Bitvise SSH Client Version History  

For issues that might arise using the latest SSH Client versions, see Known issues.


Changes in Bitvise SSH Client 9.33:    [ 20 December 2023 ]

  • Security:

    • Terrapin - CVE-2023-48795: Researchers have identified an issue where all SSH connections which use the encryption algorithm ChaCha20-Poly1305, or any integrity algorithm of type encrypt-then-MAC, are vulnerable to packet sequence manipulation by an active attacker, if the attacker can intercept the network path. This can be used to sabotage SSH extension negotiation. This affects extensions with security impact, such as server-sig-algs.

      Since the attacker can only remove packets sent before user authentication, this does not seem to fatally break the security of the SSH connection. However, it is a cryptographic weakness to address.

      Bitvise software versions 9.32 and newer support strict key exchange. This is a new SSH protocol feature which mitigates this attack. The SSH client and server must both implement strict key exchange for mitigation to be effective. Other SSH software authors are also releasing new versions to support this.

      If you must interoperate with SSH software which does not support strict key exchange, consider disabling the encryption algorithm ChaCha20-Poly1305, as well as integrity algorithms of type encrypt-then-MAC. These are the newer data integrity protection algorithms whose names contain -etm.

      Bitvise software versions 8.xx and older are not substantially affected because they do not implement algorithms where this issue is practically exploitable. Nevertheless, we suggest updating all SSH software to new versions that support strict key exchange.

      The encryption algorithms aes256-gcm and aes128-gcm are substantially immune from this attack. Users who are committed to older SSH software versions should consider using AES GCM. If this is not possible, the data integrity protection algorithms which are not named -etm are not entirely immune, but are also not believed to be practically exploitable. For compatibility with SSH software which does not support strict key exchange or AES GCM, an algorithm combination such as AES CTR with non-ETM data integrity protection may continue to be acceptable.

  • Graphical client:

    • Error and warning popups would not be shown if the main SSH Client window was visible when the message was logged, but lost focus immediately after. This would happen, for example, if there was an issue with terminal session logging, which occurs just before opening the terminal window.

      The SSH Client now shows popups if the main window loses focus immediately after errors or warnings were logged.

  • SFTP:

    • The SSH Client now prefers to open remote files using the flags SSH_FXF_BLOCK_WRITE and SSH_FXF_BLOCK_ADVISORY, instead of only SSH_FXF_BLOCK_WRITE. This allows the server to strip the block flag if it is not supported by a part of its filesystem.


Changes in Bitvise SSH Client 9.31:    [ 24 September 2023 ]

  • Command-line clients:

    • Even when output was redirected, the command-line clients sftpc, sexec, stermc, stnlc and spksc would not run unless the process was associated with a console window. Fixed.

  • User interface:

    • Names and strings containing the & character were not properly displayed in lists. Fixed.

  • File transfer:

    • When using the Move to dialog in the SFTP window, the SSH Client could crash. Fixed.


Changes in Bitvise SSH Client 9.28:    [ 1 July 2023 ]

  • Installation:

    • If Install WinFsp was unchecked, the SSH Client installer would still unpack WinFsp files, without registering them. The installer will no longer unpack WinFsp files unless Install WinFsp is selected.

  • SSH:

    • The SSH Client is now compatible with the OpenSSH-style authentication agent in 1Password. The SSH Client previously refused to connect to the Windows named pipe created by 1Password because the pipe owner is not a member of the Administrators group or Local System. For compatibility with this agent, the SSH Client no longer checks pipe ownership, but implements more validation of information received over the pipe.

  • Port forwarding:

    • The command-line parameters -c2sFile and -s2cFile now also import comment fields, if present.

  • Terminal:

    • If the accent color was enabled for window title bars in Windows, the SSH Client's terminal window title could be hard to read. Fixed.

    • Double-click word selection did not work correctly on the first word of the first line in the terminal window. Fixed.

    • The terminal window now supports 5-hexadecimal-digit Unicode characters, i.e. Unicode code points higher than 65535.


Changes in Bitvise SSH Client 9.27:    [ 14 February 2023 ]

  • Cryptography:

    • OpenSSL version updated to 1.1.1t. Bitvise software primarily uses Windows CNG for cryptography. We use OpenSSL for specific cryptographic algorithms not supported by Windows. Currently, these are chacha20-poly1305 and on older Windows versions, the elliptic curve secp256k1. Our software does not use OpenSSL features affected by recent OpenSSL security advisories.

