SecureCRT for Network Engineers
Introduction
SecureCRT is a solution with a good group of useful tools and capabilities for Network Engineers. The set of tools that it brings allow us to manage networks in an agile, secure and efficient way.
For those of us who still operate networks through the CLI, SecureCRT provides us with an excellent opportunity to introduce ourselves with Network Programmability and Automation. But this is an opportunity that we will see in another article. In this one we are going to introduce ourselves to what Secure CRT is and the different tools that we can take advantage of as a Network Engineer.
What is SecureCRT?
SecureCRT is a multifunction solution that offers versatile tools for business, network management, information security and development, from accessing host-based applications and managing servers to securely accessing network resources, routers and switches.
SecureCRT allows you to store user accounts and passwords, combining it with a strong terminal with strong encryption, extensive authentication options and data integrity of the SSH (Secure Shell) protocol.
Protocols, authentication methods and encryption in SecureCRT
SecureCRT supports SSH2, SSH1, Telnet, Serial, and Raw on all platforms. On Windows, Telnet / TLS, RLogin and TAPI are supported. Authentication methods include password, Public Keys, X.509 certificate, Kerberos v5 (via GSSAPI) and interactive keyboard. Encryptions include ChaCha20 / Poly1305, AES-GCM, AES-CTR, and AES.
Sesiones en SecureCRT
SecureCRT has an interface that allows multiple sessions in different tabs with extensive session management and customization functions. Customization options include keymaps, buttonbars, and login scripts, as well as fonts, cursors, and color schemes.
Sessions are nameable, allowing you to create individual configurations that can be used in a specific session. A personal data folder provides private and separate storage of confidential information so that other configuration data can be stored on a network drive or in the cloud for use on different systems or to share with colleagues.
Scripting and File Transfer
Routine configuration tasks can be automated using powerful “scripting” capabilities including ActiveX scripting support for VBScript, JScript, and PerlScript on Windows, and built-in Python support on all platforms.
Securely transfer files using Zmodem, Xmodem, Ymodem or Kermit from an SSH1, SSH2 or TLS session. Files can be easily uploaded by dragging and dropping them onto an SFTP tab or session window. A built-in TFTP server provides additional flexibility to transfer files.
SecureCRT tools
Quick Connect
Quick Connection is the tool within SecureCRT that allows you to quickly connect to a computer using the multiple protocols it supports. Some of these protocols are: Telnet, SSHv1, SSHv2, Rlogin, Serial, etc.
The Quick Connect dialog box can be accessed by clicking Quick Connect on the File menu, clicking the Quick Connect button on the SecureCRT toolbar, or entering the ALT + Q key combination.
The most common use I have given to the tool has been to quickly connect to new computers on the network via SSH2. So we will just limit ourselves to explaining the options for this protocol.
Quick Connect Options
As you can see in image # 1, this tool when choosing SSH2 provides you with multiple options:
- Hostname. The host name or IP address of the remote computer that provides the SSH2 service.
- Port. The port number of the SSH2 service on the remote computer. For SSH2, the default port is 22.
- Firewall. If your connection involves going through a Firewall, select one from the list of Firewalls that have been configured in the Global Options / Firewalls dialog box.
- Username. The username used to log in to the remote computer.
- Authentication. SecureCRT supports various authentication methods to connect to SSH2 servers and will try to connect to them in the order you specify.
- Password. Password authentication transmits the user’s password to the server to authenticate the connection. The transmitted password is protected against sniffers, due to the encryption of the data channel.
- PublicKey. PublicKey authentication uses a public / private key pair to authenticate the connection.
- Keyboard Interactive. This authentication option allows you to use the keyboard to respond to the challenges posed by the server.
- GSSAPI (Generic Security Services Application Program Interface). It is a generic API to perform client / server authentication. GSSAPI allows SecureCRT to authenticate with a server without knowing anything about the specific authentication mechanism in use.
- Show quick connect on Startup. Check this box to display the Quick Connect dialog every time SecureCRT is started.
