WinSSHD 3.xx Version History

Changes in WinSSHD 3.32:    [ 20 October 2006 ]

  • Backported the fix for the potential SFTP containment vulnerability issue, as documented for WinSSHD 4.20.

Changes in WinSSHD 3.31b:    [ 28 April 2005 ]

  • SFTP sessions would break after transferring 8GB of data. Fixed.
  • Client-initiated server-2-client port forwarding rules would be abandoned during a configuration reload. Fixed.
  • When defining listening rules for client-initiated server-2-client port forwarding, it was not possible to define multiple listen rules with the same interface, even if the port was different. Fixed.
  • Some clients would send the 'pty-req' channel request before launching SFTP, instructing WinSSHD to launch the SFTP module under a layer of terminal emulation. This would cause the SFTP session to break. WinSSHD will now always launch the SFTP module directly.

Changes in WinSSHD 3.31a:    [ 01 April 2005 ]

  • Fixed a couple of trace events that WinSSHD was logging, incorrectly, under the security context of the SSH user instead of the security context of the service. If trace logging to textual log file was enabled, and if the SSH user did not have permission to open the log file for writing, WinSSHD could shut down when unable to open the log file.

    Users who use a previous WinSSHD version and have it configured to log trace messages in a textual log file are recommended to either upgrade to the latest release, or reduce the log level to Info. Users not using a log file or not logging trace messages can upgrade at their discretion.

Changes in WinSSHD 3.31:    [ 27 January 2005 ]

  • WinSSHD now comes with a bvPwd utility allowing regular users to change their passwords from the console. Note that an administrator can always use the console to change anyone's password with the Windows 'net user' command.
  • To resolve reported inconveniences, WinSSHD now does not at all, by default, clear passwords from the password cache when LogonUser() denies a login attempt after successful public key authentication. WinSSHD can still be configured to clear the corresponding cache entry in this situation by enabling the 'session.clearPwdCacheOnPubKeyAuthFailure' wcfg setting.
  • Fixed problems with starting the SFTP server module that occured on some machines. The problems were distinguished by a 'Received invalid ID' error among the events in the WinSSHD log.
  • Error code descriptions ceased working in version 3.30 - just the Windows error code would be logged and no description. Descriptions are now again properly included.

Changes in WinSSHD 3.30a:    [ 10 January 2005 ]

  • Fixed the (harmless, but annoying) 'Bad service request' Windows Event Log error that would be logged due to a Windows service control message that WinSSHD wasn't expecting.
  • The bvterm server can now receive and handle the Ctrl+Break signal. Requires Tunnelier 3.60a or newer.

Changes in WinSSHD 3.30:    [ 24 December 2004 ]

  • New features:
    • Implemented IP address lockout after a configurable number of login attempts. By default, WinSSHD will now lock out for 1 hour any IP address that connects unsuccessfully 20 or more times in a 5 minute period. These values can be changed, but are not yet available through the graphical WinSSHD Settings interface; they can be configured through wcfg. Execute 'q session.?' from wcfg for help - the settings are session.ipBlockWindowSecs (default 300), session.ipBlockThreshold (default 20) and session.ipBlockLockoutSecs (default 3600). Setting any of these values to 0 will disable the automatic lockout feature.
    • 2048-bit key exchange is now supported (the diffie-hellman-group14-sha1 algorithm). This applies to the key exchange algorithm only, server keypair algorithm support remains same.
    • Debug dump output can now be configured through WinSSHD Settings, allowing rarely occuring SSH protocol and program issues to be diagnosed where they appear. The debug dump output can be configured by selecting custom logging and enabling the desired LOG_D_xxxx events.
    • The graphical utilities now support the XP look and Windows themes.
    • If exec requests are not permitted for a user, but shell access is, WinSSHD will now execute the shell instead of the exec request. This helps with clients which set up the terminal differently for exec requests than for the shell (plink for example), and where only a single specific command is allowed, regardless of what the client attempts to run.
    • Added configuration setting to prevent WinSSHD advertising its exact version in the SSH version string. The setting is not yet available through the graphical WinSSHD Settings interface but can be set through wcfg (server.omitVersion).
    • Made configurable the speed with which WinSSHD accepts connections. The setting is for advanced use and is not yet available through the graphical WinSSHD Settings interface, but can be set through wcfg (server.acceptDelayMs).
  • Fixes and improvements:
    • WinSSHD is now more tolerant towards SSH clients that continue to send data while key re-exchange is in progress. Any data received during this stage is now queued and processed once the re-exchange completes.
    • On the NT4 platform, WinSSHD would disconnect a session when a shell or SFTP child process was executed with the 'Allow Job Breakaway' setting enabled. Fixed. (As a side note, the 'Allow Job Breakaway' setting does not apply on NT4. Process jobs are an OS feature introduced by Windows 2000.)
    • WinSSHD now handles the SERVICE_ACCEPT_SHUTDOWN service control message to exit more gracefully when the system is shutting down.
    • WinSSHD now waits twice as long (3 seconds, previously 1.5) to open the log file before shutting down due to being unable to log.
    • DNS name IP rule processing changed to more closely match intuitive expectations. Rules are now always processed in the order of IP rules first, DNS name rules second.
    • Logon delaying did not achieve its objective with multiple concurrent login attempts. Multiple concurrent login attempts are now queued and only one per login delay interval is processed, as must be.
    • Fixed a problem with high CPU consumption during SFTP sessions which occured on some users' machines.
    • The DH public key of the remote party is now not validated during Diffie Hellman key exchange. This makes WinSSHD interoperable with clients that fail to generate a valid DH key. Validation is not essential for security because the keys are temporary.

