Bitvise SSH Server Version History
Changes in Bitvise SSH Server 5.60: [ 21 March 2013 ]
- When the setting "Automatically configure router (requires UPnP)" was enabled in previous SSH server versions, the service would interact with the router using Windows functions which, on recent Windows platforms, are causing a memory leak. This caused the SSH server to consume large amounts of memory if left running over a long period of time with this setting. To avoid the memory leak, automatic router configuration has been re-implemented using a different Windows API.
- Accounts and authentication:
- Account lookup caching has been redesigned, so that users with a large number of accounts configured in SSH server settings will no longer encounter long delays during authentication.
- Password cache entries can now be added for accounts from domains with a one-way trust relationship.
- File transfer:
- Improved interoperability with SFTP clients that require the SSH_FXP_REALPATH request to succeed on the root directory ("/") when the root directory is virtual (contains a list of drives).
- The lftp client has been found to incorrectly ignore the last received data packet if the EndOfData flag is set by the server, when using SFTP version 6. The SFTP subsystem will no longer set the EndOfData flag for OpenSSH-based clients (including lftp).
- Improved compatibility with the Windows Firewall service on Windows 8.
Changes in Bitvise SSH Server 5.59: [ 28 January 2013 ]
Security: Previous Bitvise SSH Server versions 5.50 to 5.58 contain a flaw which may allow an unauthenticated, remote attacker to disrupt operation of a computer where Bitvise SSH Server is running. Using this flaw as an attack vector for an intrusion greater than denial of service seems impractical, but cannot be ruled out.
We recommend upgrading to version 5.59 or newer. Users who did not have upgrade access to version 5.59, but did have upgrade access for a version from 5.50 through 5.58, have had their upgrade access extended to cover version 5.59 free of charge. Such users can find updated activation information in their License Overview.
When upgrading from a previous version to resolve this issue, the computer running the new version should be restarted after the upgrade. The flaw being fixed is in a component loaded at system boot time which cannot be unloaded until restart.
Versions prior to 5.50 are unaffected.
- SFTP: Fixed an issue in the SFTP subsystem which would cause a file transfer session to terminate when a client using SFTP version 4 or higher requests to retrieve access rights for a file that has an empty ACL (all access).
- Control Panel: Implemented a measure to help avoid an issue which might cause the SSH Server Control Panel to unsuccessfully try starting on logon for non-Administrator users.
Changes in Bitvise SSH Server 5.58: [ 5 December 2012 ]
- Terminal subsystem: Fixed a compatibility issue with Windows 8 that could cause some programs to encounter issues when accessed through the SSH server's terminal shell.
- Main service: Fixed an issue which could cause an error when simultaneously creating multiple concurrent logon sessions for the same user.
- Settings: Fixed intermediate checkbox state handling with 3-state checkboxes.
- Settings: Port number conditions for Connect rules of type "Any IP address" are now interpreted correctly. Previously, a rule of this type would match any IP and port number, regardless of the configured port range.
Changes in Bitvise SSH Server 5.57: [ 21 October 2012 ]
- Addressed an issue introduced in version 5.56 which would prevent the terminal subsystem from functioning on 64-bit Windows older than Windows 7 and Windows Server 2008 R2. Affected platforms included 64-bit Windows Vista, Windows Server 2008 (not R2), and Windows Server 2003.
Changes in Bitvise SSH Server 5.56: [ 8 October 2012 ]
- Implemented a further fix for programs running under terminal emulation on Windows Server 2012 and Windows 8.
- Further extended the workaround for SFTP clients that attempt to open a channel of type "session\0" instead of "session".
Changes in Bitvise SSH Server 5.55: [ 24 September 2012 ]
- Added support for Windows 8 accounts associated with an internet identity.
- Fixed an issue which caused problems with some programs executed under a terminal session on Windows 8.
- Implemented a workaround for an SFTP client that incorrectly requests to open a channel of type "session\0" instead of "session".
- Fixed an issue which could prevent cross-mount point SFTP rename and copy operations from functioning properly.
- Upgrading from pre-5.50 versions to one of the previous 5.5x versions could result in an auto-run entry remaining in the Windows registry. Fixed.
Changes in Bitvise SSH Server 5.54: [ 31 August 2012 ]
- SFTP v6 data copy and file copy requests are now supported.
- Files can now be moved and copied across virtual mount points.
- Renaming a file or directory now requires read, write, and delete permissions in mount point configuration. Previously, write and delete permissions were sufficient.
- A text seek to the beginning of the file had no effect. Fixed.
- Port forwarding:
- When evaluating client-to-server port forwarding destinations specified by DNS name, the destination address wasn't properly translated to an IP address and matched against IP-based connect rules. This especially affected users who upgraded from versions 5.26 and earlier, whose default connect rules contain a single IPv4 entry. Fixed.
- When denying a client-to-server port forwarding request, an incorrect target address could be logged. Fixed.
- The insert time and comment information associated with the SSH server's host keys can now be obtained through "BssCfg keypair query -local". It can also be obtained through the new BssCfgManip method GetKeyInfo2.
- When upgrading to a new SSH server version with a different settings format, the previous version's settings are now automatically backed up.
- The scheduled task to run the WinSSHD Control Panel is now removed when upgrading from version 5.26 or earlier.
Changes in Bitvise SSH Server 5.53: [ 19 August 2012 ]
- Fixed an issue with importing settings from version 5.26 if server-configured port forwarding rules were defined.
- The terminal subsystem now supports Windows 8.
- The terminal subsystem now supports Doskey, console aliases, F2, F7, F9, and Alt+F7 console functionality.
