Home
Products
     WinSSHD
          Users' guide
          Printable docs
          Usage FAQ
          Securing WinSSHD
          WinSSHD for SFTP
          History
          Pricing
          License
     Tunnelier
          Portable
          FTP bridge
          History
          Pricing
          License
          The 'log' utility
     Screenshots
     Download
     Notifications
     Security
     Large scale
     Purchase
          Reseller list
          Reseller policy
     Customers
How-tos and tutorials
     About SSH
     SSH Features
     How the net works
     Port forwarding guide
     Tunnel Remote Desktop
     Tunnel Windows shares
     Tunnel WinVNC
     Tunnelier as service
Work at Bitvise
About us
Contact

WinSSHD Version History

Changes in WinSSHD 5.06:    [ 18 June 2009 ]

  • The WinSSHD Control Panel now features an additional Activity tab which displays recent SSH server activity in a more casual and accessible form than full log files.
  • When running, WinSSHD Control Panel can now display popup notifications on the Administrator's desktop when various types of SSH session activity occur.
  • The WinSSHD Control Panel now features its own log file folder viewer, to work around a UAC issue that could obstruct opening of the log file folder through Windows Explorer.
  • A remote version of the WinSSHD Control Panel can now again be used to administer WinSSHD remotely, using Tunnelier 4.29 or newer.
  • SFTP/SCP: WinSSHD now supports read/write/delete access restrictions for mount points, allowing more configurations to be expressed fully using virtual accounts and mount point settings, instead of involving separate Windows accounts and NTFS permissions.
  • SFTP/SCP: added advanced setting 'OwnerGroup' to disable sending of owner and group information to clients, and to ignore these data when they are received. Intended to resolve issues where files end up with undesired owners after transfer.
  • SFTP/SCP: added advanced setting 'OnDirPermissionDenied'. If set to ShowEmpty, WinSSHD will send an empty directory listing instead of an error if the client attempts to list a directory it is not permitted to access.
  • SFTP/SCP: fixed a path concatenation problem which was discovered with SecureFX 6.1.2.
  • WinSSHD can now be configured to automatically open ports in the Windows firewall, as well as to automatically configure UPnP-compatible routers to forward connections to the server running WinSSHD.
  • Added a setting which controls whether, as in previous versions, WinSSHD should use only a short list of trusted Windows Sockets Layered Service Providers (LSPs), promoting stability, but at a possible expense of connectivity; or whether WinSSHD should use any LSP, promoting connectivity, but at the possible expense of stability.
  • Increased stack sizes for WinSSHD components that use sockets, for increased compatibility with third-party Windows Sockets Layered Service Providers that use stack less efficiently than the default Windows provider.
  • Third-party product Net::SSH::Perl contains a bug where packet padding length is interpreted as a signed value (-128...127) instead of as an unsigned value (0...255). This prevented interoperability with WinSSHD 5. Reduced minimal packet size from 200 to 80 bytes to avoid this issue.
  • WinSSHD will now launch terminal consoles with small fonts, so that larger terminal windows can be supported.
  • Fixed a terminal compatibility issue with the 64-bit version of Windows 7.
  • Fixed behavior of the PgUp key under terminal.
  • On 64-bit platforms, WinSSHD will now launch any on-logon and on-logoff commands with WoW64 file system redirection disabled.
  • A number of user interface improvements and fixes in WinSSHD Settings and WinSSHD Control Panel.

Changes in WinSSHD 5.05:    [ 19 January 2009 ]

  • WinSSHD now uses LDAP instead of the WinNT ADSI provider to lookup domain account information. Nested domain group memberships are now recognized and supported. The domain controller must now be a Windows 2000 or newer - Windows NT4 domain controllers do not support LDAP.
  • The WinSSHD service will now be restarted as part of an upgrade or reinstallation if the service was previously running.
  • The SFTP and SCP subsystems now recognize Windows paths (rather than strictly SFTP paths) when users try to use them.
  • In some cases, the SFTP and SCP subsystems were unable to list a root directory (e.g. C:\) when passing a long-path search pattern to Windows. A short-path is now used for root directories instead.
  • The SFTP subsystem now correctly encodes the POSIX permission part of the LongName field.
  • Fixed timestamp decoding issue which caused SCP uploads to fail when the -p flag (preserve time and mode) was used.
  • Improved compatibility with clients such as JSch which read the wrong SFTP field when querying for a filename.
  • Fixed a bug which caused the SSH session to terminate if a server-to-client forwarded connection failed to open.
  • The WinSSHD terminal subsystem failed to capture the output of 64-bit console programs when running on 64-bit Windows. Fixed.
  • Programs started via an SSH session can now use environment variables SSH_CLIENT and SSH_CONNECTION, which are compatible with OpenSSH.
  • The SshDisconnect.ConnectionLost event is now properly logged as an information message rather than a warning.

Changes in WinSSHD 5.04:    [ 18 December 2008 ]

  • When launching a child process, WinSSHD uses the Microsoft Windows API function CreateEnvironmentBlock() to set up environment variables for the new process. On 64-bit versions of Windows, this function has an issue in that it fails to setup several environment variables which are needed to execute some programs and load some DLLs. WinSSHD now works around this issue by making sure that those environment variables are properly set. This will help users who are having trouble starting certain applications from within an SSH session on 64-bit Windows.

Changes in WinSSHD 5.03:    [ 28 November 2008 ]

  • WinSSHD Control Panel now supports selecting multiple sessions in the Sessions tab.
  • Virtual accounts: When configuring the built-in Windows account for virtual users introduced in version 5.02, WinSSHD would use a hardcoded name for the 'Users' group instead of looking up the correct group name for the current language version of Windows. Fixed.
  • Virtual accounts: WinSSHD would not run if it failed to create the Windows account for virtual users. Fixed - if account creation fails, only a warning will be logged now.
  • SSH: common socket closing error codes were being logged as warnings instead of regular info messages. Fixed.
  • SCP failed to send an exit code in some cases. Fixed.
  • SFTP and SCP: Use of POSIX permissions is now disabled by default. Clients would send POSIX permissions which caused uploaded files to be inaccessible on the server. If you wish your clients to be able to set POSIX permissions, configure the specific mount point where this should be supported, by adding the advanced filesystem provider setting 'PosixPermissions' with value 'Enable'.
  • Exec requests: An exec request preceded with a terminal request will now open with terminal emulation, but a terminal request with an empty terminal string or for terminal 'dumb' will be treated as if no terminal request was sent. This brings WinSSHD 5.03 behavior in line with recent WinSSHD 4.xx versions.

