For issues that might arise using the latest SSH Server versions, see Known issues.
We are receiving occasional inquiries about whether our software is affected by the libssh vulnerability CVE-2018-10933, where a client can bypass authentication by sending an SSH_MSG_USERAUTH_SUCCESS message to the server.
Bitvise software does not share common code with libssh. Our understanding is that the libssh issue arises due to commingling of authentication state for server-side and client-side purposes. In Bitvise software, authentication state is managed in separate client-side and server-side components. The server-side authentication component is not affected by this issue and will ignore any SSH_MSG_USERAUTH_SUCCESS message sent by the client.
Changes in Bitvise SSH Server 7.46: [ 14 October 2018 ]
OpenSSH recently fixed a username enumeration vulnerability due to how errors were handled when decoding a user authentication request. Bitvise SSH Server does not share the same code base, but past versions are affected by conceptually the same issue, which we coincidentally discovered around the same time.
This version changes the way errors are handled when decoding a user authentication request to avoid username enumeration.
After the SSH session has been terminated by receiving EOF or sending SSH_MSG_DISCONNECT, FlowSsh will now discard any further outgoing SSH packets. This helps avoid a stall in processing and further improves the odds that all previously received data - in particular, SFTP requests - will be processed.
File transfer: Improved handling of symbolic link creation failures.
BvShell will now clear Windows console attributes on startup to improve experience on terminals where the default background color is not black.
If the BvLsa authentication package could not be loaded into LSASS, this is now appropriately logged as a warning instead of an information message.
As a maintenance release, this version continues an upgrade amnesty. Any Bitvise SSH Server activation code that could activate a previous 7.xx version will also activate this version.
- You can currently download this version here. (Alternative)
Changes in Bitvise SSH Server 7.45: [ 11 August 2018 ]
Bitvise SSH Server, SSH Client, and FlowSsh previously did not implement strict size limits or sanitization of content before displaying or logging strings received from a remote party. Much stricter size limits and sanitization are now implemented.
Version 7.21 introduced settings to configure minimum and maximum sizes of DH groups to be considered for Diffie Hellman key exchange methods with group exchange. These settings did not work correctly in many circumstances. This would allow clients to request 1024-bit DH parameters where this was meant to be prohibited. Fixed.
Bitvise SSH Server, SSH Client, and FlowSsh now report the size of the Diffie Hellman group actually used in DH key exchange. This is useful with key exchange methods that use DH group exchange, where there was previously no straightforward way to know what size group was used.
Changes in Bitvise SSH Server 7.44: [ 1 July 2018 ]
Cryptography: Implemented support for changes in Windows internal cryptographic structures in Windows Insider Preview Build 17704. This build was released to Windows Insiders in the Fast ring on June 27, 2018.
Users who need to use earlier versions of our software on new Windows builds that change internal structures can work around compatibility issues by using the following key exchange algorithms: Curve25519, ECDH over nistp256k1. These key exchange methods do not rely on Windows cryptography; however, our software does not provide them if FIPS mode is enabled in Windows. Other key exchange methods require upgrading our software to a version that supports the new Windows build.
Changes in Bitvise SSH Server 7.43: [ 19 June 2018 ]
File transfer: Fixed issues in past Bitvise software versions that resulted in incorrect file times when using subsecond times with SFTP protocol versions 4 and 6. This would result in incorrect last modified times after a file transfer which affected, on average, about one in several hundred files. Affected files would receive a last modified timestamp incorrect by up to 7+ minutes.
Authentication: Since version 7.32, the SSH Server would send additional information to the client if authentication failed due to a Windows account restriction. This information was sent under the assumption that Windows checks the provided password and returns information about the restriction only if the password is correct. Our investigation shows that for a number of restrictions, if the restriction prevents login, Windows reports the restriction without checking the password. We found this was previously reported e.g. in 2007 under CVE-2007-2999, and remains unaddressed.
The presence of this issue allows a remote unauthenticated party to check for the existence of Windows accounts that cannot login due to a restriction, without requiring knowledge of those accounts' passwords. To avoid this issue, Bitvise SSH Server now no longer sends information about Windows account restrictions, except where our testing indicates that Windows checks the password before reporting the restriction. At present, our testing indicates that only ERROR_LOGON_TYPE_NOT_GRANTED, and the alias ERROR_LOGON_NOT_GRANTED, are safe to report to the client. Other restrictions may or may not check the password depending on whether the account is domain or local.
Settings: For virtual accounts and groups, the default file transfer home directory is now "/" instead of "/%HOME%". This makes more sense for virtual accounts which usually have restricted virtual filesystem access. For Windows accounts, the default file transfer home directory remains "/%HOME%".
Installation: Updated installer and uninstaller manifests to reduce the likelihood that Windows will incorrectly run the Program Compatibility Assistant during or after installation. This mainly affects older Windows versions such as Windows 7.
Security Notification: [ 18 May 2018 ]
We have been informed of, and have taken steps to address:
- A security issue in common functionality used by Bitvise software.
- An initialization issue in a compression library used by Bitvise software.
This issue consists of an invalid memory access. At this time, we believe this memory access is always invalid and cannot be used for remote code execution.
This issue has the following impact on Bitvise SSH Server and Client:
High severity: When an affected Bitvise SSH Server version is installed on a 32-bit version of Windows, a remote unauthenticated attacker can cause the SSH Server's main service to stop abruptly.
This high severity impact is not present on 64-bit versions of Windows. The following other impacts are present on all versions of Windows.
Lower severity: An authenticated user connected to Bitvise SSH Server who is permitted to use the SFTP subsystem can cause the SFTP subsystem to stop abruptly. This can have an effect on what actions are logged. For example, an error might be logged instead of the last actions taken by the user.
Lower severity: A server to which a user connects using Bitvise SSH Client can cause the SSH Client to stop abruptly. Due to the limited effects, this would not be an interesting attack in most usage scenarios.