Changes in WinSSHD 3.28d:    [ 02 October 2004 ]

  • Fixed connect rule decoding problems when upgrading settings from version 3.26.

Changes in WinSSHD 3.28b:    [ 04 September 2004 ]

  • Corrected processing of DNS-name connect or accept rules with an IP address input. WinSSHD now does a secondary DNS-to-IP lookup to verify the IP-to-DNS lookup results. This applies in particular to the ability to allow or deny incoming connections based on the origin DNS name (v3.28+). The correction provides resistance to DNS spoofing.
  • Internal handling of logon session usernames changed in 3.28, requiring password cache entries to be reinitialized for public key authentication. Version 3.28b adds compatibility with old password cache entries so that passwords do not need to be reentered for accounts using public key login.

Changes in WinSSHD 3.28a:    [ 02 September 2004 ]

  • Fixed a bug in WinSSHD Settings - the 'On Logon Command' dialog would incorrectly store the command string as the on-logoff command instead. The on-logon command could still be set correctly from the Account or Template dialogs, but changing it from the 'On Logon Command' dialog would affect the on-logoff command instead.

Changes in WinSSHD 3.28:    [ 30 August 2004 ]

  • New features:
    • Server-side port forwarding: in conjunction with a client that supports this feature, WinSSHD supports configuration of client-to-server and server-to-client port forwarding rules on the server. A client merely has to log in and the latest port forwarding rule settings are applied automatically, no client-side configuration changes are required. At the time of this release, this is supported in our Forwarder client only (email us if interested).
    • WinSSHD now supports multiple templates. Users can be distributed into groups by inheriting from different templates. Settings for a group can be modified by changing the settings of the template that the users belonging to this group inherit from.
    • WinSSHD now reloads settings dynamically in session threads. Previously, when the configuration was changed, existing sessions would keep using the old settings until the users reconnected. Now, new settings apply immediately to all sessions, new as well as already established.
    • Improvements in the textual settings language used by wcfg and WinsshdCfgManip. A 'With' clause is now supported for easier access to deep-nested settings. Also, all lists have been replaced by sorted ones.
    • wcfg and the WinsshdCfgManip COM object now provide means to set or clear a user's password in WinSSHD's password cache.
    • The bvRun utility now supports launching a process on a different window station and desktop.
    • When a client reconnects after a disconnect that has not yet been detected at the server and issues server-to-client port forwarding rules that were already established by the previous session, WinSSHD will grant the rules to the new session and silently remove them from the previous one.
    • WinSSHD now implements an active keep-alive and broken session detection scheme based on global requests.
    • Textual log file log entries now have sequence numbers.
  • Fixes and improvements:
    • Fixed Ctrl+C handling on Windows 2003 Server.
    • Fixed account name lookup problem when the account name being looked up equals the name of the local machine.
    • Reliability of text file logging significantly improved. It is still possible to move a text file out from underneath of WinSSHD while it is running, however the chance of needing to repeat the attempt is greater than before because WinSSHD now keeps the log file opened up to 1.5 seconds after the last log entry. If there is any error during logging, this will now cause WinSSHD to shut down. (For security reasons; previous behavior was to continue running.)
    • Unicode settings files with a Unicode prefix can now be imported. Previously the prefix had to be manually removed.
    • The correct failure reason is now sent to the client when the client is not allowed to use client-to-server port forwarding ('administratively prohibited', previously 'unknown channel type').
    • Corrected handling of international characters in the WinSSHD Control Panel's event log.
    • Fixed issue with the on-logon and on-logoff commands not being started on Windows Server platforms due to a STARTUPINFO parameter that was NULL instead of empty.
    • Usernames are now converted to uppercase before being passed to the relevant Windows username checking functions - case-sensitivity issues with lowercase usernames had been reported.
    • The order in which socket rules are processed now makes more sense. The sequence previously was, for example, IP-own, IP-inherited, DNS-own, DNS-inherited. The processing sequence now is IP-own, DNS-own, IP-inherited, DNS-inherited. The first encountered set of rules that has a match is used.
    • The wrapping routine used by WinSSHD for text file logging now wraps long words at the correct column.