  • Port forwarding: fixed an issue where a server-to-client port forwarding socket might not be closed, causing subsequent attempts to accept connections on that port to fail until WinSSHD was restarted.

  • SSH: Implemented mitigation for the recently discovered probabilistic CBC cipher vulnerability, which permits an attacker with full control over the TCP link, positioned between the client and the server, to extract up to 4 bytes of plaintext from an SSH session if a CBC cipher is used, at the expense of causing the SSH session to break. The attack requires the attacker to break the session about 100,000 times for each successful plaintext extraction attempt. An attack attempt can therefore be detected easily.

    Our mitigation in WinSSHD 5.03 attempts to thwart this attack by denying the attacker any means of distinguishing a successful attempt from an unsuccessful one. This only protects data flowing in the direction to WinSSHD (e.g. the client's password). Clients which do not implement similar mitigation can still allow this attack to succeed, when CBC is used, for data flowing from WinSSHD.

    To fully prevent this attack, use CTR ciphers (supported by all WinSSHD 5.xx versions).

  • Added support for additional alternative Microsoft Firewall Client 2004 Layered Sockets Provider IDs for compatibility with more versions of this client.
  • WinSSHD 5.xx uses fibers with small stacks, which has been causing trouble for people with third-party or OEM software such as network providers that load themselves into WinSSHD, assume the stack is large, and cause WinSSHD to crash. We increased the stack sizes of a few WinSSHD components to prevent this from occuring with the programs that were reported to us.

Changes in WinSSHD 5.02:    [ 2 November 2008 ]

  • WinSSHD now automatically creates a local Windows account for virtual users. Virtual users can now be configured without having to explicitly create and configure a backing Windows account, and without having to seed it in the WinSSHD password cache. This feature is however unavailable on domain controllers, because there are no local accounts on a domain controller, so WinSSHD cannot create one.
  • The terminal subsystem now supports the F8 key for command history.
  • WinSSHD can now write its textual log files in CSV (comma-separated values) format, with a single line per log entry. Enabling the CSV format in WinSSHD Settings can make it easier to process log files in bulk.
  • The WinsshdCfgManip COM object is now implemented as an out-of-process COM server rather than an in-process DLL. This avoids path problems with loading the FIPS cryptographic DLL into a process where the main executable resides in a different directory.
  • Added the MS Firewall Client 2004 Windows Sockets Layered Service Provider to the list of LSPs that WinSSHD will trust to use. This enables port forwarding for users who have this firewall client installed.
  • The WinSSHD Control Panel can now be started with the '-startMinimized' parameter, which will put it into the system tray - useful for users who need quick access to monitor SSH sessions.
  • SSH: fixed key re-exchange issue where the session would hang because higher-level packets weren't being buffered during key re-exchange.
  • SFTP and SCP: the file transfer subsystems will now use root ('/') as the default home directory if the home directory configured in settings does not exist.
  • SFTP version 3: fixed decoding of time values, which prevented SFTP version 3 clients from setting file times.
  • SFTP version 6: fixed encoding and decoding of ACLs.
  • The on-logoff command was being executed prematurely. Fixed.
  • Improved diagnostic logging facilities.
  • We spent several weeks for this release trying to determine why some of our customers are experiencing major slowdowns with WinSSHD version 5 relative to WinSSHD version 4, e.g. a transfer speed of 5 MB/s slowing down to 0.5 MB/s. We made several minor performance improvements in the process, but have been unable to reproduce this drastic slowdown in testing. In the environments we tested, WinSSHD 5 regularly delivered on the order of 10 MB/s. If you experience slow transfer speeds and wish to help us determine the cause of this problem, please contact us. Version 5.02 implements logging facilities that, if enabled, could provide us with the data we need.

Changes in WinSSHD 5.01 (gamma):    [ 12 September 2008 ]

  • Fixed all known outstanding issues in WinSSHD 5.00, including compression, virtual accounts, non-profit use, importing and exporting keypairs, SSH session reliability, memory footprint, logging.
  • This release should now be factors of magnitude more stable than 5.00 beta. To the extent that new issues arise, they are now expected to be fewer and rarer.
  • Should now be suitable for production testing. Deploy in monitored, controlled environments, and contact our tech support if any new issues arise.

Changes in WinSSHD 5.00 (beta):    [ 25 August 2008 ]

  • The WinSSHD terminal subsystem has been entirely rewritten, and now provides state-of-the-art terminal support with all terminal types. Now supports a wider variety of terminals, including ansi, cygwin, linux, scoansi, vt100, vt102, vt220, vt320, wyse50, wyse60, and xterm. When used with Tunnelier, bvterm will still be better in some aspects, but WinSSHD support for other terminals is now excellent, too.
  • The WinSSHD SFTP and SCP subsystems have been entirely rewritten, and now provide consistent access to a single virtual filesystem with multiple configurable mount points. A modular provider interface allows pluggable virtual filesystem providers to be written by third parties, to fit in seamlessly with existing WinSSHD mount points.
  • The WinSSHD Control Panel has been entirely rewritten, and now provides an interactive view of active SSH sessions, interactive control over WinSSHD IP blocking, support for multiple host keypairs and RSA keypairs, and better management of the password cache.
  • WinSSHD now uses the fully FIPS 140-2 validated, DLL version of Crypto++, and runs it in FIPS mode. WinSSHD now also uses a pluggable crypto provider model, which allows another cryptographic library to be substituted for Crypto++ without modifying WinSSHD itself, simply by replacing a DLL.
  • The SSH implementation has been entirely rewritten to implement a more flexible architecture and to untangle the SSH architecture from Crypto++. The new implementation is FlowSsh and is based on denis bider's Flow architecture.
  • WinSSHD can now be installed as a personal edition, which can be used free of charge by non-commercial, personal users, but limits access to organization-centric features:
    • No more than 1 group entry and 10 account entries can be defined in WinSSHD Settings.
    • Cannot login with domain accounts.
    • No support for GSSAPI authentication.

