Bitvise SSH Client Changelog

What's new in Bitvise SSH Client 9.33

Dec 21, 2023
  • Security:
  • Terrapin - CVE-2023-48795: Researchers have identified an issue where all SSH connections which use the encryption algorithm ChaCha20-Poly1305, or any integrity algorithm of type encrypt-then-MAC, are vulnerable to packet sequence manipulation by an active attacker, if the attacker can intercept the network path. This can be used to sabotage SSH extension negotiation. This affects extensions with security impact, such as server-sig-algs.
  • Since the attacker can only remove packets sent before user authentication, this does not seem to fatally break the security of the SSH connection. However, it is a cryptographic weakness to address.
  • Bitvise software versions 9.32 and newer support strict key exchange. This is a new SSH protocol feature which mitigates this attack. The SSH client and server must both implement strict key exchange for mitigation to be effective. Other SSH software authors are also releasing new versions to support this.
  • If you must interoperate with SSH software which does not support strict key exchange, consider disabling the encryption algorithm ChaCha20-Poly1305, as well as integrity algorithms of type encrypt-then-MAC. These are the newer data integrity protection algorithms whose names contain -etm.
  • Bitvise software versions 8.xx and older are not substantially affected because they do not implement algorithms where this issue is practically exploitable. Nevertheless, we suggest updating all SSH software to new versions that support strict key exchange.
  • The encryption algorithms aes256-gcm and aes128-gcm are substantially immune from this attack. Users who are committed to older SSH software versions should consider using AES GCM. If this is not possible, the data integrity protection algorithms which are not named -etm are not entirely immune, but are also not believed to be practically exploitable. For compatibility with SSH software which does not support strict key exchange or AES GCM, an algorithm combination such as AES CTR with non-ETM data integrity protection may continue to be acceptable.
  • Graphical client:
  • Error and warning popups would not be shown if the main SSH Client window was visible when the message was logged, but lost focus immediately after. This would happen, for example, if there was an issue with terminal session logging, which occurs just before opening the terminal window.
  • The SSH Client now shows popups if the main window loses focus immediately after errors or warnings were logged.
  • SFTP:
  • The SSH Client now prefers to open remote files using the flags SSH_FXF_BLOCK_WRITE and SSH_FXF_BLOCK_ADVISORY, instead of only SSH_FXF_BLOCK_WRITE. This allows the server to strip the block flag if it is not supported by a part of its filesystem.

New in Bitvise SSH Client 9.31 (Sep 25, 2023)

  • Command-line clients:
  • Even when output was redirected, the command-line clients sftpc, sexec, stermc, stnlc and spksc would not run unless the process was associated with a console window. Fixed.
  • User interface:
  • Names and strings containing the & character were not properly displayed in lists. Fixed.
  • File transfer:
  • When using the Move to dialog in the SFTP window, the SSH Client could crash. Fixed.

New in Bitvise SSH Client 9.28 (Jul 2, 2023)

  • Installation:
  • If Install WinFsp was unchecked, the SSH Client installer would still unpack WinFsp files, without registering them. The installer will no longer unpack WinFsp files unless Install WinFsp is selected.
  • SSH:
  • The SSH Client is now compatible with the OpenSSH-style authentication agent in 1Password. The SSH Client previously refused to connect to the Windows named pipe created by 1Password because the pipe owner is not a member of the Administrators group or Local System. For compatibility with this agent, the SSH Client no longer checks pipe ownership, but implements more validation of information received over the pipe.
  • Port forwarding:
  • The command-line parameters -c2sFile and -s2cFile now also import comment fields, if present.
  • Terminal:
  • If the accent color was enabled for window title bars in Windows, the SSH Client's terminal window title could be hard to read. Fixed.
  • Double-click word selection did not work correctly on the first word of the first line in the terminal window. Fixed.
  • The terminal window now supports 5-hexadecimal-digit Unicode characters, i.e. Unicode code points higher than 65535.

New in Bitvise SSH Client 9.26 (Jan 16, 2023)

  • EULA:
  • We updated our EULAs to formalize our existing practices regarding the nature and behavior of our software (it is a product, not a service; the data it handles is not sent to Bitvise; risk tradeoffs with updates) and the way we provide support (via email and our case management system, in written form).
  • Installation:
  • The SSH Client installer now offers the option whether to install WinFsp. WinFsp is required to use the SSH Client's SFTP drive feature, but is not needed for other functions.
  • The SSH Client can now use WinFsp installed from another source, such as the official WinFsp distribution, or installed by a third-party application, instead of installing its own. We cannot guarantee reliability or performance when using such other versions of WinFsp. However, the SSH Client now tries to use them.
  • Cryptography:
  • OpenSSL version updated to 1.1.1s. Bitvise software primarily uses Windows CNG for cryptography. We use OpenSSL for specific cryptographic algorithms not supported by Windows. Currently, these are chacha20-poly1305 and on older Windows versions, the elliptic curve secp256k1.
  • Terminal:
  • Since version 9.23, the SSH Client's terminal window disables client-side scrolling when the server switches to the alternate screen. This is correct behavior, and it avoids confusing users, but it has confused other users, who were used to scrolling in the alternate screen.
  • The SSH Client's terminal window now displays a padlock icon in the title bar when the alternate screen is enabled. This indicates that the terminal window is in a special state and explains why scrolling is disabled.
  • The SSH Client's terminal window did not work on Windows XP. Fixed.
  • SSH Server Remote Control Panel:
  • When using the SSH Client to remotely administer Bitvise SSH Server, the SSH Server Remote Control Panel would exit unexpectedly when trying to manually apply an update. Fixed.

New in Bitvise SSH Client 9.25 (Oct 31, 2022)

  • Graphical client:
  • User Authentication Banner dialog text can now be selected and copied to clipboard.
  • Improved default file browse filter for client authentication keypair import.

New in Bitvise SSH Client 9.24 (Oct 9, 2022)

  • General:
  • SSH Client help windows now allow selection and copy & paste.
  • Updated keyboard shortcuts in the pop-up menu for the SSH Client icon in the system notification area. This resolves conflicts and makes the shortcut keys consistent with Ctrl+Shift shortcuts in SSH Client windows.
  • SSH:
  • The SSH Client now displays the signature algorithm used during client authentication with a public key.
  • The default list of submethods for keyboard-interactive authentication is now empty.
  • Command-line clients:
  • Improved output of command-line clients when output is piped into another program, or redirected into a file.
  • Sftpc:
  • When output is redirected, sftpc no longer truncates file and directory paths shorter than 1,000 bytes. For easier processing, file transfer results such as "OK" and "in sync" are now displayed as "<OK>" and "<sync>".
  • The remove/delete commands del, ldel, rm, lrm, rmdir and lrmdir now support the -ifExist parameter. If passed, this parameter causes the command to test whether the path exists before attempting to delete it. If the path does not exist, the command succeeds.
  • Terminal:
  • Due to Ctrl+Shift+... keyboard shortcuts new in versions 9.xx, the terminal window in the graphical SSH Client would no longer send to the server Ctrl+Shift key combinations such as Ctrl+Shift+F1. These combinations are now sent again.
  • The clear command now causes the terminal window to scroll down instead of overwriting visible screen content.
  • A full reset, or a soft terminal reset, now avoids clearing the primary screen buffer, such as when the screen command exits.

New in Bitvise SSH Client 9.23 (Jun 6, 2022)

  • Terminal:
  • When the alternative window buffer is activated, the terminal window now prevents client-side scrolling. This interfered with display of server-side applications which provide their own scrolling via keyboard.
  • SFTP drive:
  • There exist servers, such as GlobalSCAPE, which support neither the SFTP request space-available, nor the alternative [email protected]. These requests are used to query free space on the server. With such servers, this information cannot be queried, so the SSH Client will now report a very large amount of free space on the SFTP drive. The client previously reported zero free space, which prevented some applications from writing files.

New in Bitvise SSH Client 9.19 (Jun 6, 2022)

  • Terminal:
  • Restored behavior from previous SSH Client versions, including 8.xx, where right-click can be used immediately after selecting to copy-and-paste the selected text.
  • The DECSTBM message (Set Top and Bottom Margins) should now be handled correctly.
  • spksc:
  • The command-line client for the SSH Public Key Subsystem, spksc, now supports commands to list local keys in addition to public keys configured for public key authentication on the server.
  • If Ctrl+C was pressed during command execution, spksc would previously hang. Fixed.
  • Host key manager:
  • When using the Modify Host Key dialog, pasting a host address containing spaces would cause the SSH Client to crash. Fixed.

New in Bitvise SSH Client 9.18 (May 5, 2022)

  • Installation and update:
  • Improved reliability of creating temporary directories which could previously cause installation to fail.
  • Main window:
  • The FTP bridge password input fields on the Services tab now scroll horizontally.
  • Terminal:
  • Fixed issues that could cause the terminal window to display output incorrectly in situations that are difficult to reproduce. We continue to investigate and welcome feedback from users who experience these issues.
  • SSH:
  • When using Diffie-Hellman key exchange methods with group exchange, the SSH Client would accept only server-generated groups with a generator much smaller than the modulus. Some servers, such as Rebex, send a generator parameter as large as the modulus. The SSH Client will now accept such groups.
  • We cannot guarantee that unusual server-generated groups will work with Windows CNG cryptography. We continue to disrecommend Diffie-Hellman key exchange methods that use group exchange due to such compatibility issues. The SSH Client continues to downrank these key exchange methods by default.

New in Bitvise SSH Client 9.17 (Mar 13, 2022)

  • Installation and update:
  • Due to a bug in the log utility included with SSH Client version 9.12, using built-in update functionality to update from version 9.12 to versions 9.14 - 9.16 would fail. Now, when updating from version 9.12, the first attempt will still fail, but will replace the log utility so that a second attempt succeeds.
  • Running the new version installer directly to update manually works for all versions and does not trigger this issue.
  • SSH:
  • Starting with versions 9.xx, at the start of an SSH connection, the SSH Client would wait to send its SSH_MSG_NEWKEYS message until it has received it from the server. As a result, connections to certain SSH servers would not work. Affected servers include xlightftpd and RomSShell used by certain Brocade network equipment. The client now once again sends this message promptly.
  • Fixed issue which could cause the SSH Client to disconnect and generate the error "SSH manager has been terminated by exception: Null pointer read". This was more likely when using an SSH jump proxy, configurable in Proxy settings, but could occur generally using SSH tunneling.
  • Improved detection of misconfigured obfuscation settings.
  • Graphical client:
  • Logout behavior is now configurable. When disconnecting, the SSH Client can now be configured to close open windows without asking for confirmation.
  • SFTP GUI:
  • The graphical SFTP interface can now display Owner and Group columns for remote files.
  • Remote directory properties now show disk usage and free space information.
  • sftpc:
  • A new df command now shows disk usage and free space information.
  • Terminal:
  • The terminal window in the graphical SSH Client now supports additional settings for text selection and copying: word boundary characters for double-click select; whether double-click select can span more than one line; and whether to trim any trailing spaces when copying.
  • Terminal window settings now display fonts alphabetically sorted.
  • SSH Server Remote Control Panel:
  • The SSH Server Remote Control Panel window did not close when the SSH connection disconnected, and the window was not usable after. The window now closes as intended.

