VanDyke Software released today a new minor version update for SecureCRT, mainly for adressing a potential security flaw related to the default encryption cyphers used for SSH2 connections.

VanDyke Software dropped a maintenance SecureCRT release today, fixing a few bugs. Nothing really major, mostly compatibility issues and minor annoyances (including one related to scripting).

No screenshots this time, just check the changelog below and download links info even “more below”.

Beside being an excellent SSH client, SecureCRT also has a few “hidden” features such as scripting.

Since SecureCRT supports ActiveX scripting engines, scripts can be written in VBScript, JScript or other compliant languages.
Many aspects of the application can be controlled by using scripts, including the user interface, printing, file transfers, dialog prompts and so on.

Here’s a script that sets the tab title to SERVER_IP:SERVER_PORT immediately after a connection is established.

How to use the script:
- Create a new empty text file
- You can name the file whatever you want, as long as the file extension is “.vbs”
- Copy and paste the code below inside the file
- Save and close
- Open the properties dialog for the session you want to test

Sub Main
Dim mytab
Set mytab = crt.getTab(crt.getTabCount)
mytab.caption = mytab.Session.RemoteAddress+":"+CStr(mytab.Session.RemotePort)
End Sub

For more information about scripting in SecureCRT, see the FAQ on Vandyke’s site and the documentation included with the program.

If you’ve ever dealt with accesing and managing files located on remote systems, you’re probably familiar with FTP. If so, you probably know that using a FTP client is not the easiest solution and does not enable a straightforward workflow. It’s also not very secure, unless you combine it with a VPN, or use FTP/SSL, complicating things even further.

SFTP uses SSH and eliminates the security problems posed by regular FTP, but it still feels and works like FTP when used with standard SFTP clients such as WinSCP.

If you use the right software, though, it can be as easy as accesing your files transparently through a mapped drive. Better yet, no additional software must be installed on the remote server, the standard SSH daemon is enough.

SftpDrive maps remote servers as virtual drives which can be accesed like a regular HDD via the assigned drive letter. You can browse using Windows Explorer or your favorite file manager. Any application can work directly with files located on the mounted server as if they were local files.

Unlike other similar programs, SftpDrive does not use .NET framework or Java, so it’s extremely fast and light on system resources.

On the downside, SftpDrive is not freeware. You can try it for 6 weeks though, so there’s plenty of time to decide if it’s worth the 39 bucks.

Red Drive is a good freeware alternative, but it’s no longer in development. It requires .NET framework 2.0, which makes it kinda slow on some systems.

WebDrive is another comercial product, but it’s extremely powerful. It supports many connection protocols beside SCP, such as WebDAV and Amazon S3. It’s quite pricey though, a good 20 bucks more expensive than SftpDrive.

Following the latest trend, Vandyke Software started updating their applications to comply with the Windows Vista guidelines. First is SecureCRT, the renowned SSH/Telnet client, with the 5.5 Beta 1 version released on the 8th of February.

A nice addition is the New Session Wizard, which makes creating new connections a snap. Of course, it exposes only the basic options, so you might still want to open the advanced properties dialog if you need to make advanced changes (eg: specify the terminal emulation setting).

There is now a script recorder included with the program, which records all keystrokes in the current sessions and outputs VB scripts.

A nice touch is the autosessions option, which allows for multiple sessions or entire folders to be launched at SecureCRT’s startup.

The logging system got an interesting addition as well: users can define custom data bits to be added to logs. Optionally, logs will include only these custom bits.

Among the SSH protocol related changes and fixes, one stands out most: zlib@openssh is now supported, which prevents the zlib library from caching unencrypted passwords by enabling compression compression only after the authentication sequence.

Continue below for download links and detailed changelog…

*** DOWNLOAD LINKS FOR SECURECRT 5.5 BETA 1 ***

Get it now: Download SecureCRT 5.5 Beta 1
exe installer, 7MB, MD5 hash: 6AAEA7227A3D9A18058F52A9E14F9D7D

