Bitvise SSH Server Version History

Changes in Bitvise SSH Server 6.07:    [ 4 May 2014 ]

  • Fixed issue where the SSH Server Control Panel would sometimes refuse to display its main window, especially on slow systems.
  • Rare crashing bug in the SSH Server Control Panel believed fixed. The Control Panel will now enumerate only its own windows, instead of unnecessarily enumerating all top-level windows. This should avoid the possibility that a window becomes invalid between enumeration and access.

Changes in Bitvise SSH Server 6.06:    [ 18 April 2014 ]

  • A change in version 6.05 triggered an issue where, after logging in, the Bitvise SSH Server Control Panel would open displayed instead of minimized, and would have to be minimized manually. Fixed.
  • In the terminal subsystem, the console history buffer now functions properly when the "discard old duplicates" mode is enabled on Windows Vista or newer.

Security Clarification:    [ 9 April 2014 ]

  • We have recently received many inquiries about whether our software is affected by the heartbeat vulnerability in OpenSSL (nicknamed "Heartbleed"). This vulnerability relates to a protocol we do not implement, and a code base that is independent of ours. None of our software shares common code with OpenSSL or OpenSSH.

Changes in Bitvise SSH Server 6.05:    [ 5 April 2014 ]

  • SSH server settings can now be imported additively, so that configurations from multiple SSH servers can be consolidated in a single SSH server installation.
  • In a master/slave configuration, slave servers can now be configured to connect occasionally, with a configurable average delay between connections, instead of maintaining a permanent connection to the master. This should help reduce load on master servers with a very large number of slaves.
  • Individual adjustment of channel window size has proven to be effective with JSCH-based clients, including Cisco appliances, which contain a race condition causing them to stall unless window size is frequently adjusted. Our SSH implementation will now adjust channel window size individually when communicating with JSCH-based software.
  • The less secure MD5-based and 96-bit message integrity algorithms are now disabled by default.

Changes in Bitvise SSH Server 6.04:    [ 11 February 2014 ]

  • Elliptic Curve support: ECDSA host keys and client keys, as well as ECDH key exchange, are now supported. Initially supported curves are secp256k1, nistp256, nistp384, and nistp521. When used with clients that also support ECDSA and ECDH, this is an improvement in effective cryptographic security from 80 - 112 bits of symmetric security, to 128 or more, depending on the curve chosen.
  • Installer:
    • A command line option is now available to abort installation if a specified warning occurs.
    • Full help text for installer exit codes is now available.
  • Control Panel and Settings:
    • Master/slave settings are now fully configurable from the command line using BssCfg, and programmatically using the BssCfgManip COM object.
    • Virtual account password expiration can now be configured on a per-account basis. If password change is disabled for the virtual account user, this can be used to configure virtual accounts with an expiry date.
    • For new Windows groups and new installations, the "Map remote home directory" and "Map remembered shares" settings are now enabled by default, to better meet initial user expectations when logging into a Windows account.
    • On Windows Vista and later, HTTP links are now opened in a non-elevated browser window.
    • Fixed an error which caused an assertion failure when a Remote Control Panel session fails due to packet overflow.
    • Fixed two slow GDI handle leaks that could lead to the Control Panel crashing in specific circumstances after running for a period of several weeks (e.g. in slave installations).
    • Dates are now displayed in a fixed YYYY-MM-DD format, so that lists containing date columns can be sorted by date regardless of Windows locale.
    • A newly added Listen rule in account settings entries will now have a default Accept rule entry. Previously, an Accept rule entry had to be configured manually for the Listen rule to allow any connections.
    • Improved log path links in Log folder viewer.
  • SSH session:
    • Improved disconnect handling, so that sessions are less likely to hang.
    • Username blacklisting is now supported. If a client attempts to authenticate with a username blacklisted by the server administrator (e.g. "root"), the originating IP address will be immediately locked out for the default IP blocking duration.
    • Implemented several adjustments to reduce the possibility of a channel blocking due to buffering and window adjustment issues.
    • The server will no longer try to create a window station and desktop when a virtual account is running in Local System context, avoiding a log warning.
    • Implemented several debugging features related to in-window size and window adjustments, to help investigate compatibility issues with JSCH-based clients that block during SFTP upload.
  • File transfer:
    • An SFTP success reply will now be sent without a description, cutting packet size by 39 bytes. This might improve compatibility with clients that send a large number of small write requests, but lack a large enough buffer to receive all status replies.
    • SFTP can now be limited to version 3 on a per-group and per-account basis, to allow focusing specifically on those users who connect with clients that require this.
  • Terminal:
    • For clients that do not support UTF-8, the terminal code page used by the server is now configurable on a per-group and per-account basis.
  • BvLsa authentication module:
    • Auditing and logging improvements.