New in Bitvise SSH Client 9.15 (Feb 5, 2022)

  • SSH:
  • When using one of the key exchange methods with Diffie Hellman group exchange, the SSH Client and FlowSsh could perform an invalid memory access. Invalid DH group size parameters could be sent to the server. Fixed.
  • Graphical client:
  • When the setting Window behavior > New child windows was set to Restore last position (default value in versions 9.12 and 9.14), the SFTP window could open off-screen. Fixed. The default value of this setting is now Center to parent.
  • The following settings now support environment variable expansion:
  • Options > Execute Local Command
  • RDP > Remote Desktop > Profile
  • RDP > Command-Line Parameters > Custom
  • SFTP > Local and Upload Settings > Initial directory
  • Improved keyboard navigation via Tab-key.
  • Terminal:
  • The terminal window in the graphical SSH Client could crash or deadlock, especially during selection. Several issues fixed.
  • The terminal window title could be blank. Fixed.
  • SFTP:
  • If a custom SFTP subsystem is configured, this is now invoked as an SSH exec request instead of a subsystem request. This should work with more servers where this feature is needed.
  • Command line:
  • sftpc will now use the SFTP protocol version setting from the profile, if a -profile=... parameter is used.
  • The graphical SSH Client now supports the -sftpVersion command-line parameter to override the loaded profile.
  • All clients now support the -dhGexMinBits parameter.
  • The parameter -rdpCustomSettings is now -rdpCustomStg and can appear multiple times to configure multiple Remote Desktop settings.

New in Bitvise SSH Client 9.14 (Jan 23, 2022)

  • SFTP drive:
  • On systems with negative UTC offsets, the Windows Command Prompt would display unexpected error messages as part of directory listings for directories without an SFTP file time. Fixed.
  • Terminal:
  • Starting a clipboard selection now pauses terminal output.
  • Double-clicking the system icon now once again closes the terminal window.
  • Remote Desktop:
  • The setting Share clipboard is now enabled for new profiles by default.
  • Window behavior:
  • The SSH Client can now be configured to prevent system sleep, for example when connected.
  • Command-line use:
  • The log utility did not work at all in version 9.12. Fixed.
  • The main SSH Client window now supports the option -start=login which can be used in conjunction with other -start=... options. For consistency with previous versions, the option -loginOnStartup is now an alias for -start=login,tray. This means the SSH Client connects automatically and also minimizes to the system notification area. When opening an SSH Client profile through right-click > Connect, the profile is now opened with -start=login, but not tray. This means the SSH Client connects automatically with the main window visible.

New in Bitvise SSH Client 9.12 (Jan 2, 2022)

  • New features:
  • SFTP drive: Access files on an SFTP server as if they were local, from any Windows application.
  • Terminal session recording: The content of terminal sessions can now be automatically saved to files.
  • SSH jump proxy: The SSH Client can now more conveniently connect to a final destination SSH or SFTP server, by first connecting to an SSH jump server.
  • Keyboard shortcuts: An SFTP window can now be opened more practically from a terminal window, and vice versa.
  • Cryptography: New cryptographic algorithms include chacha20-poly1305 and encrypt-then-MAC hashing.

New in Bitvise SSH Client 8.52 (Dec 8, 2021)

  • This is not a new feature release, but a successor to 8.49 with continued maintenance updates.
  • Graphical client:
  • Certain user interface elements would not display correctly on Windows 11. Fixed.
  • Command-line use:
  • The SSH Client's command-line clients (sftpc, stermc, sexec, stnlc, spksc) now support the widely accepted "--" syntax to identify the end of named parameters and the beginning of positional parameters.

New in Bitvise SSH Client 8.49 (Jul 23, 2021)

  • SFTP:
  • When used under Parallels for Mac, the SSH Client was unable to list folders shared by the Mac (for example, \MacHomeDesktop). This arose because the SSH Client used an advanced Windows filesystem API which the Mac does not implement. The SSH Client now uses a simpler version of this API, allowing the listing of Mac folders.
  • Sftpc:
  • The get command now supports a -wait switch. This causes the get command to wait for the server's confirmation that the file has been closed before continuing any further actions. When used with conjunction with -del, this causes sftpc to wait for the server's confirmation that the file has been closed before attempting to delete the file.
  • Sftpc now supports a new wait command. This causes sftpc to wait until it receives from the server any pending confirmations for file and directory close requests, before proceeding with any other actions. If there are no outstanding close requests pending confirmations, the wait command does nothing.
  • Stermc:
  • When using the stermc terminal shell command-line client, if the remote shell exited with a non-zero exit code, the SSH Client's totermc or bvtermc terminal client process would continue to run after stermc exits. These processes would potentially interfere with console input. Fixed.
  • Command-line clients:
  • When input or output is redirected, then by default, the SSH Client's command-line clients (including sftpc, sexec, stnlc, stermc and spksc) will now use the input/output code page associated with the console in which they run (Windows functions GetConsoleCP and GetConsoleOutputCP), instead of the system-wide ANSI code page (Windows function GetACP). This causes output from Bitvise command-line clients to respect the code page set using chcp. For example, when chcp has been used, sftpc >> file.txt will now use the same code page as echo xxxx >> file.txt.
  • Improved BOM handling when output is redirected with code pages UTF-8, UTF-16, and UTF-16BE. The BOM will now be consistently emitted when redirecting into an empty file, but not when redirecting into a non-empty file or a stream.

New in Bitvise SSH Client 8.47 (Apr 5, 2021)

  • SSH:
  • The SSH Client will now recognize a server with "MFT" in its SSH version string as a variant of "J2SSH_Maverick". This means the SSH Client will no longer send SSH_MSG_EXT_INFO by default to such servers. See the previous compatibility change for J2SSH_Maverick, in version history for SSH Client version 8.42.
  • Authentication:
  • When the -keypairFile parameter is used to specify a password-protected keypair in a non-Bitvise format, and no valid passphrase is provided, the log message will now be more useful.
  • Remote Desktop:
  • When using the single-click Remote Desktop forwarding feature on an ARM version of Windows, the SSH Client will now disable hooking of the Remote Desktop client (MSTSC). The SSH Client normally does this on Windows x86 and x64 so that the Remote Desktop window title can reflect the destination of the Remote Desktop connection. However, this prevented single-click Remote Desktop forwarding from functioning on ARM versions of Windows.

New in Bitvise SSH Client 8.46 (Jan 16, 2021)

  • SFTP:
  • Since version 8.45, the SSH Client now uses SFTP v6 file open block flags SSH_FXF_BLOCK_WRITE and SSH_FXF_BLOCK_ADVISORY if the server advertises support for them. This helps avoid corruption of files while they are being transferred. We have received a report of a server that advertises support for these flags, but fails an open request if the flags are used. The SSH Client will now repeat an open request that fails this way, without the flags.
  • Command-line clients:
  • When using Bitvise SSH Client command line clients sftpc, stermc, sexec, stnlc or spksc using a -keypairFile parameter that points to an encrypted keypair in non-Bitvise format, but without a -keypairPassphrase parameter that would provide a decryption passphrase, the SSH Client would display a cryptic error. The error is now less cryptic.

New in Bitvise SSH Client 8.45 (Dec 30, 2020)

  • Automatic updates:
  • If the automatic update process encountered an error while downloading a new version installer from the primary download location, resulting in a partial executable being stored; and if download was then successful from the secondary download location; the resulting executable would be corrupted. Fixed.
  • Improved the automatic update locking mechanisms.
  • SSH:
  • When displaying the host key received from the server, the SSH Client will now display the signature algorithm (e.g. RSA over SHA-256) rather than just the host key algorithm (e.g. RSA).
  • Graphical client:
  • When the SSH Client was started hidden in the system notification area, it would cause a phantom Alt-Tab menu entry to appear. Fixed.
  • SFTP:
  • When uploading files using SFTP v6; and if the server advertises support for either the block flag SSH_FXF_BLOCK_WRITE or the combination SSH_FXF_BLOCK_WRITE | SSH_FXF_BLOCK_ADVISORY; then the SSH Client will request one of these block flags when opening the file. This is to prevent premature actions by other server-side processes or file transfer clients that can modify or corrupt the file before the upload is complete.
  • Uploading to a blind drop location that does not permit a directory listing could crash the SFTP window or the SSH Client process. Fixed.
  • For improved compatibility with blind drops, it is now possible to navigate the Local and Remote panes to any location, even one that results in an error or does not allow a directory listing. An error dialog will be displayed when attempting to list such a directory, but it is now possible to try transferring files to or from such locations regardless.
  • Command-line clients:
  • The log utility would output its own newlines as CRLF, but would record newlines from child processes as they were written by the process. If the child process used LF newlines (without CR), the output newline convention would be inconsistent. The log utility now consistently outputs newlines as CRLF.