Low severity: If a user or administrator imports a specially crafted file when using either the local Bitvise SSH Server Control Panel; the remote Bitvise SSH Server Control Panel; or Bitvise SSH Client; then the process being used to import the file can stop abruptly. Due to the limited effects, this would not be an interesting attack in most usage scenarios.
In addition, this issue has the following impact on applications using FlowSsh:
If an application using the 32-bit version of FlowSsh connects to a server which sends a specially crafted packet that should cause FlowSsh to disconnect, the application will instead stop abruptly. The severity of this impact depends on the characteristics of the application.
At this time, we believe applications using the 64-bit version of FlowSsh are unaffected.
The following versions of our software are affected by issue 1:
- Bitvise SSH Server 6.xx, but not version 6.51 and future versions.
- Bitvise SSH Server 7.xx, but not versions 7.41 and higher.
- Bitvise SSH Client 6.xx and 7.xx, but not versions 7.41 and higher.
- FlowSsh 5.xx and 7.xx, but not version 7.41 and future versions.
We have addressed issue 1 in Bitvise SSH Server, Client, and FlowSsh versions 7.41 and higher. In addition, we have addressed issue 1 for Bitvise SSH Server 6.xx versions due to the high severity impact on 32-bit versions of Windows.
At this time, the limited impact does not seem to warrant applying this change to 6.xx versions of Bitvise SSH Client and FlowSsh. We encourage users of Bitvise SSH Client to upgrade to the latest versions free of charge. Users of FlowSsh 5.xx will need to have upgrade access to a 7.xx version to upgrade.
Issue 2 consists of incorrect delayed initialization in a compression library used by Bitvise software. We believe this could be used by one SSH session that uses compression to corrupt decompressed data in another simultaneous session that uses compression. However, for this to be likely, there must not have been another session that used compression since application startup. Therefore, the attack would have to occur at the same time as when the first legitimate session that uses compression begins after Bitvise SSH Server or an application using FlowSsh has started.
The following versions of our software are affected by issue 2:
- All older versions of Bitvise SSH Server, but not versions 7.41 and higher.
- All older versions of FlowSsh, but not version 7.41 and future versions.
Bitvise SSH Client only ever establishes one SSH session per process instance, so the issue cannot be exploited. A FlowSsh application could be affected if it simultaneously starts multiple concurrent SSH sessions after launching.
We recommend that all users of affected Bitvise SSH Server, Client, and FlowSsh versions upgrade to the newest current versions, which can be downloaded from our website:
- The latest version of Bitvise SSH Server – for example, 7.42 or newer.
- The latest version of Bitvise SSH Client – for example, 7.42 or newer.
- The latest version of FlowSsh – for example, 7.41 or newer.
In addition, users of Bitvise SSH Server versions 6.xx who do not wish to upgrade can download version 6.51, which also fixes issue 1, but not issue 2.
Changes in Bitvise SSH Server 7.42: [ 11 May 2018 ]
The End User License Agreement has been updated to try to bring it closer to the requirements of states and their contractors. Terms are otherwise unchanged. Situations in which licenses can be transferred are now laid out so that no permission will be needed in most cases.
Fixed an issue which would cause the SSH Server's scriptable configuration COM object, BssCfgManip, to become unregistered after uninstalling one of multiple concurrent SSH Server instances that use the same BssCfgManip version.
Changes in Bitvise SSH Server 7.41: [ 29 April 2018 ]
This is not a new feature release, but a successor to 7.39 with continued maintenance updates. (We skip over versions containing zeros to avoid ambiguities. For example, 7.04 and 7.40 might both be referred to as "7.4".)
Fixed an issue in zlib compression provided by the Crypto++ library. There existed a race condition which could cause data to be decompressed incorrectly in specific circumstances. For this to happen, the first SSH session to use compression, and the second SSH session to use compression, would have to connect at the exact same time after the SSH Server is started.
Fixed a denial of service attack vector described in the associated security notification.
Improved handling of disjoint namespaces in domain environments where the domain name is of the form region.example.com, but the computer is in a disjoint DNS suffix such as country.region.example.com. Previously, if the Windows function GetComputerNameEx failed with Windows error 1788 ("The trust relationship between the primary domain and the trusted domain failed"), the SSH Server would use LsaQueryInformationPolicy as backup. Now, the SSH Server will perform this fallback if GetComputerNameEx fails with other error codes, as well.
In Windows 10 builds 17133 and 17134 - the 1803 Spring Creators Update - Windows console functionality changed in such a way as to break console host version detection in previous SSH Server versions. Users of Windows 10 will need to upgrade to this SSH Server version or newer for terminal access to work.
- File transfer:
Some SFTP clients, including Bitvise SSH Client up to and including version 7.39, may send a fire-and-forget SSH_FXP_CLOSE message followed by immediately closing the SFTP channel and the SSH session. Depending on circumstances such as network latency, Bitvise SSH Server could fail to process the SSH_FXP_CLOSE request and incorrectly log that the final transfer may not have completed as intended. The SSH Server now takes steps to complete processing of any final requests sent by an SFTP client just before it disconnects.
- Control Panel:
Fixed an issue which would cause the SSH Server Control Panel (the user interface; not the main SSH Server service) to crash after receiving more than 5,000 Activity tab entries while the last entry was not being shown.
- Scriptable configuration:
The SetSite method of the BssCfgManip scriptable configuration COM object would previously fail to work for instances whose full name does not match the normalized instance name. This prevented using scriptable configuration for such instances. Fixed.
Changes in Bitvise SSH Server 7.39: [ 20 January 2018 ]
- On Windows Vista and Windows Server 2008 - but not on Windows 7, Windows Server 2008 R2, and later versions of Windows - the SSH Server's file transfer subsystem would hang indefinitely if a client attempted to use SFTP v6 check-file file hashing extensions. The SSH Server would have to be restarted to disconnect sessions. Fixed.