- Save Session. Check this box to save the session settings that have been defined. The session will be stored for future use with the specified hostname or IP address.
- Open in a tab. Open the session as a tab in the current SecureCRT window.
Session Manager
Session manager is a tool that allows you to quickly connect to defined sessions (or create and connect to new sessions) in the SecureCRT window.
From Session Manager, you can connect to multiple sessions and folders. You can also select and edit multiple sessions simultaneously; only the modified fields will be applied to the selected sessions, allowing you to change specific settings for a group of sessions. When editing multiple sessions, SecureCRT will display the first selected session.
With this administrator I can separate access to computers by groups. I can quickly access each device by clicking on them or I can access the entire group at the same time, right-clicking the group and then clicking “Connect in Tabs”.
Use cases:
- This is very useful when you use Network Simulators like GNS3 and Eve-NG, since you can save the sessions of your devices in a folder by Laboratory.
- If you manage a multi-vendor network, you can group devices sessions by vendor.
- You can also group the sessions by the role of the device in the network (PE, P, DataCenter, etc).
Logging Session
Session logging allows you to record the current session to a log file. When you log in for the first time, the Save As dialog box appears. Enter the desired log file name and click the Save button.
If you wish, it is possible to configure the automatic registration of sessions in a file so that you do not miss registering any of the sessions that you had.
Use cases:
- When you are working on a Network Change and you want to keep a record of all the commands launched.
- It can be used to make backups of the equipment configuration.
- When you ask for help from a device’s technical support, and you give them access to your console to carry out verifications, you can register all the commands that are executed.
Working with multiple simultaneous sessions
SecureCRT allows you to have multiple sessions open in the same window, organized in tabs.
Managing sessions by tabs in the same SecureCRT window allows you to work comfortably when doing a service survey or diagnosing the causes of a problem on the network.
Command Window
The SecureCRT command window provides an interface to the remote command line that is not affected by simultaneous output to the terminal screen. The command window is useful for issuing subsequent commands. While waiting for the output of a previous command to complete, you can prepare the next command by typing it in the Command window. The content of the command window is sent to the command line as soon as the ENTER key is pressed in the command window.
One of the most interesting capabilities that is given to this console is to send the same command to multiple computers simultaneously, as can be seen in the image above.
Use cases:
- Run Backup commands on all computers to be worked at the same time. Previously, the Log Session function must be enabled in each session.
- When an information survey is being carried out of the interfaces that are in service in each equipment, the information can be collected from all the equipment. First by activating the send command to all sessions and then executing the commands.
Command Manager
Command Manager allows you to quickly access frequently-defined user-defined commands. These commands can be organized by saving them in user created folders.
This command manager is built and modified in the same way as the session manager. Also like the command window, you can send commands to all active sessions simultaneously.
Use cases:
- When I need to run long commands with complex filters, I use this tool to save and organize them.
Button Bar
The SecureCRT button bar is a row of user-configurable buttons that you can use to quickly access frequently needed actions and commands. You can enable or disable the display of the button bar by selecting or unchecking the Button bar option in the View menu.
Use cases:
- Group of commands that are executed at the click of a button. For example, commands to backup a computer.
- A button can be programmed to launch other network applications such as Wireshark, Fizilla, WinSCP, etc.
- In a button you can have a script programmed that executes a set of actions.
Conclusion
As we saw, SecureCRT is a very useful solution for network engineers. It allows you to work easily and simultaneously with multiple network equipment. The advantages are summarized in:
- It allows you to save the sessions to your devices. Save username and password so you do not have to enter them every time you go to a computer.
- It allows you to save frequently used and useful commands. With this functionality you no longer have to remember or write one or multiple commands from the mind.
- You can save everything you executed on your computers in text files, so you can review all the work you did at any time, or share with a colleague how you did some configuration.
In the official SecureCRT page you can find more information about its functionalities.
Expect a MiniCourse on how to use SecureCRT + Python to automate your tasks soon.
Comment any questions, doubts or simply if you want to add valuable information also write it in the comments.