Security Notification: [ 30 November 2015 ]
We have recently discovered a security issue in a common library used by Bitvise software. Given specific, but common conditions, this issue can be exploited by an unauthenticated remote attacker to cause instability and denial of service in affected software. We cannot exclude that this issue could be exploited to run arbitrary code.
The following versions of our software are affected:
- SSH Server 5.xx and 6.xx, up to and including version 6.43. Version 6.44 and newer do not contain this issue.
- SSH Client 6.xx, up to and including version 6.43. Versions 6.44 and newer do not contain this issue.
- FlowSshC/Cpp/Net versions up to and including 5.36. Versions 5.37 and newer do not contain this issue.
To help mitigate this issue, Bitvise SSH Server versions 6.44 and 6.45, and Bitvise SSH Client versions 6.44 and 6.45; and FlowSsh version 5.37; contain an upgrade amnesty, so that any existing license that is valid for any of the software versions affected by this issue can be used with the respective latest unaffected software version. This means that all users of Bitvise SSH Server and Client 5.xx and 6.xx can upgrade to version 6.45, and can activate it using their existing activation code. This also applies to FlowSsh users upgrading to version 5.37.
Users of Bitvise SSH Server and Client per-installation licenses can log in to access their existing activation codes.
Users of FlowSsh, and users of large-scale licenses, can upgrade using activation codes received in order delivery.
Changes in Bitvise SSH Client 6.45: [ 23 November 2015 ]
- SFTP GUI:
- Overall transfer estimates are now available when file transfer is initiated using drag-and-drop, or via clipboard.
- File selection in the local pane will no longer be reset due to icons loading in the background.
- Improved performance of Select All (Ctrl+A) in Local and Remote view, and in Download and Upload tabs.
- Terminal: In the November update to Windows 10, automatic line re-wrap during window resizing has been enabled in the Windows console by default. This interacts poorly with SSH, where re-wrap causes loss of synchronization between the client and server. The graphical SSH client now disables console line wrap when bvterm is started from the graphical SSH Client. Unfortunately, it is not possible to disable this in an existing console session when using stermc.
- Fixed an issue in Client key manager which failed to update its list if the slot was changed for a key stored in profile.
- Implemented a workaround for an issue in Windows which prevented the graphical SSH Client in versions 6.4x from running on Windows XP and Windows Server 2003 unless a Windows hotfix was applied.
- The FlowSshNet DLLs now correctly target .NET Framework 4.0, instead of 4.5.2.
Changes in Bitvise SSH Client 6.44: [ 10 November 2015 ]
- Proxy settings: Fixed a bug which prevented per-profile proxy settings from functioning reliably.
- stnlc: When in an interactive prompt, failure to add a client-to-server or server-to-client port forwarding rule would incorrectly disconnect the session "on user's request". Fixed.
Changes in Bitvise SSH Client 6.43: [ 30 October 2015 ]
- Improved uninstallation to reduce the likelihood that Windows might need to be restarted to complete a reinstallation or upgrade. If a restart would be required, the user can now choose to abort reinstallation.
- In the graphical SFTP interface, file icons are now loaded asynchronously, to avoid the interface blocking due to lengthy antivirus scans.
- Fixed an issue that prevented X11 forwarding from working properly in terminal windows other than the first one. This issue was introduced with 6.xx versions.
- The RIS and DECST instructions to reset terminal and screen buffer are now supported in conjunction with xterm. This allows the Linux reset command to be used to fully reset the terminal.
- A copy and paste notification is now displayed also when Shift+Insert is used to paste.
- FTP Bridge:
- Fixed an issue which caused the SSH Client main window to freeze if an FTP client was not disconnecting the control connection.
- Added IPv6 support to the FTP Bridge, implementing support for EPSV and EPRT commands.
- The GSSAPI DH key exchange method with group exchange is now also de-prioritized when connecting to non-Bitvise servers, along with other methods that use group exchange. (Non-Bitvise servers tend to generate DH parameters that are incompatible with the FIPS cryptographic provider used by FlowSsh; this results in key exchange failures.)
Changes in Bitvise SSH Client 6.41: [ 30 August 2015 ]
- Installation and upgrade:
- This is the first version tested on Windows 10 as part of the development process.
