bitvise.com
Open in
urlscan Pro
18.188.178.2
Public Scan
Submitted URL: https://www.bitvise.com/ssh-server-version-history-9#939
Effective URL: https://bitvise.com/ssh-server-version-history-9
Submission Tags: falconsandbox
Submission: On August 07 via api from US — Scanned from CA
Effective URL: https://bitvise.com/ssh-server-version-history-9
Submission Tags: falconsandbox
Submission: On August 07 via api from US — Scanned from CA
Form analysis 0 forms found in the DOM
Text Content
ProductsDownloadPurchaseContactMy Licenses
+Home
* About SSH
* Security
* Screenshots
* Customers
* Specifications
+Getting started
* Install SSH Server
* Change port number
* Install SSH Client
* Connect first time
* Windows accounts
* Virtual accounts
* Configure SFTP / SCP
* Configure Git access
* Open to internet access
* Public key: Bitvise
* Harden SSH Server
–SSH Server
* –Version history
* 9.xx
* Pricing
* License
* +Download
* WRC
* Notifications
* –Help
* +Users' Guide
* Installing
* Upgrading
* Starting
* Connecting
* Config for SFTP
* FTPS compatibility
* Securing
* Host keys
* Backup
* Opening
* Groups, accounts
* Architecture
* Windows domains
* AD permissions
* Network shares
* Logon type
* Public keys
* Tunneling
* Sync & clusters
* Environment
* Tasks, notifications
* Scripted config
* Advanced
* Log parsing
* Utilities
* Printable docs
* Usage FAQ
* Public keys in SSH
* Upgrading DSA
* Internet explained
+SSH Client
* Version history
* License
* Download
* Notifications
* Portable
* The 'log' utility
* –Help
* Internet explained
* Public keys in SSH
* Upgrading DSA
* Port forwarding guide
* SSH web browsing
* Git with sexec
* Authentication agents
* X11 forwarding
* Tunnel Remote Desktop
* FTP bridge
* Tunnel WinVNC
* SSH client as service
* Unattended use
+FlowSsh library
* Version history
* Notifications
* Documentation
+Download
* SSH Server
* SSH Client
* WRC
* Verify installers
* Uninstalling
+Purchase
* Support and upgrades
* Large scale
* Reseller list
* Reseller policy
–Company
* About us
* Work at Bitvise
* Contact
BITVISE SSH SERVER VERSION HISTORY
For issues that might arise using the latest SSH Server versions, see Known
issues.
Changes in Bitvise SSH Server 9.39: [ 2 August 2024 ]
* File transfer:
* If a user was configured with a virtual filesystem layout with more than
one mount point, then if permitted by Windows filesystem permissions, the
SSH Server would allow the user to rename the mount path of one of the
mount points, moving that entire mount point inside another mount point.
The SSH Server no longer allows this, even if permitted by Windows
filesystem permissions.
This issue can have a security impact. For more information, see security
notification.
* When renaming a file or directory on a mount point backed by another SFTP
server, the SSH Server would translate a standard SSH rename request into a
POSIX rename request, which many servers cannot process. Fixed.
* General:
* In a niche situation where the SSH Server cannot initialize the Windows
logon session with the user's environment block, the first connection which
creates the Windows logon session would still succeed; it falls back to the
system environment block. However, if Windows session sharing is enabled,
subsequent connections attempting to reuse the Windows logon session would
fail, instead of continuing to fall back to the system environment block.
Fixed.
Security Clarification: [ July 2024 ]
* We are receiving inquiries whether our software is affected by the recent
regreSSHion issue described in CVE-2024-6387.
Bitvise software is not based on OpenSSH and is not affected by this issue.
Changes in Bitvise SSH Server 9.38: [ 6 June 2024 ]
* SFTP:
* If the SFTP server does not send an exit code, the OpenSSH SFTP client
returns exit code -1 instead of 0. This has become noticeable in newer
OpenSSH versions, where scp now uses SFTP by default, and the change in
exit code breaks scripts.
To accommodate this client behavior, the SSH Server now sends an exit code
for the SFTP subsystem.
Changes in Bitvise SSH Server 9.37: [ 4 May 2024 ]
* Control Panel and Settings:
* If the Windows setting Roll the mouse wheel to scroll was set to One screen
at a time, the SSH Server Control Panel would exit abruptly when attempting
to scroll. Full page mouse wheel scrolling is now supported.
* On Windows XP and Windows Server 2003, the Custom events interface in
Advanced settings and the list on the Statistics tab did not display text
for searchable columns. Fixed.
* When the SSH Server Control Panel was opened displaying the Server tab, it
would cause Windows to log repeated audit events about enumerating group
membership for the SSH Server's BvSsh_VirtualUsers account. Fixed.
* Logging:
* Connection disconnect log events now include information about connection
duration, so it does not need to be calculated by finding the matching
connection accept event.