Check out the SecureCRT BETA product page
Visit the VanDyke homepage

*** WHAT’S NEW IN SECURECRT 5.5 BETA 1 ***

New features:
- Windows Vista support.
- Added a script recorder, which generates VB scripts. When “Start Recording Script” is selected from the Script menu, all keystrokes in the current session are recorded until “Stop Recording Script” is selected.
- A set of sessions can be launched automatically on startup by specifying folders or multiple sessions as auto sessions.
- Added the ability to insert custom data to log files. Custom data can be inserted when a session connects, disconnects, or on each line. Substitution parameters for session, date, and time information are supported. Additionally, there is an
option to log only custom data.
- When ANSI color is being used, it is now possible to use a color scheme, which allows the background to be something other than black and the foreground to be something other than white.
- Added script function GetScriptTab, which returns the tab from which the script was started.
- Added new custom menu item MENU_TAB_LIST1, which causes all the tabbed sessions to be displayed in the menu.
- SFTP: Added “ascii” and “binary” command options to the SFTP tab.
- SSH2: Added support for generating OpenSSH format keys and for converting VanDyke format private keys to OpenSSH format.
- SSH2: Added a global option to cache passwords for SSH2 sessions.
- SSH2: Added support for zlib@openssh.com compression. With this compression method, compression does not start until after authentication, which prevents unencrypted passwords from being cached by the zlib library.

Changes:
- By default, Internet Explorer 7 disables Telnet through a registry setting. Added support for overriding this setting so that SecureCRT can be set as the default Telnet application.
Administrator privileges are required in order to override the setting. Versions of Internet Explorer prior to 7 are not affected by this change.
- When multiple sessions are opened from the “Connect” dialog, if the “Open in a tab” setting is off, the sessions are opened in tabs in a new window.
- The chat window can now be toggled when SecureCRT is maximized or full screen.
- When creating a session, if the Terminal, VT100, or VT102 font is selected, the “Use Unicode line-drawing characters” will be unchecked.
- The “Save connected folder state” option was moved from the “Connect” dialog to the “General” page in the “Global Options” dialog.
- Files with .VBE extension are included in the Script Files filter in the “Select Script to Run” dialog.

Bug fixes:
- Under certain circumstances, text was highlighted incorrectly after highlighted text had been pasted into a session.
- Under certain circumstances, when SecureCRT got an error and became unresponsive, the Migration wizard ran.
- It was not possible to cancel out of the “Global Options” dialog if an incorrect status indicator width or minimum tab width was entered.
- When using send string functionality with a mapped key, \p (pause) did not work correctly.
- If the specified log file was a valid path, but did not have a filename and the “Prompt for filename” option was not set, when logging started, an error that the specified file could not be created was reported.
- If a script that connected to a session was run in a tabbed session that had been disconnected, the script hung.
- The script function ConnectInTab used the default session font instead of the specified session’s font.
- The /SCRIPT command-line argument was not honored when /T was used and the session was opened in a tab other than the first tab.
- SSH1: The command-line option /I pubkeyfile command-line option did not work with /SSH1.
- SSH2: Under certain circumstances, using a SOCKS proxy caused the Secure Shell transport to hang.

A month after the final release of SecureCRT 5.2, we get a new update.

SecureCRT 5.2.1 build 256 doesn’t include many or important changes, but I can’t not be up-to-date

Read on for more details and, of course, download links…

*** WHAT’S NEW IN SECURECRT 5.2.1 ***

Changes:
- Added a new Global.ini clipboard data format VDS_TEXT that
converts special dashes to “-” and smart quotes to standard
quotes when they are pasted into a session.

Bug fixes:
- The script function WaitForStrings did not work with tabbed
sessions.
- When using /T on the command line, if SecureCRT was maximized,
the window was restored.
- Tabs could be closed when the Global.ini file option “Disable
Close” was set.
- SSH2: The Activator agent functionality did not work.
- SFTP: The SFTP tab hung when attempting to auto-complete a
non-existant path.

*** RELEVANT LINKS ***

Get it now: Download SecureCRT 5.2.1 Final
exe installer, 7.44MB, MD5 hash=896CE5D085C2B132489C011C13016A1C

Check out the SecureCRT product page
Visit the VanDyke homepage

What comes following SecureCRT 5.2 Beta 4? Well, of course, it’s SecureCRT 5.2 FINAL; as I suspected back then, we were really close to the final version, actually just a week away.

Vandyke did not publish much info about the changes since Beta 4, only a minor bugfix was mentioned.

The complete list of new features, changes and bug fixes for 5.2 is quite long, so I’ve included it below.

Here’s a few highlights for the impatient/lazy:

- Several new networking features (support for unauthenticated/basic HTTP proxies, support for telnet over SSL)
- Improvements to the scripting system (allows interaction with tabs)
- A few user interface related niceties (option to make CTRL-TAB switch to the most recently used tab, paste on right click, display session connected time in status bar)
- Various SSH1/SSH2 protocol implementation improvements

Read on if you want more… or click to jump to the download section.