Changes in WinSSHD 4.28:    [ 28 November 2008 ]

  • Port forwarding: fixed an issue where a server-to-client port forwarding socket might not be closed, causing subsequent attempts to accept connections on that port to fail until WinSSHD was restarted.
  • Added known versions of the MS Firewall Client 2004 Windows Sockets Layered Service Provider to the list of LSPs that WinSSHD will trust to use. This enables port forwarding for users who have this firewall client installed.

Changes in WinSSHD 4.27:    [ 14 July 2008 ]

  • WinSSHD now deactivates WoW64 filesystem redirection before executing child programs on Windows x64. This provides terminal shell users with the 64-bit version of the Command Prompt, and the ability to run other 64-bit system programs, rather than being limited to 32-bit versions as before.
  • WinSSHD now makes it possible for other programs, running on the same machine under an administrator or local system account, to retrieve information about current sessions and tunneled connections. A new command line utility, 'wstat', is provided, allowing this information to be queried from the command line. The source code for this program is provided in the WinSSHD installation directory as a sample for third party application developers.
  • WinSSHD now explicitly enables the TCB privilege so that it can perform UAC user elevation when the WinSSHD service is being run under an administrator account other than Local System. In order for this to work, the service account under which WinSSHD is running must be granted the right "Act as part of the operating system".

Changes in WinSSHD 4.26:    [ 25 February 2008 ]

  • For compatibility with Windows Vista and Windows Server 2008, WinSSHD now automatically elevates an administrator's token upon login. When Kerberos authentication is used, the SSH client must be run elevated in order for administrative access to be available on the server side under SSH.
  • Added a setting to make WinSSHD run as a lower-than-normal or higher-than-normal priority process. This helps busy sites which want to favor another application at the expense of WinSSHD, or WinSSHD at the expense of other programs.
  • WinSSHD now keeps only one copy of settings for all SSH sessions, rather than making a separate copy for each thread. This improves performance for sites with high load and a large number of accounts in WinSSHD Settings.
  • The SFTP server subsystem now initiates no TCP loopback connection to WinSSHD if all SFTP log events are disabled. This helps sites with persistent high frequency of connections which may run out of ports over time.
  • The WinsshdCfgManip COM object now uses a heap-based rather than a stack-based buffer for settings and keypair. This permits programmatic manipulation of WinSSHD settings from IIS, and stack-constrained environments in general.
  • A bug in the WinSSHD installation process caused no keypair to be generated when installing a new non-default site. Fixed.
  • A bug in WinSSHD settings handling used to cause all key exchange algorithms to be offered, even if some were disabled. Fixed.

Changes in WinSSHD 4.23:    [ 23 March 2007 ]

  • The WinSSHD installer and all contained executables are now digitally signed with the Bitvise private key. Windows Explorer will now show a 'Digital Signatures' tab if you right click on one of the executables and open its properties.
  • Fixed incorrect narrow-to-wide character conversion used in SFTP logging that could result in an empty path name being logged.

Changes in WinSSHD 4.22:    [ 25 December 2006 ]

  • WinSSHD now installs and works normally on Windows Vista. (With previous versions, explicit user action was necessary to make the installer and the WinSSHD Control Panel run as administrator.)
  • wcfg and WinSSHD Settings Query: the Erase instruction in the user public key list would incorrectly erase all keys after the one that should have been erased. Fixed.

Changes in WinSSHD 4.21:    [ 29 October 2006 ]

  • The logon delayer component that was reimplemented in WinSSHD 4.19 had a bug which could cause the WinSSHD service to stop when a number of simultaneous unsuccessful login attempts from multiple IP addresses were being made. Fixed.
  • WinSSHD was using the new logon delayer component incorrectly when Windows rejected a logon attempt because the user's password had to be changed. The problem would cause the user's session and all further password authentication requests for the same user or from the same IP address to hang. Fixed.
  • As a result of case sensitivity changes in WinSSHD 4.16, recent WinSSHD versions would require a virtual user name to be supplied with correct casing when logging into a virtual account. Virtual account names are now case insensitive again.

  • The domain controller lookup logic that was changed in WinSSHD 4.19 to accomodate Windows 2003 domain forests could fail to find an NT4 domain controller, preventing logins into NT4 domain accounts. The domain controller lookup and account info retrieval logic is now more flexible to allow for various combinations of domain types.

    When you try to log into an NT4 domain account for the first time after WinSSHD starts, there may now be a 10 second delay compared to WinSSHD 4.18 and earlier. This delay is because WinSSHD tries to lookup the domain controller with 2000+ Windows functions first, and then falls back to NT4-style lookup. Subsequent login attempts should be faster because WinSSHD remembers the NT4 domain type.

  • WinSSHD and Tunnelier would trim trailing spaces in the other side's SSH version string. This would cause key exchange failure when the other SSH implementation sent a version string with trailing spaces. Fixed.
  • The WinSSHD installer GUI could mis-detect a WinSSHD version 3 installation and fail to enable the 'Replace' or 'Upgrade' button, requiring the WinSSHD version 3 installation to be uninstalled first before the 4.xx installer was run. Fixed.
  • WinSSHD 4.19 introduced a static dependency to a Windows API function which isn't available on NT4. This would prevent recent WinSSHD versions from working on NT4 unless Active Directory Client Extensions were installed. Fixed.

Changes in WinSSHD 4.20:    [ 12 October 2006 ]

  • WinSSHD subsystems toterm, bvterms, scp and sftps are now executed in the WinSSHD installation directory instead of the logged-on user's initial directory. This fixes a privilege-escalation vulnerability where a user limited to SFTP access could upload a specially crafted DLL into his initial directory, and Windows would load and execute that DLL when starting the SFTP server, allowing the user to execute arbitrary code with the permissions of the account into which he is logged in.

    This vulnerability was most pronounced on servers running OS versions older than Windows 2003 or Windows XP SP2. On these systems, Windows uses an unsafe DLL search order by default. However, it was still possible to exploit this vulnerability on some Windows XP SP2 and Windows 2003 systems if certain products were installed that inject unresolved DLL dependencies into programs. This version fixes this vulnerability by starting the subsystems from the WinSSHD installation directory and having the subsystems change directory to the desired location themselves.