- The SSH Client installer now supports the -activationCode parameter. This allows a license code to be applied to the SSH Client during initial installation or an upgrade. The SSH Client will operate with full functionality with or without a license code, but applying it allows users to indicate their licensed status.
- On Windows Vista and newer, the installer did not auto-run correctly after the uninstaller prompted for restart during upgrade. Fixed.
- Failed and incomplete installations are now detected and displayed, to help the user choose the correct installation directory.
- Publisher and version information is now added for display in Add/Remove Programs.
- Programmatic use:
- Bitvise SSH Client now includes FlowSshNet: our SSH library for use with .NET; and comes with .ps1 scripts demonstrating how to use FlowSshNet from PowerShell. The FlowSsh library can now be used under the Bitvise SSH Client license if Bitvise SSH Client is installed on the same computer.
- SHA-256 public key fingerprints, compatible with the latest OpenSSH versions, are now supported.
- The 1024-bit fixed prime Diffie Hellman key exchange method, diffie-hellman-group1-sha1, is now disabled by default, due to doubts about continuing security of Diffie Hellman with a 1024-bit fixed prime. Compatibility with most older servers should be retained via the diffie-hellman-group14-sha1 method, which uses a 2048-bit fixed prime. We recommend migrating older SSH clients and servers to new versions supporting ECDH and ECDSA.
- Symmetric encryption algorithms that use CBC mode are now disabled by default. Bitvise SSH Client and Server implement defenses against attacks on CBC mode, but other implementations that still use CBC mode are unlikely to implement such defenses. Most implementations should now support encryption in CTR mode.
- In past Bitvise SSH Client 6.xx versions, gssapi-keyex authentication was always unavailable. Fixed.
- Graphical client:
- The graphical SFTP client now maintains a list of recent locations.
- Fixed an issue which prevented use of the -proxyUserName parameter with the graphical SSH Client. Command-line clients were unaffected.
- Fixed an issue which caused the graphical SSH Client to send an empty response to all prompts other than the first one in keyboard-interactive authentication. This issue did not affect command-line clients.
- Command-line clients:
- A new retry utility is now included, which can be used to automatically retry a command based on its exit code. Run retry without parameters for help. The utility can be used with any command line program, but is intended specifically for use with sftpc.
- The log utility now supports an additional parameter, -t, which will cause the utility to prefix every line of output with a timestamp. This can be used to log and timestamp the output of any command line program, and is intended specifically for use with sftpc.
- The command-line SFTP client, sftpc, now supports tab expansion based on wildcard patterns.
- sftpc now reports a full completion timestamp for each transfer.
- sftpc now waits a maximum of one second if the server does not respond to SFTP channel close. Previously, a server that did not respond to channel close would cause sftpc to wait indefinitely.
- In versions 6.23 - 6.31, a command such as "put directory" would not upload the contents of "directory", but instead only create an empty directory. In addition, a command such as "lrm directory -s" would always fail when the directory being removed was not empty. Fixed.
- OpenSSH servers contain a flaw where a noisy shell startup script, such as a .bashrc file, will cause garbage data to be passed to an SFTP client on the SFTP channel. Previously, this would prevent establishing an SFTP session. The client now ignores such invalid data, and looks for a particular byte signature to indicate the start of the server's first packet in the SFTP session.
- The Start in last directory feature in the graphical SFTP interface should work again.
- Turning off the Start option did not pause new transfers in the graphical SFTP interface when they were initiated via drag-and-drop or a clipboard action. Fixed. The transfers did start paused when using the Upload and Download buttons.
- When transferring files in text mode using SFTP version 4 or higher, the ignored offset is now set to an invalid 64-bit value instead of zero. This prevents an unending transfer with servers that do not ignore the offset as required by the textual transfer mode (e.g. older versions of VShell).
- Fixed an issue which could cause the SFTP client to send more channel data after sending channel close.
- FTP-to-SFTP bridge:
- Fixed an issue that could cause the FTP-to-SFTP bridge to freeze while downloading.
- When the FTP-to-SFTP Bridge was configured to listen on all interfaces (0.0.0.0), directory listings and file transfers would not work in passive mode. Fixed.