* SFTP:
* Version 9.34 introduced an inconsistency in how the SSH Server responds to
SSH_FXP_READ requests which attempt to read past end-of-file. When
processing a single such request, the SSH Server would send SSH_FXP_STATUS
with SSH_FX_EOF; but when responding to consolidated requests, the SSH
Server could send SSH_FXP_DATA with empty data. When using SFTP v6, the
end-of-file flag would also be set, but this flag is not present in SFTP v3
and v4. This broke file transfers using some clients, specifically the Perl
mesh client (based on Net::SFTP).
The SSH Server again consistently responds to past-end-of-file SSH_FXP_READ
requests by sending SSH_FXP_STATUS with SSH_FX_EOF.
Security Clarification: [ April 2024 ]
* We are receiving inquiries about whether our software is affected by the
recent PuTTY ECDSA/nistp521 private key compromise due to signature nonce
generation described in CVE-2024-31497.
Bitvise software implements ECDSA/nistp521 using Windows cryptography on all
recent versions of Windows, or using Crypto++ on Windows XP and Windows
Server 2003. These are different cryptographic implementations than PuTTY and
are not known to be affected by this issue.
Security Clarification: [ April 2024 ]
* We are receiving inquiries about whether our software is affected by the
recent XZ Utils backdoor described in CVE-2024-3094.
Bitvise software does not use XZ Utils and is not affected by this issue.
Changes in Bitvise SSH Server 9.36: [ 17 April 2024 ]
* SFTP:
* Version 9.34 added logic to ensure SFTP responses are sent in the same
order requests are received. Due to an oversight, the SSH Server's file
transfer subsystem would hang, most readily if a client sent consecutive
SFTP requests with the same request ID. This was observed with WS_FTP
(version 12.9) and also with phpseclib. Fixed.
* The SSH Server now implements the SFTP extended request fsync@openssh.com
for files opened with unbuffered I/O.
Changes in Bitvise SSH Server 9.35: [ 12 April 2024 ]
* File transfer:
* As a result of changes in 9.34, file transfers would fail on some systems.
Fixed.
Changes in Bitvise SSH Server 9.34: [ 11 April 2024 ]
* Control Panel and Settings:
* When sending a test email, the email queue window now opens automatically
instead of requiring the administrator to find it.
* If the administrator edited the Comment field for a client public key or
server host key immediately after importing the key, the SSH Server Control
Panel would crash. Fixed.
* Setting focus on any input field would cause the Unsaved settings banner to
appear, even if the setting was not modified. Fixed.
* To avoid login errors and delays that can be challenging to diagnose, newly
created Windows group settings entries now disable the setting Map
remembered shares by default. The setting can still be enabled in Advanced
settings, both in account and group settings entries.
* SSH:
* A client which identifies itself as SSH OpenVMS V5.5 VMS_sftp_version 3
sends an SSH_MSG_IGNORE message at the start of the SSH connection. This
behavior is indistinguishable from the packet sequence manipulation
technique used in the Terrapin attack. This makes this client incompatible
with Terrapin attack mitigations introduced in SSH Server version 9.32.
The SSH Server now implements relaxed checking to accommodate this type of
client. Clients which do not support strict key exchange are allowed to
send SSH_MSG_IGNORE during the first key exchange, as long as the
connection does not negotiate an encryption or data integrity algorithm
which is vulnerable to Terrapin.
* FTPS:
* The FTPS protocol does not allow for broken session detection. If the
administrator did not configure the Connection timeout setting in Advanced
settings, under Connections, FTPS connections could disconnect silently in
a way not detectable by the SSH Server, until they were disconnected
manually by the administrator.
The SSH Server now implements an FTP connection timeout which is set to at
most 45 minutes, or shorter if the SSH connection timeout setting is
stricter. The next feature release which changes the configuration format
will add a setting to configure the FTP connection timeout separately.
* File transfer:
* For mount points backed by the Windows file system, the SSH Server now
implements optimizations which may improve performance for clients that
send small SFTP read/write requests, in particular for uploads to non-local
storage (Windows file shares):
* When uploading files which are detected to reside on non-local storage
(Windows file shares), the SSH Server now opens the files for unbuffered
I/O (the Windows flag FILE_FLAG_NO_BUFFERING). This has been observed to
improve performance for some types of network shares.
A client may now use the extended SFTP attribute no-buffering@bitvise.com
to express a preference whether the server should use unbuffered I/O.
* When the client pipelines non-overlapping read/write requests, mount
points which use the Windows file system now process these I/O requests
asynchronously. Responses are still sent in the order requests were
received.
* When the client pipelines non-overlapping read/write requests, the SSH
Server is now able to merge I/O for two or more consecutive read/write
requests. The client still receives separate responses.
* A client may now use the extended SFTP attribute
intended-size@bitvise.com to indicate the size of an intended upload.
This can help detect and diagnose incomplete transfers.
Changes in Bitvise SSH Server 9.32: [ 20 December 2023 ]
* Version information:
* This version continues the upgrade access amnesty introduced in version
9.25, so it can be used with any license that is valid for a previous SSH
Server 9.xx version. The minimum upgrade access expiry date to activate
this version is January 1, 2022.
