SecureCRT – Command Line Options

Couldn’t find a good source online… so here they are.

Syntax:
SecureCRT.exe [standard options] [protocol-specific options]

Standard Command-Line Options

Standard Option	Arguments	Description
/ARG	argument	Passes option(s) to SecureCRT scripts by way of Arguments scripting objects. More than one /ARG option can be used in a command.
/COLOR_SCHEME	scheme	Specifies an existing color scheme A combination of session settings that specify a variety of colors associated with the terminal window, including foreground and background. to be used for the session A session is a set of options that are assigned to a connection to a remote machine. These settings and options are saved under a session name and allow the user to have different preferences for different hos being started. When this switch is used, any changes to the session color scheme will be ignored. If a nonexistent scheme is specified, the session configuration color scheme will be used.
/F	folder pathname	Points to an alternate configuration folder location. If there is no configuration file in the alternate folder, SecureCRT will create one. Without this option, SecureCRT will use the configuration information in the default folder location.
/FIREWALL	firewall name	Connects session using specified firewall settings. Replaces /PROXY and /SOCKS options. The format of this command is as follows: /FIREWALL=<name> If the firewall name contains spaces, it should be enclosed by quotation marks. If no firewall argument is specified, SecureCRT will use the firewall specified by the session being connected. If the session firewall is set to None, SecureCRT will use the firewall specified in the current global firewall settings. If a firewall is named in the command argument, SecureCRT will temporarily override the session’s firewall settings and use the firewall specified for the current session. Note: When specifying a firewall on the same command line used to open multiple sessions, SecureCRT will apply the firewall to each of the sessions. Using SecureCRT’s dependent session option on the command line or in the connect bar (as in the following example), it’s possible to link a session to an SSH2 session that it depends on, which allows connection to a jump host before connecting to other sessions. Both the command line and the connect bar use the normal /Firewall specifier and the firewall will be Session:<session name> with the following syntax. /FIREWALL=Session:<Session Name> ssh2://[<user>]@<host> Session: is case insensitive.
/LOG	filename	Specifies a log file to be used for the session being started.
/MAX_COLS	n	Specifies the maximum number of columns. The maximum value for n is 1024 and the minimum value is 132.
/N	tabname	Specifies the name to display on the tab.
/NOMENU		Hides the menu bar.
/NOTOOLBAR		Hides the toolbar.
/NOSAVE		No changes to settings will be saved.
/POS	x y	Specifies the initial position of the SecureCRT window, where x and y specify the upper left corner of the SecureCRT window in pixel coordinates.
/SCRIPT	filename	Runs script contained in filename.
/SESSION_FOLDER	folder	Opens the sessions in the specified folder that would be opened if the folder was designated as an auto session. To open all the sessions, use the following command: /SESSION_FOLDER \ The /SESSION_FOLDER option can be used with the /S option.
/TITLEBAR	“Title to display”	Sets the text in the title bar to the string given as argument.

Protocol-Specific Command-Line Options

Protocol Option And Mandatory Arguments

Related Options and Arguments

Description

/S session_name

none

Starts SecureCRT and opens a connection A data path or circuit between two computers over a phone line, network cable, or other meanswith session_name. If session_name includes any spaces, it must be enclosed with quotation marks, (e.g., “My Session”). Multiple sessions can be opened by specifying multiple “/S session_name” argument pairs on the command line.

Note:
The /S option is considered a protocol-specific option because the protocol to be used is defined by the session A session is a set of options that are assigned to a connection to a remote machine. These settings and options are saved under a session name and allow the user to have different preferences for different hosts. parameters.

When used in conjunction with the /S options, the /T option opens the specified session or sessions in a separate tab or tabs. For example, the command:

/T /S alpha

opens session alpha in a new tab. The command:

/T /S alpha /S beta

opens both sessions alpha and beta in their
own tabs.

Note:
/T must precede /S in the command string.