- Double-width Chinese characters were not being properly rendered in recent SSH Client versions. This should now work properly in most cases.
- Fixed problems with some Ctrl keyboard sequences: Ctrl+[, Ctrl+I, Ctrl+M, Ctrl+H, and Ctrl+J.
- Fixed a scrolling problem that could occur if the last line of output was empty (e.g. when using cat).
- Fixed an error that would frequently occur on Windows 10 when resizing a bvterm window in a Bitvise SSH Server terminal session. Further improved resizing on Windows 10.
- If Auto close window was set to Never, and a terminal session closed successfully, the terminal window would consume 100% of a CPU core until closed. Fixed.
Security Clarification: [ 29 May 2015 ]
We are receiving occasional inquiries about whether our software is affected by the "Logjam" attack against TLS/SSL.
Our software does not implement TLS/SSL, but SSH, which is a similar, but different protocol. SSH does not specify "export-strength" cryptography, and our software does not implement it. Our software is therefore not vulnerable to "Logjam".
In general, SSH is not vulnerable to middle-man encryption strength downgrade attacks, because it signs negotiation information between the client and the server before key exchange, which TLS/SSL doesn't. An SSH server and client will always negotiate algorithms that are supported by both the server and the client, and which are most preferred by the client.
Our software does, by default, enable key exchange using 1024-bit Diffie Hellman using a fixed prime. This is significantly stronger than "export-strength" cryptography, but has been suspected to be defeatable by nation-state attackers.
This algorithm will be used only if both the client and the server enable it, and the client does not prefer a different mutually supported algorithm. If you wish to completely prevent use of this algorithm, disable the following in Advanced SSH Server settings > Algorithms > Key exchange, or in the SSH Client under SSH > Key exchange:
- gss-group1-sha1 with Kerberos 5 (SSH Server only)
- gss-gex-sha1 with Kerberos 5 (SSH Server only)
- SSPI/Kerberos 5 key exchange (SSH Client only, Login tab)
In recent Bitvise SSH Server and Client versions, this should leave you with ECDH algorithms, which are believed to be secure; and one remaining Diffie Hellman algorithm, diffie-hellman-group14-sha1. This latter algorithm also uses a fixed prime, but one that is 2048-bit, and is currently not believed to be vulnerable even to nation-state attackers.
If you are using an older Bitvise SSH Server or Client version, we recommend migrating to new versions that implement Elliptic Curve-based cryptography (ECDH and ECDSA), and to start deploying ECDSA-based host keys.
Changes in Bitvise SSH Client 6.31: [ 2 May 2015 ]
- Windows compatibility:
- Fixed a change implemented in version 6.22 which prevented the SSH Client from running on Windows XP SP1 and Windows Server 2003.
- In terms of the oldest Windows versions supported, the SSH Client now officially requires Windows XP, Windows Server 2003, or later. The SSH Client no longer supports Windows 2000.
- The console output stream implementation provided by the C++ run-time library, and used by the SSH Client installer, did not properly handle Unicode characters that could not be represented in the output code page. Replaced with our own output stream implementation.
- The graphical client now displays the current date in the log area when the client is started, when the date changes, and when the log is cleared.
- When key exchange fails due to no match in algorithms, the local and remote algorithm lists are now logged.
- File transfer:
- The graphical file transfer client now accepts drag and drop from other applications.
- The Edit context menu option is now available for files of all extensions, including no extension. An Edit with... context menu option is now also available, and a default editor can be configured.
- For compatibility with non-Bitvise servers that support SFTP version 6, the SSH Client no longer requests the flag SSH_FXF_BLOCK_WRITE when sending an SSH_FXP_OPEN request. This restores compatibility with servers including ProFTPD with mod_sftp when SFTP version 6 is used.
- On Windows 7, an apparent bug in the Windows console implementation would cause stermc to crash when exiting. The console window itself would close shortly thereafter. We implemented a workaround for this issue.
- For compatibility with nano, the SSH Client's new xterm/vt100 terminal console now attempts to make smarter decisions about what type of newlines to send when pasting from clipboard.
- The SSH Client will now log any messages sent by the server as SSH_EXTENDED_DATA_STDERR before closing a successfully opened terminal channel.