- Cursor size now changes when switching insert mode on and off.
- Active screen buffer tracking in the terminal subsystem should now be more reliable.
- The user public key management interface in SSH Server Settings can now export public keys, and can import multiple public keys at once.
- The "Send us feedback" dialog has been slightly improved.
- The service account, computer name, and domain name are now logged in the initial message when the SSH Server starts.
Changes in Bitvise SSH Server 5.52: [ 1 August 2012 ]
- Fixed an issue introduced during architectural changes to logging in 5.50 which caused child process exit codes to not be reported to the SSH client.
- Improved handling of -site and -installDir parameters for unattended installation.
- Logon delaying has been reimplemented to minimize the impact of logon delays during normal operation, without impacting security against failed login attempts.
Changes in Bitvise SSH Server 5.51: [ 20 July 2012 ]
- Fixed an issue in the terminal subsystem which prevented execution of other programs from a terminal shell on Windows versions prior to Windows Vista.
Changes in Bitvise SSH Server 5.50: [ 18 July 2012 ]
- Bitvise WinSSHD is now Bitvise SSH Server.
- SSH service:
- A 64-bit version of the main SSH service will now be installed on 64-bit Windows (AMD x64).
- Bitvise SSH Server is now Large Address Aware on 32-bit platforms. On 32-bit Windows started with the /3GB switch, the BvSshServer service will be able to use up to 3 GB of virtual memory space.
- If Bitvise SSH Server settings require the service to interact with the Windows Firewall, the BvSshServer service will now maintain a dependency on the Windows Firewall service, so that the SSH server is not started before Windows Firewall.
- SSH Server Control Panel and Settings:
- In Advanced settings, access to the SSH server can now be restricted to clients that advertise, or don't advertise, specific SSH software names and versions.
- In Advanced settings, access rules that were previously separated into IPv4 and DNS rules are now integrated into a single list of rules which can now have IPv4, IPv6, and DNS-based entries.
- In Advanced settings, a password policy can now be configured for virtual accounts configured in SSH server settings. The password policy will be enforced both for password changes initiated by virtual users, as well as password changes initiated by administrators through SSH server settings.
- Automatic settings backup can now be disabled.
- IP addresses can now be blocked permanently from the Session tab.
- The pop-up notification window has been reimplemented and improved.
- The Activity tab now also logs the date of each activity entry, in addition to the time. Note that the Activity tab remains intended as a quick, convenient overview of recent activity, and will only ever show activity that occurred since the SSH Server Control Panel process was started. Administrators who seek a complete activity audit should monitor textual log files.
- Most strings in SSH server settings will now have leading and trailing whitespace removed automatically. An exception is "Exec request prefix", which requires a trailing space.
- Improved performance of encoding and decoding settings.
- Bitvise SSH Server now records textual log files in an XML-based format suitable for machine parsing.
- Many SSH server events have been rearranged or renamed as a result of the change in logging architecture.
- Time stamps in log files are now recorded in the server's local time zone, rather than Universal Time.
- Client authentication:
- Windows domain accounts can now log into Bitvise SSH Server without requiring changes in Active Directory permissions for the SSH service.
- Unix realm logins are now supported.
- Logon into domain accounts that use an NT4 domain controller is now supported again. (However, Bitvise SSH Server 5.xx continues to not support NT4 as a platform it can be installed on.)
- The Domain Order setting no longer needs to be configured in order to allow domain accounts to log in without explicitly specifying a domain name. However, the Domain Order setting is still supported for administrators who wish to enforce a predictable domain lookup order for logins that don't explicitly specify a domain name.
- Windows accounts can now log into Bitvise SSH Server using public key authentication without requiring the Windows account password to be stored in the SSH server's password cache.
- Virtual accounts can now use an arbitrary Windows account to provide security context without requiring the backing account's password to be stored in the SSH server's password cache.
- The password cache is now expected to be used much less, but is still supported for users who wish to store a Windows account's password in the password cache, so that a logon for that Windows account will have access to network resources. (Windows accounts that log in without either a password provided by the client, or a password stored in the password cache, will require separate authentication to access network resources.)
- New passwords stored in the password cache will now be resilient to computer name change.
- Password change can now be allowed or disallowed for individual Windows accounts and virtual accounts through their account settings entry. It can also be enabled and disabled for all virtual accounts through Advanced settings > Access control.
- The SSH server will now call the LogonUser Windows API function from a non-fiber thread. This avoids a problem if BCMLogon.dll is installed on the server machine. BCMLogon.dll is a third party credential manager that runs as part of other processes that call LogonUser. It is unwisely implemented using .NET.
- The Logon Delayer component now properly serializes only login attempts for the same account name, or attempts from the same IP. Previous versions incorrectly serialized all login attempts, even if the account name and remote address were both different.
- On new installations without pre-existing settings, synchronization with ~/.ssh/authorized_keys is no longer enabled by default. It was causing public keys to be inadvertently deleted for users who did not realize that they have an authorized_keys file stored under their Windows profile. The feature is still supported and can be enabled through Advanced settings > Access control > Synchronize with authorized_keys.
- Virtual accounts may now be configured to use the BvSshServer service account - usually Local System - as their security context.
- The SSH server will now set the APPDATA environment variable if it's not set automatically by Windows.
- The SSH protocol implementation will now ignore channel messages received after a channel is closed, rather than aborting the SSH session.
- Fixed an issue which could lead to the SSH server failing to disconnect a remote share configured in "Windows file shares" for an individual group or account in Advanced settings.