Changes in WinSSHD 4.19:    [ 12 September 2006 ]

  • The logon delayer component is now reimplemented to gracefully handle many simultaneous clients logging in at the same time. Public key and GSSAPI login attempts are now not delayed at all, so as to provide an avenue of access when an ongoing brute force password guessing attack blocks an account.
  • WinSSHD now uses more appropriate Windows functions to obtain the name of the domain controller for a domain, improving compatibility with multiple-domain forests.

Changes in WinSSHD 4.18:    [ 24 August 2006 ]

  • An SSH session could hang while consuming 100% CPU when a port forwarding tunnel was closing. Believed fixed.
  • An SSH session could hang indefinitely waiting for a graceful shutdown of the SSH TCP connection. Fixed.
  • Fixed synchronization issue in sessions with larger numbers of concurrently opened channels (for example, a session with many concurrent port forwardings).

Changes in WinSSHD 4.17:    [ 17 August 2006 ]

  • Previous versions of WinSSHD would start the SSH protocol by sending a version line immediately followed by the server's KEXINIT packet. This would cause problems with buggy clients like Perl's Net::SSH::Perl and Ruby's Net::SSH, which have race conditions due to incorrect use of I/O buffering in their version string handling logic. Unfortunately, these clients are many and fixes for them difficult to deploy. WinSSHD therefore now sends the KEXINIT packet only after receiving the client's version string to avoid triggering the race condition in these clients.

Changes in WinSSHD 4.16:    [ 04 July 2006 ]

  • WinSSHD now does not uppercase account names internally in order to improve interoperability with case-sensitive Kerberos domains.
  • SFTP: aggressive SFTP protocol version checking had been added into the SFTP module, and this caused problems when renaming files with CuteFTP Pro because it fails to initialize the SFTP protocol with a version packet. Scaled back version checking for interoperability with CuteFTP.
  • WinSSHD Settings would embed extra nulls into filenames and pathnames when these were obtained through the browse button. Fixed. The nulls are now also automatically ignored when loading settings.
  • The SSH implementation would sometimes prematurely let through higher-layer packets sent by some SSH implementations which do not mind their output during key re-exchange. This could result in the session terminating due to conflicting transport state.
  • Improved SSH packet tracing.
  • Fixed socket closing issues where deinitialization functions could be attempted on a socket after it had already been closed.
  • Decreased severity of common sockets errors to info, uncommon ones to warning. (Previously, common socket errors were logged as warnings and uncommon ones as errors.)
  • Added trace logging capability for the domain controller-locating process.

Changes in WinSSHD 4.15a:    [ 08 May 2006 ]

  • WinSSHD now tries multiple ways of looking up usernames in Active Directory and uses the scheme that delivers best performance and results.
  • WinSSHD would not correctly escape spaces in usernames when performing Active Directory lookup. Fixed.
  • WinSSHD now loads the user's profile on login if the 'Map remembered shares' or 'Map remote home directory' setting is set to ensure that Windows will correctly report the data these settings require if the user has not logged on before.
  • WinSSHD Settings could freeze on some machines in some circumstances when a new window was opened. Fixed.

Changes in WinSSHD 4.15:    [ 27 April 2006 ]

  • Environment variable expansion is now supported for explicitly configured network share mappings.
  • Concurrent session limits can now be configured per individual user or for the entire server.
  • Under heavy port forwarding stress, a WinSSHD session thread could block in a tight CPU-consuming loop. The service would continue to be responsive, but a restart would be required to get rid of the CPU-using thread. Believed fixed.
  • Previously, WinSSHD did not use the 'exclusive' option when binding its listening sockets. This meant that any locally logged on user that could execute programs could also mount a man-in-the-middle attack against incoming SSH sessions by intercepting connection attempts intended for WinSSHD. Such attacks could be detected on the client because an unprivileged user cannot fake the SSH server's host key. However, on Windows NT SP4 and higher, WinSSHD now binds its listening sockets exclusively. Unfortunately, binding exclusively involves a tradeoff which makes sense for long-term listening sockets but not for ephemeral ones. Binding ephemeral listening ports exclusively would allow a remote denial of service putting these ports out of use. Therefore, the listening sockets WinSSHD opens on clients' behalf during port forwarding are not at this point opened exclusively. This means that port forwarding sockets are still subject to interception by other locally logged on users. Security policies need to be crafted accordingly.
  • The broken session detection feature would not be applied before the client's version string was fully received. This would result in a session thread idling until Windows reported disconnection. This could take a long while, occupying resources in the mean time. WinSSHD now detects a broken session in this stage, as well.

Changes in WinSSHD 4.14:    [ 29 March 2006 ]

  • Fixed: if server-side forwarding rules were configured, they would be refreshed on configuration change even if the client had not sent the server-side forwarding invitation.

Changes in WinSSHD 4.13:    [ 17 March 2006 ]

  • Fixed: the Proxy profiles feature (allowing client-2-server port forwardings to use a SOCKS or HTTP CONNECT proxy for outgoing connections) didn't work for HTTP CONNECT proxies.
  • Fixed a memory corruption issue in code that unmaps network resources on SSH session cleanup. Corruption would occur if there were multiple network resources to unmap and some of them failed. This may have been a reason for reported occurences of service failure associated with events such as 'Unexpected exception while unmapping remote directories during logoff'.
  • For compatibility with newer clients, the WinSSHD SFTP server now identifies itself as SFTP version 3. Should still support SFTP version 2 clients (if any).
  • Improved settings copying efficiency. When using a configuration with very many (hundreds or thousands of) account or group settings entries, settings should now occupy less memory and cause less delay when establishing new SSH sessions.