New in Bitvise SSH Client 8.44 (Oct 4, 2020)

  • SSH:
  • Bitvise SSH Client and FlowSsh will now recognize servers with "Maverick_SSHD" and "GoAnywhere" in their SSH version strings as variants of "J2SSH_Maverick". This means Bitvise SSH Client and FlowSsh will no longer send SSH_MSG_EXT_INFO by default to such servers. See the previous compatibility change for J2SSH_Maverick, in version history for Bitvise SSH Client and FlowSsh versions 8.42.
  • If a client authentication key has been accepted by the server for authentication, the SSH Client will no longer prevent its use due to the server's server-sig-algs extension. In addition, the SSH Client will now log if a key is not used due to this extension.
  • Graphical client:
  • A new or reset profile will no longer open a terminal and SFTP window automatically, by default. This improves behavior when connecting to servers that limit SSH sessions to a single concurrent channel. Automatic opening of these windows can still be enabled using the same settings on the Options tab.
  • The SSH Client's buttons would be hidden under Windows UI elements in Windows 10 Tablet mode. Fixed.
  • The SSH Client will now display clearer information when an update is available but cannot be started.
  • Terminal:
  • When using xterm and other non-bvterm protocols, the graphical SSH Client and stermc now support the sending of the following Alt + key combinations: Alt + Left Arrow, Right Arrow, Up Arrow, Down Arrow, Backspace, Page Up and Page Down. In addition, the graphical client also supports Alt + Enter. Alt + Enter is not supported in stermc because it is used by the Windows console to enter or exit full-screen mode.
  • When using xterm and other non-bvterm protocols, the speed of screen painting in the graphical SSH Client is now significantly improved.
  • The graphical SSH Client and stermc now support a terminal window resize initiated by an escape sequence from the server.
  • The graphical SSH Client and stermc will now accept xterm's 16-color and 256-color sequences even when regular xterm is in use (as opposed to xterm-16color or xterm-256color). This better supports programs such as byobu that send these sequences under plain xterm.
  • When switching between normal and alternate screens, the SSH Client would fail to clear the alternate screen. Fixed.
  • When using xterm and other protocols except bvterm and ANSI, the SSH Client would previously start set to use "application" cursor keys. To start with "standard" cursor keys, the setting Alt. cursor keys had to be enabled, or in stermc the parameter -altCurs had to be used.
  • The SSH Client will now start by default using "standard" cursor keys. The relevant setting has been replaced with App. cursor keys, and stermc now supports the parameter -appCurs to start instead with "application" cursor keys.
  • Changed Unicode character widths for about 6% of assigned Unicode code points from 0 to 1, and for another ~8% of code points from 2 to 1. This aligns more closely with character widths used by servers and avoids unintended discrepancies in rendering.
  • On the Terminal tab, the SSH Client's Default colors dialog now provides both the "Old Windows" and "New Windows" palette options. To match use of colors in other terminals, the New Windows palette is now the default choice. Previously, it was xterm.
  • The command line terminal client, stermc, now also supports the new palette choices using the -palette parameter.
  • When using bvterm, the new Windows 10 console produces cursor artifacts when the cursor is moved outside the viewport. The SSH Client now takes steps to avoid this.
  • SSH Server Remote Control Panel:
  • When using the CSV export feature in the SSH Server Remote Control Panel for SSH Server versions 8.xx, the CSV export would fail if the data contained a reversibly encrypted password or secret key. Fixed.

New in Bitvise SSH Client 8.43 (May 23, 2020)

  • Installation:
  • The SSH Client adds its installation directory to the system PATH environment variable when installing, but did not remove it when uninstalling. The SSH Client installation directory is now removed from PATH when uninstalling. Reinstallations or upgrades from version 8.43 will briefly remove and then re-add the SSH Client installation directory to PATH.
  • SSH:
  • Certain versions of the Pragma Fortress SSH server - including the most recent version when testing - can send a corrupted SSH authentication banner where an inexact, duplicate copy of the banner message is included before the language tag. SSH Client versions 7.xx and earlier could connect because they ignored the language tag, but SSH Client 8.xx versions would not because they check that the language tag does not exceed an unreasonable length.
  • The SSH Client now allows an exception for this server where the incorrect encoding is ignored. If the server cannot be identified as "Pragma FortressSSH", the language tag length check remains enforced.
  • Command-line clients:
  • Previously, an implied command such as the following:
  • sexec user@host dir /?
  • ... would incorrectly cause command line clients including sftpc, stermc and sexec to display their own help text instead of invoking the remote command as specified. Fixed.
  • Graphical client:
  • The graphical SSH Client now detects and warns about an insecure installation directory in an expanded, more thorough set of circumstances.
  • In version 8.42, the -sendExtInfo=... parameter was added to command line clients. An equivalent setting, Send EXT_INFO, is now also available in the graphical client, on the SSH tab.
  • SFTP:
  • Fixed an issue with auto-completion which could cause the SFTP graphical interface to dead-lock.

New in Bitvise SSH Client 8.42 (May 10, 2020)

  • Installation:
  • The SSH Client no longer supports installation on Windows 10 versions 1507 and 1511. These versions contain a flawed cryptographic implementation which prevents a number of SSH algorithms from working correctly. The lowest Windows 10 version supported is 1607.
  • During an initial, interactive installation; when installing into a non-default directory (e.g. outside of C:Program Files (x86)); the SSH Client installer will attempt to detect if any parent of the installation directory grants insecure permissions for non-administrative users. The installer will display a warning about installing into such insecure directories.
  • When updating an installation in such a directory, the update will succeed, but the graphical SSH Client will display a warning.
  • Graphical client:
  • Some versions of Nvidia Surround modify Windows behavior in a way such that the window manager doesn't respect the SSH Client's fixed window width setting. The graphical SSH Client now works around this issue.
  • In the Host key manager interface, a host key could be incorrectly placed into the wrong recognized vs. unrecognized category if there were keys in both categories. Fixed.
  • Command-line clients:
  • The command-line clients sftpc, sexec, stermc, stnlc and spksc now support the command-line parameter -sendExtInfo=n so that the user can disable sending of the client-side SSH_MSG_EXT_INFO message to a server which advertises support, but does not actually support it.
  • Command-line clients will no longer display unnecessary warnings about failing to load update settings if the SSH Client was installed in an unattended manner and the graphical SSH Client has not yet been run.
  • SSH:
  • In rare circumstances, an SSH session could terminate in such a way that the SSH Client would crash. Fixed.
  • The CrushFTP server, and other servers based on the J2SSH Maverick implementation, may advertise support for SSH_MSG_EXT_INFO (RFC 8308), but have a bug where the server disconnects if the client sends this message. Bitvise SSH Client and FlowSsh now attempt to detect these servers based on their SSH version strings, and disable sending of the client-side SSH_MSG_EXT_INFO if detected.
  • OpenSSH 6.2 and 6.3 can be configured to enable AES GCM, but crash if it is used. Bitvise software versions 8.42 and higher will now disable AES GCM if the remote version string indicates an affected OpenSSH version.
  • SFTP:
  • The SFTP server which identifies itself as "SSH-2.0-SFTP Server" has a flawed SFTP v4+ text mode implementation. The default transfer mode with this server will now be Binary instead of AutoStd.
  • The dialog interface for the Mirror feature could require multiple clicks on the OK button. Fixed.
  • Remote Desktop forwarding:
  • The SSH Client now delays deletion of the Remote Desktop profile that mstsc is launched with. This is intended to improve compatibility with Windows on ARM64.
  • Terminal:
  • The SSH Client's graphical terminal window implementation for classical terminals (xterm and other non-bvterm terminals) now implements improved mouse wheel scrolling, properly accumulating mouse wheel deltas.
  • Some versions of Cmder have an issue which causes the Windows function ScrollConsoleScreenBuffer to fail unexpectedly. The bvterm client now works around this issue.

New in Bitvise SSH Client 8.38 (Feb 15, 2020)

  • The SSH Client now supports machine-wide automatic update settings which can override user-specific settings. The SSH Client installer also supports command line parameters to configure automatic update settings
  • Changes in Bitvise SSH Server's terminal subsystem in versions 8.xx have made the bvterm protocol unreasonably slow with certain console applications. Bitvise SSH Server and SSH Client versions 8.38 implement optimizations in both the server and client to address these issues
  • sftpc: Pressing Esc on an empty line would incorrectly re-issue the last command. Fixed
  • When public key or private key import fails, a more accurate error message will now be displayed in certain cases

New in Bitvise SSH Client 8.37 (Feb 15, 2020)

  • When connecting through a proxy, if the setting Resolve DNS names locally was enabled, the SSH Client would often resolve DNS names remotely (via the proxy) anyway. Fixed.

New in Bitvise SSH Client 8.36 (Feb 15, 2020)

  • When using single-click Remote Desktop forwarding, the SSH Client now runs mstsc.exe using its full system path. Previously, if the SSH Client was run by double-clicking a profile, and there was a copy of mstsc.exe or an impostor executable in the same directory, the potentially unintended executable would be run
  • The SSH Client can now import OpenSSH private keys encrypted using CTR mode algorithms
  • Implemented mitigations for the Minerva attack as discussed in the security notification:
  • On Windows 10, Windows Server 2016 and 2019, the algorithms ECDSA/secp256k1 and ECDH/secp256k1 now use Windows cryptography. As a result, these algorithms are now also available when FIPS mode is enabled in Windows
  • On Windows Vista to 8.1, and Windows Server 2008 to 2012 R2, the algorithms ECDSA/secp256k1 and ECDH/secp256k1 now use OpenSSL instead of Crypto++. As a side effect, use of these algorithms on Windows Vista now requires at least Service Pack 1 (OpenSSL will fail to initialize on Vista without service packs)
  • On Windows XP and Windows Server 2003, our software continues to use Crypto++ for all algorithms, but implements mitigations to make it harder or impossible to observe signature timing remotely. Continuing support for these Windows versions is increasingly impractical for multiple reasons including cryptography. Like Microsoft and other software vendors have done, we will need to stop supporting these platforms eventually, but we still support them right now

New in Bitvise SSH Client 8.35 (Aug 21, 2019)

  • With version 8.17, the profile settings RDP > Authentication > Password and Store encrypted password in profile were changed to take effect the same way as similar settings under Login > Authentication, but their UI layout was not updated. Fixed.

New in Bitvise SSH Client 8.32 (May 7, 2019)

  • Fixed an issue in how command line clients (sftpc, sexec, stermc, stnlc, spksc) were initializing the default key exchange algorithm list. This caused the following issues
  • If the -gkx parameter (or its -sspi alias) was passed to enable GSSAPI (Kerberos) key exchange, the requisite GSS key exchange algorithms had to be additionally enabled via -profile=..., -kexAlgs=... or -kexMod=.... The -gkx and -sspi parameters will now again correctly enable GSS key exchange algorithms as intended.
  • Outdated key exchange algorithms, such as diffie-hellman-group1-sha1, were enabled by default when they should not be. With this change, backward compatibility may be broken for users connecting to servers that require outdated key exchange algorithms. If you are connecting to such a server using one of our command line clients, you will need to enable the outdated algorithm using either -profile=..., specifying a profile where the algorithm is enabled; or via -kexMod=..., as in the following examples
  • sftpc -profile=CPathProfile.tlp ...
  • sftpc user@host -kexMod=diffie-hellman-group1-sha1 ...

New in Bitvise SSH Client 8.31 (Apr 16, 2019)

  • This is not a new feature release, but a successor to 8.29 with continued maintenance updates. We skip versions containing zeros to avoid misunderstandings. For example, 8.03 and 8.30 might both be called "8.3".
  • Fixed a memory safety issue which seems to be hard to trigger, but could have security ramifications.
  • Added error descriptions for Windows error codes related to checking for new versions and downloading updates.

New in Bitvise SSH Client 8.29 (Mar 23, 2019)

  • Fixed an issue in previous 8.xx versions where, if the SSH Client had not been updated to a new version for longer than 42 days, trying to apply an update would fail due to a Windows registry Access denied error.
  • Users experiencing this problem can use one of the following workarounds:
  • Run the SSH Client elevated (right click > Run as administrator) before attempting to update.
  • Download the installer for the latest version from the SSH Client download page and run it manually.