  • Terminal:

    • The key combination Alt+Backspace would incorrectly open the terminal window's system menu. Fixed.


Changes in Bitvise SSH Client 9.26:    [ 16 January 2023 ]

  • EULA:

    • We updated our EULAs to formalize our existing practices regarding the nature and behavior of our software (it is a product, not a service; the data it handles is not sent to Bitvise; risk tradeoffs with updates) and the way we provide support (via email and our case management system, in written form).

  • Installation:

    • The SSH Client installer now offers the option whether to install WinFsp. WinFsp is required to use the SSH Client's SFTP drive feature, but is not needed for other functions.

    • The SSH Client can now use WinFsp installed from another source, such as the official WinFsp distribution, or installed by a third-party application, instead of installing its own. We cannot guarantee reliability or performance when using such other versions of WinFsp. However, the SSH Client now tries to use them.

  • Cryptography:

    • OpenSSL version updated to 1.1.1s. Bitvise software primarily uses Windows CNG for cryptography. We use OpenSSL for specific cryptographic algorithms not supported by Windows. Currently, these are chacha20-poly1305 and on older Windows versions, the elliptic curve secp256k1.

  • Terminal:

    • Since version 9.23, the SSH Client's terminal window disables client-side scrolling when the server switches to the alternate screen. This is correct behavior, and it avoids confusing users, but it has confused other users, who were used to scrolling in the alternate screen.

      The SSH Client's terminal window now displays a padlock icon in the title bar when the alternate screen is enabled. This indicates that the terminal window is in a special state and explains why scrolling is disabled.

    • The SSH Client's terminal window did not work on Windows XP. Fixed.

  • SSH Server Remote Control Panel:

    • When using the SSH Client to remotely administer Bitvise SSH Server, the SSH Server Remote Control Panel would exit unexpectedly when trying to manually apply an update. Fixed.


Changes in Bitvise SSH Client 9.25:    [ 30 October 2022 ]

  • Graphical client:

    • User Authentication Banner dialog text can now be selected and copied to clipboard.

    • Improved default file browse filter for client authentication keypair import.


Changes in Bitvise SSH Client 9.24:    [ 9 October 2022 ]

  • General:

    • SSH Client help windows now allow selection and copy & paste.

    • Updated keyboard shortcuts in the pop-up menu for the SSH Client icon in the system notification area. This resolves conflicts and makes the shortcut keys consistent with Ctrl+Shift shortcuts in SSH Client windows.

  • SSH:

    • The SSH Client now displays the signature algorithm used during client authentication with a public key.

    • The default list of submethods for keyboard-interactive authentication is now empty.

  • Command-line clients:

    • Improved output of command-line clients when output is piped into another program, or redirected into a file.

  • sftpc:

    • When output is redirected, sftpc no longer truncates file and directory paths shorter than 1,000 bytes. For easier processing, file transfer results such as "OK" and "in sync" are now displayed as "<OK>" and "<sync>".

    • The remove/delete commands del, ldel, rm, lrm, rmdir and lrmdir now support the -ifExist parameter. If passed, this parameter causes the command to test whether the path exists before attempting to delete it. If the path does not exist, the command succeeds.

  • Terminal:

    • Due to Ctrl+Shift+... keyboard shortcuts new in versions 9.xx, the terminal window in the graphical SSH Client would no longer send to the server Ctrl+Shift key combinations such as Ctrl+Shift+F1. These combinations are now sent again.

    • The clear command now causes the terminal window to scroll down instead of overwriting visible screen content.

    • A full reset, or a soft terminal reset, now avoids clearing the primary screen buffer, such as when the screen command exits.


Changes in Bitvise SSH Client 9.23:    [ 5 June 2022 ]

  • Terminal:

    • When the alternative window buffer is activated, the terminal window now prevents client-side scrolling. This interfered with display of server-side applications which provide their own scrolling via keyboard.

  • SFTP drive:

    • There exist servers, such as GlobalSCAPE, which support neither the SFTP request space-available, nor the alternative statvfs@openssh.com. These requests are used to query free space on the server. With such servers, this information cannot be queried, so the SSH Client will now report a very large amount of free space on the SFTP drive. The client previously reported zero free space, which prevented some applications from writing files.