*** WHAT’S NEW INVANDYKE SECURECRT 5.2 ***

Changes in SecureCRT 5.2 (Official) — October 10, 2006

Changes in SecureCRT 5.2 (Beta 4) — October 3, 2006

Changes in SecureCRT 5.2 (Beta 3) — September 21, 2006

Bug fixes:
- Toggling the ANSI Color option did not immediately take effect
like it did in previous versions.
- If SecureFX was integrated with SecureCRT, SecureCRT crashed if a
file type that did not have an associated extension was edited.

Changes in SecureCRT 5.2 (Beta 2) — September 7, 2006

Bug fixes:
- SecureCRT crashed on Windows 2003 after connecting to a group
of sessions and then quickly closing the sessions.
- Newly created sessions launched in a new window had 16 rows
instead of 24 rows, which is the default.
- The SecureCRT 5.1 entry was not removed from the Start menu
after upgrading to 5.2.
- If the tab name was set from the tab context menu, it was not
possible to set the tab name from a script.
- Clicking the toolbar with both the left and right mouse buttons
simultaneously caused SecureCRT to stop responding to mouse
clicks.
- SSH1: SSH1 sessions were disconnected after issuing an “ls”
command and over 150 files were listed.

Changes in SecureCRT 5.2 (Beta 1) — August 22, 2006

Changes:
- Removed the command-line clients VSH, VCP, VSFTP, VPKA, and
VKEYGEN from the installer. These clients will be available as
a separate package.
- If the global setting “Show connection closed dialog” is off,
the reconnect dialog will not be displayed when the network is
disconnected.
- Added a global and session printing option to force black on
white printing.
- SecureCRT handles ] R in Linux terminal mode.

Bug fixes:
- If an HTTP proxy was being used and the session was disconnected
before the hostname was resolved, CPU usage went up to 100%.
- Changing a session’s protocol from Telnet to SSH2 did not change
the port number like it did in SecureCRT 5.0 and prior versions.
- The “Color Schemes.ini” file could get corrupted when multiple
instances of SecureCRT were launched.
- If display changes were made, such as showing or hiding the tab
bar or chat window, the window size was incorrect when subsequent
session windows were launched.
- If SecureFX was integrated with SecureCRT and the SecureFX path
specified in the Global.ini file pointed to a 2.x version or an
invalid path, the error “Show Terminal Only session while running
SecureFX” was displayed.
- When editing the default session and a tab other than the first
tab was active, the “Apply change to all sessions?” prompt was
displayed even if no changes were made.
- When Midnight Commander was running and the session was using
Xterm emulation, clicking the mouse beyond the 80th column
generated garbage.
- SecureCRT was inaccessible if it was minimized from a script
when a dialog, such as the Connect dialog, was being displayed.
- Cancelling a script did not report the line number where the
script was cancelled like it did in versions prior to 5.0.
- Fixed the following tests in vttest that SecureCRT had been
failing.
- Line-drawing tests in “Test of double-sized characters” set.
- Request terminal parameters test in “Test of terminal
reports” set.
- Scrolling region and column mode escape sequence test in
“Test of known bugs” set.
- Upgrading to a newer version of SecureCRT did not remove the
old entry in Add/Remove programs.
- SSH2: SecureCRT could not validate the server’s x.509 DSA host
key when the key was not encoded using ASN.1 (F-Secure and SSH
Communications servers).
- SSH2: SecureCRT could not validate the server’s X.509 RSA host
key if the server used the SHA-1 hash (later versions of
F-Secure and SSH Communications servers).
- SSH2: If an incorrect username was entered in the username
prompt dialog and the “Save username” check box was unchecked,
this check box was incorrectly checked when re-prompting for
the username.
- SFTP: SecureCRT crashed when using tab to complete a filename
in an SFTP tab.

*** RELEVANT LINKS ***

Download SecureCRT 5.2 Final (.exe installer - 7.44MB)
Check out the SecureCRT product page
Visit the VanDyke homepage

Striving to stay true to my promise of not missing another SecureCRT Beta ever again, I give you version 5.2 Beta 4.

This build is not much of a deal actually; a few bugs have been ironed out, while no real changes have been implemented. The whole release gives me the feel we’ll see the final version pretty soon.
The addressed flaws are related to the UI (tabs), SecureFX’s integration with SecureCRT, failed Rlogin connections and SSH2/Public Key Assistant. See the whole thing below in the complete changelog…

*** WHAT’S NEW INVANDYKE SECURECRT 5.2 BETA 4 ***

Bug fixes:
- SecureCRT crashed when cycling through tabbed sessions if one of
the tabs had been disconnected and was in the process of
connecting to a different server.
- When SecureCRT was integrated with SecureFX, double clicking a
transfer-only session in the Connect dialog did not launch
SecureFX.
- RLogin: RLogin connections failed if the Log File option “Prompt
for filename” was set.
- SSH2: SecureCRT crashed if the Public Key Assistant was launched
before the connection had completed.