Changes in Bitvise SSH Server 7.38: [ 6 January 2018 ]
In version 7.36, we implemented an adjustment in the SSH Server's terminal subsystem when running on Windows 10. This was necessary to support changes in the Windows 10 console subsystem that happen with new OS builds. With this change, BvShell would not launch on Windows 10 unless a Windows profile was loaded due to a configured setting. For example, a profile would be loaded, and BvShell would work, if Load profile for SCP and SFTP was enabled in the account or group settings entry in Advanced SSH Server settings.
The user's Windows profile will now automatically be loaded for BvShell on Windows 10 or newer, without having to take steps to enable profile loading. On previous Windows versions, the SSH Server will continue to not load the Windows profile for BvShell unless enabled by a setting.
Security Clarification: [ 5 January 2018 ]
We have received inquiries about whether our software is affected by the Meltdown and Spectre vulnerabilities.
Meltdown and Spectre are fundamentally CPU vulnerabilities which require the attacker to be able to execute carefully selected code, in many cases with high-resolution timers. These vulnerabilities are generally not exploitable in situations where the attacker cannot run such code. If you are using Bitvise software for SFTP or SCP file transfer, port forwarding, Git access, or limited terminal access using the BvShell terminal shell, these types of access do not present an opportunity to exploit these vulnerabilities.
If you are using Bitvise SSH Server to provide terminal shell access to non-administrator users, then if these non-administrator users can run arbitrary programs, they can also run programs that could take advantage of Meltdown to gain administrative access. In this case, we recommend that you apply a Windows patch that attempts to mitigate the CPU vulnerabilities that enable Meltdown.
Changes in Bitvise SSH Server 7.36: [ 27 November 2017 ]
- Development, licensing, and US export control:
This is the first version of Bitvise SSH Server, SSH Client, and FlowSsh published from the United States.
All assets, operations, relationships, and agreements related to Bitvise software development and licensing; including license agreements for use of Bitvise software by users; have been transferred from Bitvise Limited incorporated in Gibraltar, to Bitvise Limited now incorporated in Texas.
Final builds are now performed in Texas. Our software development continues in Slovenia, Germany, and Hungary, and may include developers elsewhere in the future.
This move is an administrative change. Our development, ownership, pricing, support, terms and policies and relationship to customers generally remain the same.
For the purpose of export from the United States, our SSH Server, SSH Client and FlowSsh are self-classified as Mass-Market products using the ECCN 5D992, with the encryption authorization type identifier MMKT. These denote eligibility under License Exception ENC § 740.17(b)(1) of the Export Administration Regulations (EAR).
The SSH Server now implements a limit of at most 2498 simultaneous authenticated sessions. This is to avoid any doubt as to whether the SSH Server could be used in a way that could prevent self-classification for the purposes of US export control.
Bitvise SSH Server, SSH Client, and FlowSsh now come with new license agreements. Users must review the new EULAs, even though the terms remain substantially the same. We apologize for this inconvenience, and have attempted to draft the agreements in a way that this might not be necessary very often.
- Personal Edition:
The SSH Server's Personal Edition is licensed only for use that is both personal AND non-commercial, but is often found used in violation of its license restrictions. In an attempt to limit unlicensed use, while avoiding negative impact on intended users, the Personal Edition will now handle at most 15 concurrent connections.
- Control Panel and Settings:
Corrected spelling of the configuration file name containing instance-type settings. An incorrectly spelled filename created by a previous version will be renamed automatically on upgrade.
The list of Client version rules would allow coexistence of multiple Match all entries if the hidden Pattern field was different. Fixed.
If the setting Automatically configure router is enabled, the SSH Server will now search for gateways of type WANPPPConnection in addition to WANIPConnection. We expect this will extend the number of UPnP routers under which the SSH Server is able to automatically configure ports.
Windows 10 version 1709, OS build 17046.1000, changed internal Windows structures in a way that prevented Bitvise SSH Server, SSH Client, and FlowSsh from obtaining the agreed value in DH or ECDH key exchange. This prevented successful SSH connections using this new Windows build. Fixed.
There exist OpenSSH-based clients which send signatures that claim to be of a new type (rsa-sha2-256 or rsa-sha2-512), but are in fact of the older type (ssh-rsa). Previous SSH Server versions would reject such logon attempts with the message "Signature verification failed." The SSH Server will now tolerate this type of signature as long as the ssh-rsa signature algorithm is enabled in Advanced settings.
There exist SSH implementations based on WeOnlyDo which might not send failure description and language tag fields when sending an SSH_MSG_CHANNEL_OPEN_FAILURE message. Bitvise SSH Server, SSH Client and FlowSsh will now behave as though these fields were sent as empty strings, instead of disconnecting due to an unexpected packet format.
- Command line:
Fixed an issue in command line parsing – most relevant for the bvRun utility, in addition to Bitvise SSH Client – where parameters of the form -name=value would be assigned the last value provided anywhere in the command line; including in the trailing part that may contain one or more commands to run, which is a part from which parameters should not be parsed. Users who use scripts to construct command lines automatically, in a way that incorporates parts from untrusted sources – e.g. environment variable expansion or filename insertion where the source information may not be trusted – are suggested to upgrade. We also call attention to other ways such scripts can be vulnerable if they do not thoroughly validate inputs – for example, by exploiting the & operator if executed using the Command Prompt shell.
The latest builds of Windows 10 may ignore the per-process registry setting which the SSH Server sets to open the legacy terminal console. Current SSH Server versions require the legacy console instead of the Windows 10 console, which has new and currently unsupported behaviors. If Windows 10 ignores the per-process setting, the SSH Server will now detect this and fall back to a global setting.
Changes in Bitvise SSH Server 7.35: [ 16 September 2017 ]
- File transfer:
When using SFTP version 6, the SSH Server would previously advertise extensions check-file-name and check-file-handle, whereas the SFTP extensions draft calls for advertising check-file. The SSH Server will now advertise check-file as well.
When using SFTP version 6, the SSH Server now additionally advertises a check-file-blocks extension. We have identified two server implementations that support the check-file extensions, but either do not support block-by-block hashing (current versions of VShell) or disconnect if a larger file is hashed block-by-block (current versions mod_sftp for ProFTPD). This prevents the functioning of file content synchronization in recent versions of Bitvise SSH Client and FlowSsh.