* You can download this version here. (Alternative)
* Compatibility:
* The Terrapin mitigation implemented in SSH Server 9.32 is compatible with
most software, but is incompatible with a specific client which identifies
itself as SSH OpenVMS V5.5 VMS_sftp_version 3. This client software sends
an SSH_MSG_IGNORE message at the start of the SSH connection. This is
indistinguishable from the packet sequence manipulation technique used in
the Terrapin attack. If your SSH Server must handle connections from this
software, SSH Server version 9.34 implements relaxed checking to
accommodate this client.
* Security:
* Terrapin - CVE-2023-48795: Researchers have identified an issue where all
SSH connections which use the encryption algorithm ChaCha20-Poly1305, or
any integrity algorithm of type encrypt-then-MAC, are vulnerable to packet
sequence manipulation by an active attacker, if the attacker can intercept
the network path. This can be used to sabotage SSH extension negotiation.
This affects extensions with security impact, such as server-sig-algs.
Since the attacker can only remove packets sent before user authentication,
this does not seem to fatally break the security of the SSH connection.
However, it is a cryptographic weakness to address.
Bitvise software versions 9.32 and newer support strict key exchange. This
is a new SSH protocol feature which mitigates this attack. The SSH client
and server must both implement strict key exchange for mitigation to be
effective. Other SSH software authors are also releasing new versions to
support this.
If you must interoperate with SSH software which does not support strict
key exchange, consider disabling the encryption algorithm
ChaCha20-Poly1305, as well as integrity algorithms of type
encrypt-then-MAC. These are the newer data integrity protection algorithms
whose names contain -etm.
Bitvise software versions 8.xx and older are not substantially affected
because they do not implement algorithms where this issue is practically
exploitable. Nevertheless, we suggest updating all SSH software to new
versions that support strict key exchange.
The encryption algorithms aes256-gcm and aes128-gcm are substantially
immune from this attack. Users who are committed to older SSH software
versions should consider using AES GCM. If this is not possible, the data
integrity protection algorithms which are not named -etm are not entirely
immune, but are also not believed to be practically exploitable. For
compatibility with SSH software which does not support strict key exchange
or AES GCM, an algorithm combination such as AES CTR with non-ETM data
integrity protection may continue to be acceptable.
* General:
* If the SSH Server was configured to accept FTPS connections, but no
certificate was employed; or if the employed certificate was not usable
because it expired; the SSH Server would stop running and refuse to start,
even for SSH connections, until the administrator fixed the certificate
issue.
The SSH Server will now start, and continue running, as long as the
configuration allows connections to be handled on at least one SSH or FTPS
binding.
* SSH:
* When a user authentication banner is entered directly in SSH Server
settings, the SSH Server will no longer strip leading and trailing
whitespace. If the banner does not end with a newline, the SSH Server will
now append it. This avoids OpenSSH displaying the last line incorrectly.
* Email notifications:
* Further improved error messages when SMTP sending fails.
* Settings:
* When a list of address accept rules was imported from CSV using the options
Import blocked IPs or Import permitted IPs, IP address ranges were imported
incorrectly. Fixed.
* File transfer:
* When using a mount point of type Another SFTP server, the other SFTP server
may support SFTP protocol version 5 or higher, but not SFTP v5+ file
locking. In this case, the SSH Server now strips file open block flags sent
by the client if the block flags include SSH_FXF_BLOCK_ADVISORY.
As in previous versions, it is possible to always strip block flags by
configuring mount point settings:
File sharing behavior: Force File sharing for uploads: Read, Write, Delete
File sharing for downloads: Read, Write, Delete
* When using a mount point of type Another SFTP server, and the other server
uses SFTP v3, the SSH Server now lets an SFTP v4+ client set a file
modification time without having to also include the last access time.
* The SSH Server now logs most SFTP flags and bits as human-readable strings
instead of hexadecimal values.
* FTPS:
* The SSH Server would replace non-US-ASCII bytes with "." when sending reply
lines on the FTP control connection. To improve compatibility with clients,
the SSH Server now preserves UTF-8 (which may appear in directory names) in
FTP control connection replies.
Changes in Bitvise SSH Server 9.31: [ 24 September 2023 ]
* Version information:
* This is not a new feature release, but a successor to 9.29 with continued
maintenance updates.
We skip versions containing zeros to avoid misunderstandings. For example,
9.03 and 9.30 might both be called "9.3".
* Settings:
* If you last saved settings using SSH Server version 6.31 or older; and then
updated to, or imported such settings into, an SSH Server version from 9.12
to 9.29; then these SSH Server 9.xx versions would upgrade terminal shell
settings incorrectly. Other settings would be preserved, but terminal shell
settings for accounts and groups would be reset to default 6.xx values.
Version 9.31 again correctly imports terminal shell settings last saved by
versions 6.31 and older.
