VanDyke Software Forums

VanDyke Software Forums (https://forums.vandyke.com/index.php)
-   General (https://forums.vandyke.com/forumdisplay.php?f=11)
-   -   Massive Password change (https://forums.vandyke.com/showthread.php?t=12638)

jjx 03-17-2017 06:38 AM

Massive Password change
 
As administrators we are forced to update our passwords often (every 40 days). Access to all devices is controlled through Active Directory (AD). So a change to AD password force a massive password change to more than 800 devices.

Is there a way to apply this change to all sessions?
I cant do it though "Default Session Options > SSH2 > AUthentication > Password" because not all sessions are SSH2 and I have sessions with different usernames.

jjh 03-17-2017 10:20 AM

Hi jjx.

There are a couple of ways to change the password for
multiple sessions at once. Both of them involve the
technique that you described. The first one I'll tell you
about probably won't work for you because it will affect ALL
of your sessions.

If you open your Global Options to the Default Session
category, you can click the "Edit default settings" button,
then use the technique that you described to change your
saved password. When you make a configuration change to you
Default session, you will see a popup message asking you if
you would like to make that change to all of your existing
sessions. Your Default session is what all new sessions and
Quick Connect sessions are based on. Since this option
would potentially affect all of your sessions, it probably
won't work for you.

Your other option would involve you doing some setup in the
session manager to put all of your sessions that use SSH2
and share the same password into one folder. Then you could
right click the folder and choose "Properties" to open a
Session Options dialog that would affect all of the sessions
together. You could also hold down the Ctrl key while you
select each session and right click the selected sessions to
do the same thing. It shouldn't matter that the usernames
are different if the password are all the same. If the
sessions with the different username also used a different
password, you could create a folder just for those and do
the same thing.

Another way to separate your SSH2 sessions from your other
session or separate sessions that use one password from the
ones that use another password might be to use separate
Config folders and different desktop shortcuts that would
use each one. Here's how you could do that:
  • First, create an empty folder named Config somewhere on your hard drive
  • Next, make a copy of the desktop shortcut you use to launch SecureCRT
  • Right click the new shortcut and choose "Properties"
  • The Target for the shortcut points to SecureCRT.exe. Add a /F flag, then
    the path to your new, empty Config folder. The Target now might look
    something like this:

    "C:\program Files\Vandyke Software\SecureCRT\SecureCRT.exe" /F "C:\MySecureCRTFiles\Config"
Now when you launch SecureCRT using the new Config folder,
it will become populated with the files and folders that
SecureCRT needs. You can populate that config folder with
the sessions that you want to remain together and just use
that shortcut and change all of the sessions using one of
the methods from above.

Does this give you some ideas about your options for
changing password in multiple sessions at once?

Thanks

JJH

jjx 03-17-2017 01:58 PM

Yes, these are the solutions that I have thought (grouping sessions based on access or credentials). However, none of these solutions is feasible.

I have all sessions categorized depending on location, device type etc (more than 1200 sessions). I can't manage 4 different sessions for each device splited to different places. It would escalate really fast and its prone to mistakes.

Actually I opened this topic to imply a feature request.
It would be a really nice addition if SecureCRT could implement something like a repository for credentials. Or at least a list of username/passwords centrally managed (and updating)

jjh 03-18-2017 09:46 AM

Thanks for your feature request. I have created an entry
for you in our feature request database. We will post
something here should a version of SecureCRT become
available with a substitution database for logon actions
that would make it easier for you to change passwords for
multiple sessions without having to make your session
manager configuration more complicated. If you would like
to be informed via e-mail, please send a message to
support@vandyke.com referencing this forum thread.

JJH

jjx 03-20-2017 03:30 PM

Thank you

Many colleagues have referred to this feature; it should be a great addition.
Also, many programs already have this functionality (Remote Desktop Managers, etc) and it is very efficient!!

Casey 03-21-2017 12:00 PM

By chance is the password/login info currently stored in the session's INI file?

If it is and it's the same in all your other session INI files, then perhaps you could update just one session, grab the new string from the INI file, and then use one of those 'search and replace' apps to scan all you INI and replace "password=abc" with "password=xyz".