- Remote Desktop:
- Improved the method the SSH Client uses to update the Remote Desktop window title.
- Command line clients:
- Implemented support for Ctrl+Left/Right to move to previous/next word, and Ctrl+Home/End to delete text until beginning/end of line.
- Clients stnlc and spksc now also support Tab-completion.
Changes in Bitvise SSH Client 6.24: [ 9 March 2015 ]
- File transfer:
- The graphical SFTP client now supports editing of remote files. A remote file can be edited using right click > Edit. The client will automatically download the file; open it in the editor associated with its file extension in Windows; then monitor the local copy of the file for changes. When changes are saved, the file will be uploaded automatically.
- The graphical SFTP client now supports right click > 'Open with...', both for local and remote files.
- Further improvements to tab completion in sftpc.
- The 'move' and 'lmove' commands in sftpc now support the -o (overwrite) parameter.
- In command line clients, the -keypairFile parameter would only work if another keypair (even if unused) was available, either in the profile being used, or in global client settings. Fixed.
- Fixed a long-standing graphical glitch which would cause edit boxes in the graphical SSH Client to temporarily lose borders whenever the Sysinternals Process Explorer was launched.
Changes in Bitvise SSH Client 6.23: [ 17 February 2015 ]
- Key exchange methods that use group exchange will now be de-prioritized when connecting to all non-Bitvise SSH server implementations. This serves to avoid a compatibility issue where most non-Bitvise SSH servers will generate weak DH groups which cannot be used with the FIPS 140-2 validated cryptographic provider used by Bitvise SSH Client. Previously, group exchange was already de-prioritized for a handful of known SSH server implementations with this issue.
- It is now easier to turn compression on and off using the "Prefer zlib compression" setting on the SSH tab.
- File Transfer:
- The sftpc command line client now supports batch rename (using wildcards).
- The sftpc command line client now implements further improved support for command, path, and filename completion using the Tab key.
- Remote file copy is now supported, in the graphical SFTP interface as well as the sftpc command line client, with SSH servers that implement the SFTP version 6 file copy extension (including Bitvise SSH Server).
- The graphical SFTP interface now supports drag and drop, copy, cut, and paste features.
- Remote Desktop:
- Smart sizing - automatic adjustment of remote desktop resolution to local client window size - can now be enabled or disabled for forwarded Remote Desktop connections in the SSH Client profile.
- When not using SSH login credentials, the domain name to use for Remote Desktop authentication can now be configured in a field separate from the user name.
- If you experience trouble with Use SSH login credentials when connecting to Remote Desktop running on Windows Server 2003 or XP, disable Use SSH login credentials, and enter the username, domain, and password manually in the respective fields.
- Fixed a problem with newlines when pasting text into joe/nano editors.
- Fixed an issue which would cause the SSH Client to stop with an assertion failure if it was configured to use a proxy of type SOCKS4 with "Resolve locally" disabled.
- Fixed an issue which would cause command-line proxy parameters to not work correctly.
- Fixed an issue introduced in version 6.21 which would cause the SSH Client to close a connection before sending a failure reply in the event of a connect failure when using dynamic port forwarding (the SOCKS/HTTP CONNECT proxy forwarding feature).
- Fixed an issue which would cause Export and Remove buttons to not be available in the Host Key Manager unless a named (file-based) profile was opened.
- Fixed an issue which would prevent the Client Key Manager from importing ECDSA private keys in OpenSSH format if they were password protected. Improved accuracy of error messages if an invalid password is entered.
- The -flowDebugFile feature will no longer truncate quantum data, allowing a complete debug log of the SSH session to be recorded.
Changes in Bitvise SSH Client 6.22: [ 31 January 2015 ]
- The SSH Client now supports SSH protocol obfuscation. When connecting to an SSH server that supports it, obfuscation makes it harder for an observer to determine that the protocol being used is SSH.
- The sftpc command line client now supports tab completion.
- If a command is configured to be run under On Login > Execute on the Options tab, the SSH Client can now also be configured to close or terminate the program launched this way after the SSH session ends.
- Remote Desktop forwarding:
- A username and password can now be configured for single-click Remote Desktop forwarding, separately from the credentials used to log in via SSH.