If you never used SSH Server version 6.31 or older, you are not affected by
this issue.
If you used SSH Server version 6.31 or older; then updated to any version
from 6.41 to 8.49; you are not affected by this issue.
You are affected by this issue if you previously used SSH Server version
6.31 or older, so that your settings were last saved by this version; then
updated to, or imported settings into, any version from 9.12 to 9.29. In
this case:
* Shell access type for Windows groups would be reset to Command Prompt.
* Shell access type for virtual groups would be reset to No shell access.
* Shell access type for Windows and virtual accounts would be reset to Use
group default.
This is a security issue if you have Windows accounts which should not have
terminal shell access. It is a functional issue if you have accounts which
should have shell access, but this issue caused the terminal shell settings
to be changed or disabled.
If you are affected by this issue, you should either:
* Use Advanced settings to manually review your Windows group, Windows
account, virtual group, and virtual account settings, and ensure that
terminal shell access is configured as you intend, for all accounts and
groups.
* Alternately, you can update to SSH Server version 9.31 or later, and
import or restore settings from a previous automatic or manually-saved
backup where the terminal shell settings were correct.
* Names and strings containing the & character were not properly displayed in
lists. Fixed.
* Improved display of list entry numbers when editing list settings entries.
* The setting Undefined group mount points has been renamed to Excluded group
mount points.
* Tasks and actions:
* When a configured task cannot be run because a Windows logon session could
not be obtained, this is now more properly logged as a warning instead of
an information event.
* Execute command tasks which capture command output now more properly use
the OEM code page instead of the ANSI code page. The OEM code page is
generally used by Windows command-line programs.
* Windows file shares:
* For new installations, the default setting for Max total share wait time
has been reduced from 20 seconds to 11 seconds. This reduces issues with
common client software which times out if the server does not respond to a
login attempt within 15 seconds.
* File transfer:
* If the administrator does not define any mount points for a user, the log
message I_CHANNEL_SESSION_SFTP_REJECTED now contains more useful help.
* IP blocking:
* When using automatic permanent IP blocking, the automatically added Client
IP address rule would be incorrectly added after other entries, including
after any geographic IP rules. This could make the permanent block
ineffective. Automatically added rules are now inserted more correctly at
the start.
Changes in Bitvise SSH Server 9.29: [ 23 July 2023 ]
* Version information:
* This version continues the upgrade access amnesty introduced in version
9.25, so it can be used with any license that is valid for a previous SSH
Server 9.xx version. The minimum upgrade access expiry date to activate
this version is January 1, 2022.
* You can download this version here. (Alternative)
* Control Panel and Settings:
* In previous SSH Server 9.xx versions, newly created settings would
configure the Open Windows Firewall setting to an unintended initial value.
When the Windows Firewall service is enabled, the initial value is meant to
be Open port(s) to local network (subnet scope, non-Public profiles only).
Instead, the initial value was always set to Do not change Windows Firewall
settings. Fixed.
* Improved default clock leniency for time-based one-time password
authentication. For newly created settings, and for newly created group
settings entries in existing settings, the default value of Maximum forward
time-steps is increased from 0 to 1, and the default value of Maximum
backward time-steps is increased from 1 to 2. This does not affect the
values in existing settings.
Changes in Bitvise SSH Server 9.28: [ 1 July 2023 ]
* General:
* The SSH Server would stop if the Stats subdirectory did not yet exist and
could not be created. The SSH Server will no longer stop in this
circumstance.
* SSH:
* When the no-flow-control extension is enabled, the SSH connection permits
only one SSH channel at a time. In this circumstance, the SSH Server would
refuse to open a subsequent SSH channel for a short time after the previous
channel was closed. This prevented a client from opening a new channel
immediately after closing the previous one. Fixed.
* Scriptable settings:
* When using BssCfg to generate a new host keypair, the -kpSize parameter did
not take effect. Fixed.
* When dumping settings in textual format, disabled settings could previously
be included. Fixed.
* In previous 9.xx versions, settings that accept strings could not be set to
an empty string using PowerShell. Fixed.
* File transfer:
* If the feature to Move completed uploads did not succeed on the first
attempt because the file already existed, environment variables were not
expanded on subsequent attempts. Fixed.
* Email notifications:
* Improved diagnostic information when sending a test message.
Changes in Bitvise SSH Server 9.27: [ 14 February 2023 ]
* General:
* Previous SSH Server 9.xx versions would incorrectly and unnecessarily
allocate some thread-local storage indices for each connection, instead of
at startup. This would effectively prevent the SSH Server from handling
more than about 500 concurrent connections. Fixed.
* Cryptography:
* OpenSSL version updated to 1.1.1t. Bitvise software primarily uses Windows
CNG for cryptography. We use OpenSSL for specific cryptographic algorithms
not supported by Windows. Currently, these are chacha20-poly1305 and on
older Windows versions, the elliptic curve secp256k1. Our software does not
use OpenSSL features affected by recent OpenSSL security advisories.