Changes in WinSSHD 4.12:    [ 15 January 2006 ]

  • Security fixes:
    • When the WinSSHD installer created the WinSSHD installation directory, its security descriptor would be inherited from the parent directory. In the most common case, when WinSSHD was installed under 'C:\Program Files', this would result in the Power Users group on desktops, or the Server Operators group on servers, receiving write access to WinSSHD.exe. A member of these groups could exploit this for privilege escalation. The installer now creates the WinSSHD installation directory with a security descriptor which grants write access to local administrators and the Local System account only. The security descriptor is also set this way during an upgrade unless the DACL has been changed (contains non-inherited ACEs).
    • WinSSHD would register itself as an 'interactive' service in order to be able to display a message box when evaluation was about to expire or when a rare type of critical failure occurred. Such message boxes always closed after 10 seconds, but while one was displayed, a skilled but unprivileged local user could exploit it for privilege escalation. WinSSHD is now not registered as an interactive service and does not display message boxes when running as service. When evaluation expires or is about to expire, a separate program without privileges launches the WinSSHD Control Panel when an administrator logs in.
  • WinSSHD Settings improvements:
    • It is now possible to create a new list entry by copying an existing one.
    • Lists now include additional columns containing summaries for some of the entries' sub-entities such as passwords (set or not set) and lists of public keys (number of keys).
  • Other fixes:
    • When upgrading from version 3.xx, the Initial Directory, Terminal Shell, and SFTP Root Directory settings weren't being decoded properly - if any was set, the corresponding 'Use default' setting would not be disabled.
    • A call to CreateEnvironmentBlock() could fail on NT4 when use in a way not supported on NT4. The session would be terminated when this happened.

Changes in WinSSHD 4.11:    [ 12 December 2005 ]

  • WinSSHD was making it possible for someone with ability to connect to the server, but without the ability to authenticate, to find out if a specific username is valid by looking at user authentication failure response timing. To prevent this, user authentication failure responses are now delayed for the configured login attempt delay interval.
  • Added support for 'localhost' and '' (empty string) as listening interface in a server-to-client port forwarding request (introduced by recent SSH2 protocol improvements; eases interoperability with newer versions of OpenSSH).
  • The SFTP server module now gracefully ignores common Windows pipe exceptions on termination; previously logged unnecessary errors.
  • WinSSHD would fail on Windows NT4 running on Intel processors with SSE2 capability. Windows NT4 does not support this capability, and WinSSHD was checking only for the processor feature and not also for operating system support. Fixed.
  • Errors from the LogonUser() API function were being logged incorrectly when tracing was enabled. Fixed.

Changes in WinSSHD 4.10:    [ 24 November 2005 ]

  • Added multi-site support. Multiple WinSSHD installations can now coexist by installing additional installations in directories of the form 'WinSSHD-SiteName'.
  • The uninstaller interface can now be automated from the command line. When upgrading, the installer will now smoothly uninstall the previous version without additional clicks.
  • Halved the size of the distributable due to a better compression scheme and size optimizations in the installer.
  • Added description fields to the various kinds of accept rules and port forwarding rules that can be configured in WinSSHD Settings.
  • Fixed incorrect criterion for enabling the 'Do not load profile' setting in on-logon and on-logoff command settings.
  • User friendliness improvements to the WinSSHD Settings utility.
  • The terminal servers now support screen buffer switching (e.g. when using 'telnet').
  • Negotiated encryption, MAC and compression algorithms can now be logged by enabling the SESSION_ALGORITHMS trace log message.

Changes in WinSSHD 4.06a:    [ 02 October 2005 ]

  • Users do not any more need read access to the parent of the SFTP Root Directory.
  • End-User License Agreement overhauled.

Changes in WinSSHD 4.06:    [ 24 September 2005 ]

  • Fixed a resource leak in the VT-100/xterm terminal server module (toterm.exe) which caused the Windows CSRSS.exe process to start leaking memory as VT-100 or xterm sessions were kept open for prolonged periods of time. Bvterm sessions (using Tunnelier) were unaffected.
  • Improved online help in WinSSHD Settings. There is now more help text which appears in more places that need it.

Changes in WinSSHD 4.05:    [ 13 September 2005 ]

  • Fixed a resource leak which led to decreased server performance over time, especially at sites making heavy use of port forwarding. Upgrade encouraged. All activation codes valid for previous 4.xx versions will work with 4.05 regardless of upgrade expiration.
  • User interface improvements to WinSSHD Settings under low resolutions and non-standard contrast settings.

Changes in WinSSHD 4.03a:    [ 11 August 2005 ]

  • Windows NT4 has a quirk in domain name SID lookup which led to failed logins into NT4 local accounts. WinSSHD now recognizes this quirk to enable local NT4 accounts to work as expected.

Changes in WinSSHD 4.03:    [ 05 August 2005 ]

  • Implemented configurable domain order for user account lookup when the login username is not explicitly qualified.
  • Groups are now looked up and matched based on SIDs, not names.
  • Logon type (network or interactive) is now configurable. Windows group entries now default to interactive logon; virtual group entries now default to network logon.
  • Fixed password pasting problem in WinSSHD Settings.
  • Fixed incorrect display of GUI elements in WinSSHD Settings on computers using a non-default display DPI setting.
  • Fixed handle leak when logging in under an administrator account.
  • Improvements to toterm.exe error reporting (on failure launching a child process, now reports the error code).
  • Implemented support for tracing the user authentication process to help with error diagnosis.

Changes in WinSSHD 4.02:    [ 11 July 2005 ]

  • When picking an initial directory for when a user's profile has not yet been created, WinSSHD 4.01 would select the 'Default User' profile directory. Now, the 'All Users' directory is selected on Windows 2000, XP, and 2003, and the parent directory is used on NT4.
  • Added the Microsoft Firewall LSP to the list of supported Windows Sockets 2 Layered Service Providers. Port forwarding will now work correctly on machines relying on this LSP for cross-firewall connectivity.
  • Minor WinSSHD Settings graphical user interface improvements.
  • WinsshdCfgManip.idl was being incorrectly installed as WinsshdCfgManipIdl.dll. Fixed.
  • When returning a directory listing, the SFTP protocol represents file timestamps in two fields: a primary field with high fidelity, and a lower-fidelity secondary field that is part of a more human-readable Unix-type listing. WinSSHD would encode the correct file modification time in the primary, high-fidelity field, but would encode an incorrect time in the secondary field. Most SFTP clients would still display the right file modification time, except clients like Directory Opus which rely on the human-readable lower-fidelity field instead of the higher-fidelity one intended for use by programs. Fixed.
  • When using log file rollover by time and when the configured rollover base hour was not divisible by the repeat time hours, WinSSHD would not start. Fixed.