- The default wait time for newly configured on-logon and on-logoff commands is now 300 seconds. The previous default value, 0 seconds, could cause the command to be terminated before it even starts on systems under heavy load.
- Sockets and port forwarding:
- IPv6 addresses and interfaces are now supported throughout the SSH server.
- Previous SSH server versions would create sockets with a default setting which allows sockets to be inherited to child processes. On busy installations that use server-to-client port forwarding simultaneously with terminal sessions or file transfer, socket handles would be inherited by child processes and prevent listening sockets from closing. Fixed.
- Console windows for the terminal subsystem will now use a tiny font size, to prevent a low screen resolution on the SSH server machine from restricting the size of terminal windows that can be opened by clients.
- Some popular clients, such as PuTTY, transmit an Escape key pressed by the user as a single Escape character, without encoding necessary to disambiguate the single Escape key from a terminal escape sequence. Bitvise SSH Server now supports a setting to handle such single Escape characters gracefully, based on timing in the character's transmission. The setting can be found in Bitvise SSH Server Advanced Settings > Server > Recognize single escape character.
- The window station and desktop are now initialized in such a way that a command like "runas /user:administrator" can now be run under the terminal subsystem.
- A new setting, "Always use 'dumb' pseudo terminal", can now be configured for an individual account or group in Advanced settings. Enabling this setting causes Bitvise SSH Server to always behave as if the client requested no terminal emulation (e.g. vt100/xterm/bvterm), even if the client did request it.
- File transfer:
- Windows accounts and virtual accounts can now inherit mount points from their group, adding their mount points to those defined by the group, instead of replacing group mount points entirely. An account settings entry can also undefine specific group mount points.
- Improved file transfer performance potential for clients that make optimized use of SFTP request pipelining and SSH window sizing.
- To improve compatibility with SCP paths commonly used with WinSSHD 4.xx, the file transfer subsystem now recognizes paths in the format "x:/dir/subdir".
- The Virtual Filesystem Provider interface has been re-designed to use a plain C interface without dependencies on Bitvise's internal libraries. It is now possible to implement filesystem providers whose builds won't be tied to an individual SSH server build. Third party developers who wish to implement a virtual filesystem provider can contact us for header files and examples.
- When generating SFTP directory listings, the detailed time format (including hour and minute) is now used for times in the near future (up to 24 hours ahead). Previously, file times that were even slightly ahead of the server's clock would be encoded using the format that includes year, but not hour and minute. This change improves compatibility with clients that parse textual directory listings, but has no effect on clients which properly use binary time information provided by SFTP.
- Fixed the SFTP server's reply to "check-file" requests.
- The FlowSfsWin provider setting "OwnerGroup" now supports new values "UnknownToDefault" and "UnknownToError", in addition to the previously supported "Disable".
Changes in WinSSHD 5.26: [ 17 November 2011 ]
- Fixed an issue in the terminal subsystem which caused output from select command line programs to not be relayed to the client. Notably affected was msysgit.
- When downloading files from WinSSHD through SCP, the SCP subsystem now sends POSIX permissions as 0644 instead of 0755 (it no longer sets the execute bit).
Changes in WinSSHD 5.24: [ 20 October 2011 ]
- Virtual users: Implemented a further fix for the issue first addressed in version 5.18 - when WinSSHD has been running for a long time, the password for the WinSSHD_VirtualUsers account can expire on some systems due to their security policy, preventing virtual users from logging in until WinSSHD is restarted. This fix should allow WinSSHD to reset the account's password as intended, without requiring a restart.
- Subsystems: It turns out that there are third party DLLs that may get loaded as part of WinSSHD on some systems, which intrusively modify the process's current working directory. Previous WinSSHD versions relied on the current directory of the WinSSHD service staying the same in order to start the terminal shell or file transfer subsystems. We implemented a workaround to no longer rely on this, allowing WinSSHD to be used with third party DLLs that change its current working directory.
- SFTP: When a client requested a file to be opened in TRUNCATE_EXISTING mode, WinSSHD was using an incorrect combination of Windows file open flags, causing the request to fail. Fixed.
- SFTP: Some clients attempt to open files while providing an empty POSIX user or group. Previously, WinSSHD would attempt to look up this empty user or group name, causing the request to fail. WinSSHD now ignores empty POSIX user or group names sent by the client.
- Terminal: Microsoft has tinkered with how the Windows console is implemented in Windows 7, and apparently introduced a bug which causes the console window to crash when running a program that switches screen buffers under the WinSSHD terminal subsystem. To avoid triggering this bug, WinSSHD now refrains from closing screen buffer handles on Windows 7.
- Port forwarding: Some systems appear to suffer from a problem where listening sockets do not always close correctly, but may instead linger and prevent connections to future listening sockets opened on the same port. To avoid this problem, WinSSHD now caches listening sockets, keeping listening sockets around for 5 minutes after they would otherwise have been released, and reusing them if a client re-connects requesting the same listening socket.
Changes in WinSSHD 5.23: [ 3 March 2011 ]
- Changed the implementation of time measurement in WinSSHD to avoid relying on the system's high performance timer. This avoids an issue in environments running Windows Server 2008 under a virtual machine hypervisor which fails to provide the hooks required by the OS to properly implement the high performance timer. This should solve premature session or authentication timeouts when WinSSHD is running on Windows Server 2008 in environments such as Amazon EC2.
- In WinSSHD advanced settings, the settings entry for the Everyone Windows group will now always be last, to prevent it taking precedence over more specific group entries.
- WinSSHD would sometimes fail to report a child process exit code to the client. Fixed.