Changes in Bitvise SSH Client 9.19:    [ 28 May 2022 ]

  • Terminal:

    • Restored behavior from previous SSH Client versions, including 8.xx, where right-click can be used immediately after selecting to copy-and-paste the selected text.

    • The DECSTBM message (Set Top and Bottom Margins) should now be handled correctly.

  • spksc:

    • The command-line client for the SSH Public Key Subsystem, spksc, now supports commands to list local keys in addition to public keys configured for public key authentication on the server.

    • If Ctrl+C was pressed during command execution, spksc would previously hang. Fixed.

  • Host key manager:

    • When using the Modify Host Key dialog, pasting a host address containing spaces would cause the SSH Client to crash. Fixed.


Changes in Bitvise SSH Client 9.18:    [ 5 May 2022 ]

  • Installation and update:

    • Improved reliability of creating temporary directories which could previously cause installation to fail.

  • Main window:

    • The FTP bridge password input fields on the Services tab now scroll horizontally.

  • Terminal:

    • Fixed issues that could cause the terminal window to display output incorrectly in situations that are difficult to reproduce. We continue to investigate and welcome feedback from users who experience these issues.

  • SSH:

    • When using Diffie-Hellman key exchange methods with group exchange, the SSH Client would accept only server-generated groups with a generator much smaller than the modulus. Some servers, such as Rebex, send a generator parameter as large as the modulus. The SSH Client will now accept such groups.

      We cannot guarantee that unusual server-generated groups will work with Windows CNG cryptography. We continue to disrecommend Diffie-Hellman key exchange methods that use group exchange due to such compatibility issues. The SSH Client continues to downrank these key exchange methods by default.


Changes in Bitvise SSH Client 9.17:    [ 12 March 2022 ]

  • Installation and update:

    • Due to a bug in the log utility included with SSH Client version 9.12, using built-in update functionality to update from version 9.12 to versions 9.14 - 9.16 would fail. Now, when updating from version 9.12, the first attempt will still fail, but will replace the log utility so that a second attempt succeeds.

      Running the new version installer directly to update manually works for all versions and does not trigger this issue.

  • SSH:

    • Starting with versions 9.xx, at the start of an SSH connection, the SSH Client would wait to send its SSH_MSG_NEWKEYS message until it has received it from the server. As a result, connections to certain SSH servers would not work. Affected servers include xlightftpd and RomSShell used by certain Brocade network equipment. The client now once again sends this message promptly.

    • Fixed issue which could cause the SSH Client to disconnect and generate the error "SSH manager has been terminated by exception: Null pointer read". This was more likely when using an SSH jump proxy, configurable in Proxy settings, but could occur generally using SSH tunneling.

    • Improved detection of misconfigured obfuscation settings.

  • Graphical client:

    • Logout behavior is now configurable. When disconnecting, the SSH Client can now be configured to close open windows without asking for confirmation.

  • SFTP GUI:

    • The graphical SFTP interface can now display Owner and Group columns for remote files.

    • Remote directory properties now show disk usage and free space information.

  • sftpc:

    • A new df command now shows disk usage and free space information.

  • Terminal:

    • The terminal window in the graphical SSH Client now supports additional settings for text selection and copying: word boundary characters for double-click select; whether double-click select can span more than one line; and whether to trim any trailing spaces when copying.

    • Terminal window settings now display fonts alphabetically sorted.

  • SSH Server Remote Control Panel:

    • The SSH Server Remote Control Panel window did not close when the SSH connection disconnected, and the window was not usable after. The window now closes as intended.


Changes in Bitvise SSH Client 9.16:    [ 14 February 2022 ]

  • SFTP drive:

    • When disconnecting, the SFTP drive will no longer cause a prompt that the SSH session is still active, unless another application is holding a file or directory handle open.

      Note that the Windows Command Prompt does keep a directory handle open indefinitely, as long as the window (or the cmd.exe process) is open.

  • Terminal:

    • In previous 9.xx versions, the key combinations Ctrl+_ and Ctrl+^ could not be sent. Fixed.

  • SSH Server Remote Control Panel:

    • This version contains the Bitvise SSH Server Remote Control Panel (WRC) necessary to remotely administer SSH Server versions 9.16 and higher.