Changes in WinSSHD 4.01:    [ 30 June 2005 ]

  • New features:
    • Now supports GSSAPI/SSPI key exchange and host authentication with Kerberos 5.
    • Now supports GSSAPI/SSPI user authentication with NTLM and Kerberos 5.
    • Now supports multiple virtual accounts with different WinSSHD settings, backed by a single (local or domain) Windows account.
    • Now supports Windows group-based configuration, automatically applying group-wide settings if no account-specific WinSSHD settings are defined.
    • Ability to accept connections on multiple ports and interfaces simultaneously.
    • More reliable text file logging with automatic rollover capability based on file size or time of day.
    • Ability to manage the WinSSHD password cache from the WinSSHD Control Panel, and also remotely through the Remote Control Panel in Tunnelier.
    • Supports password change during user authentication using clients that support it (e.g. Tunnelier from version 4).
  • All-new graphical WinSSHD Settings:
    • Immediately accessible help text for each configurable item.
    • Makes available for visual configuration many settings previously only configurable textually through wcfg.
    • Blends visual and script configuration into a single interface: view settings graphically in Configuration tab, query using wcfg script language in Query.
  • SSH improvements:
    • Now uses explicitly the Microsoft Windows Sockets 2 Layered Service Provider (LSP) to avoid compatibility issues with poorly written third-party LSPs. This seems to solve reported compatibility issues with NOD32, PGP version 9 and other software that installs a badly written LSP.
    • Improved socket EOF handling in some cases.
    • Implemented graceful handling of data received after EOF, for compatibility with poorly written clients.
    • To avoid a disconnect, active keep-alives are now not sent during user authentication - passive keep-alives are sent instead.
    • Additionally, a number of non-Bitvise clients misbehave and disconnect when receiving an active keep-alive, so WinSSHD now sends only passive keep-alives to non-Bitvise clients.
    • Fixed data packet sending to respect the maximum size that the remote party specifies.

Changes in WinSSHD 3.32:    [ 20 October 2006 ]

  • Backported the fix for the potential SFTP containment vulnerability issue, as documented for WinSSHD 4.20.

Changes in WinSSHD 3.31b:    [ 28 April 2005 ]

  • SFTP sessions would break after transferring 8GB of data. Fixed.
  • Client-initiated server-2-client port forwarding rules would be abandoned during a configuration reload. Fixed.
  • When defining listening rules for client-initiated server-2-client port forwarding, it was not possible to define multiple listen rules with the same interface, even if the port was different. Fixed.
  • Some clients would send the 'pty-req' channel request before launching SFTP, instructing WinSSHD to launch the SFTP module under a layer of terminal emulation. This would cause the SFTP session to break. WinSSHD will now always launch the SFTP module directly.

Changes in WinSSHD 3.31a:    [ 01 April 2005 ]

  • Fixed a couple of trace events that WinSSHD was logging, incorrectly, under the security context of the SSH user instead of the security context of the service. If trace logging to textual log file was enabled, and if the SSH user did not have permission to open the log file for writing, WinSSHD could shut down when unable to open the log file.

    Users who use a previous WinSSHD version and have it configured to log trace messages in a textual log file are recommended to either upgrade to the latest release, or reduce the log level to Info. Users not using a log file or not logging trace messages can upgrade at their discretion.

Changes in WinSSHD 3.31:    [ 27 January 2005 ]

  • WinSSHD now comes with a bvPwd utility allowing regular users to change their passwords from the console. Note that an administrator can always use the console to change anyone's password with the Windows 'net user' command.
  • To resolve reported inconveniences, WinSSHD now does not at all, by default, clear passwords from the password cache when LogonUser() denies a login attempt after successful public key authentication. WinSSHD can still be configured to clear the corresponding cache entry in this situation by enabling the 'session.clearPwdCacheOnPubKeyAuthFailure' wcfg setting.
  • Fixed problems with starting the SFTP server module that occured on some machines. The problems were distinguished by a 'Received invalid ID' error among the events in the WinSSHD log.
  • Error code descriptions ceased working in version 3.30 - just the Windows error code would be logged and no description. Descriptions are now again properly included.

Changes in WinSSHD 3.30a:    [ 10 January 2005 ]

  • Fixed the (harmless, but annoying) 'Bad service request' Windows Event Log error that would be logged due to a Windows service control message that WinSSHD wasn't expecting.
  • The bvterm server can now receive and handle the Ctrl+Break signal. Requires Tunnelier 3.60a or newer.

Changes in WinSSHD 3.30:    [ 24 December 2004 ]

  • New features:
    • Implemented IP address lockout after a configurable number of login attempts. By default, WinSSHD will now lock out for 1 hour any IP address that connects unsuccessfully 20 or more times in a 5 minute period. These values can be changed, but are not yet available through the graphical WinSSHD Settings interface; they can be configured through wcfg. Execute 'q session.?' from wcfg for help - the settings are session.ipBlockWindowSecs (default 300), session.ipBlockThreshold (default 20) and session.ipBlockLockoutSecs (default 3600). Setting any of these values to 0 will disable the automatic lockout feature.
    • 2048-bit key exchange is now supported (the diffie-hellman-group14-sha1 algorithm). This applies to the key exchange algorithm only, server keypair algorithm support remains same.
    • Debug dump output can now be configured through WinSSHD Settings, allowing rarely occuring SSH protocol and program issues to be diagnosed where they appear. The debug dump output can be configured by selecting custom logging and enabling the desired LOG_D_xxxx events.
    • The graphical utilities now support the XP look and Windows themes.
    • If exec requests are not permitted for a user, but shell access is, WinSSHD will now execute the shell instead of the exec request. This helps with clients which set up the terminal differently for exec requests than for the shell (plink for example), and where only a single specific command is allowed, regardless of what the client attempts to run.
    • Added configuration setting to prevent WinSSHD advertising its exact version in the SSH version string. The setting is not yet available through the graphical WinSSHD Settings interface but can be set through wcfg (server.omitVersion).
    • Made configurable the speed with which WinSSHD accepts connections. The setting is for advanced use and is not yet available through the graphical WinSSHD Settings interface, but can be set through wcfg (server.acceptDelayMs).
  • Fixes and improvements:
    • WinSSHD is now more tolerant towards SSH clients that continue to send data while key re-exchange is in progress. Any data received during this stage is now queued and processed once the re-exchange completes.
    • On the NT4 platform, WinSSHD would disconnect a session when a shell or SFTP child process was executed with the 'Allow Job Breakaway' setting enabled. Fixed. (As a side note, the 'Allow Job Breakaway' setting does not apply on NT4. Process jobs are an OS feature introduced by Windows 2000.)
    • WinSSHD now handles the SERVICE_ACCEPT_SHUTDOWN service control message to exit more gracefully when the system is shutting down.
    • WinSSHD now waits twice as long (3 seconds, previously 1.5) to open the log file before shutting down due to being unable to log.
    • DNS name IP rule processing changed to more closely match intuitive expectations. Rules are now always processed in the order of IP rules first, DNS name rules second.
    • Logon delaying did not achieve its objective with multiple concurrent login attempts. Multiple concurrent login attempts are now queued and only one per login delay interval is processed, as must be.
    • Fixed a problem with high CPU consumption during SFTP sessions which occured on some users' machines.
    • The DH public key of the remote party is now not validated during Diffie Hellman key exchange. This makes WinSSHD interoperable with clients that fail to generate a valid DH key. Validation is not essential for security because the keys are temporary.