We suggest that future servers advertise support for check-file-blocks if all of the following are true:
- The server supports block-by-block file hashing.
- Any reasonable block size requested by the client is supported.
- A file can be hashed block-by-block starting from an arbitrary offset.
SSH Server Control Panel: Fixed an issue which would cause the SSH Server Control Panel to not start automatically the next time the user logs in if the user starts another instance of the SSH Server Control Panel while a previous one is already running.
Fixed an issue which would prevent settings import directly from WinSSHD versions older than 4.10.
The SSH Server now relaxes some sanity checks for programs run under the terminal subsystem. Some versions of wtee that previously did not run because of an invalid field in the executable can now run anyway.
Changes in Bitvise SSH Server 7.34: [ 1 August 2017 ]
- Fixed a memory leak introduced in version 7.31.
- If a user was granted Git access, but had no other permission which would allow opening a channel of type "session", the user could not open a channel for Git access. Fixed.
Changes in Bitvise SSH Server 7.33: [ 11 July 2017 ]
- In Easy settings, dialog buttons would disappear if the settings window was opened already maximized. Fixed.
- When multiple concurrent SSH Server instances were installed using different names of equal length; and more than one of them had the Open Windows firewall setting set to a value other than Do not change Windows firewall settings; the concurrent installations would override each other's firewall exceptions. Fixed.
Changes in Bitvise SSH Server 7.32: [ 9 June 2017 ]
- Changed handling of password change so that an informative message is now sent, and another password change is requested, if the requested new password does not meet complexity requirements. In previous versions, such requests would fail without additional clarification, leading to user confusion.
- File transfer:
- Improved compatibility with SFTP clients that are provided by their users with Windows paths of the form C:\Directory\File.txt. When changing directories or opening files, SFTP clients given such paths will interpret them as relative paths, and will try to use them in the form /C/Dir/C:\Other\File.txt. In previous versions, the SSH Server would treat such concatenated paths as malformed. Now, they will be translated to a virtual path reflecting what the user most likely intends; for example, /C/Other/File.txt.
- Fixed an issue introduced in version 7.21 which caused the createdNewFile and resizedFile parameters to not be properly logged in the I_SFS_TRANSFER_FILE event. This also affected the on-upload command, which incorrectly would not execute for empty files created by a client.
- Improved handling of the SSH_FXP_SETSTAT request to avoid requiring access that is not needed for the exact action requested by the client. This fixes a compatibility issue with SFTP Net Drive introduced with SSH Server version 7.21.
Changes in Bitvise SSH Server 7.31: [ 3 May 2017 ]
- This is not a new feature release, but a successor to 7.29 with continued maintenance updates. (We skip over versions containing zeros to avoid ambiguities. For example, 7.03 and 7.30 might both be referred to as "7.3".)
- Small changes in key places improve CPU efficiency on the order of 30% (impact may depend on the system). This improves transfer speeds where CPU is the bottleneck – or maintaining same performance, allows for a greater number of simultaneous connections. Users who were previously maxing out a single core and seeing transfer speeds of e.g. 150 MB/s, may now see e.g. 200 MB/s.
- Versions 7.xx introduced encryption of SSH Server settings using a machine-specific encryption key stored in the Windows registry. Past versions stored this encryption key without a trailing null, and did not properly handle a trailing null if it was added by another application (e.g. when manually importing the registry value). The encryption key is now stored with a trailing null when first generated, and any trailing null is stripped when reading the encryption key.
Changes in Bitvise SSH Server 7.29: [ 31 March 2017 ]
A usage pattern for Bitvise SSH Server is to provide an SFTP blind drop. This is a virtual filesystem mount point that removes permissions such as Permit List and Permit Read Existing, and allows only Permit Read/Write/Delete New.
In recent versions, a blind drop configuration has worked with command line clients. However, the SSH Server was interpreting permissions strictly, causing problems for graphical clients, including Bitvise SSH Client and WinSCP.
This version slightly relaxes permissions required for SFTP operations such as SSH_FXP_REALPATH and SSH_FXP_STAT, so that graphical clients can be effective in this scenario.
An effect of this change is that it is now possible to probe for a file's existence using the SSH_FXP_STAT request. However, in current versions, our SSH Server does not support transparently renaming files uploaded into a blind drop. It is therefore possible to probe for a file's existence in any case, by attempting to upload the file.
Changes in Bitvise SSH Server 7.28: [ 13 March 2017 ]
- Fixed an issue in BvShell which, under specific conditions, could cause it to become unresponsive in a tight loop with high CPU usage.
- Reimplemented the workaround for older versions of the Renci.SshNet library. This works around another bug in these library versions that was not avoided by the measures introduced in 7.26.
Changes in Bitvise SSH Server 7.27: [ 2 March 2017 ]
- Fixed an issue which would cause an SFTP session to terminate abruptly if the client attempted to set the size of a file using an SSH_FXP_SETSTAT request (specifying a path, rather than a handle to the file).
Changes in Bitvise SSH Server 7.26: [ 7 February 2017 ]
- Fixed two issues related to the SSH Server Control Panel, introduced with version 7.21:
- Exporting a single server host keypair in Bitvise format, using the Manage host keys interface, would result in a corrupted file. (Multiple key export worked fine.)
- In the Remote SSH Server Control Panel; on the Statistics tab; if Update list was clicked with the option Detailed enumeration enabled; the Remote SSH Server Control Panel would close due to a protocol error caused by incorrect message encoding in the SSH Server. Fixed.
- Changes to BssCfg settings importText:
- After implementing changes to the textual settings format in versions 7.xx, the command BssCfg settings importText would no longer report a non-zero exit code if the import failed. This command now again returns a non-zero exit code on failure.
- The command BssCfg settings importText would previously display warnings if certain types of input could not be interpreted. These warnings are now treated as errors.