New in Bitvise SSH Client 8.26 (Feb 22, 2019)

  • Fixed issue introduced in version 8.25 where the recent locations drop-down in the graphical SFTP interface would no longer function correctly.
  • Fixed issue introduced in version 8.24 where the SSH Server Remote Control Panel could no longer be launched when connected to SSH Server versions 7.xx and earlier.

New in Bitvise SSH Client 8.25 (Feb 18, 2019)

  • Graphical SFTP:
  • Auto-completion improvements:
  • Regular files are no longer shown for auto completion of directory paths.
  • Tab and Shift+Tab now behave consistently with auto-completion in other apps.
  • File transfer events no longer cancel the auto-completion drop-down.
  • To improve UI responsiveness, directory listings are now performed in a background thread.

New in Bitvise SSH Client 8.23 (Dec 28, 2018)

  • Fixed an issue in previous 8.xx versions which would prevent Bitvise SSH Client and FlowSsh from connecting to a server that supports host key synchronization and employs a key type the client does not support. This affected connections from Windows XP and Windows Server 2003, where our cryptographic provider does not support Ed25519; and use under FIPS mode, where Ed25519 and ECDSA/secp256k1 are not supported.

New in Bitvise SSH Client 8.22 (Dec 23, 2018)

  • A proportion of users are closing the main SSH Client window when connected so that it minimizes into the Windows notification area (the system tray). Users forget about that SSH Client instance and launch new instances for new sessions. Forgotten sessions stay online indefinitely and terminal window settings do not appear to save because the SSH Client is never closed.
  • To fix this, the SSH Client will now restore its main window if it's still hidden in the notification area after closing a related window such as terminal or SFTP. This behavior can be configured with a new setting found under Closing and minimization.
  • Since the changes related to password authentication in 8.17, the graphical client's command line parameter -password=... did not take effect if the SSH Client profile was configured to use password authentication but the checkbox Store encrypted password in profile was disabled. Fixed.
  • sftpc: Updated help text for get and put commands to clarify how the -r and -o parameters control when hash-based synchronization, heuristic resume or overwrite is used.

New in Bitvise SSH Client 8.21 (Dec 19, 2018)

  • The graphical SSH Client's terminal window for xterm (and other non-bvterm terminals) implements a Select mode intended to behave like the Windows console's QuickEdit mode. A difference was catching users off-guard: canceling a mouse text selection with an arbitrary key press would not send the key to the server. For users who began a selection without noticing, it appeared as though the terminal window was eating a key press for no reason. Consistently with the Windows console, the SSH Client will now send key presses that cancel a selection to the server.
  • In previous versions, if the graphical SSH Client failed to load a profile specified on the command line, it would fall back to the last used profile and still act on the -loginOnStartup parameter if also provided. This would result in bewildering behavior. If a profile specified on the command line fails to load, the SSH Client now loads the default profile (stored in the Windows registry) and ignores -loginOnStartup.
  • In previous 8.xx versions, loading an SSH Client profile from a network share would fail when the ZoneId alternative data stream could not be opened. If the ZoneId ADS cannot be opened, a profile will now be loaded as if its origin is the local computer.
  • We have identified niche situations where one-click Remote Desktop forwarding might fail to start when an SSH Client DLL is not found. To resolve this, this version makes changes to how the Remote Desktop client is started.
  • There exist SSH clients which, in violation of RFC 4254, disconnect if a server sends a global request after successful authentication. A server might send a global request for purposes such as host key synchronization or disconnect detection. If the server supports RFC 8308, then to indicate it supports global requests, the SSH Client will include the extension global-requests-ok in its SSH_MSG_EXT_INFO.
  • In previous 8.xx versions, the SSH Client would not import RSA private and public keys larger than 8192 bits. This limit is once again 16384 bits.
  • The SSH Client installer will now offer to wait instead of exiting when another Bitvise installation is already in progress.
  • Slightly improved the user friendliness of the installer and uninstaller for command-line installations.

New in Bitvise SSH Client 8.19 (Nov 19, 2018)

  • In previous 8.xx versions, the icons for the New terminal console, New SFTP window and New Remote Desktop actions were too similar. The SSH Client now sports updated icons that are easier to distinguish.
  • In previous 8.xx versions, when the SSH Client reconnected after losing a connection, it failed to continue ongoing transfers. Fixed.
  • SFTP interface: When connecting to SFTP servers that support synchronization using the SFTP v6 extensions check-file-name, check-file-handle and check-file-blocks, the resume and overwrite modes are now more clearly overridden by synchronize in the SFTP user interface.
  • sftpc: When connecting to SFTP servers that support synchronization, the -r and -o options for get and put commands now both act as aliases for synchronize. Previously, only -o acted as an alias for synchronize, and -r was unavailable.

New in Bitvise SSH Client 8.18 (Nov 7, 2018)

  • In previous 8.xx versions, if the system clock was moved back after a check for updates (in UTC, not time zone specific), an automatic check would be repeated with high frequency. This could consume 80 kbps in bandwidth while the graphical SSH Client was running until the clock caught up. Fixed.
  • In previous 8.xx versions, an automatic check for updates would be performed if the graphical SSH Client was run with -noRegistry. An automatic check is no longer performed in this situation, but can be performed manually.

New in Bitvise SSH Client 8.17 (Nov 6, 2018)

  • In version 8.15, loading a profile which was last saved by a previous version would cause the SSH Client to send an invalid elevation extension value to the server. This caused SSH Server versions 8.xx to disconnect. The SSH Client will now send a valid elevation extension value in this circumstance.
  • The Remote Desktop forwarding feature Use SSH login credentials would previously work only if the password authentication method was used for client authentication, but it did not work for password authentication over keyboard-interactive. This will now also work with password over keyboard-interactive.
  • In the graphical SSH Client, on the Login tab, setting Initial method to password could result in unintuitive behavior. Password change was not easily discoverable, and setting Initial method to password without entering a password caused the SSH Client to send an empty password at start of connection, incurring an authentication penalty.
  • This has been redesigned so that Initial method can be set to password without entering a password. In this case, a password dialog will dependably appear when connecting. As part of this change, it is no longer possible to enter a password on the Login tab without enabling Store encrypted password in profile.
  • In version 8.15, in command line clients, the -keypairFile parameter did not override a public key configured as an initial authentication method in a profile specified using -profile. The -keypairFile parameter will now once again override any public key configured in the profile.

New in Bitvise SSH Client 8.15 (Oct 30, 2018)

  • Highlights:
  • The SSH Client now supports automatic updates. An administrator can configure the SSH Client to automatically apply all updates; only recommended updates; only strongly recommended updates; to apply updates only manually; or to never check for updates.
  • Currently, the SSH Client does not install an update service. It needs to be started from time to time by an administrative user in order to apply updates.
  • The graphical SSH Client and sftpc now support recursive directory mirroring. A directory and all of its subdirectories and files can be synchronized either in the upload or download direction. The SSH Client can synchronize updated files and detect and automatically remove files and directories from the target location that are not present in the source.
  • The graphical SSH Client and sftpc can now display hashes (cryptographic digests) of local and remote files if the server supports the SFTP v6 check-file extension.
  • Bitvise SSH Client and SSH Server now implement automatic host key rotation. The SSH Client will synchronize keys from the SSH Server and any other servers that support the OpenSSH mechanism "hostkey update and rotation". The SSH Server will announce to clients all configured host keys, including those not employed, to facilitate host key rotation. The SSH Client will automatically trust new keys announced by a trusted server and remove any keys the server has removed, as long as they were added automatically.
  • The SSH Client now supports high resolutions and will display crisp text on high-DPI displays such as retina or 4K. The SSH Client now comes with new, higher resolution icons.
  • SSH Client profiles downloaded from the internet will now be considered unsafe. If a profile is marked by a browser using which it was downloaded as originating from an unsafe zone, the SSH Client will now load safe parts only. When loading a profile interactively in the graphical SSH Client, a prompt will be displayed, allowing the user to mark the profile as safe. If the user confirms, the profile can be fully loaded.
  • Cryptography:
  • Bitvise SSH Server, SSH Client and FlowSsh once again support non-standard DSA keys larger than 1024 bits. We do not recommend using these keys, and new keys of this type cannot be generated. Also, these keys cannot be used when FIPS mode cryptography is enabled in Windows. Re-adding support for these keys is intended to resolve an obstacle that may still be preventing some users of 6.xx versions from upgrading.
  • When using Windows cryptography, Bitvise SSH Server, SSH Client and FlowSsh now implement a backup strategy for DH and ECDH key exchange. Windows implements key exchange, but it does not expose the agreed value in a form suitable for SSH. Bitvise software must retrieve the value by carefully traversing undocumented Windows structures. In versions 7.xx, this required our software to be upgraded to continue working after the Windows 10 1803 update. Our software will now log a warning and fall back to Crypto++ if it cannot perform key exchange because Windows internal structures have changed. However: if FIPS mode is enabled in Windows, this backup strategy is not used, and the software must be updated.
  • When importing keys, such as from files, the stage at which an import failed is now described in more detail.
  • SSH session:
  • Bitvise SSH Server and Client now support the elevation extension. In previous versions, if a Windows account with administrative rights connected to the SSH Server, the server would always elevate the session if possible. Otherwise, the user would not be able to get an elevated session because there was no way to convey the user's preference. With the elevation extension, the user can request a non-administrative security context by requesting no elevation (elevation is still applied by default). In command line clients including stermc, sexec and sftpc, this is controlled using the switch -elevation=n.
  • Bitvise SSH Server and Client now support the no-flow-control extension. This disables SSH flow control for clients that only support opening one channel. No flow control is now preferred by sftpc, stermc, sexec and spksc, which only need to open one channel in the SSH session. The graphical SSH Client does not support no-flow-control because it requires multiple channels.
  • Bitvise SSH Server and Client now support the ext-auth-info extension. This allows the server to respond to user authentication failures with more detailed information in situations where this is safe. For example, if the client attempts to perform a password change but the new password does not meet complexity requirements, the server can communicate this instead of making the user guess.
  • Bitvise SSH Server and Client now support the delay-compression extension. Delayed compression reduces attack surface for unauthenticated clients by delaying availability of compression until after a user is authenticated. The delay-compression extension is an improvement over previously supported alternatives: the [email protected] method contains a by-design race condition, while the approach of invoking a second key exchange doubles the overhead of establishing an SSH session.
  • Terminal:
  • Settings for the graphical xterm/vt100 terminal console window (totermw) are now stored in the SSH Client profile instead of in the Windows registry.
  • SFTP:
  • In the graphical SFTP interface, the Open and Edit commands will now be much more responsive if a transfer is already in progress. The in-progress transfer will be paused and the file associated with the Open or Edit command will be transferred as a priority.
  • Both the graphical SFTP interface and sftpc can now work with local paths longer than 259 characters, as well as unsafe paths not permitted by Windows in some contexts (e.g. "C:Com1file").
  • A new file transfer mode, TextLf, is now supported. This works the same as AutoLf, but forces newline conversions without relying on file type detection.
  • Tunneling:
  • The SSH Client now displays the country (if available) of remote IP addresses. The SSH Client uses the MaxMind GeoLite2 Country database (under license). The country database comes with the SSH Client installation and is not automatically updated, other than by updating the SSH Client itself.
  • Command line clients:
  • It is now easier to connect to SSH servers that accept connections on non-default ports. If no port is specified on the command line, but the SSH Client knows a host key for the destination server, the SSH Client will automatically connect to the port associated with the server in the host key database. If there are multiple port associations, however, the port still needs to be specified, unless one of them is 22.
  • It is now easier to enable and disable individual algorithms with our command-line clients. Previously, to use non-default algorithms, either a -profile needed to be used, or a complete algorithm list had to be supplied using -hkey, -kex, -encr or -mac. It is now still possible to pass a whole list using the same parameters, or using their new aliases -hkeyAlgs, -kexAlgs, -encrAlgs or -macAlgs. In addition, it is possible to modify the default algorithm lists using -hkeyMod, -kexMod, -encrMod or -macMod. When using the "Mod" versions, provide a comma-separated list of algorithm names with optional prefixes. Names prefixed with "+" are added to the front of the list; names without a prefix are appended to the end; and names prefixed with "!" are removed. Example: -encrMod=+aes256-gcm,!3des-ctr
  • Utilities:
  • The log utility now supports filesystem paths in Unicode.