Changes in WinSSHD 3.28d:    [ 02 October 2004 ]

  • Fixed connect rule decoding problems when upgrading settings from version 3.26.

Changes in WinSSHD 3.28b:    [ 04 September 2004 ]

  • Corrected processing of DNS-name connect or accept rules with an IP address input. WinSSHD now does a secondary DNS-to-IP lookup to verify the IP-to-DNS lookup results. This applies in particular to the ability to allow or deny incoming connections based on the origin DNS name (v3.28+). The correction provides resistance to DNS spoofing.
  • Internal handling of logon session usernames changed in 3.28, requiring password cache entries to be reinitialized for public key authentication. Version 3.28b adds compatibility with old password cache entries so that passwords do not need to be reentered for accounts using public key login.

Changes in WinSSHD 3.28a:    [ 02 September 2004 ]

  • Fixed a bug in WinSSHD Settings - the 'On Logon Command' dialog would incorrectly store the command string as the on-logoff command instead. The on-logon command could still be set correctly from the Account or Template dialogs, but changing it from the 'On Logon Command' dialog would affect the on-logoff command instead.

Changes in WinSSHD 3.28:    [ 30 August 2004 ]

  • New features:
    • Server-side port forwarding: in conjunction with a client that supports this feature, WinSSHD supports configuration of client-to-server and server-to-client port forwarding rules on the server. A client merely has to log in and the latest port forwarding rule settings are applied automatically, no client-side configuration changes are required. At the time of this release, this is supported in our Forwarder client only (email us if interested).
    • WinSSHD now supports multiple templates. Users can be distributed into groups by inheriting from different templates. Settings for a group can be modified by changing the settings of the template that the users belonging to this group inherit from.
    • WinSSHD now reloads settings dynamically in session threads. Previously, when the configuration was changed, existing sessions would keep using the old settings until the users reconnected. Now, new settings apply immediately to all sessions, new as well as already established.
    • Improvements in the textual settings language used by wcfg and WinsshdCfgManip. A 'With' clause is now supported for easier access to deep-nested settings. Also, all lists have been replaced by sorted ones.
    • wcfg and the WinsshdCfgManip COM object now provide means to set or clear a user's password in WinSSHD's password cache.
    • The bvRun utility now supports launching a process on a different window station and desktop.
    • When a client reconnects after a disconnect that has not yet been detected at the server and issues server-to-client port forwarding rules that were already established by the previous session, WinSSHD will grant the rules to the new session and silently remove them from the previous one.
    • WinSSHD now implements an active keep-alive and broken session detection scheme based on global requests.
    • Textual log file log entries now have sequence numbers.
  • Fixes and improvements:
    • Fixed Ctrl+C handling on Windows 2003 Server.
    • Fixed account name lookup problem when the account name being looked up equals the name of the local machine.
    • Reliability of text file logging significantly improved. It is still possible to move a text file out from underneath of WinSSHD while it is running, however the chance of needing to repeat the attempt is greater than before because WinSSHD now keeps the log file opened up to 1.5 seconds after the last log entry. If there is any error during logging, this will now cause WinSSHD to shut down. (For security reasons; previous behavior was to continue running.)
    • Unicode settings files with a Unicode prefix can now be imported. Previously the prefix had to be manually removed.
    • The correct failure reason is now sent to the client when the client is not allowed to use client-to-server port forwarding ('administratively prohibited', previously 'unknown channel type').
    • Corrected handling of international characters in the WinSSHD Control Panel's event log.
    • Fixed issue with the on-logon and on-logoff commands not being started on Windows Server platforms due to a STARTUPINFO parameter that was NULL instead of empty.
    • Usernames are now converted to uppercase before being passed to the relevant Windows username checking functions - case-sensitivity issues with lowercase usernames had been reported.
    • The order in which socket rules are processed now makes more sense. The sequence previously was, for example, IP-own, IP-inherited, DNS-own, DNS-inherited. The processing sequence now is IP-own, DNS-own, IP-inherited, DNS-inherited. The first encountered set of rules that has a match is used.
    • The wrapping routine used by WinSSHD for text file logging now wraps long words at the correct column.

Changes in WinSSHD 3.26:    [ 05 June 2004 ]

  • Support for socket rules - finely granular control of C2S/S2C forwardings that a client can initiate. This feature is configurable textually through wcfg for the time being. See the Users' Guide for help on getting started with the wcfg utility.
  • Introduced tolerance of window size violations for interoperability with not so well implemented clients whose authors cannot be reached or persuaded to fix their software (WS_FTP specifically).
  • Fixed configurability issue in WinSSHD Settings GUI: version 3.25 introduced a change in how string values in account settings are inherited from template settings; this wasn't properly reflected in the default values assumed by WinSSHD Settings when adding new account entries.
  • Fixes in SFTP log connection handling - machine-specific timing issues would cause no-wait loops sometimes, leading to CPU time consumption.