- WinSSHD would fail to disconnect Tunnelier, and other sshlib/FlowSsh clients, on session inactivity timeout, if the Keep alive / broken session detection feature was enabled, and set to a time shorter than the session inactivity timeout. Fixed.
- The wstat utility and example program has been reimplemented to use the WinSSHD Remote Control Panel protocol instead of grabbing information from a memory table periodically updated by WinSSHD. The new wstat showcases how to communicate with WinSSHD and extract information in the same way that the WinSSHD Control Panel does.
- The WinSSHD Control Panel now displays the list of revealed password cache entries in alphabetical order.
- The WinSSHD Control Panel now provides the ability to clear all hidden password cache entries. It was previously not possible to clear hidden password cache entries without also clearing all revealed entries.
- The WinSSHD Control Panel feature for resetting settings now also allows restoring WinSSHD settings to a previously generated backup. The WinSSHD Control Panel backs up settings each time they are edited and saved.
- WinSSHD Control Panel interface settings can now be changed using the wcfg command line configuration tool, as well as the WinsshdCfgManip COM object. This includes settings about when, and for what events, pop-ups should appear, as well as enabling or disabling the persistent tray icon.
Changes in WinSSHD 5.22: [ 8 January 2011 ]
- It is now possible to change the WinSSHD service startup type (automatic, manual, or disabled) from the WinSSHD Control Panel instead of having to configure it through Windows Services.
- The "Manage password cache" dialog in the WinSSHD Control Panel now provides features to backup and re-import password cache entries.
- The "Persistent tray icon" and popup settings are now saved for concurrent WinSSHD installations (sites) individually.
- Fixed issue where WinSSHD Control Panel would freeze or crash on Windows XP if a parent settings window was closed before the child settings window.
- Virtual users can now change their passwords remotely using SSH clients, such as Tunnelier, that support password change. This feature can be enabled or disabled under "Access control" in Advanced settings.
- Fixed WinSSHD Control Panel issue where user authentication keys for an account managed through Advanced settings would be lost when changing Easy settings.
- The WinSSHD installer has been modified so it does not require loading DLLs from the current directory and can run with an enabled CWDIllegalInDllSearch registry entry.
- Implemented workaround for Comodo Firewall, which would prevent the WinSSHD terminal subsystem from functioning correctly on 64-bit versions of Windows 7, and possibly other 64-bit platforms.
- Fixed issue which caused some applications to crash when running under the WinSSHD terminal subsystem on Windows 2000 without Service Pack 3 installed.
- Fixed issue where an unauthenticated user could cause WinSSHD to dereference a null pointer, causing the SSH session to close. At the time of this release, we are not aware of any ways to exploit this issue. WinSSHD would continue to run normally, but would report an access violation in the logs.
- The terminal shell and exec request subsystems will now send their exit code to the client before reporting end of data on the SSH channel. This is intended to help clients such as OpenSSH properly report the exit code.
- For clients which have compatibility issues with WinSSHD when using SFTP version 4 or higher, administrators can now limit SFTP version to 3. The setting is on the "Server" page in Advanced WinSSHD Settings.
- For compatibility with PHP libssh2, WinSSHD will now accept null-terminated SCP commands, and disregard trash data incorrectly sent by the client after the null character.
- For compatibility with PHP libssh2, WinSSHD will now recognize single quote marks as an acceptable alternative to double quotes for paths in SCP.
- Fixed issue in WinSSHD SFTP and SCP subsystems where they would fail to list a directory if it was a root directory completely empty of entries (i.e. did not even contain the "." and ".." entries).
- Fixed issue in the SFTP subsystem where SFTP directory handles would be encoded incorrectly on systems with thousands of mount points defined.
Changes in WinSSHD 5.21: [ 13 December 2010 ]
- When decoding SFTP attributes sent by the client, WinSSHD will now avoid decoding attribute fields that should not be present in the negotiated SFTP version, even if the client indicates (improperly) that such fields are present. This might improve compatibility with J2SSH Maverick 1.4.18.
- Fixed encoding and decoding of SFTP extension requests and responses. This should improve compatibility with SFTP clients that send extended requests.
- Fixed an issue introduced in WinSSHD 5.20 where the Windows error code for an unsuccessful login attempt would be incorrectly logged as 0 ("The operation completed successfully").
- Fixed an issue introduced in WinSSHD 5.20 where WinSSHD Remote Control Panel would block disconnect requests indefinitely (even though the disconnect itself completed successfully).
Changes in WinSSHD 5.20: [ 22 September 2010 ]
- WinSSHD Control Panel: Fixed issue where, in Easy settings, an account would disappear if accounts were viewed and edited in a certain pattern.
- WinSSHD Control Panel: Fixed issue where a private keypair would not be properly exported if it was previously imported from WinSSHD 3.xx or 4.xx.
- SCP/SFTP: The ExpanDrive client calculates window adjusts incorrectly if it receives more than one SFTP packet in a single SSH packet. This would lead to transmission stalling after the client has miscalculated window sizes enough. WinSSHD will now avoid an optimization by concatenating multiple SFTP packets, except when talking to a client known to handle this correctly.
- SCP/SFTP: The compatibility workaround for clients that require a dummy modification time to be encoded even when there isn't one, was previously only used for CuteFTP. There appear to be more clients with this issue (e.g. TurboFTP), so a dummy modification time will now be sent to all clients except those known to handle this correctly.
- SCP/SFTP: Fixed issue where resolving a symbolic link would incorrectly fail due to missing Read permission.
- Fixed a possible cause for incorrect triggering of an SSH session unresponsiveness timeout.