* Tasks and email notifications:
* If more than one task was triggered by the same event, tasks could be
removed from the execution queue which should not be removed, and the task
that should have been removed would stay in the queue. Fixed.
* The SSH Server would log an error when sending an email notification to
multiple addresses that were duplicates of each other. Fixed.
* File transfer:
* When previous 9.xx versions upgraded settings from versions before 9.xx,
the virtual filesystem mount point setting File sharing behavior was
upgraded incorrectly. The correct behavior is to map the old Default value
to Free, and the old Force value to Force. Instead, upgrading to 9.xx would
change the old Default value to Force, and the old Force value to Use
global defaults.
This does not affect most users in a significant way since Free and Force
behave the same for most clients. However, for users who previously changed
mount point settings to force a specific file sharing mode, this oversight
reset their custom file sharing settings to the new global defaults.
This version fixes the issue for users who newly upgrade from a version
before 9.xx. Users who already upgraded to a previous 9.xx version, and
used the Force setting before upgrading, should check the new global file
sharing settings in Advanced settings > File transfer to ensure these
settings meet their requirements.
* Control Panel and Settings:
* When using the Log folder viewer to select and delete all log files, the
SSH Server Control Panel would crash. Fixed.
* Improved validation behavior for a number of field types in settings.
Changes in Bitvise SSH Server 9.26: [ 16 January 2023 ]
* EULA:
* We updated our EULAs to formalize our existing practices regarding the
nature and behavior of our software (it is a product, not a service; the
data it handles is not sent to Bitvise; risk tradeoffs with updates) and
the way we provide support (via email and our case management system, in
written form).
* Installation:
* In previous versions, an automatic update would fail if the installer
encounters an unexpected minor error. The SSH Server installation could be
left inoperable, requiring the administrator to perform the update
manually, if the installer e.g. could not create a shortcut.
The SSH Server installer now treats specific conditions as warnings and
continues if those non-critical conditions occur during an automatic
update. Currently, these conditions include exit codes 105 (could not
create shortcut) and 115 (could not configure authentication package).
These now result in a warning exit code.
* Cryptography:
* OpenSSL version updated to 1.1.1s. Bitvise software primarily uses Windows
CNG for cryptography. We use OpenSSL for specific cryptographic algorithms
not supported by Windows. Currently, these are chacha20-poly1305 and on
older Windows versions, the elliptic curve secp256k1.
* General:
* The SSH Server now runs auto-execute commands, such as the On-upload
command, without creating a console window for each command. This
dramatically increases the number of auto-execute commands that can run
simultaneously. In previous versions, auto-execute commands would fail to
start if approximately 100 were already running in the same Windows logon
session.
* If the SSH Server defines the environment variable USERPRINCIPALNAME, it
now also adds environment variables USERPN_USERPART and USERPN_DOMAINPART.
These contain the separate user and domain parts of USERPRINCIPALNAME.
* File transfer:
* The SSH Server's file transfer subsystem would exit with an exception,
aborting the file transfer session, if the client tries to set a negative
file time. If the SSH Server receives such file times, it will now continue
the file transfer session, but will treat negative file times as invalid.
Changes in Bitvise SSH Server 9.25: [ 30 October 2022 ]
* Security:
* SSH Server versions 9.16 - 9.24 contain a flaw where, if settings are
imported or upgraded from SSH Server versions 7.xx or 8.xx, some mount
point types are not imported correctly. The incorrect import causes those
mount points to grant unlimited filesystem access.
The usual way to configure a mount point in SSH Server 7.xx/8.xx versions
is to use the provider type FlowSfsWin. This is the default setting. Those
mount points are upgraded correctly.
However, it is possible to set mount point Provider type to Custom and
configure Provider DLL to "FlowSfsWin". Users could configure this
manually, or such a configuration could result after settings were imported
from even older SSH Server versions, such as 6.xx.
When SSH Server versions 9.16 - 9.24 import mount points of type
Custom:FlowSfsWin from SSH Server versions 7.xx/8.xx, the setting Real root
path is incorrectly ignored. This causes those mount points to grant
unlimited filesystem access, where the mount point should be limited to a
root directory.
This version addresses this issue as follows:
* Mount points with Provider type set to Custom now preserve the configured
root path when upgraded or imported from SSH Server 7.xx/8.xx settings.
* If settings were upgraded and saved by SSH Server versions 9.16 - 9.24,
it is not possible to know if mount points of type Custom:FlowSfsWin that
have an empty Custom root path were configured with unlimited access on
purpose, or were upgraded incorrectly. Therefore, mount points of type
Custom:FlowSfsWin with an empty Custom root path will now fail to
initialize.
* We provide a PowerShell script which you can run to identify mount points
which require administrator attention.
The script searches group and account settings entries in SSH Server
settings. It displays mount points of type Custom:FlowSfsWin that have an
empty Custom root path. If such mount points are found, then if you want
the mount point to grant unlimited access, change Mount type to Unlimited
access. Otherwise, change Mount type to Specific directory and configure
a Real root path.