*** RELEVANT LINKS ***

Download SecureCRT 5.2 Beta 4 (.exe installer - 7.44MB, MD5=97C75CFDF9008380EFE8B7A543CFD2BD)
Check out the SecureCRT Beta page
Visit the VanDyke homepage

So I unbeliavably missed SecureCRT 5.2 so far.. shame on me. Still, here’s the latest beta, fresh out of the oven today: 5.2 Beta 3.

Beta 3 fixes a couple of bugs (one of which caused the program to crash) and introduces a few changes, mainly minor GUI improvements, and a new feature to the scripting system.

Similarly, Beta 2, focused on fixing some flaws (one of which, again, caused a crash on Windows 2003 systems) targeting GUI issues and the SSH1 protocol implementation. The significant changes affect the default compression option for SSH2, which is now set to “none” for new installations of SecureCRT.

The real treats were introduced by Beta 1:
- Several new networking features (support for unauthenticated/basic HTTP proxies, support for telnet over SSL)
- Improvements to the scripting system (allows interaction with tabs)
- A few user interface related niceties (option to make CTRL-TAB switch to the most recently used tab, paste on right click, display session connected time in status bar)
- Various SSH1/SSH2 protocol implementation improvements

Beta 1 also enforced some changes, of which the most interesting is the removal of the command-line clients VSH, VCP, VSFTP, VPKA, and VKEYGEN from the standard installer. The changelog claims they will be later included in a separate package, but is this package goind to be free or included in the SecureCRT fee? I guess we’ll have to wait and see…

Bugfixes in SecureCRT 5.2 Beta 1 range from critical ones (”If an HTTP proxy was being used and the session was disconnected before the hostname was resolved, CPU usage went up to 100%”) to minor (”Upgrading to a newer version of SecureCRT did not remove the old entry in Add/Remove programs”). Aaand as always, there are the usual SSH protocol implementation fixes.

Read all about the changes in the detailed changelog posted below.

*** RELEVANT LINKS ***

Download SecureCRT 5.2 Beta 3 (.exe installer - 7.44MB, MD5=F3D88CA5C70E674D2DA9AC0436689DD2)
Check out the SecureCRT Beta page
Visit the VanDyke homepage

*** WHAT’S NEW IN SECURECRT 5.2 BETA 1 ***
September 21, 2006

Changes:
- Added the script property Tab.Caption, which allows getting and
setting a tab’s caption.
- Increased the size of the authentication, key exchange, ciphers,
and MACs list boxes in order to eliminate the scrollbars.
- Added a maximize button to the Connect dialog.

Bug fixes:
- Toggling the ANSI Color option did not immediately take effect
like it did in previous versions.
- If SecureFX was integrated with SecureCRT, SecureCRT crashed if a
file type that did not have an associated extension was edited.

*** WHAT’S NEW IN SECURECRT 5.2 BETA 2 ***
September 7, 2006

Changes:
- The Session Options dialog was made larger so that there are
no scrollbars in the Category tree.
- SSH2: Changed the default compression to “None”. This only
affects new installations.

Bug fixes:
- SecureCRT crashed on Window 2003 after connecting to a group
of sessions and then quickly closing the sessions.
- Newly created sessions launched in a new window had 16 rows
instead of 24 rows, which is the default.
- The SecureCRT 5.1 entry was not removed from the Start menu
after upgrading to 5.2.
- If the tab name was set from the tab context menu, it was not
possible to set the tab name from a script.
- Clicking the toolbar with both the left and right mouse buttons
simultaneously caused SecureCRT to stop responding to mouse
clicks.
- SSH1: SSH1 sessions were disconnected after issuing an “ls”
command and over 150 files were listed.