Changes in WinSSHD 3.26:    [ 05 June 2004 ]

  • Support for socket rules - finely granular control of C2S/S2C forwardings that a client can initiate. This feature is configurable textually through wcfg for the time being. See the Users' Guide for help on getting started with the wcfg utility.
  • Introduced tolerance of window size violations for interoperability with not so well implemented clients whose authors cannot be reached or persuaded to fix their software (WS_FTP specifically).
  • Fixed configurability issue in WinSSHD Settings GUI: version 3.25 introduced a change in how string values in account settings are inherited from template settings; this wasn't properly reflected in the default values assumed by WinSSHD Settings when adding new account entries.
  • Fixes in SFTP log connection handling - machine-specific timing issues would cause no-wait loops sometimes, leading to CPU time consumption.

Changes in WinSSHD 3.25:    [ 03 April 2004 ]

  • WinSSHD now supports SFTP plugins, see SftpPluginSample.cpp (included with the installer).
  • WinSSHD can now log trace messages on initiation and completion of key exchange and key re-exchange.
  • The following new features are also available, but can at this time only be configured through the wcfg utility:
    • support for automatically executed on-logon and on-logoff commands (access.tmpl.onLogonCmd, .onLogoffCmd, or for individual accounts in access.accounts.*)
    • support for executing commands to continue running after the end of the SSH session, using the supplied bvRun utility (can be enabled with access.tmpl.allowSessionJobBreakaway, or for individual accounts in access.accounts.*)
    • various improvements to the wcfg syntax, including the ability to refer to an account entry by name, for example: access.accounts.findfirst(account eq 'john').permitSftp true
  • Fixes:
    • The SFTP server now correctly lists contents of directories containing files with very old modification/access times.
    • The SCP implementation now returns exit code 1 when any error occurs, even if non-fatal. This appears to be more consistent with the expectations of the OpenSSH implementation.
    • WinSSHD now does not any more close the session channel once EOF has been sent and received, but always waits for the child process to terminate. This resolves a race condition which would result in the exit code of the child process not being sent to the SSH client, for example after an SCP transfer where EOF was sent by the client at the end of upload, or after completion of an exec request where EOF was sent in advance by the client due to redirection of input from /dev/null.
    • Disabling of server-side key re-exchange and disabling of the keep-alive timeout did not work since 3.21; now fixed.

Changes in WinSSHD 3.24:    [ 05 March 2004 ]

  • The SFTP server now returns an accurate 'Permission denied' message instead of 'No such file' when trying to access an off-limits directory.
  • Fixed SFTP logging problems which would lead to the SFTP server failing to start in some circumstances.

Changes in WinSSHD 3.23:    [ 28 February 2004 ]

  • The SFTP subprocess would fail in some environments due to improperly sorted variable name passing. Variables are now sorted.
  • Re-introduced registry-based config-change signaling to complement event-based signaling - in some circumstances the Windows event object fails to pass the signal.
  • Message boxes displayed by WinSSHD in case of registry error or evaluation expiring now have a 10-second timeout, preventing the service from hanging waiting for user input.

Changes in WinSSHD 3.22:    [ 17 February 2004 ]

  • Logon attempt delay and session inactivity timeout did not work properly, fixed.
  • The WinSSHD version in log entries was stated incorrectly as 3.12, now fixed (3.22).