Changes in WinSSHD 3.25:    [ 03 April 2004 ]

  • WinSSHD now supports SFTP plugins, see SftpPluginSample.cpp (included with the installer).
  • WinSSHD can now log trace messages on initiation and completion of key exchange and key re-exchange.
  • The following new features are also available, but can at this time only be configured through the wcfg utility:
    • support for automatically executed on-logon and on-logoff commands (access.tmpl.onLogonCmd, .onLogoffCmd, or for individual accounts in access.accounts.*)
    • support for executing commands to continue running after the end of the SSH session, using the supplied bvRun utility (can be enabled with access.tmpl.allowSessionJobBreakaway, or for individual accounts in access.accounts.*)
    • various improvements to the wcfg syntax, including the ability to refer to an account entry by name, for example: access.accounts.findfirst(account eq 'john').permitSftp true
  • Fixes:
    • The SFTP server now correctly lists contents of directories containing files with very old modification/access times.
    • The SCP implementation now returns exit code 1 when any error occurs, even if non-fatal. This appears to be more consistent with the expectations of the OpenSSH implementation.
    • WinSSHD now does not any more close the session channel once EOF has been sent and received, but always waits for the child process to terminate. This resolves a race condition which would result in the exit code of the child process not being sent to the SSH client, for example after an SCP transfer where EOF was sent by the client at the end of upload, or after completion of an exec request where EOF was sent in advance by the client due to redirection of input from /dev/null.
    • Disabling of server-side key re-exchange and disabling of the keep-alive timeout did not work since 3.21; now fixed.

Changes in WinSSHD 3.24:    [ 05 March 2004 ]

  • The SFTP server now returns an accurate 'Permission denied' message instead of 'No such file' when trying to access an off-limits directory.
  • Fixed SFTP logging problems which would lead to the SFTP server failing to start in some circumstances.

Changes in WinSSHD 3.23:    [ 28 February 2004 ]

  • The SFTP subprocess would fail in some environments due to improperly sorted variable name passing. Variables are now sorted.
  • Re-introduced registry-based config-change signaling to complement event-based signaling - in some circumstances the Windows event object fails to pass the signal.
  • Message boxes displayed by WinSSHD in case of registry error or evaluation expiring now have a 10-second timeout, preventing the service from hanging waiting for user input.

Changes in WinSSHD 3.22:    [ 17 February 2004 ]

  • Logon attempt delay and session inactivity timeout did not work properly, fixed.
  • The WinSSHD version in log entries was stated incorrectly as 3.12, now fixed (3.22).

Changes in WinSSHD 3.21:    [ 07 February 2004 ]

  • Major configurability enhancements:
    • text-file configuration is now supported through the wcfg command-line utility;
    • interactive command-line configuration is supported through wcfg import settings -i;
    • WinSSHD settings can be administered programmatically through the supplied WinsshdCfgManip COM object.
  • Logging thoroughly reworked:
    • SFTP actions can now be logged;
    • logging to file is possible independently of logging to the Windows Event Log;
    • logging can be configured on a per-event basis.
  • Added support to configure a session inactivity timeout.
  • Added logon attempt delay for unsuccessful login attempts.
  • Fixed event signaling issue which in some environments would cause WinSSHD occasionally not to react to a session event until another session event occured. This would manifest itself e.g. as closing of a channel being delayed until a key was pressed or until a keep-alive timeout occurred.
  • Fixed occasional key re-exchange problem - WinSSHD could have triggered key re-exchange when it was already just initiated by the client.
  • Fixed occasional service registration problem on NT4 - service filename now quoted.

Changes in WinSSHD 3.11:

  • Further improvements in performance and responsiveness: the SSH implementation is now even faster than in 3.09, uses less CPU time and handles flow control better in sessions with many channels.

Changes in WinSSHD 3.09:

  • WinSSHD is now significantly faster: SFTP file transfer speeds can reach 3 MB/s or more with a suitable client.
  • A much larger number of simultaneously open channels are now supported: up to 1000 session channels or up to 2000 port forwarding channels can be active at the same time.
  • Keep-alive and broken session detection are now supported.
  • Environment variables are now supported in Terminal Shell, Initial Directory, and SFTP Root Directory configuration strings.
  • When exiting terminal sessions on Windows NT 4, WinSSHD now makes sure to properly terminate the shell process.

Changes in WinSSHD 3.08:

  • The 'Initial Directory' setting now applies not only to terminal sessions, but also to exec requests and SFTP sessions (unless an incompatible SFTP Root Directory setting is used).

Changes in WinSSHD 3.07:

  • Added support for 128-bit versions of the AES and Twofish algorithms. Previously, only the 256-bit versions were supported. Added alias 'twofish256-cbc' for 'twofish'.
  • Improved activation process for large-scale deployments.
  • WinSSHD now automatically detects an activation code when it is entered through the WinSSHD Control Panel or remotely using Tunnelier's WinSSHD Remote Control feature. Previously, the server had to be nudged to reload its configuration before it would detect a newly entered activation code.
  • Authentication logging improved to include greater detail - the authentication method used by the client, as well as the algorithms and fingerprints of presented public keys.
  • If a too large bvterm window is requested, WinSSHD will now use the maximum acceptable window size instead of aborting the bvterm session.

Changes in WinSSHD 3.06:

  • Improved error reporting: WinSSHD now displays textual descriptions for system error codes when available.
  • WinSSHD now uses SIDs when resolving and comparing account names, resulting in more accurate recognition of users as they log in. If user 'john' is configured in WinSSHD Settings, but he logs in as 'computer\john', WinSSHD will now properly recognize him and apply the configured settings.
  • The WinSSHD SFTP server now allows the client to set time attributes on directories. This fixes a minor compatibility issue with ssh.com's client (an error message appearing when creating a directory on the server).

Changes in WinSSHD 3.05:

  • WinSSHD now reports to the client the exit code of exec requests.
  • The installer is now better at interpreting the Windows version when run on .NET Server.

Changes in WinSSHD 3.04:

  • WinSSHD now writes its .WST settings so that they are compatible with earlier 3.xx versions of Tunnelier.
  • The installation program now doesn't bug you about .WST file association, and it doesn't create any registry keys until installation has actually started.

Changes in WinSSHD 3.03:

  • Implemented more graceful handling of situations where the child process closes its stdin before all data has been input.
  • It is now possible to use quotes inside configuration strings that specify a user's shell.
  • WinSSHD now takes measures to verify that the user has proper permissions for the working directory in which a child process will be executed. This averts inappropriate default Windows behavior in case the user's permissions have been misconfigured.

Changes in WinSSHD 3.02:

  • Improved the installation ID generation process so that the installation ID is likely to remain the same even if the whole operating system is reinstalled.
  • Fixed bug which caused some 3.1% of activation codes not to be handled properly.