- As a result of these changes, the signature of the methods ImportTextSettingsFrom... in the BssCfgManip COM object has changed. There is no longer a list of warnings returned. Conditions that used to trigger a warning now trigger an error.
- Implemented a workaround for older versions of the Renci.SshNet client library. These versions conflate local and remote maximum channel packet sizes, which can lead the SSH Server to send a larger packet than the SshNet library accepts. The workaround limits the largest packet size the SSH Server will send to 33,500 for all current and past Renci.SshNet versions. It will not affect future versions if the library increments the SSH product version it sends.
Changes in Bitvise SSH Server 7.25: [ 22 January 2017 ]
- Fixed an issue causing corruption of file paths used in the SSHUPLOADFILE environment variable in the On-upload command, and paths used for file transfer activity reporting in the SSH Server Control Panel. This issue was introduced in version 6.41.
Changes in Bitvise SSH Server 7.24: [ 14 January 2017 ]
- File transfer subsystem compatibility improvements:
- Some filesystem drivers; including StableBit DrivePool; do not properly implement asynchronous directory listings. For better compatibility, the SSH Server now again uses synchronous directory listings.
- Improved robustness of handling FSTAT and FSETSTAT requests on directory handles with non-NTFS filesystems (including FAT and CDFS).
- When the uninstaller detects that a file is still in use, it can now display the names of applications keeping the file open. (Requires Windows Vista or later.)
Changes in Bitvise SSH Server 7.23: [ 10 January 2017 ]
- Recent SSH Server versions use a new way of listing directories that improves consistency of virtual filesystem accesses. This release implements a compatibility fix for non-standard filesystem drivers that may signal an end of directory listing using STATUS_NO_SUCH_FILE instead of STATUS_NO_MORE_FILES.
- In master/slave environments where there are slaves running on Windows XP or Windows Server 2003, it will now no longer be necessary to disable AES-GCM algorithms on the master in order for master/slave synchronization to work. (During any master/slave upgrade, slaves need to be upgraded first. For this fix to be effective, only the slaves need to be upgraded.)
Changes in Bitvise SSH Server 7.22: [ 3 January 2017 ]
- We have identified an issue where, when optimizing for speed under normal Release build settings, Visual Studio unexpectedly generates extraordinarily large stack frames for functions that create many short-lived temporary objects. On some versions of Windows, the footprint of some generated functions could cause the SSH Server to stop due to stack exhaustion under normal operating conditions. We have taken several steps, including splitting up largest offenders, reducing the use of inlining, and changing optimization settings, to ensure the issue is avoided.
Changes in Bitvise SSH Server 7.21: [ 31 December 2016 ]
- On Windows Vista, Windows Server 2008, and newer, our SSH Server, SSH Client, and FlowSsh now support server and client public key authentication using Ed25519, and ECDH key exchange using Curve25519. These algorithms are not available when Windows is running in FIPS mode.
- We have updated support for OpenSSH private keys, so that our software is now able to import and export them in their new format as introduced by OpenSSH in December 2013.
- Our SSH Server, SSH Client, and FlowSsh now support Diffie Hellman key exchange with 3072-bit and 4096-bit fixed groups, using SHA-512 as the exchange hash; and with the 2048-bit fixed group using SHA-256 as the exchange hash.
- In SSH Server's Advanced settings, under Algorithms > Key Exchange, the minimum and maximum group size for Diffie Hellman group exchange can now be configured. The SSH Server continues to support only fixed groups. By default, the minimum is 2048 bits, and the maximum is 3072 bits. Therefore, either group 14 (2048-bit) or group 15 (3072-bit) will be used with group exchange algorithms.
- Improved detection and reporting - via log files and the SSH Server Control Panel - for clients that connect with incorrect obfuscation settings.
- Fixed an issue which would cause the SSH Server to remove and re-add Windows firewall rules unnecessarily when retrying to synchronize main SSH Server listening sockets (bindings).
- Previously, the SSH Server initialized its listening sockets with a low backlog value of 5. When the accept delay threshold was met, for protection against too many incoming connections, the SSH Server would allow the backlog to fill, causing Windows to refuse additional connections. This was causing problems under heavy load, when there were a large number of simultaneous connections, but the accept delay threshold was not met. Therefore, the SSH Server now uses a large backlog value, and actively clears connections - accepts and closes them immediately - when the accept delay threshold is met.
- Other listening sockets used by the SSH Server, such as for server-to-client port forwarding, now also use a large backlog value to reduce the likelihood of connections being refused.
- When upgrading, the uninstaller will now automatically retry moving files that are still in use for a brief period before prompting.
- Master/slave synchronization:
- When slaves are configured to not maintain a persistent connection, but reconnect on a periodic basis, slaves will now hold off on reconnecting if unsuccessful. Previous behavior was to enter a state where slaves kept trying to reconnect on a short delay. If a master went down and was unavailable to all slaves for a period of time, this would cause an accidental denial of service effect on the master when it was returned online.
- Secondary masters are now assigned ranks to help avoid cyclical configurations.
- Added slave option to Keep local settings for Logging.
- Delegated settings:
- The SSH Server now supports delegated settings. In Advanced settings, an administrator with full access to SSH Server settings can configure specific Windows or virtual accounts so that they can view and edit specific, limited aspects of SSH Server functionality and settings. Functionality that can be made accessible to delegated administrators includes:
- Limited virtual account management.
- Server host key management.
- Viewing of session information.
- Temporary blocking of IP addresses.
- In order to access delegated SSH Server settings, users who are given access must connect to the SSH Server using Bitvise SSH Client, and use the Bitvise SSH Server Control Panel feature in the SSH Client. It is currently only possible to access delegated SSH Server settings via our SSH Client.
- The SSH Server now supports delegated settings. In Advanced settings, an administrator with full access to SSH Server settings can configure specific Windows or virtual accounts so that they can view and edit specific, limited aspects of SSH Server functionality and settings. Functionality that can be made accessible to delegated administrators includes:
- The SSH Server Control Panel will now display a dialog box to warn the administrator if they attempt to import a client authentication public key that cannot be used due to current settings configured under Advanced settings > Algorithms > Signature.