- If the user name for Remote Desktop starts with ".\", it will now be communicated to the Remote Desktop client in the same way as in version 6.08 and older.
- Graphical xterm console:
- Block selection and copying is now supported by using the mouse to select while pressing the left Alt key.
- A tooltip is now displayed when text is copied to clipboard, or pasted in the terminal window. The tooltip can be turned off through the console's system menu.
- Fixed an issue which would cause a Ctrl+Alt+key event to be sent to the server in addition to a national character, when the user intended to input only a national character with AltGr+key.
- Links on the SSH Client's About tab now work correctly again.
- Fixed an issue that would cause the SSH session to terminate with an error after applying removal of some, but not all, client-configured C2S or S2C port forwarding rules.
- To maintain installer size, an initial Bitvise SSH Client 6.22 installation no longer includes files to support the Remote Control Panel feature for WinSSHD versions older than 5.22. The files necessary to use this feature with such older versions continue to be available separately.
Changes in Bitvise SSH Client 6.21: [ 23 January 2015 ]
- Per-profile host keys and client keypairs: Host authentication public keys, as well as client authentication keypairs, can now be stored in individual profiles. This allows a profile to contain all information needed to establish an SSH session, without requiring host key or client keypair information to be passed via command line parameters, or stored in Windows registry.
- When a host key is verified by the user, and the SSH session uses a profile, a copy of the host key will now be automatically saved in the profile.
- Per-profile proxy settings: Proxy settings can now be configured for individual profiles as well, allowing a profile to override globally configured proxy settings.
- Implemented measures to ensure profile consistency when accessed by multiple SSH Client instances.
- When opening profiles created using Bitvise SSH Client 4.xx, previous 6.xx versions would be unable to open profiles with an invalid Remote Desktop Computer field. Attempts to open such profiles would fail with a validation error, but a description of the validation error would not be displayed. Fixed.
- Delayed negotiation of zlib compression, as advertised by servers using the 'email@example.com' algorithm, is now supported. Because of an inherent race condition in the OpenSSH implementation of delayed compression, Bitvise SSH Client implements this in the same way as PuTTY - by triggering a second key exchange after successful authentication.
- Graphical management of server-side public keys: The graphical SSH Client now supports management of the user's public keys trusted by the server using SPKS, the Secure Shell Public Key Subsystem. As in previous 6.xx versions, this functionality also continues to be available in the spksc command line client.
- Agent forwarding: The SSH Client now supports agent forwarding if it is supported by the SSH Server. A remote SSH client running on the server can use agent forwarding to perform public key authentication using client keypairs managed by the local SSH Client.
- Agent support: Both the graphical client, as well as the command line clients, now support public key authentication using keypairs available through the OpenSSH authentication agent (ssh-agent) or the PuTTY authentication agent (pageant).
- Improved the choice of default subsequent authentication method offered when the server requires both password and public key authentication.
- Fixed an issue which prevented use of public key authentication as configured in a profile supplied with the "-profile" command line parameter.
- When using the graphical SSH Client in conjunction with a non-bvterm terminal protocol, such as xterm, the SSH Client will now use a custom terminal window with features not available with a Windows console window:
- Draggable resizing
- Support for xterm-256color
- Support for non-block copy & paste
- Improved performance
- Mouse input is now supported. Supported mouse modes are X10 compatible, Normal, Cell Motion and All Motion. Supports X10, UTF8, SGR, and URXVT coordinates. Supported are all 3 main mouse buttons; combinations with Alt, Shift, and Ctrl keys; and the mouse wheel. When mouse tracking is enabled by the server, client-side text selection and copying remains possible using the left Shift key.
- The terminal window color palette can now be configured.
- A setting is now supported to allow the terminal window to remain open after a terminal session closes.
- The terminal client will now display terminal titles received from the server via xterm. The client will append such titles to the initial title.
- Characters that could not normally be entered using the currently active input method can now be entered using Alt + NumPad or using copy and paste.
- When using the graphical SSH Client in conjunction with a non-bvterm terminal protocol, such as xterm, the SSH Client will now use a custom terminal window with features not available with a Windows console window:
- File transfer:
- sftpc now supports launching local commands prefixed with '!' in scripted mode. A non-zero return code is treated as an error.