Changes in Bitvise SSH Client 9.15:    [ 5 February 2022 ]

  • SSH:

    • When using one of the key exchange methods with Diffie Hellman group exchange, the SSH Client and FlowSsh could perform an invalid memory access. Invalid DH group size parameters could be sent to the server. Fixed.

  • Graphical client:

    • When the setting Window behavior > New child windows was set to Restore last position (default value in versions 9.12 and 9.14), the SFTP window could open off-screen. Fixed. The default value of this setting is now Center to parent.

    • The following settings now support environment variable expansion:

      • Options > Execute Local Command
      • RDP > Remote Desktop > Profile
      • RDP > Command-Line Parameters > Custom
      • SFTP > Local and Upload Settings > Initial directory
    • Improved keyboard navigation via Tab-key.

  • Terminal:

    • The terminal window in the graphical SSH Client could crash or deadlock, especially during selection. Several issues fixed.

    • The terminal window title could be blank. Fixed.

  • SFTP:

    • If a custom SFTP subsystem is configured, this is now invoked as an SSH exec request instead of a subsystem request. This should work with more servers where this feature is needed.

  • Command line:

    • sftpc will now use the SFTP protocol version setting from the profile, if a -profile=... parameter is used.

    • The graphical SSH Client now supports the -sftpVersion command-line parameter to override the loaded profile.

    • All clients now support the -dhGexMinBits parameter.

    • The parameter -rdpCustomSettings is now -rdpCustomStg and can appear multiple times to configure multiple Remote Desktop settings.


Changes in Bitvise SSH Client 9.14:    [ 23 January 2022 ]

  • SFTP drive:

    • On systems with negative UTC offsets, the Windows Command Prompt would display unexpected error messages as part of directory listings for directories without an SFTP file time. Fixed.

  • Terminal:

    • Starting a clipboard selection now pauses terminal output.

    • Double-clicking the system icon now once again closes the terminal window.

  • Remote Desktop:

    • The setting Share clipboard is now enabled for new profiles by default.

  • Window behavior:

    • The SSH Client can now be configured to prevent system sleep, for example when connected.

  • Command line:

    • The log utility did not work at all in version 9.12. Fixed.

    • The main SSH Client window now supports the option -start=login which can be used in conjunction with other -start=... options. For consistency with previous versions, the option -loginOnStartup is now an alias for -start=login,tray. This means the SSH Client connects automatically and also minimizes to the system notification area. When opening an SSH Client profile through right-click > Connect, the profile is now opened with -start=login, but not tray. This means the SSH Client connects automatically with the main window visible.


New features in Bitvise SSH Client 9.12:    [ 1 January 2022 ]

  • SFTP drive: Access files on an SFTP server as if they were local, from any Windows application.

  • Terminal session recording: The content of terminal sessions can now be automatically saved to files.

  • SSH jump proxy: The SSH Client can now more conveniently connect to a final destination SSH or SFTP server, by first connecting to an SSH jump server. In the graphical SSH Client, this is configured in Proxy settings, accessible from the Login tab.

  • Keyboard shortcuts: An SFTP window can now be opened more practically from a terminal window, and vice versa.

  • Command-line help: The clients sftpc, stnlc and spksc now support -help-shell to receive help for interactive commands (such as get, put) directly from the command-line.

  • Cryptography: New cryptographic algorithms include chacha20-poly1305 and encrypt-then-MAC hashing.

Known issues

  • Windows XP: All versions of our software that we recommend using are built using Visual Studio 2015. The C++ run-time library used by this Visual Studio version has a known issue where 1-2 kB of memory are leaked each time a new thread is created. This issue does not occur on later Windows versions; it does not occur e.g. on Windows Server 2003. Microsoft has stated they do not intend to fix this issue. Bitvise's view is that the impacts on our SSH Client and FlowSsh are manageable; whereas our SSH Server is rarely used on Windows XP. We therefore do not plan to work around this; but we warn that this can be a potential denial of service vector on Windows XP.

Older versions

Bitvise SSH Client 8.xx Version History

Bitvise SSH Client 7.xx Version History

Bitvise SSH Client 6.xx Version History

Bitvise SSH Client 4.xx Version History

Tunnelier 3.xx Version History