The /T option can also be used with “ad hoc” sessions such as:

/T /SSH2 myserver

/SSH1 [ssh_options] hostname	none	Starts SecureCRT and opens the default session with the SSH1 protocol and begins connecting to hostname. SecureCRT also accepts username@hostname syntax. Note: /SSH1 and its related options are only available if SSH1 support was selected for installation during the installation process.
	[ /ACCEPTHOSTKEYS ]	Instructs SecureCRT to automatically accept host keys.
	[ / C cipher An algorithm used to encrypt data at varying levels of security. Examples include 3DES, AES, Blowfish, RC4, and Twofish. ]	Specifies a cipher for encrypting the session. Valid values for SSH1 cipher are NONE, DES, 3DES, RC4 and BLOWFISH. The default SSH1 cipher is 3DES.
	[ /ENCRYPTEDPASSWORD password ]	Specifies a password in encrypted form. This password must have been encrypted by SecureCRT. To obtain an encrypted password, specify a password in the Session Options dialog, then open that session’s .ini file and copy the encrypted string from the Password field. To use passwords in scripts, refer to the Session Object Connect method.
	[ /I identityfile ]	Specifies the location of the user’s identity file Identity files are two files containing the public-private key pair used to connect to an SSH server using RSA or DSA authentication. The Identity file contains the public and private key pair and is used by SecureCRT. The Identity.pub file contains only the public key which is usually appended to the authorized_keys file. . The identity file contains the private key needed to connect to the server using RSA authentication The process of verifying that an individual truly is who he or she claims to be. Supplying a password is a very common method of authentication. The most secure method of authentication supported in SecureCRT is public-key authentication. See also: identity file, public-private key pair. . The absence of this option causes password authentication to be used.
	[ /L username ]	Specifies the username when connecting to the SSH1 server A computer program that provides services to other computer programs (called clients). Often the computer on which a server program runs is also called a server. The term host is often used as a synonym for server. .
	[ /P port ]	Specifies the SSH server port. The default value is 22.
	[ /PASSPHRASE passphrase ]	Logs on to the SSH1 server using passphrase as the passphrase A password used to protect a private key from unauthorized use. It is recommended that a passphrase be assigned to all private keys to prevent unauthorized use, especially in environments where multiple individuals have access to the machine on which the private key files are stored. When using public-key authentication, a private key with an assigned passphrase will not be available if the correct passphrase is not supplied during the authentication process. for the identity file given with the /L option.
	[ /PASSWORD password ]	Logs on to the SSH1 server using password as the password for the username given with the /L option.
	[ /Z compressionlevel ]	Specifies the compression level from 1 (lowest compression = fastest) to 9 (highest compression = slowest). Setting this option to 0 turns off compression.

/SSH2 [ssh_options] hostname	none	Starts SecureCRT and opens the default session with the SSH2 protocol and begins connecting to hostname. SecureCRT also accepts username@hostname syntax. Note: /SSH2 and its related options are only available if SSH2 support was selected for installation during the installation process.
	[ /ACCEPTHOSTKEYS ]	Instructs SecureCRT to automatically accept host keys.
	[ /AUTH method ]	Specifies the authentication method(s) to be attempted when connecting to the SSH2 server. If multiple methods are specified, they must be comma-separated with no spaces (i.e., /AUTH password, publickey, keyboard-interactive, gssapi)
	[ /C cipher ]	Specifies a cipher for encrypting the session. Valid values for SSH2 cipher are NONE, 3DES, RC4, and TWOFISH. The default SSH2 cipher is 3DES.
	[ /COMPRESSIONS type ]	Specifies the compression type for the session. Valid values for SSH2 compression type are NONE, ZLIB, and ZLIB@OPENSSH.COM. The default type is NONE.
	[ /ENCRYPTEDPASSWORD password ]	Specifies a password in encrypted form. This password must have been encrypted by SecureCRT. To obtain an encrypted password, specify a password in the Session Options dialog, then open that session’s .ini file and copy the encrypted string from the Password field. To use passwords in scripts, refer to the Session Object Connect method.
	[ /I identityfile ]	Specifies the location of the user’s identity file. The identity file contains the private key needed to connect to the server using public-key authentication. The absence of this option causes password authentication to be used.
	[ /L username ]	Specifies the username when connecting to the SSH2 server.
	[ /LOCAL [localip:]localport:hostname:hostport]	Allows you to specify a local listening IP address when setting up a port forward (not required), and forwards connection requests from localport (on localhost) to hostport on hostname.
	[ /M MAC Message Authentication Code. A component of the SSH2 protocol consisting of a hashing algorithm used to ensure data integrity between an SSH2 client and an SSH2 server communicating over a TCP/IP network such as the internet. The MAC ensures data integrity by protecting against message alteration. ]	Specifies the Message Authentication Code (MAC) to use.
	[ /P port ]	Specifies the SSH2 server port. The default value is 22.
	[ /PASSPHRASE passphrase ]	Logs on to the SSH2 server using passphrase as the passphrase for the identity file given with the /L option.
	[ /PASSWORD password ]	Logs on to the SSH2 server using password as the password for the username given with the /L option.
	[/REMOTE [listenip:]listenport:destination-host:destination-port]	Allows you to specify a remote listening IP address when setting up a remote forward (not required), and requests the SSH2 server to accept connection requests on listenport (on the remote machine) and forward the requests to hostport on hostname.
	[ /Z compressionlevel ]	Specifies the compression level from 1 (lowest compression = fastest) to 9 (highest compression = slowest). Setting this option to 0 turns off compression.