- WinSSHD will now stop, or fail to start, if it can't bind any of the configured listening ports, and no SSH session is active. Previously, WinSSHD would appear to be running, whereas in fact the user had a different SSH server installed that was accepting connections, confusing the user if they didn't check the WinSSHD log.
Changes in WinSSHD 5.19: [ 03 August 2010 ]
- The WinSSHD SFTP and SCP subsystems now disable file system redirection on x64 systems, enabling clients to access directories such as \Windows\System32 without being redirected to \Windows\SysWOW64.
- The WinSSHD SFTP and SCP subsystems would previously always open a file with flags that prevented other applications from changing the file while open by the client. This prevented downloading files currently being written to by other applications, e.g. hot MySQL log files. WinSSHD will now allow another application to write to a file if the client opens it with read access (for downloading) only.
- Improved Windows firewall-related error handling on Windows Vista and newer. Fixed issue which would cause WinSSHD to record many firewall-related log entries unnecessarily.
- Added support for the xterm-color terminal type for better compatibility with Mac clients.
- Quest PuTTY contains bugs in their GSSAPI implementation which cause the client to access undefined memory if the server sends a host key during GSSAPI key exchange. WinSSHD will now avoid sending a host key if a Quest PuTTY client is detected.
- WinSSHD Settings object selection dialog: Fixed issue where groups would not appear.
- WinSSHD Settings object selection dialog: Fixed issue where instead of a domain account's logon name, its Display Name would be entered in WinSSHD Settings.
- WinSSHD Control Panel: Fixed issue where opening a log file from the log folder viewer would fail if a third-party program caused certain registry settings to be set incorrectly.
- The WinSSHD Activation State Checker button would fail to open the WinSSHD Control Panel in some cases when elevation was required. Fixed.
Changes in WinSSHD 5.18: [ 26 May 2010 ]
- WinSSHD now supports synchronization of WinSSHD-configured user authentication public keys with public keys managed by Windows account users through ~/.ssh/authorized_keys. If the administrator enables this option in WinSSHD advanced settings, and the "authorized_keys" file is present in the ".ssh" subdirectory of the user's Windows profile directory, then WinSSHD will read that file when the user logs off, and synchronize the user's public keys in WinSSHD settings with the keys as contained in the file. This feature is enabled by default on new installations, and can be enabled manually on upgraded installations.
- WinSSHD will now properly send the chosen listening port number to a client that requests server-to-client tunneling on port 0.
- Firewall service initialization compatibility improvements.
- Unless configured otherwise, WinSSHD will now load the logged on account's Windows profile before starting the SFTP or SCP subsystems.
- The WinSSHD virtual filesystem provider for SFTP and SCP now supports an additional optional parameter named "ShowHidden". Setting it to "No" causes WinSSHD to omit files and directories with the Hidden attribute from directory listings sent to the client.
- CuteFTP appears to not support SFTP directory entries that lack a modification time. WinSSHD now attempts to detect connections from CuteFTP clients and in that case sends a dummy modification time for mount point directories.
- WinSSHD now supports the "xterm-new" terminal type, which is requested by some clients.
- WinSSHD now supports the "env" channel request for "exec" and "shell" subsystems. This allows clients that also support this request type to set environment variables before remotely executing a program or shell. This feature can be enabled or disabled on a per-user and per-group basis.
- The terminal console subsystem will now properly handle alternative F1-F4 key sequences as sent by PuTTY.
- WinSSHD will now reset the password for the WinSSHD_VirtualUsers account if Windows returns the error code ERROR_PASSWORD_EXPIRED. Previously, virtual user login would fail due to this error if a Windows password expiration policy was in place and WinSSHD had been running for longer than the password expiration period configured in Windows.
- WinSSHD will now only create the WinSSHD_VirtualUsers account if there are any virtual users configured. If created, the account will be disabled automatically when WinSSHD is stopped, and re-enabled when WinSSHD is started.
- WinSSHD 5.15 introduced a change where connections that do not result in successful authentication would automatically be penalized towards IP blocking. This may have introduced problems for installations that receive many such connections from IP addresses that should not be blocked, due to e.g. network monitoring. WinSSHD now has a new setting to control whether such connections should or should not be penalized towards IP blocking.
- Fixed WinSSHD Settings user interface issue where the account or group object selection dialog would fail to open on some Windows versions. (The account or group name could still be entered manually like in previous WinSSHD versions that did not feature the object selection dialog.)
- WinSSHD Control Panel and Settings UI preferences are now saved in such a way that the persistent tray icon and other features can be disabled machine-wide (rather than per-user) with an HKEY_LOCAL_MACHINE-based registry setting.
- Other WinSSHD Control Panel and WinSSHD Settings user interface fixes.
- Improved WinSSHD installer resilience to the WinSSHD Control Panel being slow to exit when upgrading.
Changes in WinSSHD 5.15: [ 9 February 2010 ]
- Fixed more issues with management of the Windows Firewall. On Windows XP and 2003, the Windows firewall may not yet be available for configuration even if the firewall service is already running. On system startup, WinSSHD now accounts for this possibility and retries configuring the firewall when ready.
- UPnP NAT configuration now uses a smaller but dynamically increasing retry delay to speed up NAT setup during system startup.
- Authentication: connections that do not result in at least one successful authentication method (but not necessarily complete logon) will now be penalized towards IP blocking the same way as a failed password login attempt.
- Fixed a rarely-occuring issue of process exit code not being reported to the client after remote program execution completes.
- WinSSHD Settings now allows users and groups to be verified or searched for using the Windows "Select user or group" dialog.
- Fixes for several WinSSHD Control Panel user interface glitches.