- If a new account was created in Easy settings, group mount points were not properly copied to the new account settings entry. Fixed.
- Under Advanced settings > Session, the setting IP blocking - lockout time is now expressed in minutes instead of seconds. On new installations, the default lockout period is now 3 hours instead of 1 hour.
- Account and group settings entries now have a Comment field. This field can be left empty, or can be set by an administrator to an arbitrary description of a user or group settings entry.
- Since versions 5.5x, our SSH Server has supported passwordless creation of logon sessions for Windows accounts that use public key authentication, or for virtual accounts that use a custom security context, where the password for the Windows account has not been entered in the SSH Server's password cache. This feature is made possible using a custom authentication package, which can only be loaded by Windows at system startup. In past versions, upgrading the SSH Server often required a system restart to restore passwordless logon functionality. This feature has been rearchitected so that fewer restarts will be required for future upgrades. Because of the depth of the changes, upgrading to version 7.21 will require a system restart in order for passwordless logon to work.
- We have revised in-depth the Windows APIs we use to obtain Windows account information, and eliminated as much as possible older APIs that rely on less secure SMB-based protocols in domain environments. In modern environments, the SSH Server should now require only an LDAP (ADSI) connection to the domain controller. This means that all communication with the DC will be secured by default using Kerberos sealing. SMB-based protocols will now only be used for passwordless logon in legacy environments where the domain controller is Windows Server 2000.
- The speed of LDAP (ADSI) queries performed by the SSH Server has been much improved. The SSH Server now connects to the DC in a way that avoids unnecessary NetBIOS lookups; ADSI connections are cached to improve performance; and the SSH Server avoids retrieving information it does not need. A passwordless logon to a Windows domain account should now be as fast as a logon with a password.
- A new account and group setting, Session setup > On failure to obtain account info, now controls what should happen if the SSH Server can log the user in successfully, but cannot obtain information from Windows such as the location of the user's profile directory. In this case, environment variables such as %HOME% are likely to be set incorrectly. This may lead to security issues if sensitive settings, such as a Real root path, depend on such environment variables. For existing groups, previous behavior is preserved, which is No restrictions. For new groups, default behavior is now more conservative, and is set to Disable access to child processes.
- File transfer:
- Since versions 6.2x, our SSH Server has supported filename pattern whitelists and blacklists for the virtual filesystem used by SFTP, SCP, and BvShell. This feature has been split into separate file and directory blacklists. For example: the SSH Server can now be configured to allow access to a directory with a name that fits a pattern such that access would not be permitted if it was instead a file.
- The main virtual filesystem provider used by SFTP, SCP, and BvShell has been rearchitected to improve consistency of filesystem operations. All operations that can be performed on file handles are now performed on file handles (instead of paths).
- Improved handling of requests to change file attributes. Addressed issues where: the Read-only attribute would prevent enabling Sparse, or changing Compression or Encryption; the System attribute would prevent enabling Encryption; and changing Compression and Encryption at the same time could fail.
- Advanced mount point settings provide a new setting, Delay initialization until accessed. This setting is enabled for new mount points by default, so that users who configure many mount points that are expensive to initialize (e.g. file shares) will not experience delays when a client connects for file transfer. However, the setting can be disabled so that mount points will be initialized immediately. This can be useful e.g. for users who rely on Create real root path to create directories on login.
- Advanced mount point settings provide a new setting, File sharing behavior. This can be used to specify whether the SSH Server should use the configured file sharing mode always (even if the SFTP client requests a different file sharing mode), or only if the SFTP client does not indicate a file sharing preference (which is the case for many clients).
- An SFTP client can now remove a symbolic link to a directory with the regular SSH_FXP_REMOVE message (in addition to SSH_FXP_RMDIR). This allows a symbolic link to a directory to be removed using clients that were previously not able to remove it (including graphical SFTP in our SSH Client).
- Personal Edition:
- The SSH Server Personal Edition can now be used on domain controllers. In this case, only domain accounts that are part of the domain controller's own domain can be used. Otherwise - when installed on a domain member - the restriction remains in place that only local Windows accounts (and virtual accounts) may be used.
- It is now possible to change licensed-to information for the Personal Edition by uninstalling and reinstalling.
Changes in Bitvise SSH Server 7.16: [ 5 December 2016 ]
- Fixed a race condition that could result in a crash of the main SSH Server process under a specific set of conditions, when clients use server-to-client port forwarding.
Changes in Bitvise SSH Server 7.15: [ 4 September 2016 ]
- Updated EULA to make more explicit our licensing and support policies. The policies themselves remain unchanged.
- Fixed an issue which caused the SSH Server's settings description in textual log files to include all settings fields. It now again properly records only fields that differ from defaults.
Changes in Bitvise SSH Server 7.14: [ 3 August 2016 ]
- SSH implementations have a chance of generating RSA signatures slightly smaller than expected with a small probability (e.g. 1:200). Windows CNG has been found to not validate such signatures as presented. With our software versions 7.12, this has resulted in occasional connection or login attempt failures. Our SSH Server, SSH Client, and FlowSsh now re-encode RSA signatures, so that smaller-than-expected ones can verify correctly.
- Windows CNG, as used by our new cryptographic provider in versions 7.xx, has been found to return an incorrect signature size for odd-sized RSA keys (e.g. for 1023-bit or 2047-bit keys). Most SSH implementations do not generate odd-sized RSA keys, but there are old versions of PuTTY which do (e.g. version 0.62). Our SSH Server, SSH Client, and FlowSsh now take steps to support generating and validating signatures using such keys.
- Certain implementations (e.g. OpenSSH version 7.2, but not 7.2p2) have been found to encode RSA signatures using the new signature methods rsa-sha2-256 and rsa-sha2-512 in a way that is not compatible with the specification of these methods. For compatibility, our SSH Server, SSH Client, and FlowSsh will now accept these alternate signature encodings.
- Our SSH Server, SSH Client, and FlowSsh now have improved Windows error reporting, distinguishing NTSTATUS error messages from those associated with HRESULT.