This script can be run with any SSH Server 9.16+ version. It does not
require updating to 9.25. If affected mount points are found, you can fix
them without updating. This will address the issue, unless you import
settings containing such mount points from 7.xx/8.xx versions again.
Updating to 9.25 or newer will ensure any future import works correctly.
* Control Panel and Settings:
* The Statistics tab now shows filtered text with a highlight.
Changes in Bitvise SSH Server 9.24: [ 9 October 2022 ]
* General:
* Previous SSH Server 9.xx versions did not run on older Windows versions,
such as Windows Server 2008 R2, unless KB 2533623 was installed. This
version implements a workaround for this dependency, so that KB 2533623 is
again not required.
* Email:
* The maximum length of the local part of an email address is now raised from
64 bytes to 128.
* BvShell:
* Improved inconsistent Tab auto-complete behavior.
* The cd command now displays a warning when more than one parameter is
passed. (In most shells, supplying more than one parameter to cd is
invalid.)
* Master/follower synchronization:
* Fixed multiple issues associated with activation code synchronization.
* The user interface in the follower now displays more clearly when the
activation code could not be synchronized because master settings do not
permit it.
* Control Panel and Settings:
* Settings entries, such as virtual groups and connect profiles, whose names
are referenced by other settings entries, can now be renamed, so that
references are automatically updated.
* When editing an account settings entry in Easy settings, mount point
settings (including permissions) would be reset on mount points, even if
the mount points were not changed. Fixed.
* Mount point permissions can now be configured in Easy settings.
* CSV import for settings entries that contain nested lists would incorrectly
fail to clear these lists when importing. Most significantly, importing a
Windows account from CSV would fail to clear or overwrite a default "/"
mount point inherited from the Everyone Windows group in Advanced settings.
Fixed.
* When starting a CSV import on a list that already contains entries, the
interface now asks whether to clear existing entries before importing.
* The Custom events interface can now display events filtered by name or
description.
* In SSH Server settings, a single press of the Alt key would block Alt+Tab
and the Windows Key from working until the user switched windows using the
mouse. Fixed.
* Additional improvements to the behavior of the pop-up menu for the SSH
Server Control Panel icon in the system notification area.
Changes in Bitvise SSH Server 9.23: [ 5 June 2022 ]
* Authentication:
* On installations where all of the following is true:
* Windows accounts can log in using password authentication.
* Virtual accounts are in use and are backed by the automatically managed
Windows account.
* An account lockout policy is configured in Windows.
In such configurations, it was possible for a remote attacker to lock out
the automatically managed Windows account (usually BvSsh_VirtualUsers) by
attempting password authentication against it. This would cause connections
from virtual accounts to fail. If the SSH Server's automatic IP blocking is
stricter than the Windows account lockout policy, the attacker could
connect from multiple IP addresses to successfully lock the account.
The automatically managed Windows account could also get locked out
accidentally if its password expired, followed by many simultaneous
connections from one or more virtual accounts. For example, this could
occur with password expiry followed by 100 login attempts in the same
second.
The SSH Server now unlocks the automatically managed Windows account if it
is locked out. If the password expires, the SSH Server now also takes steps
to prevent a lockout due to other simultaneous logins.
* Version 9.19 introduced the issue where passwordless authentication
required a Windows restart in order to fully function after updating from a
previous SSH Server version. Version 9.21 fixed this for updates from
previous 9.xx versions, but this was not effective after updating from
versions 8.xx. Fixed.
Updating from versions older than 7.21 still always requires a Windows
restart for passwordless authentication to fully function.
* Email notifications:
* When sending email through an outgoing SMTP server, the SSH Server now
supports the SMTP authentication method AUTH LOGIN. This allows
compatibility with servers such as smtp.office365.com.
Changes in Bitvise SSH Server 9.22: [ 31 May 2022 ]
* In versions 9.19 and 9.21, it was not possible to create directories through
virtual filesystem mount points that provide unlimited access. Fixed.
Changes in Bitvise SSH Server 9.21: [ 30 May 2022 ]
* Fixed an issue in version 9.19 where passwordless authentication required a
Windows restart, or uninstallation and reinstallation followed by restart, in
order to work after updating from a previous SSH Server version.
Changes in Bitvise SSH Server 9.19: [ 28 May 2022 ]
* Health monitoring:
* On some systems, the Windows function GetSystemTimes can return
inconsistent values. In this case, previous SSH Server 9.xx versions would
stop due to an unexpected condition if the setting Health monitoring >
Monitor CPU usage was enabled. Fixed.
* In general, the SSH Server will no longer stop if one of the health
monitoring features encounters an error, but will instead only log the
error.
* Control Panel and Settings:
* Double-clicking the system tray icon for the SSH Server Control Panel would
put the window into the foreground if it was hidden, but not if it was
minimized, or behind other applications' windows. Fixed.
* In the Custom events interface under Advanced settings > Logging, events
are now sorted by default according to name, rather than number. Events can
still easily be sorted by any column.