- SFTP: When encoding long file paths in SFTP version 3, the detailed time format will now be used if the file time is less than half a year ago. Previously, the cut-off date for datetime format choice was the beginning of the current year.
- SFTP: The Windows error code ERROR_NOT_READY will now be more properly relayed to the client as the SFTP error "no media".
- SFTP: A '..' entry will now be added to directory listings sent to client, except when listing the root directory.
- Most log events related to client-side port forwarding are now categorized as info messages rather than warnings. Failure events related to server-side port forwarding remain warnings.
- The WinSSHD installer wasn't resolving the -settings=... file path correctly if a relative path was used. An absolute path had to be used in order for this parameter to work. Fixed so that relative paths will now work, too.
Changes in WinSSHD 5.12: [ 24 December 2009 ]
- Fixed a problem in a core library which caused SFTP sessions to terminate with an exception on a significant proportion of servers.
Changes in WinSSHD 5.11: [ 20 December 2009 ]
- The WinSSHD Control Panel now provides a simplified view of WinSSHD settings as "Easy settings". The full WinSSHD settings continue to be available as "Advanced settings".
- The WinSSHD settings interface now supports in-line editing of fields in a table view.
- Improvements in Windows Firewall support, especially for better compatibility with Windows 7.
- WinSSHD now allows configuring connections to Windows file shares without requiring that the shares be mapped to a local drive. A share can now simply be configured so that it can be accessed in the SSH session, using its UNC path, without requiring further authentication.
- WinSSHD would previously fail to remove firewall exceptions for server-to-client port forwardings when the SSH session closed. Fixed.
- WinSSHD executables now have data execution prevention (DEP) and address space layout randomization (ASLR) enabled.
- WinSSHD will now request the authenticating client to set a new password if Windows returns the "password expired" error code. Previously, this was only done when Windows returned the "password must change" error code.
Changes in WinSSHD 5.10: [ 13 October 2009 ]
- Fixed a public key signature verification issue, where verification of a valid signature would fail in about 0.4% of valid public key authentication attempts.
- Server-to-client port forwarding sockets are now created with the SO_REUSEADDR flag. This appears to fix a problem where Windows would not release an S2C listening socket after it has already been closed, preventing a reestablished client session from being able to listen on a port.
- When WinSSHD starts, it sets a long, cryptographically random password for the Windows account used for WinSSHD virtual accounts. When account password complexity requirements were enabled in Windows, previous WinSSHD versions could sometimes fail to start in the event that the long, randomly generated password violated a complexity requirement. WinSSHD should now generate passwords that are not only cryptographically secure, but also, always meet all the requirements.
- SFTP: for improved compatibility with SFTP v3 clients, the SSH_FXP_NOSUCHPATH status code is now translated to SSH_FXP_NOSUCHFILE.
- Improved reliability of the WinSSHD uninstallation and upgrade process. Implemented workarounds to interference of other programs during uninstallation or upgrade.
Changes in WinSSHD 5.09: [ 18 August 2009 ]
- The SFTP/SCP subsystems now support the advanced filesystem provider setting 'FileShare'. When set to 'Disabled', WinSSHD will not allow other applications to access files while they are being held open by the file transfer client.
- Fixed issue with advanced filesystem provider settings introduced in version 5.06.
Changes in WinSSHD 5.08: [ 29 July 2009 ]
- SFTP/SCP: when a user's mount points are configured so that the user can access all drives, the user can now also access arbitrary shared folders, without requiring such shared folders to be pre-configured as mount points. File shares can be accessed with paths of the form "/computer/share/dir/file". Computer names must be longer than 1 character to distinguish them from local drives, which are accessed with paths of the form "/c/dir/file".
- SFTP: implemented compatibility workaround for buggy GNOME Nautilus SFTP client.
- The WinSSHD Control Panel contained a GUI handle leak which would cause user interface issues if the WinSSHD Control Panel was left running with pop-up notifications enabled and many notifications were displayed. Fixed.
- In previous 5.xx versions, the on-logon and on-logoff command would only work with batch files if they were executed with two nested instances of the command interpreter ("cmd /c cmd /c batchfile"). Process creation flags are now adjusted so that batch files will execute correctly with a single "cmd /c".
Changes in WinSSHD 5.07: [ 20 July 2009 ]
- The WinSSHD Control Panel now supports a persistent mode where it will launch automatically on login and stay in the system notification area if closed using the X button. This allows an administrator to receive pop-ups about WinSSHD activity without having to manually launch the WinSSHD Control Panel every time.
- Logging: fixed issue introduced with the firewall management feature in 5.06, where unnecessary errors were logged if the Windows Firewall was off, even if firewall management was disabled in WinSSHD Settings.
- SSH: the session inactivity timeout was effectively doubled in versions 5.05 and 5.06. Fixed.
- SFTP: added workarounds to support OpenSSH link creation handling, which exhibits behavior at odds with the SFTP draft.
- Terminal: reduced excessive use of hide, show, and move cursor instructions.
- Terminal: added terminal name 'tty' as an alias for 'dumb' (no terminal emulation).
Changes in WinSSHD 5.06: [ 18 June 2009 ]
- The WinSSHD Control Panel now features an additional Activity tab which displays recent SSH server activity in a more casual and accessible form than full log files.
- When running, WinSSHD Control Panel can now display popup notifications on the Administrator's desktop when various types of SSH session activity occur.
- The WinSSHD Control Panel now features its own log file folder viewer, to work around a UAC issue that could obstruct opening of the log file folder through Windows Explorer.