- sftpc can now execute "ldir" to provide expected results if the current local directory points to a network share.
- Remote Desktop:
- Automatic sign-on for Remote Desktop now works with Microsoft accounts, as well.
- Sessions that attempted to register a large number of simultaneous client-to-server port forwarding rules could be terminated by an error. Fixed.
- Improved disconnection responsiveness and reliability.
- Improved trace logging.
- In recent 6.xx versions, a license code could not be applied unless the client was started using elevation. Fixed.
Changes in Bitvise SSH Client 6.08: [ 8 September 2014 ]
- Improved reliability and responsiveness of disconnecting a session, resolving an issue where the client could hang during a disconnect.
Changes in Bitvise SSH Client 6.07: [ 31 August 2014 ]
- In version 6.05, an issue was introduced that would cause the SSH session to terminate with an error during a server-to-client port forwarding failure. Fixed.
- In "Reconnect always" mode, when automatically reconnecting without first being successfully authenticated, the client would display the user authentication dialog instead of proceeding with the configured initial authentication method. Fixed.
- In SFTP Upload and Download panes, the individual file progress bar in the list control was always stuck at 0% when transferring. Fixed.
Changes in Bitvise SSH Client 6.06: [ 25 August 2014 ]
- Implemented support for unattended password authentication via the "keyboard-interactive" method. When the SSH Client is configured to authenticate with a stored password, it will now try to pass the stored password to the "keyboard-interactive" method if "password" authentication is not available.
- User authentication keypairs can now be imported and exported in the PuTTY format.
- Since migrating Bitvise SSH Client to use Crypto++ as a FIPS 140-2-certified cryptographic provider in versions 6.xx, Diffie Hellman-based SSH key exchange methods that use group exchange have not been working well with servers including OpenSSH, Tectia, and IBM Sterling Connect. The issue arises because these servers generate random DH group parameters which do not pass validation by Crypto++, and we cannot disable this validation in FIPS mode. To avoid this issue, we are changing default Bitvise SSH Client settings to disable DH key exchange methods that use group exchange. We encourage use of the new ECDH key exchange methods instead.
- The User keypair manager failed to show the first few characters of MD5 fingerprints below the keypair list. Fixed.
Changes in Bitvise SSH Client 6.05: [ 15 August 2014 ]
- SFTP: When downloading, characters in the file name that are invalid on Windows will now be replaced with an underscore. Files whose name contains a colon (':') will no longer be downloaded to an alternate NTFS stream.
- Remote Desktop: When using a custom Remote Desktop profile, prompting for credentials will now be properly disabled if "Use SSH login credentials" is checked.
- Added support for UTF-8 and UTF-16 byte order markers when importing keys from textual files.
- Fixed log message describing when reconnection attempt is scheduled.
- Fixed issues with proxy support for outgoing connections when "Resolve DNS names locally" was enabled.
- The SOCKS/HTTP proxy forwarding subsystem (dynamic tunneling) did not correctly handle IPv6 HTTP CONNECT request. Fixed.
- Several warning messages related to port forwarding are now informational messages, to avoid unnecessary pop-ups from being displayed.
- Graphical SFTP: Fixed an issue which prevented the "Target file already exists" dialog from opening when resuming is not available.
Changes in Bitvise SSH Client 6.04: [ 13 July 2014 ]
- When creating remote directories and files, Bitvise SSH Client will no longer send a default set of POSIX permissions, instead letting the server choose appropriate POSIX permissions for the new directories and files.
- In sftpc, batch list and download operations, such as "get *.txt", would always return an unsuccessful exit code. Fixed.
Changes in Bitvise SSH Client 6.03: [ 5 July 2014 ]
- In sftpc, the exit code would not be set properly after failed transfers. Fixed.
- When the SSH Client is run for the first time after installation, it would be run under the installer's elevated security context. This could cause subtle discrepancies in behavior compared to when the client is run without elevation later. Fixed.
- Since the new terminal client implementation introduced with version 4.60, the bvterm client would close with an exception if the server sent a particular rarely sent packet (BVT2_WRITEOUTPUTCHAR). Fixed.