New in Bitvise SSH Client 7.46 (Oct 15, 2018)

  • After the SSH session has been terminated by receiving EOF or sending SSH_MSG_DISCONNECT, FlowSsh will now discard any further outgoing SSH packets. This helps avoid a stall in processing and further improves the odds that all previously received data will be processed.
  • File transfer: Fixed an issue where, if the connection was lost during a download while synchronization was being performed, the local file size would be reset to zero.
  • stermc: Improved handling of default colors configured in -profile or using the -colors parameter when using non-bvterm terminals such as xterm or vt100. The screen is now cleared using the configured colors.

New in Bitvise SSH Client 7.45 (Aug 12, 2018)

  • Bitvise SSH Server, SSH Client, and FlowSsh previously did not implement strict size limits or sanitization of content before displaying or logging strings received from a remote party. Much stricter size limits and sanitization are now implemented.
  • Bitvise SSH Server, SSH Client, and FlowSsh now report the size of the Diffie Hellman group actually used in DH key exchange. This is useful with key exchange methods that use DH group exchange, where there was previously no straightforward way to know what size group was used.
  • Importing an empty public key file would cause the SSH Client's Host key manager to hang indefinitely. Fixed.
  • When loading an SSH Client profile, the SSH Client's Remote Desktop tab failed to update the Remote Desktop width and/or height if the new value was 0 (the default value). Fixed.

New in Bitvise SSH Client 7.44 (Jul 2, 2018)

  • Cryptography: Implemented support for changes in Windows internal cryptographic structures in Windows Insider Preview Build 17704. This build was released to Windows Insiders in the Fast ring on June 27, 2018.
  • Users who need to use earlier versions of our software on new Windows builds that change internal structures can work around compatibility issues by using the following key exchange algorithms: Curve25519, ECDH over nistp256k1. These key exchange methods do not rely on Windows cryptography; however, our software does not provide them if FIPS mode is enabled in Windows. Other key exchange methods require upgrading our software to a version that supports the new Windows build.

New in Bitvise SSH Client 7.43 (Jun 20, 2018)

  • File transfer:
  • Fixed issues in past Bitvise software versions that resulted in incorrect file times when using subsecond times with SFTP protocol versions 4 and 6. This would result in incorrect last modified times after a file transfer which affected, on average, about one in several hundred files. Affected files would receive a last modified timestamp incorrect by up to 7+ minutes.
  • Authentication:
  • Fixed issues in password change dialog behavior if the original password was modified.
  • Installation:
  • Updated installer and uninstaller manifests to reduce the likelihood that Windows will incorrectly run the Program Compatibility Assistant during or after installation. This mainly affects older Windows versions such as Windows 7.

New in Bitvise SSH Client 7.42 (May 11, 2018)

  • The End User License Agreement has been updated to try to bring it closer to the requirements of states and their contractors. Terms are otherwise unchanged. Situations in which licenses can be transferred are now laid out so that no permission will be needed in most cases.
  • The SSH Client now includes a new build of the SSH Server Remote Control Panel (WRC) for use with SSH Server versions 7.21 and above. The new build incorporates improvements to the SSH Server Control Panel since version 7.26.
  • The SSH Client continues to include older versions of the Remote Control Panel for use with older SSH Server versions. Those remain unchanged.
  • The graphical SSH Client will no longer mark a profile as changed when a password is changed, but the password is not configured to be saved in the profile.

New in Bitvise SSH Client 7.41 (Apr 30, 2018)

  • This is not a new feature release, but a successor to 7.39 with continued maintenance updates. (We skip over versions containing zeros to avoid ambiguities. For example, 7.04 and 7.40 might both be referred to as "7.4".)
  • This version continues an upgrade amnesty. Any Bitvise SSH Client activation code that could activate a previous 7.xx version will also activate this version.
  • SSH:
  • Fixed an issue in zlib compression provided by the Crypto++ library. There existed a race condition which could cause data to be decompressed incorrectly in specific circumstances. (The circumstances required for this to happen do not appear to exist in the graphical Bitvise SSH Client or its command line clients.)
  • Fixed a denial of service attack vector. This remains to be described in more detail.
  • File transfer:
  • When performing unattended file transfers, the command line client sftpc would previously send a fire-and-forget SSH_FXP_CLOSE message followed by immediately closing the SFTP channel and the SSH session. Depending on circumstances such as network latency, Bitvise SSH Server versions up to and including 7.39 could fail to process the SSH_FXP_CLOSE request and incorrectly log that the final transfer may not have completed as intended. This has been fixed in the SSH Server with version 7.41. But also, sftpc will no longer send a fire-and-forget SSH_FXP_CLOSE before exiting.
  • In the SFTP interface of the graphical SSH Client, in the Move to... dialog, removed a limit that incorrectly prevented entering more than a fixed number of characters. This prevented use of the Move to feature with long paths and file names.

New in Bitvise SSH Client 7.39 (Jan 21, 2018)

  • SFTP: In past 7.xx versions, Bitvise SSH Client and FlowSsh would perform a Resume check regardless of the type of server if Overwrite was enabled for upload. We suspect this could cause creation of an empty file with the same name on servers that support creation of multiple files with the same name.
  • The Resume check will no longer be performed when connected to a server that does not support SFTP v6 check-file and check-file-blocks extensions. With a server that supports these extensions, the Resume check will continue to be performed for Overwrite, since in this case Resume and Overwrite are the same operation.

New in Bitvise SSH Client 7.36 (Nov 28, 2017)

  • Development, licensing, and US export control:
  • This is the first version of Bitvise SSH Server, SSH Client, and FlowSsh published from the United States.
  • All assets, operations, relationships, and agreements related to Bitvise software development and licensing; including license agreements for use of Bitvise software by users; have been transferred from Bitvise Limited incorporated in Gibraltar, to Bitvise Limited now incorporated in Texas.
  • Final builds are now performed in Texas. Our software development continues in Slovenia, Germany, and Hungary, and may include developers elsewhere in the future.
  • This move is an administrative change. Our development, ownership, pricing, support, terms and policies and relationship to customers generally remain the same.
  • For the purpose of export from the United States, our SSH Server, SSH Client and FlowSsh are self-classified as Mass-Market products using the ECCN 5D992, with the encryption authorization type identifier MMKT. These denote eligibility under License Exception ENC § 740.17(b)(1) of the Export Administration Regulations (EAR).
  • Bitvise SSH Server, SSH Client, and FlowSsh now come with new license agreements. Users must review the new EULAs, even though the terms remain substantially the same. We apologize for this inconvenience, and have attempted to draft the agreements in a way that this might not be necessary very often.
  • SSH:
  • Windows 10 version 1709, OS build 17046.1000, changed internal Windows structures in a way that prevented Bitvise SSH Server, SSH Client, and FlowSsh from obtaining the agreed value in DH or ECDH key exchange. This prevented successful SSH connections using this new Windows build. Fixed.
  • There exist SSH implementations based on WeOnlyDo, e.g. freeSSHd, which might not send failure description and language tag fields when sending an SSH_MSG_CHANNEL_OPEN_FAILURE message. Bitvise SSH Server, SSH Client and FlowSsh will now behave as though these fields were sent as empty strings, instead of disconnecting due to an unexpected packet format.
  • sexec:
  • Now supports the command line parameter -git, which is shorthand for the new parameters -cmdQuoted and -exitZero. This allows sexec to be more easily configured for use with Git.
  • Now supports the command line parameter -cmdQuoted. This can be used when the remote command to execute is provided outside of the -cmd=... parameter, but is enclosed in single or double quotes.
  • Now supports the command line parameter -exitZero. If the remote command executes and returns exit code 0, this will cause sexec to return exit code 0 as well.
  • Now supports the command line parameter -p <portNr>. This can be used to specify the port number instead of -port=<portNr>.
  • Fixed an issue which would cause sexec to interpret as its own parameter a port number passed as part of the remote command to be executed. This could cause sexec to fail, or to connect to the SSH server on an unintended port.