- A remote version of the WinSSHD Control Panel can now again be used to administer WinSSHD remotely, using Tunnelier 4.29 or newer.
- SFTP/SCP: WinSSHD now supports read/write/delete access restrictions for mount points, allowing more configurations to be expressed fully using virtual accounts and mount point settings, instead of involving separate Windows accounts and NTFS permissions.
- SFTP/SCP: added advanced setting 'OwnerGroup' to disable sending of owner and group information to clients, and to ignore these data when they are received. Intended to resolve issues where files end up with undesired owners after transfer.
- SFTP/SCP: added advanced setting 'OnDirPermissionDenied'. If set to ShowEmpty, WinSSHD will send an empty directory listing instead of an error if the client attempts to list a directory it is not permitted to access.
- SFTP/SCP: fixed a path concatenation problem which was discovered with SecureFX 6.1.2.
- WinSSHD can now be configured to automatically open ports in the Windows firewall, as well as to automatically configure UPnP-compatible routers to forward connections to the server running WinSSHD.
- Added a setting which controls whether, as in previous versions, WinSSHD should use only a short list of trusted Windows Sockets Layered Service Providers (LSPs), promoting stability, but at a possible expense of connectivity; or whether WinSSHD should use any LSP, promoting connectivity, but at the possible expense of stability.
- Increased stack sizes for WinSSHD components that use sockets, for increased compatibility with third-party Windows Sockets Layered Service Providers that use stack less efficiently than the default Windows provider.
- Third-party product Net::SSH::Perl contains a bug where packet padding length is interpreted as a signed value (-128...127) instead of as an unsigned value (0...255). This prevented interoperability with WinSSHD 5. Reduced minimal packet size from 200 to 80 bytes to avoid this issue.
- WinSSHD will now launch terminal consoles with small fonts, so that larger terminal windows can be supported.
- Fixed a terminal compatibility issue with the 64-bit version of Windows 7.
- Fixed behavior of the PgUp key under terminal.
- On 64-bit platforms, WinSSHD will now launch any on-logon and on-logoff commands with WoW64 file system redirection disabled.
- A number of user interface improvements and fixes in WinSSHD Settings and WinSSHD Control Panel.
Changes in WinSSHD 5.05: [ 19 January 2009 ]
- WinSSHD now uses LDAP instead of the WinNT ADSI provider to lookup domain account information. Nested domain group memberships are now recognized and supported. The domain controller must now be a Windows 2000 or newer - Windows NT4 domain controllers do not support LDAP.
- The WinSSHD service will now be restarted as part of an upgrade or reinstallation if the service was previously running.
- The SFTP and SCP subsystems now recognize Windows paths (rather than strictly SFTP paths) when users try to use them.
- In some cases, the SFTP and SCP subsystems were unable to list a root directory (e.g. C:\) when passing a long-path search pattern to Windows. A short-path is now used for root directories instead.
- The SFTP subsystem now correctly encodes the POSIX permission part of the LongName field.
- Fixed timestamp decoding issue which caused SCP uploads to fail when the -p flag (preserve time and mode) was used.
- Improved compatibility with clients such as JSch which read the wrong SFTP field when querying for a filename.
- Fixed a bug which caused the SSH session to terminate if a server-to-client forwarded connection failed to open.
- The WinSSHD terminal subsystem failed to capture the output of 64-bit console programs when running on 64-bit Windows. Fixed.
- Programs started via an SSH session can now use environment variables SSH_CLIENT and SSH_CONNECTION, which are compatible with OpenSSH.
- The SshDisconnect.ConnectionLost event is now properly logged as an information message rather than a warning.
Changes in WinSSHD 5.04: [ 18 December 2008 ]
- When launching a child process, WinSSHD uses the Microsoft Windows API function CreateEnvironmentBlock() to set up environment variables for the new process. On 64-bit versions of Windows, this function has an issue in that it fails to setup several environment variables which are needed to execute some programs and load some DLLs. WinSSHD now works around this issue by making sure that those environment variables are properly set. This will help users who are having trouble starting certain applications from within an SSH session on 64-bit Windows.
Changes in WinSSHD 5.03: [ 28 November 2008 ]
- WinSSHD Control Panel now supports selecting multiple sessions in the Sessions tab.
- Virtual accounts: When configuring the built-in Windows account for virtual users introduced in version 5.02, WinSSHD would use a hardcoded name for the 'Users' group instead of looking up the correct group name for the current language version of Windows. Fixed.
- Virtual accounts: WinSSHD would not run if it failed to create the Windows account for virtual users. Fixed - if account creation fails, only a warning will be logged now.
- SSH: common socket closing error codes were being logged as warnings instead of regular info messages. Fixed.
- SCP failed to send an exit code in some cases. Fixed.
- SFTP and SCP: Use of POSIX permissions is now disabled by default. Clients would send POSIX permissions which caused uploaded files to be inaccessible on the server. If you wish your clients to be able to set POSIX permissions, configure the specific mount point where this should be supported, by adding the advanced filesystem provider setting 'PosixPermissions' with value 'Enable'.
- Exec requests: An exec request preceded with a terminal request will now open with terminal emulation, but a terminal request with an empty terminal string or for terminal 'dumb' will be treated as if no terminal request was sent. This brings WinSSHD 5.03 behavior in line with recent WinSSHD 4.xx versions.
Port forwarding: fixed an issue where a server-to-client port forwarding socket might not be closed, causing subsequent attempts to accept connections on that port to fail until WinSSHD was restarted.