Changes in Bitvise SSH Server 6.03:    [ 05 November 2013 ]

  • Utilities: The bvRun utility now supports specifying the command to run on the command line without having to enclose it as part of the -cmd="..." parameter.
  • Control Panel and Settings:
    • Settings pages are now easier to scroll using the mouse wheel.
    • Implemented accessibility improvements in SSH Server Control Panel and Settings.
    • Fixed an issue which could have caused the Log Folder Viewer user interface to become unresponsive if a third-party application was installed that sent an unexpected GUI message.
    • Version 6.01 implemented tolerance for importing invalid keys from a previous version of SSH server settings, but only for public keys stored under accounts. This handling is now extended to public keys stored under groups, as well.
  • Authentication: Implemented a workaround for a memory leak in lsass.exe, which would previously appear when handling SSH logins on recent Windows versions.
  • SSH session:
    • Implemented ability to log and debug changes in channel window sizes.
    • Fixed an issue which caused an SSH session to terminate prematurely if the client sent a characteristic SSH_MSG_DEBUG packet.
  • Exec requests: Implemented a workaround to improve compatibility with Git. The SSH server can now detect exec requests sent by Git, and convert any single-quoted strings into double-quoted strings that work on Windows.
  • Terminal: Fixed an issue with Home and End keys not working with PuTTY.
  • Installation: Fixed an issue which caused the uninstaller to incorrectly believe that a system restart is necessary in order to complete uninstallation.
  • File transfer: With clients that do not specify otherwise, the SSH server will no longer request exclusive write access when opening files the client requested to open for writing. This improves compatibility with clients that open multiple handles to a file and expect to be able to write to them simultaneously; and also, occasions when a client reconnects and attempts to resume a transfer when the server hasn't yet detected termination of the previous session.

Changes in Bitvise SSH Server 6.02:    [ 30 July 2013 ]

  • Fixed a command line parsing issue which prevented quoted parameters from working properly. Commands such as 'bvRun -brj -cmd="..."' now work correctly again.
  • Fixed logging of superfluous warnings related to firewall management, configuration synchronization, and password cache.
  • Fixed an issue which caused IPv6 bit masks to not be generated correctly when significant bits wasn't a multiple of 16.

Changes in Bitvise SSH Server 6.01:    [ 12 July 2013 ]