- In the SSH Server's scriptable configuration COM object, BssCfgManip, use of the OmitDefaults enumeration has been replaced with ShowDefaults, which is more intuitive. The two enumerations are binary compatible (0 omits defaults, 1 shows them). A definition for OmitDefaults remains included.
- Improved detection of newly applied activation codes to avoid situations that would require the SSH Server service to be restarted for a new activation code to take effect.
- When reinstalling the SSH Server as Personal Edition, it is now possible to re-enter different personal details for activation.
Changes in Bitvise SSH Server 7.12: [ 25 June 2016 ]
- Important: DSA keys larger than 1024 bits are no longer supported. The implementation of these keys in Bitvise software pre-dated the NIST standard for large DSA keys, and was incompatible both with the NIST standard and other implementations that might use it. In general, support for the DSA algorithm is being deprecated by SSH implementations. For interoperability with older SSH installations, we continue to support 1024-bit DSA keys, but we recommend migrating either to 3072-bit RSA, or ECDSA.
- On Windows Vista, Windows Server 2008, and newer, our software now uses a new cryptographic provider, CiWinCng, which uses built-in Windows cryptography. This provider adheres to FIPS 140-2 requirements as long as FIPS mode is enabled in Windows security policy. In FIPS mode, ECDSA and ECDH are supported with curves nistp256, nistp384 and nistp521, but not with curve secp256k1 because this curve is not implemented in Windows. When FIPS mode is disabled in Windows, the curve secp256k1 remains available (implemented using Crypto++).
- On Windows XP and Windows Server 2003, our software continues to use our previous cryptographic provider, which uses the Crypto++ 5.3.0 DLL. This DLL was FIPS-certified, but its certificate has been moved to the historical list due to changed random number generator requirements since January 1, 2016.
- When using the new CiWinCng cryptographic provider - default on all recent Windows versions - the encryption/integrity algorithms aes256-gcm and aes128-gcm are now supported. Our implementation is interoperable with the OpenSSH implementation of these algorithms.
- New RSA signature algorithms rsa-sha2-256 and rsa-sha2-512 are now supported for host authentication.
- The EXT_INFO extension negotiation mechanism is now supported, allowing for the use of new RSA signature algorithms rsa-sha2-256 and rsa-sha2-512 for client authentication.
- On initial installation, the SSH Server will now generate two default host keys: 3072-bit RSA, and ECDSA over the curve nistp384. This replaces ECDSA/nistp256 as the default curve for the ECDSA host key, to match recent NSA recommendations about key strength.
- The SSH Server will now disable gssapi-keyex authentication if Kerberos authentication is disabled. In previous versions, it was necessary to also disable NTLM authentication in order to disable gssapi-keyex.
- The default logon type for Windows groups is now Network, instead of Interactive. This addresses a common support case where non-administrator users cannot log in because the Windows security privilege "Log on locally" is not granted in the Windows security policy. As is true in general for changes to default settings, this does not affect upgraded settings or settings imported from previous versions, but does affect new installations and new groups created in Advanced settings.
- Bitvise SSH Server now supports a new terminal shell access type: BvShell. This is a command-line shell provided by the SSH Server which does not provide full access to the Windows filesystem, but instead limits a user's access to mount points configured for the user in SSH Server settings. The shell supports basic Unix and Windows commands, and allows users to access the SSH Server's virtual filesystem in ways that may not be supported by the user's SFTP or SCP client; for example, global search of file content, or file copy.
- In previous versions, WinSCP was able to connect to Bitvise SSH Server when used in SFTP mode, but not in SCP mode. Now, the SSH Server will automatically activate BvShell when WinSCP opens a terminal session, allowing WinSCP to function in SCP mode.
- Addressed a compatibility issue with Comodo Internet Security which would cause 64-bit processes to not run in an SSH terminal session on recent Windows versions.
- The Telnet forwarder utility that has been included in recent SSH Server versions is now fully integrated as a shell access type in Advanced SSH Server settings. This allows an administrator to replace the SSH Server's terminal subsystem so as to instead forward access to an existing Telnet server.
- The terminal subsystem now properly handles Alt, Shift, Ctrl + F1-F4 escape sequences in xterm.
- The terminal subsystem now recognizes alternative Shift + F3-F10 escape sequences as sent by PuTTY.
- File transfer:
- The SSH Server now properly supports getting and setting Windows file attributes using an SFTP client that supports this.
- Virtual filesystem mount points now support delayed initialization. Previously, when a user had a large number of mount points mapped to network shares, the connections to the network shares were all initialized at the beginning of the file transfer session. This could cause delays in session initialization. Each mount point provider is now initialized the first time it is accessed.
- In recent SSH Server versions, the setting "Load profile for SCP and SFTP" has been disabled by default for virtual accounts. It is now disabled by default for Windows accounts also. Windows has issues related to profile loading, and it is best to disable it for file transfer. Normally, a profile only needs to be loaded for terminal shell access, so that programs can be run which require the current user's profile to function.
- The SFTP protocol contains a legacy "long name" field which is mostly not used by graphical clients or by automated clients, but is used to display directory listings by a number of command line clients. There is now a new setting in Advanced settings, SFTP display time format, which can be used to change the date and time format sent as part of this field.
- The On-upload command now supports an additional environment variable, SSHUPLOADENDBY, which can have values CLIENT or CLEANUP. The script executed by the On-upload command can use this information to decide whether a transfer was fully completed (value CLIENT), or if it was most likely terminated prematurely (value CLEANUP).
- Port forwarding:
- In Advanced settings, it is now possible to configure a listening rule so as to override the listening interface requested by the client with a server-configured listening interface (and optionally, port).
- It is now possible to configure free-form listening rules that can match any textual interface requested by the client, including DNS names, as well as names that are not a valid DNS name or IPv4/6 address (such as Unix sockets). This is intended to be used together with a listening interface override to specify a valid interface on which to listen (previous bullet).