SSH: Implemented mitigation for the recently discovered probabilistic CBC cipher vulnerability, which permits an attacker with full control over the TCP link, positioned between the client and the server, to extract up to 4 bytes of plaintext from an SSH session if a CBC cipher is used, at the expense of causing the SSH session to break. The attack requires the attacker to break the session about 100,000 times for each successful plaintext extraction attempt. An attack attempt can therefore be detected easily.
Our mitigation in WinSSHD 5.03 attempts to thwart this attack by denying the attacker any means of distinguishing a successful attempt from an unsuccessful one. This only protects data flowing in the direction to WinSSHD (e.g. the client's password). Clients which do not implement similar mitigation can still allow this attack to succeed, when CBC is used, for data flowing from WinSSHD.
To fully prevent this attack, use CTR ciphers (supported by all WinSSHD 5.xx versions).
- Added support for additional alternative Microsoft Firewall Client 2004 Layered Sockets Provider IDs for compatibility with more versions of this client.
- WinSSHD 5.xx uses fibers with small stacks, which has been causing trouble for people with third-party or OEM software such as network providers that load themselves into WinSSHD, assume the stack is large, and cause WinSSHD to crash. We increased the stack sizes of a few WinSSHD components to prevent this from occuring with the programs that were reported to us.
Changes in WinSSHD 5.02: [ 2 November 2008 ]
- WinSSHD now automatically creates a local Windows account for virtual users. Virtual users can now be configured without having to explicitly create and configure a backing Windows account, and without having to seed it in the WinSSHD password cache. This feature is however unavailable on domain controllers, because there are no local accounts on a domain controller, so WinSSHD cannot create one.
- The terminal subsystem now supports the F8 key for command history.
- WinSSHD can now write its textual log files in CSV (comma-separated values) format, with a single line per log entry. Enabling the CSV format in WinSSHD Settings can make it easier to process log files in bulk.
- The WinsshdCfgManip COM object is now implemented as an out-of-process COM server rather than an in-process DLL. This avoids path problems with loading the FIPS cryptographic DLL into a process where the main executable resides in a different directory.
- Added the MS Firewall Client 2004 Windows Sockets Layered Service Provider to the list of LSPs that WinSSHD will trust to use. This enables port forwarding for users who have this firewall client installed.
- The WinSSHD Control Panel can now be started with the '-startMinimized' parameter, which will put it into the system tray - useful for users who need quick access to monitor SSH sessions.
- SSH: fixed key re-exchange issue where the session would hang because higher-level packets weren't being buffered during key re-exchange.
- SFTP and SCP: the file transfer subsystems will now use root ('/') as the default home directory if the home directory configured in settings does not exist.
- SFTP version 3: fixed decoding of time values, which prevented SFTP version 3 clients from setting file times.
- SFTP version 6: fixed encoding and decoding of ACLs.
- The on-logoff command was being executed prematurely. Fixed.
- Improved diagnostic logging facilities.
- We spent several weeks for this release trying to determine why some of our customers are experiencing major slowdowns with WinSSHD version 5 relative to WinSSHD version 4, e.g. a transfer speed of 5 MB/s slowing down to 0.5 MB/s. We made several minor performance improvements in the process, but have been unable to reproduce this drastic slowdown in testing. In the environments we tested, WinSSHD 5 regularly delivered on the order of 10 MB/s. If you experience slow transfer speeds and wish to help us determine the cause of this problem, please contact us. Version 5.02 implements logging facilities that, if enabled, could provide us with the data we need.
Changes in WinSSHD 5.01 (gamma): [ 12 September 2008 ]
- Fixed all known outstanding issues in WinSSHD 5.00, including compression, virtual accounts, non-profit use, importing and exporting keypairs, SSH session reliability, memory footprint, logging.
- This release should now be factors of magnitude more stable than 5.00 beta. To the extent that new issues arise, they are now expected to be fewer and rarer.
- Should now be suitable for production testing. Deploy in monitored, controlled environments, and contact our tech support if any new issues arise.
Changes in WinSSHD 5.00 (beta): [ 25 August 2008 ]
- The WinSSHD terminal subsystem has been entirely rewritten, and now provides state-of-the-art terminal support with all terminal types. Now supports a wider variety of terminals, including ansi, cygwin, linux, scoansi, vt100, vt102, vt220, vt320, wyse50, wyse60, and xterm. When used with Tunnelier, bvterm will still be better in some aspects, but WinSSHD support for other terminals is now excellent, too.
- The WinSSHD SFTP and SCP subsystems have been entirely rewritten, and now provide consistent access to a single virtual filesystem with multiple configurable mount points. A modular provider interface allows pluggable virtual filesystem providers to be written by third parties, to fit in seamlessly with existing WinSSHD mount points.
- The WinSSHD Control Panel has been entirely rewritten, and now provides an interactive view of active SSH sessions, interactive control over WinSSHD IP blocking, support for multiple host keypairs and RSA keypairs, and better management of the password cache.
- WinSSHD now uses the fully FIPS 140-2 validated, DLL version of Crypto++, and runs it in FIPS mode. WinSSHD now also uses a pluggable crypto provider model, which allows another cryptographic library to be substituted for Crypto++ without modifying WinSSHD itself, simply by replacing a DLL.
- The SSH implementation has been entirely rewritten to implement a more flexible architecture and to untangle the SSH architecture from Crypto++. The new implementation is FlowSsh and is based on denis bider's Flow architecture.
- WinSSHD can now be installed as a personal edition, which can be used free of charge by non-commercial, personal users, but limits access to organization-centric features:
- No more than 1 group entry and 10 account entries can be defined in WinSSHD Settings.
- Cannot login with domain accounts.
- No support for GSSAPI authentication.