Lots of 'if' there though...

jjx 03-24-2017 06:35 AM

Quote:

Originally Posted by Casey (Post 47201)
By chance is the password/login info currently stored in the session's INI file?

If it is and it's the same in all your other session INI files, then perhaps you could update just one session, grab the new string from the INI file, and then use one of those 'search and replace' apps to scan all you INI and replace "password=abc" with "password=xyz".


Lots of 'if' there though...

Yes, it should confirm that the username is the one that should be updated and then update the password in encrypted form.
Probably it will work

jjx 06-15-2017 10:57 AM

Quote:

Originally Posted by jjh (Post 47183)
Thanks for your feature request. I have created an entry
for you in our feature request database. We will post
something here should a version of SecureCRT become
available with a substitution database for logon actions
that would make it easier for you to change passwords for
multiple sessions without having to make your session
manager configuration more complicated. If you would like
to be informed via e-mail, please send a message to
support@vandyke.com referencing this forum thread.

JJH

Has this been discussed internally?
Any decision or ideas how to keep passwords in sync with the new security regulations that hit the IT every day?

The only manageable solution I have found is to delete all passwords from the sessions; SecureCRT will popup the password window, an external password manager (ex. Roboform) will attach to the window filling the correct password each time.

jjh 06-15-2017 04:10 PM

Hi JJX.

A decision hasn't been made as far as adding that functionality to SecureCRT. I have added your inquiry to the entry I created for you in our feature request database and forwarded it to the product manager. Please feel free to keep checking in from time to time. If that functionality does make it into SecureCRT, we will contact you.

Thanks
JJH

astergiou 07-04-2017 02:50 AM

Hello

this is totally UNACCEPTABLE.
We are in 2017 and many software suites support central user/password repository.

I have more than 700 sessions that are linked to Active Directory username and password and due to company policies every 60 days my password will change...

What is the way to change 700 sessions????

If you see other suites like Remote Desktop Manager, they offer a central repo that you change the password ONCE.

What is the roadmap of Van Dyke for this feature?

jdev 07-04-2017 09:33 AM

Quote:

Originally Posted by astergiou (Post 47668)
this is totally UNACCEPTABLE.
We are in 2017 and many software suites support central user/password repository.

I have more than 700 sessions that are linked to Active Directory username and password and due to company policies every 60 days my password will change...

How fortunate! Some companies have policies that forbid saving of passwords at all.

I'm so sorry that SecureCRT in its current form doesn't meet your needs. I'll be sure to let the product manager know that you're really interested in having this feature added to SecureCRT.

Quote:

What is the way to change 700 sessions?
Many ways exist to change the password for multiple sessions, as jjh described in his 03-17-2017 10:20 AM post.

Did you not read through and try those ideas, or are you saying you tried those methods and they didn't work for you?

If you tried using the Default session or multi-selecting sessions in the Session Manager and editing properties there, and it didn't work for you, can you describe what you saw that went wrong?

--Jake

metallicat 09-06-2017 09:11 AM

I use MacOS and run into a fairly similar problem.
MacOS has Keychain (a password manager) built-in.
What I did was write a simple python script that addressed the issue.
There's a keyring python module that allows to read, write and delete entries from keychain.
If you use some other OS - I'm sure it's possible to find an external password manager with python API and achieve the same results.

Cheers!
Alex.

ngrison 10-11-2017 03:13 AM

I would add my vote for this feature request. The way I would really like it, you would be able to define named login/password pairs in the general preferences, and then under each session SSH2 preference a new authentication method would allow you to select the one you need for that particular session. When your password change, just update the appropriate password in the general preferences. Very simple, and you can keep all your sessions organised.

Every company I've worked at is the same, plenty of devices use an AD account, plenty more use a radius or tacacs one, and some others use local. The method above would make it very easy to work in that kind of environment.

epaalx 07-09-2021 11:27 AM

freebie Cisco CLI Analyser does this
 
Although not as customisable as SecureCRT, freebie Cisco CLI Analyzer allows associating a credential policy to one or more devices. Then, if one changes password in that policy, SSH connections to all associated devices will use that password. It can’t be simpler and damming that SecureCRT cannot do this.


All times are GMT -6. The time now is 06:51 AM.