Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 06-11-2020, 09:32 PM
ertank ertank is offline
Registered User
 
Join Date: May 2020
Posts: 5
Command Manager safety

Hello,

I am using SecureCRT 8.7.2 on Windows 10 OS. This is mainly to access several Linux VPS servers on the Internet over ssh.

SecreCRT does not start without providing a password for initial run.

I have quite long and not easy to memorize root passwords for the VPS systems I am connecting to. I cannot login as root user directly (restricted).

One way I found easy enough for myself is to store root passwords in Command Manager and use them when necessary. I also ticked disable tooltip for added security.

What I would like to know is how safe these root passwords in Command Manager?

Thanks & Regards,
Ertan
Reply With Quote
  #2  
Old 06-12-2020, 09:32 AM
cboyack cboyack is offline
VanDyke Technical Support
 
Join Date: Apr 2020
Location: Albuquerque, NM
Posts: 48
Quote:
Originally Posted by ertank View Post
What I would like to know is how safe these root passwords in Command Manager?
Hi ertank,

Command Manager data is not encrypted. It is not recommended to store your passwords in the Command Manager, since the data is stored in plaintext within an .ini file.

I've added a feature request on your behalf regarding encrypting Command Manager entries so that the product director may be able to evaluate it for potential inclusion in some future release. I don't yet have any ETA for when or even if this might ever become available, but if it does, we can post the information to this forum. If you prefer direct email notification, send an email to support@vandyke.com and include Feature Request - Forum Thread #14203 in the subject line or use this form from the support page of our website.

If you wish to securely automate the process of entering commands after the initial connection, you may utilize the "Logon Actions" feature of SecureCRT (Session Options > Logon Actions category).

In your case, you would:
  1. Delete the two default Expect/Send entries
  2. [Add...] an entry that "Expects" the last few unique characters of the remote system's shell prompt, and "Sends" the desired su command
  3. [Add...] an additional entry that "Expects" the last few unique characters of the remote system's password prompt and "Sends" the needed "quite long and not easy to memorize" password (enable the Hide option to mask the password from prying eyes that may be looking over your shoulder)
  4. Save your changes, then disconnect/reconnect to try it out
The image below shows a basic version of this (the example shows en as the command instead of su, but you can see the general idea:
__________________
Thanks,
--Cameron

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #3  
Old 08-23-2020, 04:23 AM
ertank ertank is offline
Registered User
 
Join Date: May 2020
Posts: 5
Hello,

Sorry for late reply. Seems I am not subscribed to my own post for a reason.

This is SSH V2 login. I am using PublicKey as first method of authentication. Server does not allow root user login even using PublicKey. I am willing to automate switching to root user.

I have tried to use Connection->Logon Actions as suggested and failed.

I have exactly same boxes checked and cleared as in your post. That is not working for a reason.

My Logon Actions entries are:
Code:
Except: "~$ ", Send: "su -"
Except: "word:", Send:"<my password>"
Display logon prompts is checked but nothing seems to be send when I logon. It is same if I remove extra space character and use "~$" to except.

Initial text I receive from server is as below:
Code:
Linux myserver 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Sun Aug 23 05:58:29 2020 from 31.206.45.188
ek@myserver:~$
Thanks & Regards,
Ertan
Reply With Quote
  #4  
Old 08-24-2020, 08:54 AM
cboyack cboyack is offline
VanDyke Technical Support
 
Join Date: Apr 2020
Location: Albuquerque, NM
Posts: 48
Hi Ertan,

I'm sorry to hear that the Logon Actions capability doesn't seem to be working for you so far.

Is there any chance that your "~" symbol is a different color than the "$" symbol?

Remote hosts often send non-printing escape sequences (such as sequences to change colors in between characters in the prompt), and if there is such an escape sequence between the two terminal characters of the command prompt, "~$ " would not work, as the "Expect:" field would need to be looking for a particular escape sequence as well. You can check whether this is the case in your situation by configuring a raw log before connecting (File > Raw Log Session) to see what exact characters are being sent by the remote host.

What happens if you change your initial "Expect:" entry to "$ " or "$" without the "~" symbol?
__________________
Thanks,
--Cameron

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730

Last edited by cboyack; 08-24-2020 at 10:50 AM. Reason: Formatting
Reply With Quote
  #5  
Old 08-24-2020, 09:08 AM
ertank ertank is offline
Registered User
 
Join Date: May 2020
Posts: 5
Hello,

Your assumption is quite correct. There are some escape characters before "$" sign in raw log.

When I change initial Expect to $ sign (single character) it worked as expected.

Thanks for the hint.
Reply With Quote
  #6  
Old 08-24-2020, 10:49 AM
cboyack cboyack is offline
VanDyke Technical Support
 
Join Date: Apr 2020
Location: Albuquerque, NM
Posts: 48
Hi Ertan,

I'm glad that you were able to configure your Logon Actions as desired.

I have added this forum thread to a feature request regarding giving Logon Actions the ability to ignore escape sequences, so that the product director may be able to evaluate it for potential inclusion in some future release. I don't yet have any ETA for when or even if this capability might ever become available, but if it does we'll post the information here.

If you prefer direct email notification, send an email to support@vandyke.com and include Feature Request - Forum Thread #14203 in the subject line or use this form from the support page of our website.

As another workaround (in case the final character of the prompt is also present earlier in the prompt, for instance), one may configure raw logging (again, File > Raw Log Session before connecting to the session) and then copy the prompt (or a portion of the end of it) as it appears with escape sequences intact from the raw log and paste it into the "Expect:" field. Using this method, the escape sequences will be kept intact and an exact match of the prompt can be obtained.
__________________
Thanks,
--Cameron

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
  #7  
Old 08-28-2020, 12:03 PM
scottmlew scottmlew is offline
Registered User
 
Join Date: Jan 2020
Posts: 9
I made a feature request for encrypted command manager and button bar items, too. Hopefully since multiple are inquiring, Van Dyke can make it happen!
Reply With Quote
  #8  
Old 08-28-2020, 01:39 PM
cboyack cboyack is offline
VanDyke Technical Support
 
Join Date: Apr 2020
Location: Albuquerque, NM
Posts: 48
@scottmlew: Thanks for the requests.

As I mentioned before, the possibility of such implementations, along with the timing, are up to the evaluation of the product director and what resources we have available to make those ideas a reality.
__________________
Thanks,
--Cameron

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 11:51 PM.