* Email notifications:
* In previous 9.xx versions, DKIM signing did not work. Fixed.
* File transfer:
* When the Real root path for a mount point did not exist, and the setting
Create root path was disabled, the SSH Server would still create the
directory if the client sent a "create directory" request. The SSH Server
will no longer create the mount point root path in this circumstance.
* For newly created mount points, the default value of the setting File
sharing for uploads is now Delete instead of the previous value, Read,
Delete. This is to prevent files from being read or copied in an
inconsistent state by another application or connection while they are
being uploaded.
* Logging:
* Further improvements to diagnostic logging for SFTP jump server mount
points.
* When logging the flags attribute for an auto-execute command, the Windows
job object setting would be logged incorrectly. Fixed.
Changes in Bitvise SSH Server 9.18: [ 5 May 2022 ]
* Installation and update:
* Improved reliability of creating temporary directories which could
previously cause installation to fail.
* Control Panel:
* Fixed behavior of the pop-up menu when clicking the notification area icon.
* Added support for Ctrl+A and Ctrl+Backspace key combinations in a variety
of user interface elements that did not previously support them.
* Addressed support for Esc and Tab keys in the Manage certificates dialog.
* Fixed issue when deleting log files in the Log folder viewer.
* In Easy settings, the Back and Next buttons were incorrectly swapped.
Fixed.
* Connections:
* In previous 9.xx versions, the Connection timeout feature did not work.
Fixed.
* Tasks:
* Configuring an On-logon command for an Execute command task would result in
an error when running the task. Fixed.
* Improved elevation handling for Windows sessions created for tasks.
* SFTP jump server mount points:
* Greatly improved diagnostic logging for connection issues when configuring
Another SFTP server mount points.
* Fixed an issue which would cause the SSH Server to emit an invalid SFTP
packet when using Another SFTP server mount points. This would cause
repeated connects and disconnects.
Changes in Bitvise SSH Server 9.17: [ 12 March 2022 ]
* Installation and update:
* Due to a bug in the log utility included with SSH Server version 9.12,
using built-in update functionality to update from version 9.12 to versions
9.14 and 9.16 would fail. Now, when updating from version 9.12, the first
attempt will still fail, but will replace the log utility so that a second
attempt succeeds.
Running the new version installer directly to update manually works for all
versions and does not trigger this issue.
* When an SSH Server update was started automatically, but uninstallation of
the existing version failed, the SSH Server would not automatically
restart. When updating to future versions from version 9.17 or higher, if
uninstallation fails but rollback succeeds, the main SSH Server service
will now be restarted.
* Settings:
* When pasting from clipboard, password fields would accept ASCII control
characters, including newline characters that are included by Excel when
copy & pasting a selected cell. Password fields will now filter out control
characters when pasting, including the Tab character.
* SSH:
* Improved detection of misconfigured obfuscation settings.
* File transfer:
* In previous versions including 8.xx, if an SCP client interrupted a
download – such as by disconnecting – the SSH Server's SCP subsystem would
still completely read the file and record a complete download in the
I_SFS_TRANSFER_FILE event. Interrupted SCP downloads are now correctly
logged as incomplete.
Changes in Bitvise SSH Server 9.16: [ 14 February 2022 ]
* Upgrade:
* A major new feature in SSH Server 9.xx versions is the Windows session
cache. This is enabled by default for new installations. When enabled,
settings such as the On-logon command have a different effect than in
previous SSH Server versions.
To preserve behavior, the Windows session cache is now disabled when
upgrading existing settings from versions 8.xx and earlier. This feature
can be enabled or disabled in Advanced settings, under Sessions > Windows
session sharing.
* In versions 8.xx and earlier, it was possible to configure settings in
subtly inconsistent ways. For example, it was possible to remove or rename
a Connect profile so that the port forwarding settings in a group settings
entry referenced a Connect profile which no longer exists.
In previous 9.xx versions, the settings interface would not open after
upgrading an installation which had settings configured this way. Fixed.
* Control Panel and Settings:
* When configuring an encrypted volume in Advanced settings, the setting Full
path to data file now won't display an overwrite prompt when selecting an
existing file.
* Default settings in Tasks and actions now include straightforward examples
for email notifications for uploads and downloads. These examples won't
appear when updating from previous 9.xx versions unless the task list is
reset to apply the new defaults.
* The Log folder viewer now once again supports the Enter key to open the
selected file.
* Connections:
* In previous 9.xx versions, the Connection on-logon command was broken and
did not work. Fixed.
* File transfer:
* The Encrypted volume and Other SFTP server filesystem providers can now be
configured to limit access to a subdirectory of the encrypted volume or
remote SFTP filesystem.
* Bitvise SSH Server provides access to filesystems which do not support
POSIX permissions. In versions 8.xx and older, the SSH Server would respond
to attempts to set POSIX permissions, such as using chmod, by simulating
success. In previous 9.xx versions, the SSH Server would respond with
failure if a client attempted to set only POSIX permissions, but not any
supported attributes. This is a problem for scripts that assume chmod to
succeed. The SSH Server will now once again simulate success for such
requests.