/TELNET hostname [port]

none

Starts SecureCRT and opens the default session with the Telnet protocol and begins connecting to [port] on hostname.

/RLOGIN hostname	none	Starts SecureCRT and opens the default session with the rlogin protocol and begins connecting to hostname. SecureCRT also accepts username@hostname syntax.
	[ /L username ]	Specifies the username to use with the rlogin protocol.
/TAPI phone_number	none	Starts SecureCRT and opens the default session with the TAPI protocol and begins connecting to the specified phone number. Note: This command must be formatted as in the following example: /TAPI “+1 (555) 555-5555”
	[ /REDIAL attempts ]	Specifies the number of redial attempts that SecureCRT will make before giving up on the connection.

/SERIAL port	none	Starts SecureCRT and opens the default session with port. If no port value is entered, SecureCRT will use the value of the Port option in the Global Options / General / Default Session category. If no setting is entered for the default session, SecureCRT will use COM2 as the port entry. Note: /SERIAL and its related options are only available if serial capability is selected during installation.
	[ /BAUD baudrate ]	Set the baud rate. Valid values for baudrate are 110, 300, 600, 1200, 2400, 4800, 9600, 14400, 19200, 38400, 57600, 115200, 230400, 380400, 460800, and 921600. The default value is 38400.
	[ /CTS \| /NOCTS ]	Enable or Disable RTS/CTS (request-to-send/clear-to-send) hardware flow control. By default, RTS/CTS is enabled.
	[ /DATA databits ]	Set the data bits. Valid values for n are 5, 6, 7 or 8. The default value is 8.
	[ /DSR \| /NODSR ]	Enable or Disable DTR/DSR (data-terminal-ready/data-set-ready). By default, DTR/DSR are not enabled.
	[ /PARITY parity ]	Set the parity. Valid values for parity are NONE, ODD, EVEN, MARK, SPACE. The default is NONE.
	[ /STOP stopbits ]	Sets the stop bits. Valid values for stopbits are 0, 1 or 2 (0 indicates 1 stop bit, 1 indicates 1.5 stop bits, 2 indicates 2 stop bits). The default value is 0 (1 stop bit).
	[ /XON \| /NOXON]	Enable or Disable XON/XOFF software flow control. By default, software flow control is disabled.

2 Replies to “SecureCRT – Command Line Options”

Egon Haparnass says:

May 17, 2018 at 10:45 am

Interested in stealth mode. That is no display at all.
This is usefull for scripts.

Please advise

1. Mr. Bray says:
  
  June 3, 2018 at 3:39 am
  
  Hi Egon! I don’t know of a way to go stealth within SecureCRT itself. I’ve only used it in a stealthy way by using window options within vbs or javascript (https://ss64.com/vb/run.html).

Standard Command-Line Options

Protocol-Specific Command-Line Options

2 Replies to “SecureCRT – Command Line Options”

Leave a Reply Cancel reply