- IPv4 and IPv6 listening rules have now been merged into a single list, which also supports the new free-form rules.
- Improved consistency of event timestamps on computers where Windows current time functions may return inconsistent values.
- Control Panel and Settings:
- Usability improvements in Easy and Advanced settings: saving of dialog sizes when minimized or maximized; improved support for multi-monitor environments; treatment of default values in Easy settings.
- The default virtual filesystem layout for virtual accounts is now Limit to root directory instead of allowing full filesystem access.
- A virtual account password can now be cleared (to "not set" state) even if password complexity requirements are configured.
- The SSH Server will now display a more useful message on the Activity tab if a client connects but cannot establish an SSH session because the client and the server do not have any common algorithms that are supported or enabled.
- The contents of hidden fields that are not currently in effect are no longer displayed in list columns when editing or viewing settings.
- SSH Server settings may contain sensitive information, such as proxy authentication passwords or passwords to access network shares. For fields where this is possible, such as virtual account passwords, the information has always been stored irreversibly. For fields where the information must be decrypted, past versions stored it encrypted using a static key that could be decrypted on any computer. Now, the SSH Server will encrypt such sensitive configuration fields using a key that is available only to administrators on the SSH Server computer. To export settings that contain sensitive information for import on another computer, a password can now be provided during export which must be provided to decrypt settings on import.
- When editing a temporary IP blocking entry, the old entry will now be removed if the IP address is changed.
- Previously, when a list of client address rules included a DNS name rule, this rule would cause connections to be rejected when they arrived from an IP address for which a reverse DNS lookup did not succeed. In this case, the DNS name rule could not be evaluated, and the response was to always reject the connection in this case. It is now possible to configure, for each DNS rule, what should happen if the rule cannot be evaluated because DNS lookup failed. The default action is now to ignore the rule and proceed with any subsequent rules.
- The SSH Server Control Panel will no longer try to create or delete its auto-start task when the -noRegistry flag is passed on the command line.
- Scriptable/textual configuration:
- The SSH Server's textual configuration has been completely revamped. The structure of the settings and the operations supported remain mostly the same. However, when accessing settings using the BssCfgManip COM object, each settings structure can now be accessed as a separate COM object instead of having to compose text strings and pass them to ProcessInstruction or QueryValue. This allows SSH Server settings to be managed much more naturally using PowerShell or VBScript.
- As part of the textual configuration changes, the Query tab is no longer available in Advanced settings. Instead, it is now possible to use the SSH Server Control Panel to open a PowerShell window which can be used to query or change settings.
- The BssCfg commands exportText and importText continue to be supported. These commands now support exporting and importing settings in a textual format which is a subset of PowerShell syntax which can now be used to configure SSH Server settings.
- A virtual account password can now be cleared (to "not set" state) using the scriptable/textual configuration interface.
- Host authentication public keys can now be exported programmatically using BssCfgManip in the SSH2 and OpenSSH formats.
- The SSH Server installation now includes PowerShell scripts VirtAccountExporter.ps1 and VirtAccountImporter.ps1, allowing for export and import of basic virtual account entries to and from CSV (comma-separated values) files. The scripts can be extended to support additional fields in a custom CSV format.
- Master/slave synchronization:
- A slave can now be configured to connect to a master that uses SSH protocol obfuscation.
- Instance type settings (master/slave configuration) have been moved from the Windows registry to the Config subdirectory of the SSH Server installation directory, where the main SSH Server settings and host keypairs reside.
- In previous versions, in domain environments, the SSH Server would retrieve user information from Active Directory using default parameters, which would cause results to be sent from the domain controller to the SSH Server computer without encryption. The SSH Server will now use ADSI using Kerberos sealing by default. It is now also possible to enable a TLS (SSL) connection to Active Directory in Advanced settings, if available in the domain environment.
- The SSH Server should now support authentication with domain accounts in domains with an Active Directory name different from their DNS name.
- The SSH Server should now work in cluster environments where the virtual server name of the cluster computer is different from the physical computer name.
- Versions 6.4x targeted the SSE2 instruction set, which caused them to not run on old computers lacking support for SSE2. Versions 7.xx now target the SSE instruction set, which allows for compatibility with old CPUs, at the cost of a small performance penalty - in our measurements, between 0 and 0.5%.
These clients incorrectly trim spaces at the end of the SSH version string, and the SSH Server sends such a space when this setting is enabled. Affected clients calculate the SSH session exchange hash as if this space wasn't sent, corrupting signature verification. The error manifests with a message such as:
Signature verification failed
If you experience this issue, a workaround is to disable the Omit server version setting. Future versions of affected clients may resolve this issue. A future new feature release of the SSH Server will also resolve this issue by removing the unnecessary space, but minor versions will not, to avoid defeating the purpose of the Omit server version feature.
Windows 10: As of July 2017, if the SSH Server setting Open Windows Firewall is set to a value other than Do not change Windows Firewall settings, the latest versions of Windows 10 may log this during system shutdown: The Bitvise SSH Server service did not shut down properly after receiving a preshutdown control. After investigating, we find that even though the SSH Server has a dependency on the Windows Firewall service in this configuration, Windows appears to over-aggressively shut down related functionality, so that the SSH Server cannot deinitialize. We have at this time not found a solution, and believe that a fix is needed by Microsoft. Affected users can avoid this issue by configuring the SSH Server with Do not change Windows firewall settings. If this is done, a rule to allow access to the SSH Server must be added in Windows Firewall settings manually.
Windows XP: All versions of our software that we recommend using are built using Visual Studio 2015. The C++ run-time library used by this Visual Studio version has a known issue where 1-2 kB of memory are leaked each time a new thread is created. This issue does not occur on later Windows versions; it does not occur e.g. on Windows Server 2003. Microsoft has stated they do not intend to fix this issue. Bitvise's view is that the impacts on our SSH Client and FlowSsh are manageable; whereas our SSH Server is rarely used on Windows XP. We therefore do not plan to work around this; but we warn that this can be a potential denial of service vector on Windows XP.