* If the feature Move completed uploads was configured in an account settings
entry, as opposed to a group settings entry, the account would not be able
to log in. Fixed.
* The correct filesystem provider is now logged when an SFTP client attempts
to use an invalid handle.
Changes in Bitvise SSH Server 9.14: [ 23 January 2022 ]
* Upgrade:
* When upgrading from versions before 9.xx, the automatic log archival task
is now disabled. This is to avoid interfering with any log maintenance the
administrator has already set up.
* If settings before 9.xx configured no limit to the number of simultaneous
connections, such settings would be upgraded incorrectly to apply a lower
limit. Fixed.
* FTPS:
* If the FTPS protocol is enabled, the SSH Server now supports TLS 1.3 on
Windows versions where it is available. Currently, this requires Windows 11
or Windows Server 2022.
* Tasks:
* Log maintenance and command execution tasks now log an Info-level log event
when they start.
* Task triggers now support endsWith and contains as operators that work on
strings. The contains operator also continues to work on structures, as it
did previously.
* Control Panel and Settings:
* When configuring an encrypted volume in Advanced settings, the setting Full
path to data file would have a misleading browse interface which did not
allow selecting a filename which does not yet exist. Instead, a full path
to a nonexistent file had to be entered manually. The browse interface now
supports configuring a file which does not yet exist.
* The Log Folder Viewer was not showing file icons in version 9.12. Fixed.
* In the Statistics CSV export dialog, suggested filenames could include
invalid characters. Fixed.
* In account and group lists, reduced the number of columns for improved
clarity and performance.
* Command-line utilities:
* The log utility did not work at all in version 9.12. Fixed.
New features in Bitvise SSH Server 9.12: [ 1 January 2022 ]
* Windows session cache: Multiple connections for the same user, either
concurrent or consecutive, can now use the same Windows session. This can
greatly improve reliability for clients that make frequent connections that
access network shares.
* Network share control: Settings now provide additional control over how
network share connections are established where such connections could time
out or occasionally fail.
* Encrypted volumes: Clients can now access files which are encrypted at rest
by the SSH Server. Concurrent users can access virtual filesystem mount
points backed by one or more encrypted volumes. A volume is encrypted with a
key configured in SSH Server settings.
* SFTP jump server: Users can now access virtual filesystem mount points backed
by a remote SFTP server to which the SSH Server connects on the user's
behalf.
* Tasks: The SSH Server can now run commands periodically, or triggered by
configurable conditions based on recorded log events.
* Email notifications: The SSH Server can now send email notifications
triggered by configurable conditions based on recorded log events.
* Log file maintenance: Automatic log file archival or deletion can now be
configured as a scheduled task, without resorting to the Windows Task
Scheduler.
* Cryptography: New cryptographic algorithms include chacha20-poly1305 and
encrypt-then-MAC hashing.
* Improvements:
* BvShell now supports the passwd command. This allows virtual accounts to
change their password using a terminal shell that respects the SSH Server's
virtual filesystem.
* The SSH Server now consumes much less memory when using large settings that
contain many accounts.
KNOWN ISSUES
* Windows XP: All versions of our software that we recommend using are built
using Visual Studio 2015. The C++ run-time library used by this Visual Studio
version has a known issue where 1-2 kB of memory are leaked each time a new
thread is created. This issue does not occur on later Windows versions; it
does not occur e.g. on Windows Server 2003. Microsoft has stated they do not
intend to fix this issue. Bitvise's view is that the impacts on our SSH
Client and FlowSsh are manageable; whereas our SSH Server is rarely used on
Windows XP. We therefore do not plan to work around this; but we warn that
this can be a potential denial of service vector on Windows XP.
OLDER VERSIONS
Bitvise SSH Server 8.xx Version History
Bitvise SSH Server 7.xx Version History
Bitvise SSH Server 6.xx Version History
Bitvise SSH Server 5.xx Version History
WinSSHD 4.xx Version History
WinSSHD 3.xx Version History
NOTIFICATIONS
Subscribe to be notified of new versions as they are released. It is easy to
unsubscribe, and we will not share addresses with third parties.
ABOUT SSH
What is SSH?
Screenshots
Security
SSH SERVER LICENSE
Make the Purchase
SSH Server License Terms
SSH Server Pricing
Choosing a Reseller
Reseller Policy
TRY OUR SSH CLIENT!
Our friendly and flexible SSH Client for Windows includes state of the art
terminal emulation, graphical as well as command-line SFTP support, SFTP drive
mapping, an FTP-to-SFTP bridge, powerful tunneling features, and also remote
administration for our SSH Server. Free to use!
Terms of use | Privacy policy
This website is Copyright (C) 2001-2024 by Bitvise Limited. All rights reserved.
Unauthorized copying or distribution of any part or whole is prohibited.