  • Control Panel and Settings:
    • Bitvise SSH Server now supports master/slave configuration. In clusters and large installations, one SSH server installation can be configured as the master, while secondary installations can be configured as slaves. The slaves will connect to the master, and automatically download and apply settings and configuration changes from the master.
    • Per-user bandwidth limits are now supported. The administrator can limit the maximum speed with which a user can transfer data to or from the server, either per session, or for all concurrent sessions from a user.
    • It is now possible to configure different IP address restrictions for incoming connections on a per-account or per-group basis.
    • Improved automatic router configuration to also support devices that expose only UPnP version 2.
    • File transfer speeds will now again be correctly displayed on the Activity tab. A bug caused file transfer speeds to not be displayed correctly in versions 5.50 - 5.60.
    • Improved memory consumption of SSH server settings when a large number of accounts are configured.
    • Improved support for Microsoft identity accounts (e.g. of the format ...@hotmail.com).
    • Improved backward compatibility when importing settings from versions 3.xx and 4.xx. Proxy profiles and SFTP root directories will now be properly imported from WinSSHD 3.xx. Any invalid public keys in account or group settings entries will now be skipped when importing from WinSSHD 3.xx or 4.xx.
    • BssCfg command line parameters are no longer case-sensitive.
    • The SSH Server Control Panel will now work correctly in high-contrast mode.
    • A warning dialog will now be displayed when the SSH server is started with the Windows Firewall management feature configured so as to restrict access to connections from the local subnet only.
    • Unblocking an IP address will now also clear records of previously failed authentication attempts, so that the next authentication failure will not immediately result in another blocking.
    • The automatic IP blocking feature now supports a configurable whitelist. Addresses entered into the whitelist will not be affected by automatic IP blocking.
    • The settings "Tolerate first window fault" and "Maximum subsequent fault bytes" have been obsolete since SSH server version 5.00, and have been removed.
  • Authentication:
    • The SSH public key management subsystem is now supported. Access to this feature can be enabled on a per-user or per-group basis in Advanced SSH server settings. Users for whom this feature is enabled can manage their public keys on the SSH server if they connect with a client that also supports this feature.
    • Improved the way the SID of the local computer is retrieved. Previously, Bitvise SSH Server would retrieve the wrong local computer SID if there was a local account with the same name as the computer. This would cause the SSH server to incorrectly treat local accounts as if they were domain accounts.
  • SSH session:
    • Improved CPU usage in the SSH server's core infrastructure. Transfer speeds in local loopback testing should now again be where they were in WinSSHD 4.xx. Users should see a decrease in the server's CPU consumption, given the same transfer speeds.
    • Re-implemented SSH session data buffering in order to improve responsiveness for slow clients.
    • Fixed an issue which would cause high CPU usage if the client closed a channel in a non-ready state.
    • The SSH protocol specification is unclear on whether the maximum packet size in the channel data packet refers to the whole packet, or payload only. Previously, Bitvise SSH Server used the interpretation that the size refers to payload only. This caused a compatibility issue with the Axway client. Our implementation has been changed to interpret the outgoing maximum packet size as referring to the whole packet.
    • Fixed issue which caused key re-exchange to not be triggered by the server after a one hour timeout. Key re-exchanges started by the client were still accepted, and key re-exchange was triggered by the server after 1 GB of data transferred.
  • Environment variables:
    • Advanced environment variable syntax is now supported in the same style as used by the Windows command interpreter, and as described in "help set". In addition to basic syntax (%SOMEVAR%), the following suffixes are supported: %SOMEVAR:~N%, %SOMEVAR:~N,M%, %SOMEVAR:findStr=replaceStr%, %SOMEVAR:*findStr=replaceStr%. This allows administrators to configure a single group-wide rule to map structured home directories. For example, a home directory structure such as M:\Home\a\Aaron, M:\Home\b\Benjamin, can be configured with M:\Home\%USERNAME:0,1%\%USERNAME%.
    • Child processes launched over an SSH session will now receive an environment variable named SSHSESSIONID, which can be used to identify the SSH session. Separate terminal sessions will still receive the same SSHSESSIONID if they are launched over the same SSH connection.
    • If SSH server settings permit the client to set environment variables, environment variables set by the client will no longer be used when expanding environment variables in terminal shell or exec request prefix strings configured in SSH server settings. Environment variables provided by the client will still be available to child processes started by the client.
  • Terminal:
    • Advanced environment variable syntax is now supported in the same style as used by the Windows command interpreter, and as described in "help set". In addition to basic syntax (%SOMEVAR%), the following suffixes are supported: %SOMEVAR:~N%, %SOMEVAR:~N,M%, %SOMEVAR:findStr=replaceStr%, %SOMEVAR:*findStr=replaceStr%. This allows administrators to configure a single group-wide rule to map structured home directories. For example, a home directory structure such as M:\Home\a\Aaron, M:\Home\b\Benjamin, can be configured with M:\Home\%USERNAME:0,1%\.
    • Child processes launched over an SSH session will now receive an environment variable named SSHSESSIONID, which can be used to identify the SSH session. Separate terminal sessions will still receive the same SSHSESSIONID if they are launched over the same SSH connection.
  • File transfer:
    • It is now possible to create multiple nested directories at the same time using a single "make directory" command.

Older Versions

Bitvise SSH Server 5.xx Version History

WinSSHD 4.xx Version History

WinSSHD 3.xx Version History