New in Bitvise SSH Client 7.35 (Sep 17, 2017)

  • SFTP GUI:
  • Fixed an issue which would cause a crash when all files are removed from the download or upload queue.
  • Fixed visual artifacts that would arise while resizing in the SFTP Download or Upload window.
  • SFTP compatibility:
  • We have identified two compatibility issues in current and past versions of mod_sftp for ProFTPD:
  • When using SFTP versions 4-6, when a client requests attributes not supported by mod_sftp, the server returns an incorrectly encoded response. With past Bitvise SSH Client and FlowSsh versions, this would result in a disconnect.
  • When using SFTP version 6, mod_sftp indicates support for the check-file extensions, but disconnects if the client requests the server to hash a larger file block by block. This prevents Bitvise SSH Client and FlowSsh from performing hash-based synchronization of file content, which would normally be used instead of Resume or Overwrite if check-file extensions can be used.
  • We expect these issues to be resolved in future mod_sftp versions. However, mod_sftp now comes configured by default to not send its version in the SSH version string. A client therefore cannot distinguish between a newer version that will contain these fixes, and an older version which does not.
  • At this time, Bitvise SSH Client and FlowSsh will avoid the known compatibility issues by restricting SFTP protocol version to 3 when mod_sftp is detected. We would like to lift this restriction in the future if there arises a way to detect the mod_sftp version early enough.
  • We have identifed a compatibility issue with Van Dyke VShell:
  • When using SFTP version 6, the VShell server indicates support for the check-file extensions, but does not support block-by-block hashing. This prevents Bitvise SSH Client and FlowSsh from performing hash-based synchronization of file content, which would normally be used instead of Resume or Overwrite if check-file extensions can be used.
  • At this time, hash-based synchronization will be avoided when connecting to VShell, and Resume and Overwrite will be used instead.
  • If VShell chooses to implement support for block-by-block hashing, Bitvise SSH Client and FlowSsh will once more use this functionality if the server advertises the extension name check-file-blocks in its supported2 packet.
  • Bitvise SSH Client and FlowSsh will now recognize the check-file extension indicator in the supported2 packet as required by the SFTP extensions draft, in addition to check-file-name and check-file-handle.
  • Bitvise SSH Client and FlowSsh will now recognize a check-file-blocks extension sent by servers. We suggest that future SFTP server implementations advertise support for check-file-blocks if all of the following are true:
  • The server supports block-by-block file hashing.
  • Any reasonable block size requested by the client is supported.
  • A file can be hashed block-by-block starting from an arbitrary offset.
  • Fixed an issue which would cause available public keys to be displayed incorrectly on the Login tab, under Authentication, after a profile was closed.
  • Fixed issues involving the launch shortcut icons on the left side of the main SSH Client window. One issue would cause the SSH Client to crash if an icon was dragged out of the shortcut bar in the up direction.

New in Bitvise SSH Client 7.34 (Aug 2, 2017)

  • This version fixes a memory leak introduced in version 7.31.

New in Bitvise SSH Client 7.31 (May 4, 2017)

  • This is not a new feature release, but a successor to 7.29 with continued maintenance updates. (We skip over versions containing zeros to avoid ambiguities. For example, 7.03 and 7.30 might both be referred to as "7.3".)
  • Small changes in key places improve CPU efficiency on the order of 30% (impact may depend on the system). This improves transfer speeds where CPU is the bottleneck – or maintaining same performance, allows for a greater number of simultaneous connections. Users who were previously maxing out a single core and seeing transfer speeds of e.g. 150 MB/s, may now see e.g. 200 MB/s.
  • Fixed VT-100 keyboard mappings. Function keys will now be sent correctly over VT-100 and xterm when VT-100 mode is enabled. Adapted navigation keys for VT-100, including: Insert, Delete, Home, End, Page Up, and Page Down.
  • Removed unnecessary input length limitations in user authentication input boxes by permitting scrolling. This should allow the use of long YubiKey two-factor authentication strings using the method keyboard-interactive.
  • Diffie-Hellman key exchange algorithms that use group exchange are once again deprioritized, regardless of which cryptographic provider is in use. This means other key exchange algorithms will again be preferred. In version 7.21, we stopped deprioritizing these algorithms because our Windows CNG cryptographic provider can handle dynamic DH group parameters generated by servers like OpenSSH. However, there remain older servers, such as SunSSH, which generate DH groups which are not acceptable to any of our cryptographic providers.

New in Bitvise SSH Client 7.29 (Apr 2, 2017)

  • Fixed a rarely occurring race condition which could cause the SSH Client to terminate when closing an SFTP channel.

New in Bitvise SSH Client 7.27 (Feb 22, 2017)

  • Implemented changes to reduce the incidence of MSI error 1638 during installation of the FlowSshNet component
  • Fixed positioning of the right-click menu for the SSH Client system tray icon on systems with larger than normal (more than 100%) display DPI settings

New in Bitvise SSH Client 7.26 (Feb 7, 2017)

  • Incorporates an update to the Bitvise SSH Server Remote Control Panel for SSH Server versions 7.21+. The update fixes an issue introduced with version 7.21, where exporting a single server host keypair in Bitvise format, using the "Manage host keys" interface in the SSH Server Control Panel, would result in a corrupted file. (Multiple key export worked fine.)

New in Bitvise SSH Client 7.24 (Jan 15, 2017)

  • When the uninstaller detects that a file is still in use, it can now display the names of applications keeping the file open. (Requires Windows Vista or later.)
  • SFTP compatibility improvements for older versions of Cerberus FTP Server:
  • When downloading a textual file using the file transfer mode Auto Std, the SSH Client will now close the file before reopening it in text mode. This is to avoid issues with servers that do not properly handle two open handles to the same file simultaneously.
  • The default file transfer mode when connecting to Cerberus FTP Server is now Binary.

New in Bitvise SSH Client 7.22 (Jan 3, 2017)

  • Includes an update to the Bitvise SSH Server Remote Control Panel for SSH Server versions 7.21+ included with the SSH Client.

New in Bitvise SSH Client 7.21 (Dec 31, 2016)

  • Cryptography:
  • On Windows Vista, Windows Server 2008, and newer, our SSH Server, SSH Client, and FlowSsh now support server and client public key authentication using Ed25519, and ECDH key exchange using Curve25519. These algorithms are not available when Windows is running in FIPS mode.
  • We have updated support for OpenSSH private keys, so that our software is now able to import and export them in their new format as introduced by OpenSSH in December 2013.
  • Our SSH Server, SSH Client, and FlowSsh now support Diffie Hellman key exchange with 3072-bit and 4096-bit fixed groups, using SHA-512 as the exchange hash; and with the 2048-bit fixed group using SHA-256 as the exchange hash.
  • On Windows Vista, Windows Server 2008, and newer, our SSH Client and FlowSsh no longer deprioritize key exchange methods that use DH group exchange. On Windows XP and Windows Server 2003, the group exchange methods are still deprioritized by default, because ephemeral DH groups generated by most SSH servers do not pass validation by the Crypto++ cryptographic module we use on these older platforms.
  • All current and past versions of Bitvise SSH Client support GSSAPI (SSPI) key exchange methods when Kerberos is available. In previous versions, these key exchange methods were enabled all at once by either selecting SSPI/Kerberos 5 key exchange in the graphical SSH Client; or by passing -sspi to command line clients. Now, the GSSAPI key exchange methods can be enabled and disabled individually on the SSH tab of the graphical SSH Client; or using the -kex=... parameter to command line clients.
  • Most references to "SSPI/Kerberos 5 key exchange" have been renamed to "GSS/Kerberos key exchange". In command line clients, the parameters -sspi and -sspiDlg have been renamed -gkx and -gkxDlg. The previous parameter names continue to be supported as aliases.
  • Password and keyboard-interactive:
  • The graphical SSH Client and command line clients now support a new combined initial authentication method: publickey+kbdi. This is intended for easier authentication with servers that require both public key and keyboard-interactive authentication.
  • The graphical SSH Client and command line clients now also support a separate password/kbdi authentication method (-pwKbdi). This can be used to instruct the client to send the password outright over keyboard-interactive, without trying password.
  • For consistency with the password authentication method, the initial authentication method publickey+password can now also send the password via keyboard-interactive if the password method fails.
  • Authentication methods password and publickey+password now support an explicit setting Enable password over kbdi fallback. This is enabled by default, but can be disabled to prevent the SSH Client sending the password over keyboard-interactive if the password method fails.
  • Graphical SFTP:
  • A Create link... feature is now available through the context menu on the Local files and Remote files panes.
  • sftpc:
  • A number of commands now support new switches -lit and -wild to force either a literal interpretation, or a wildcard interpretation, of a remote path. Commands that currently support this are: get, dir, move, copy, del, chmod, chown, and chgrp.
  • Port forwarding and FTP Bridge:
  • Both the graphical SSH Client and stnlc will now automatically retry failed attempts to establish dynamic proxy forwarding; client-to-server or server-to-client port forwarding rules; or to open an FTP bridge.
  • In the graphical SSH Client, fixed an issue which would cause the Apply link to not show after some types of changes on the Services, C2S, and S2C tabs.
  • In stnlc, fixed an issue which would cause the command-line client to not disconnect as intended if a client-to-server or server-to-client port forwarding rule configured on the command line could not be established.
  • Listening sockets created by the SSH Client, such as for client-to-server port forwarding, now use a larger backlog value to reduce the likelihood of connections being refused.
  • General:
  • In the graphical SSH Client, the setting Sensitive information accessibility is now on the Options tab.
  • Improved detection and reporting of incorrect obfuscation settings.
  • When upgrading, the uninstaller will now automatically retry moving files that are still in use for a brief period before prompting.

New in Bitvise SSH Client 7.15 (Sep 5, 2016)

  • Updated EULA to make more explicit our licensing and support policies. The policies themselves remain unchanged.
  • In command line clients (sftpc, stermc, sexec, stnlc, spksc), the parameter -proxyPassword had no effect. Fixed.

New in Bitvise SSH Client 7.14 (Aug 4, 2016)

  • SSH implementations have a chance of generating RSA signatures slightly smaller than expected with a small probability (e.g. 1:200). Windows CNG has been found to not validate such signatures as presented. With our software versions 7.12, this has resulted in occasional connection or login attempt failures. Our SSH Server, SSH Client, and FlowSsh now re-encode RSA signatures, so that smaller-than-expected ones can verify correctly.
  • Windows CNG, as used by our new cryptographic provider in versions 7.xx, has been found to return an incorrect signature size for odd-sized RSA keys (e.g. for 1023-bit or 2047-bit keys). Most SSH implementations do not generate odd-sized RSA keys, but there are old versions of PuTTY which do (e.g. version 0.62). Our SSH Server, SSH Client, and FlowSsh now take steps to support generating and validating signatures using such keys.
  • Certain implementations (e.g. OpenSSH version 7.2, but not 7.2p2) have been found to encode RSA signatures using the new signature methods rsa-sha2-256 and rsa-sha2-512 in a way that is not compatible with the specification of these methods. For compatibility, our SSH Server, SSH Client, and FlowSsh will now accept these alternate signature encodings.
  • Our SSH Server, SSH Client, and FlowSsh now have improved Windows error reporting, distinguishing NTSTATUS error messages from those associated with HRESULT.