Changes in Bitvise SSH Client 6.02: [ 1 July 2014 ]
- The graphical SFTP remote files pane was incorrectly using start directory and other settings from the local pane.
Changes in Bitvise SSH Client 6.01: [ 26 June 2014 ]
- New features in the sftpc command line client:
- The put and get commands now support a "-del" flag to delete files after they have been transferred successfully.
- When using put or get with the "-s" flag (recursive transfer), matching empty directories will now also be transferred.
- Importing of OpenSSH private keys encrypted using "aes192-cbc" and "aes256-cbc" algorithms is now also supported.
- When converting file times from UTC for display in local time, the SSH Client would not correctly account for DST when there was a mismatch between the file's DST offset and current DST. Fixed.
- An SFTP pane resizing issue is now believed fixed.
- Fixed a number of 6.00 beta issues:
- If exiting of the graphical client was canceled through the "profile changed" dialog, the Login button would no longer work.
- When viewing help for command line clients piped through a pager such as "more" or "less", the command line clients would terminate with an error if the pager was exited prematurely.
- Tooltips would not show when hovering the mouse pointer over an SSH Client icon in the system notification area.
- sftpc would show file modification times in UTC instead of local time when listing files.
- In the graphical SFTP window, under Browse, selecting the local or remote path from the dropdown list failed to work properly.
- On older Windows versions, including Windows XP, the Remote Desktop window title would not update properly when opening a single-click Remote Desktop window in full screen mode.
- On older Windows versions that did not include IPv6 support, including Windows XP, the newly added IPv6 support would fail, interfering with some aspects of the client.
Changes in Bitvise SSH Client 6.00 beta: [ 28 May 2014 ]
- Bitvise SSH Client now uses FlowSsh and the technological platform of Bitvise SSH Server versions 5.xx and 6.xx. This includes, but is not limited to:
- The cryptographic algorithms used by the SSH Client are now implemented in a FIPS 140-2 certified cryptographic module.
- The SSH Client now supports Elliptic Curve algorithms - key exchange using ECDH, and ECDSA public keys for client and server authentication.
- The SSH Client now implements defensive measures against attacks based on the CBC encryption mode.
- IPv6 is now supported.
- Command line clients:
- A new command line client, stnlc, supports scriptable and command line access to port forwarding functionality and the FTP-to-SFTP bridge.
- A new command line client, spksc, supports scriptable and command line access to the SSH public key subsystem. With Bitvise SSH Server, and other servers that support SPKS, the client can manage public keys which the server will accept for the client's authentication.
- The sftpc and stermc command line clients now also support an implied trailing command without the "-cmd=..." parameter, for example: "sftpc user@host get *.txt", or "stermc user@host dir".
- The sexec command line client now supports X11 forwarding.
- FTP-to-SFTP bridge:
- Wildcards (* and ?) can now be used in directory listings.
- As a compatibility improvement, the FTP-to-SFTP bridge now attempts to detect and ignore parameters passed to the LIST command.
- An optional FTP password can now be configured, which an FTP client then must provide in order to access the bridge.
- A port range for PASV mode transfers can now be configured.
- The starting directory for the FTP-to-SFTP bridge session can now be configured.
- Usability improvements:
- Settings changes in the Options, Terminal, Remote Desktop, and SFTP tabs now have immediate effect even if a session is active.
- Settings changes in the Services, C2S, and S2C tabs can now take effect, even if a session is active, after clicking Apply.
- Settings changes in the Login and SSH tabs continue to take effect for the next SSH session, and are not applied to any currently active session.
- Errors in initializing a port forwarding or the FTP-to-SFTP bridge will now no longer prevent establishment of the SSH session.
- Algorithms in the SSH settings tab can now be reordered in terms of priority.
- The graphical client's close behavior can now be configured. (Whether to exit, or hide to the system notification area.)
- When using single-click Remote Desktop forwarding in full screen mode, the Remote Desktop window title now reflects the destination server.
Security Clarification: [ 9 April 2014 ]
- We have recently received many inquiries about whether our software is affected by the heartbeat vulnerability in OpenSSL (nicknamed "Heartbleed"). This vulnerability relates to a protocol we do not implement, and a code base that is independent of ours. None of our software shares common code with OpenSSL or OpenSSH.