Changes in WinSSHD 3.21:    [ 07 February 2004 ]

  • Major configurability enhancements:
    • text-file configuration is now supported through the wcfg command-line utility;
    • interactive command-line configuration is supported through wcfg import settings -i;
    • WinSSHD settings can be administered programmatically through the supplied WinsshdCfgManip COM object.
  • Logging thoroughly reworked:
    • SFTP actions can now be logged;
    • logging to file is possible independently of logging to the Windows Event Log;
    • logging can be configured on a per-event basis.
  • Added support to configure a session inactivity timeout.
  • Added logon attempt delay for unsuccessful login attempts.
  • Fixed event signaling issue which in some environments would cause WinSSHD occasionally not to react to a session event until another session event occured. This would manifest itself e.g. as closing of a channel being delayed until a key was pressed or until a keep-alive timeout occurred.
  • Fixed occasional key re-exchange problem - WinSSHD could have triggered key re-exchange when it was already just initiated by the client.
  • Fixed occasional service registration problem on NT4 - service filename now quoted.

Changes in WinSSHD 3.11:

  • Further improvements in performance and responsiveness: the SSH implementation is now even faster than in 3.09, uses less CPU time and handles flow control better in sessions with many channels.

Changes in WinSSHD 3.09:

  • WinSSHD is now significantly faster: SFTP file transfer speeds can reach 3 MB/s or more with a suitable client.
  • A much larger number of simultaneously open channels are now supported: up to 1000 session channels or up to 2000 port forwarding channels can be active at the same time.
  • Keep-alive and broken session detection are now supported.
  • Environment variables are now supported in Terminal Shell, Initial Directory, and SFTP Root Directory configuration strings.
  • When exiting terminal sessions on Windows NT 4, WinSSHD now makes sure to properly terminate the shell process.

Changes in WinSSHD 3.08:

  • The 'Initial Directory' setting now applies not only to terminal sessions, but also to exec requests and SFTP sessions (unless an incompatible SFTP Root Directory setting is used).

Changes in WinSSHD 3.07:

  • Added support for 128-bit versions of the AES and Twofish algorithms. Previously, only the 256-bit versions were supported. Added alias 'twofish256-cbc' for 'twofish'.
  • Improved activation process for large-scale deployments.
  • WinSSHD now automatically detects an activation code when it is entered through the WinSSHD Control Panel or remotely using Tunnelier's WinSSHD Remote Control feature. Previously, the server had to be nudged to reload its configuration before it would detect a newly entered activation code.
  • Authentication logging improved to include greater detail - the authentication method used by the client, as well as the algorithms and fingerprints of presented public keys.
  • If a too large bvterm window is requested, WinSSHD will now use the maximum acceptable window size instead of aborting the bvterm session.

Changes in WinSSHD 3.06:

  • Improved error reporting: WinSSHD now displays textual descriptions for system error codes when available.
  • WinSSHD now uses SIDs when resolving and comparing account names, resulting in more accurate recognition of users as they log in. If user 'john' is configured in WinSSHD Settings, but he logs in as 'computer\john', WinSSHD will now properly recognize him and apply the configured settings.
  • The WinSSHD SFTP server now allows the client to set time attributes on directories. This fixes a minor compatibility issue with ssh.com's client (an error message appearing when creating a directory on the server).

Changes in WinSSHD 3.05:

  • WinSSHD now reports to the client the exit code of exec requests.
  • The installer is now better at interpreting the Windows version when run on .NET Server.

Changes in WinSSHD 3.04:

  • WinSSHD now writes its .WST settings so that they are compatible with earlier 3.xx versions of Tunnelier.
  • The installation program now doesn't bug you about .WST file association, and it doesn't create any registry keys until installation has actually started.

Changes in WinSSHD 3.03:

  • Implemented more graceful handling of situations where the child process closes its stdin before all data has been input.
  • It is now possible to use quotes inside configuration strings that specify a user's shell.
  • WinSSHD now takes measures to verify that the user has proper permissions for the working directory in which a child process will be executed. This averts inappropriate default Windows behavior in case the user's permissions have been misconfigured.

Changes in WinSSHD 3.02:

  • Improved the installation ID generation process so that the installation ID is likely to remain the same even if the whole operating system is reinstalled.
  • Fixed bug which caused some 3.1% of activation codes not to be handled properly.