connections and the shades of colors the terminal will use when providing ANSI emulation.
The per-session configuration is much more varied, providing a lot of fine-tuning for a host of options. There's also a rudimentary scripting component that allows for Expect/Respond-With interactions between the client and server. This can be used as a basic automatic program launcher by leaving out the "Expect" part of a stanza and simply providing a command to execute. There's also a wide variety of terminal emulation options (from the venerable DEC VT100 to ANSI/SCOANSI to Linux), an Emacs compatibility toggle that honors the use of the ALT key as an Emacs Meta-key, and color scheme control, which makes it very easy to color-code assorted remote hosts for quick identification. The font used for each session is also configurable.
The port forwarding options make use of SecureCRT for things other than remote shell access a real pleasure. Port forwarding allows users to tunnel IP traffic to a remote ssh server. Many corporate firewalls allow ssh traffic in and out because of the inherent security of the protocol. This has the added effect of allowing users to tunnel other protocols (such as POP traffic from outside servers, access to more permissive web proxies than the one the company mandates, and sundry other forbidden pleasures) through their ssh connections.
Under SecureCRT, the configuration tool for port forwarding is layed out in such a manner that there's no confusion involved in building a tunnel to a remote server, and even includes an option to launch a specific application that might depend on that tunnel once a connection is opened.
Several other convenience features are present in SecureCRT, as well: it's possible to minimize the application to the "Activator" in the system tray, instead of the taskbar (great for non-interactive tunneled sessions). It also supports local printing for applications that support that feature (such as Pine), timeout suppression, and X.509 smartcard authentication.
Some people don't need a lot in a ssh client, and there's a perfectly suitable market bursting with free alternatives for those with simple needs. Others, however, will have more complex needs or may simply want the ease a well-crafted GUI-based client can confer. SecureCRT is an outstanding choice. At $99, it isn't cheap, but it provides all of the power of ssh with ease of use and maximum configurability. We think it's well worth the price for anyone who expects to get daily use out of it.
Release: 3.4.3 Supported Platforms: Windows 95, 98, NT 4.0, 2000, and XP
Publisher: VanDyke Software, Inc.