New in Bitvise SSH Client 7.12 (Jul 4, 2016)

  • Cryptography
  • On Windows Vista, Windows Server 2008, and newer, our software now uses a new cryptographic provider, CiWinCng, which uses built-in Windows cryptography. This provider adheres to FIPS 140-2 requirements as long as FIPS mode is enabled in Windows security policy. In FIPS mode, ECDSA and ECDH are supported with curves nistp256, nistp384 and nistp521, but not with curve secp256k1 because this curve is not implemented in Windows. When FIPS mode is disabled in Windows, the curve secp256k1 remains available (implemented using Crypto++)
  • On Windows XP and Windows Server 2003, our software continues to use our previous cryptographic provider, which uses the Crypto++ 5.3.0 DLL. This DLL was FIPS-certified, but its certificate has been moved to the historical list due to changed random number generator requirements since January 1, 2016
  • DSA keys larger than 1024 bits are no longer supported. The implementation of these keys in Bitvise software pre-dated the NIST standard for large DSA keys, and was incompatible both with the NIST standard and other implementations that might have used large DSA keys. In general, support for the DSA algorithm is being deprecated by SSH implementations. For interoperability with older SSH installations, we continue to support 1024-bit DSA keys, but we recommend migrating either to 3072-bit RSA, or ECDSA
  • When using the new CiWinCng cryptographic provider - default on all recent Windows versions - the encryption/integrity algorithms aes256-gcm and aes128-gcm are now supported. Our implementation is interoperable with the OpenSSH implementation of these algorithms
  • New RSA signature algorithms rsa-sha2-256 and rsa-sha2-512 are now supported for host authentication
  • The EXT_INFO extension negotiation mechanism is now supported, allowing for the use of new RSA signature algorithms rsa-sha2-256 and rsa-sha2-512 for client authentication
  • SSH:
  • When connecting to an SSH server for which some host keys are already known (as full host keys - not fingerprints), the preference list of host key algorithms will now be reordered to favor algorithms for which host keys are known. Previously, if an SSH server added a new host key using an algorithm preferred by the client over an algorithm of a previous host key already trusted by the client, the new host key would have to be manually verified for the very next connection, or else the connection would fail.
  • In previous versions, the SSH Client would trim whitespace in a user authentication banner received from the server. This would affect formatting, so the trimming is no longer performed.
  • When authenticating using a passphrase-protected keypair, entering the passphrase in the authentication dialog had no effect if the key had not yet been accepted. Fixed.
  • The Client key manager will now automatically load public keys configured for the user on the SSH Server if opened during a connected session. This feature is available if the SSH server supports the SSH Public Key Subsystem.
  • The SSH Public Key Subsystem channel will now be closed after the Client key manager window is closed. This avoids a spurious "session is still active" dialog that would previously appear if the user's public keys configured on the server were queried or set during the session.
  • SFTP:
  • A Create file feature can now be used to create an empty remote file, which can then be edited using the Edit feature.
  • When the server supports file hashing in SFTP version 6, files that already exist on both sides will now be transferred with greater efficiency, and ensuring greater correctness, by comparing hashes of the portion of the file that already exists on both sides, and transferring only the parts determined to be different. This transfer mode overrides the normal Overwrite and Resume modes that are otherwise available with servers that do not support file hashing.
  • The Local and Remote panes in the graphical SFTP client now support a filter to display only files with names matching a provided pattern.
  • The SSH Client now supports viewing and changing Windows attributes of remote files, if this is supported by the server.
  • It is now possible to configure custom POSIX permissions for uploaded files. This is configured in the graphical SSH Client in the main window on the SFTP tab, and supported in the sftpc command line client using the -m=mode and -dm=mode parameters to the put command.
  • Copy-and-pasting files in the same directory will now duplicate the files.
  • There is now a Move to... feature in the Remote pane menu and the right-click context menu for remote files, allowing remote files to be moved using the graphical SFTP client.
  • It is now possible to switch between SFTP tabs using Ctrl + PgUp/PgDn and Ctrl + Tab / Ctrl + Shift + Tab.
  • Key combinations Alt + Left and Alt + Right can now be used as shortcuts for Forward and Backward.
  • An error message is now displayed if upload fails after a remote file that's being edited is saved.
  • Due to an implementation mistake that OpenSSH opted to preserve, the target and link path parameters are swapped by OpenSSH and related servers in SymLink and Link SFTP requests. The SSH Client now swaps these parameters when connected to OpenSSH or ProFTPD.
  • Implemented several compatibility workarounds to improve compatibility with Wing FTP Server.
  • Addressed issue with navigating to the user's local home directory.
  • sftpc:
  • An attrib command is now supported to query and set Windows attributes of remote files, if supported by the SFTP server.
  • The put command now supports parameters -m=mode and -dm=mode to control the POSIX permissions of uploaded files and directories.
  • The put and get commands now support the parameter -noTime to disable synchronizing file modification times.
  • Creation of hard links is now supported when using SFTP version 6, or using the [email protected] extension.
  • Implemented new values for the -progress=... parameter, and improved the progress type used by default when output is redirected to a file.
  • Implemented improvements for when paths and filenames contain wildcard characters (* or ?).
  • The message "Listing remote directory" will no longer be displayed by chown, chmod and del commands, or when performing put/get with wildcards.
  • Terminal:
  • A variety of copy and paste hotkey combinations can now be individually enabled and disabled using the Properties menu in the graphical Client's terminal window.
  • A Select All feature is now available in the graphical Client's terminal window, allowing the entire screen buffer to be selected (e.g. to copy).
  • The SSH Client's terminal windows now support alternative Shift + function key combinations. This is enabled in the graphical Client using the profile setting Alt. Shift+Fn on the Terminal tab, and in stermc using the -altShiftFunc parameter. When enabled, this will cause the xterm protocol to send Shift + function key combinations compatible with PuTTY. Note that, in this mode, the escape sequences for Shift + F1/F2 and Shift + F11/F12 are the same as for plain F11/F12.
  • In xterm, key combinations of Alt, Shift, Ctrl (in any combination) + F1-F4 are now sent using the same escape sequences as on Linux. For compatibility with older Bitvise SSH Server versions, previous sequences continue to be sent when connected to Bitvise SSH Server.
  • The default terminal window size is now 100 columns by 35 rows, with 1,000 history lines. The previous default was 80 x 25 with 300 history lines.
  • Fixed an issue which could cause the graphical Client's terminal window to crash after screen buffer resize.
  • Port forwarding:
  • For server-to-client port forwarding rules, the listening interface is now free-form, allowing it to be used with e.g. DNS names or Unix sockets.
  • When a server-to-client port forwarded connection is received from the server, and the reported listening interface is not recognized, the SSH Client will now attempt to match the connection based on port number only. The forwarded connection will still be refused if there are multiple possible port-based matches, and no match for the listening interface.
  • Fixed an issue which caused the SSH Client to not properly remove C2S and S2C port forwarding rules where the listening port was set to 0.
  • In the stnlc command line client, the commands "c2s list" and "s2c list" were incorrectly showing the listening port as the destination port. Fixed.
  • General:
  • It is now possible to create or reset a profile with a blank default state using the New profile or Reset profile button.
  • SSH Client profiles may contain sensitive information such as a password with which to authenticate to the server, or client authentication keypairs. In previous versions, such information was stored encrypted with a static key that could be decrypted on any computer. It is now possible to save SSH Client profiles in a way such that any passwords or keypairs can be decrypted only on the current computer, or only by the current user. This setting only affects sensitive fields; the rest of the profile will still load on another computer.
  • The command line clients sftpc, stermc and sexec will now tolerate a server disconnect if it occurs after the client has closed the session channel. In previous versions, a disconnect would cause an error message and a non-zero exit code even if it occurred at this late point.
  • The most useful information now appears at the beginning of window titles for terminal, SFTP, and the main SSH Client window. This makes it easier to distinguish connections to multiple servers.
  • The Client key manager can now import multiple keypairs at once in the Bitvise format.
  • Versions 6.4x targeted the SSE2 instruction set, which caused them to not run on old computers lacking support for SSE2. Versions 7.xx now target the SSE instruction set, which allows for compatibility with old CPUs, at the cost of a small performance penalty - in our measurements, between 0 and 0.5%.

New in Bitvise SSH Client 6.47 (Apr 6, 2016)

  • Bitvise SSH Client can now be used free of charge in all environments. There are no limits on free use in enterprises, businesses, or governments.
  • Fixed an issue which could cause the SSH Client to crash under rare conditions.
  • Fixed a small memory leak which could become visible after long periods of use, e.g. if an SSH session remained active for several months.

New in Bitvise SSH Client 6.46 (Jan 26, 2016)

  • Fixed an issue in the command line SFTP client, sftpc; and in the .NET SSH and SFTP library, FlowSshNet; which could cause the process to become unstable and to terminate abruptly on creation of an SFTP channel. The issue appears to have existed in all previous 6.xx versions, but became more visible in FlowSsh 5.37. The graphical SFTP client is not affected. This version continues to include an upgrade amnesty, so that users of previous 6.xx versions can upgrade.

New in Bitvise SSH Client 6.45 (Nov 23, 2015)

  • Terminal: In the November update to Windows 10, automatic line re-wrap during window resizing has been enabled in the Windows console by default. This interacts poorly with SSH, where re-wrap causes loss of synchronization between the client and server. The graphical SSH client now disables console line wrap when bvterm is started from the graphical SSH Client. Unfortunately, it is not possible to disable this in an existing console session when using stermc.
  • Fixed an issue in Client key manager which failed to update its list if the slot was changed for a key stored in profile.
  • Implemented a workaround for an issue in Windows which prevented the graphical SSH Client in versions 6.4x from running on Windows XP and Windows Server 2003 unless a Windows hotfix was applied.
  • The FlowSshNet DLLs now correctly target .NET Framework 4.0, instead of 4.5.2.
  • SFTP GUI:
  • Overall transfer estimates are now available when file transfer is initiated using drag-and-drop, or via clipboard.
  • File selection in the local pane will no longer be reset due to icons loading in the background.
  • Improved performance of Select All (Ctrl+A) in Local and Remote view, and in Download and Upload tabs.

New in Bitvise SSH Client 6.44 (Nov 10, 2015)

  • Proxy settings: Fixed a bug which prevented per-profile proxy settings from functioning reliably.
  • SFTP GUI: File selection in the local pane should no longer be reset due to icons loading in the background.
  • stnlc: When in an interactive prompt, failure to add a client-to-server or server-to-client port forwarding rule would incorrectly disconnect the session "on user's request". Fixed.