*** WHAT’S NEW IN SECURECRT 5.2 BETA 3 ***
August 22, 2006

New features:
- Added support for unauthenticated and basic HTTP proxies.
- Added script functions to support working with tabs. These
functions allow scripts to connect tabs, connect SFTP tabs,
clone tabs, activate tabs, and close tabs.
- Added a /T command-line option that supports launching sessions
in tabs. This flag can be used with /S and with sessions that
are not in the session database, such as URLs.
- Added a global option to have CTRL+TAB switch to the most
recently used tab.
- Tab control displays tooltips (or hover text) to show the full
tab label.
- Added support for Telnet over SSL.
- Added a global option to paste on right mouse click.
- Added a global option to display the elapsed time for connected
sessions in the status bar.
- Added a session option to translate incoming CRs to CRLF.
- Added a session option to map ANSI line drawing characters to
“+”, “”, etc. when they are copied to the clipboard.
- Added a global INI-file only option “ZModem Force All Caps
Filenames to Lower Case on Upload”, which specifies whether or
not all caps filenames should be converted to lowercase during
a Zmodem upload.
- SSH2: Enhanced X.509 host-key support by validating X.509 host-
key certificates.
- SSH1/SSH2: Added /ACCEPTHOSTKEYS command-line parameter to
SecureCRT, which causes host keys to be automatically accepted.

Changes:
- Removed the command-line clients VSH, VCP, VSFTP, VPKA, and
VKEYGEN from the installer. These clients will be available as
a separate package.
- If the global setting “Show connection closed dialog” is off,
the reconnect dialog will not be displayed when the network is
disconnected.
- Added a global and session printing option to force black on
white printing.
- SecureCRT handles ] R in Linux terminal mode.

Bug fixes:
- If an HTTP proxy was being used and the session was disconnected
before the hostname was resolved, CPU usage went up to 100%.
- Changing a session’s protocol from Telnet to SSH2 did not change
the port number like it did in SecureCRT 5.0 and prior versions.
- The “Color Schemes.ini” file could get corrupted when multiple
instances of SecureCRT were launched.
- If display changes were made, such as showing or hiding the tab
bar or chat window, the window size was incorrect when subsequent
session windows were launched.
- If SecureFX was integrated with SecureCRT and the SecureFX path
specified in the Global.ini file pointed to a 2.x version or an
invalid path, the error “Show Terminal Only session while running
SecureFX” was displayed.
- When editing the default session and a tab other than the first
tab was active, the “Apply change to all sessions?” prompt was
displayed even if no changes were made.
- When Midnight Commander was running and the session was using
Xterm emulation, clicking the mouse beyond the 80th column
generated garbage.
- SecureCRT was inaccessible if it was minimized from a script
when a dialog, such as the Connect dialog, was being displayed.
- Cancelling a script did not report the line number where the
script was cancelled like it did in versions prior to 5.0.
- Fixed the following tests in vttest that SecureCRT had been
failing.
- Line-drawing tests in “Test of double-sized characters” set.
- Request terminal parameters test in “Test of terminal
reports” set.
- Scrolling region and column mode escape sequence test in
“Test of known bugs” set.
- Upgrading to a newer version of SecureCRT did not remove the
old entry in Add/Remove programs.
- SSH2: SecureCRT could not validate the server’s x.509 DSA host
key when the key was not encoded using ASN.1 (F-Secure and SSH
Communications servers).
- SSH2: SecureCRT could not validate the server’s X.509 RSA host
key if the server used the SHA-1 hash (later versions of
F-Secure and SSH Communications servers).
- SSH2: If an incorrect username was entered in the username
prompt dialog and the “Save username” check box was unchecked,
this check box was incorrectly checked when re-prompting for
the username.
- SFTP: SecureCRT crashed when using tab to complete a filename
in an SFTP tab.

Note: There is a newer version of this software product: SecureCRT 5.2 final.

A new bugfix update has been released for Vandyke
SecureCRT 5.1, the highly acclaimed security and remote administration suite.

SecureCRT 5.1.4, which includes GUI and command line tools for connecting to servers via SSH (v1 and v2), Telnet, Rlogin and other communication protocols, has been improved with fixes that target a crash issue when SecureCRT was incorrectly called from a cmd.exe command line prompt and using UNC/Samba file paths for logging.

Another change affects the SSH2 protocol implementation: the default compression setting for new SecureCRT installation is not set to “None”.

Check the full changelog below for more details.

*** WHAT’S NEW IN SECURECRT 5.1.4 ***

Changes:
- SSH2: Changed the default compression to “None”. This only affects new installations.

Bug fixes:
- SecureCRT crashed when the command to launch it from Cmd.exe was incorrect.
- It was not possible to specify a UNC path (Samba) for a log file.

*** RELEVANT LINKS ***

VanDyke Homepage
Download SecureCRT 5.1.4 (.exe - 8.92MB, MD5=8CAF9194793066ED24816435F835BA39)
SecureCRT Product Page
General What’s New page for VanDyke products