New in Bitvise SSH Client 6.43 (Oct 30, 2015)

  • Improved uninstallation to reduce the likelihood that Windows might need to be restarted to complete a reinstallation or upgrade. If a restart would be required, the user can now choose to abort reinstallation.
  • In the graphical SFTP interface, file icons are now loaded asynchronously, to avoid the interface blocking due to lengthy antivirus scans.
  • Fixed an issue that prevented X11 forwarding from working properly in terminal windows other than the first one. This issue was introduced with 6.xx versions.
  • The GSSAPI DH key exchange method with group exchange is now also de-prioritized when connecting to non-Bitvise servers, along with other methods that use group exchange. (Non-Bitvise servers tend to generate DH parameters that are incompatible with the FIPS cryptographic provider used by FlowSsh; this results in key exchange failures.)
  • Terminal:
  • The RIS and DECST instructions to reset terminal and screen buffer are now supported in conjunction with xterm. This allows the Linux reset command to be used to fully reset the terminal.
  • A copy and paste notification is now displayed also when Shift+Insert is used to paste.
  • FTP Bridge:
  • Fixed an issue which caused the SSH Client main window to freeze if an FTP client was not disconnecting the control connection.
  • Added IPv6 support to the FTP Bridge, implementing support for EPSV and EPRT commands.

New in Bitvise SSH Client 6.41 (Aug 31, 2015)

  • Installation and upgrade:
  • This is the first version tested on Windows 10 as part of the development process.
  • The SSH Client installer now supports the -activationCode parameter. This allows a license code to be applied to the SSH Client during initial installation or an upgrade. The SSH Client will operate with full functionality with or without a license code, but applying it allows users to indicate their licensed status.
  • On Windows Vista and newer, the installer did not auto-run correctly after the uninstaller prompted for restart during upgrade. Fixed.
  • Failed and incomplete installations are now detected and displayed, to help the user choose the correct installation directory.
  • Publisher and version information is now added for display in Add/Remove Programs.
  • SSH:
  • SHA-256 public key fingerprints, compatible with the latest OpenSSH versions, are now supported.
  • The 1024-bit fixed prime Diffie Hellman key exchange method, diffie-hellman-group1-sha1, is now disabled by default, due to doubts about continuing security of Diffie Hellman with a 1024-bit fixed prime. Compatibility with most older servers should be retained via the diffie-hellman-group14-sha1 method, which uses a 2048-bit fixed prime. We recommend migrating older SSH servers to new versions supporting ECDH and ECDSA.
  • Symmetric encryption algorithms that use CBC mode are now disabled by default. Bitvise SSH Client and Server implement defenses against attacks on CBC mode, but other implementations that still use CBC mode are unlikely to implement such defenses. Most implementations should now support encryption in CTR mode.
  • In past Bitvise SSH Client 6.xx versions, gssapi-keyex authentication was always unavailable. Fixed.
  • Graphical client:
  • The graphical SFTP client now maintains a list of recent locations.
  • Fixed an issue which prevented use of the -proxyUserName parameter with the graphical SSH Client. Command-line clients were unaffected.
  • Fixed an issue which caused the graphical SSH Client to send an empty response to all prompts other than the first one in keyboard-interactive authentication. This issue did not affect command-line clients.
  • Command-line clients:
  • A new retry utility is now included, which can be used to automatically retry a command based on its exit code. Run retry without parameters for help. The utility can be used with any command line program, but is intended specifically for use with sftpc.
  • The log utility now supports an additional parameter, -t, which will cause the utility to prefix every line of output with a timestamp. This can be used to log and timestamp the output of any command line program, and is intended specifically for use with sftpc.
  • The command-line SFTP client, sftpc, now supports tab expansion based on wildcard patterns.
  • sftpc now reports a full completion timestamp for each transfer.
  • sftpc now waits a maximum of one second if the server does not respond to SFTP channel close. Previously, a server that did not respond to channel close would cause sftpc to wait indefinitely.
  • SFTP:
  • In versions 6.23 - 6.31, a command such as "put directory" would not upload the contents of "directory", but instead only create an empty directory. In addition, a command such as "lrm directory -s" would always fail when the directory being removed was not empty. Fixed.
  • OpenSSH servers contain a flaw where a noisy shell startup script, such as a .bashrc file, will cause garbage data to be passed to an SFTP client on the SFTP channel. Previously, this would prevent establishing an SFTP session. The client now ignores such invalid data, and looks for a particular byte signature to indicate the start of the server's first packet in the SFTP session.
  • The Start in last directory feature in the graphical SFTP interface should work again.
  • Turning off the Start option did not pause new transfers in the graphical SFTP interface when they were initiated via drag-and-drop or a clipboard action. Fixed. The transfers did start paused when using the Upload and Download buttons.
  • When transferring files in text mode using SFTP version 4 or higher, the ignored offset is now set to an invalid 64-bit value instead of zero. This prevents an unending transfer with servers that do not ignore the offset as required by the textual transfer mode (e.g. older versions of VShell).
  • Fixed an issue which could cause the SFTP client to send more channel data after sending channel close.
  • FTP-to-SFTP bridge:
  • Fixed an issue that could cause the FTP-to-SFTP bridge to freeze while downloading.
  • When the FTP-to-SFTP Bridge was configured to listen on all interfaces (0.0.0.0), directory listings and file transfers would not work in passive mode. Fixed.
  • Terminal:
  • Double-width Chinese characters were not being properly rendered in recent SSH Client versions. This should now work properly in most cases.
  • Fixed problems with some Ctrl keyboard sequences: Ctrl+[, Ctrl+I, Ctrl+M, Ctrl+H, and Ctrl+J.
  • Fixed a scrolling problem that could occur if the last line of output was empty (e.g. when using cat).
  • Fixed an error that would frequently occur on Windows 10 when resizing a bvterm window in a Bitvise SSH Server terminal session. Further improved resizing on Windows 10.
  • If Auto close window was set to Never, and a terminal session closed successfully, the terminal window would consume 100% of a CPU core until closed. Fixed.

New in Bitvise SSH Client 6.31 (May 4, 2015)

  • Windows compatibility:
  • Fixed a change implemented in version 6.22 which prevented the SSH Client from running on Windows XP SP1 and Windows Server 2003.
  • In terms of the oldest Windows versions supported, the SSH Client now officially requires Windows XP, Windows Server 2003, or later. The SSH Client no longer supports Windows 2000.
  • Installation:
  • The console output stream implementation provided by the C++ run-time library, and used by the SSH Client installer, did not properly handle Unicode characters that could not be represented in the output code page. Replaced with our own output stream implementation.
  • General:
  • The graphical client now displays the current date in the log area when the client is started, when the date changes, and when the log is cleared.
  • When key exchange fails due to no match in algorithms, the local and remote algorithm lists are now logged.
  • File transfer:
  • The graphical file transfer client now accepts drag and drop from other applications.
  • The Edit context menu option is now available for files of all extensions, including no extension. An Edit with... context menu option is now also available, and a default editor can be configured.
  • For compatibility with non-Bitvise servers that support SFTP version 6, the SSH Client no longer requests the flag SSH_FXF_BLOCK_WRITE when sending an SSH_FXP_OPEN request. This restores compatibility with servers including ProFTPD with mod_sftp when SFTP version 6 is used.
  • Terminal:
  • On Windows 7, an apparent bug in the Windows console implementation would cause stermc to crash when exiting. The console window itself would close shortly thereafter. We implemented a workaround for this issue.
  • For compatibility with nano, the SSH Client's new xterm/vt100 terminal console now attempts to make smarter decisions about what type of newlines to send when pasting from clipboard.
  • The SSH Client will now log any messages sent by the server as SSH_EXTENDED_DATA_STDERR before closing a successfully opened terminal channel.
  • Remote Desktop:
  • Improved the method the SSH Client uses to update the Remote Desktop window title.
  • Command line clients:
  • Implemented support for Ctrl+Left/Right to move to previous/next word, and Ctrl+Home/End to delete text until beginning/end of line. Clients stnlc and spksc now also support Tab-completion.

New in Bitvise SSH Client 6.24 (Mar 10, 2015)

  • File transfer:
  • The graphical SFTP client now supports editing of remote files. A remote file can be edited using right click > Edit. The client will automatically download the file; open it in the editor associated with its file extension in Windows; then monitor the local copy of the file for changes. When changes are saved, the file will be uploaded automatically.
  • The graphical SFTP client now supports right click > 'Open with...', both for local and remote files.
  • Further improvements to tab completion in sftpc.
  • The 'move' and 'lmove' commands in sftpc now support the -o (overwrite) parameter.
  • In command line clients, the -keypairFile parameter would only work if another keypair (even if unused) was available, either in the profile being used, or in global client settings. Fixed.
  • Fixed a long-standing graphical glitch which would cause edit boxes in the graphical SSH Client to temporarily lose borders whenever the Sysinternals Process Explorer was launched.

New in Bitvise SSH Client 6.23 (Feb 17, 2015)

  • SSH:
  • Key exchange methods that use group exchange will now be de-prioritized when connecting to all non-Bitvise SSH server implementations. This serves to avoid a compatibility issue where most non-Bitvise SSH servers will generate weak DH groups which cannot be used with the FIPS 140-2 validated cryptographic provider used by Bitvise SSH Client. Previously, group exchange was already de-prioritized for a handful of known SSH server implementations with this issue.
  • It is now easier to turn compression on and off using the "Prefer zlib compression" setting on the SSH tab.
  • File Transfer:
  • The sftpc command line client now supports batch rename (using wildcards).
  • The sftpc command line client now supports command, path, and filename completion using the Tab key.
  • Remote file copy is now supported, in the graphical SFTP interface as well as the sftpc command line client, with SSH servers that implement the SFTP version 6 file copy extension (including Bitvise SSH Server).
  • The graphical SFTP interface now supports drag and drop, copy, cut, and paste features.
  • Remote Desktop:
  • Smart sizing - automatic adjustment of remote desktop resolution to local client window size - can now be enabled or disabled for forwarded Remote Desktop connections in the SSH Client profile.
  • Improved compatibility of authentication credentials with Remote Desktop servers running on Windows Server 2003 and XP.
  • When not using SSH login credentials, the domain name to use for Remote Desktop authentication can now be configured in a field separate from the user name.
  • Fixes:
  • Fixed a problem with newlines when pasting text into joe/nano editors.
  • Fixed an issue which would cause the SSH Client to stop with an assertion failure if it was configured to use a proxy of type SOCKS4 with "Resolve locally" disabled.
  • Fixed an issue which would cause command-line proxy parameters to not work correctly.
  • Fixed an issue introduced in version 6.21 which would cause the SSH Client to close a connection before sending a failure reply in the event of a connect failure when using dynamic port forwarding (the SOCKS/HTTP CONNECT proxy forwarding feature).
  • Fixed an issue which would cause Export and Remove buttons to not be available in the Host Key Manager unless a named (file-based) profile was opened.
  • Fixed an issue which would prevent the Client Key Manager from importing ECDSA private keys in OpenSSH format if they were password protected. Improved accuracy of error messages if an invalid password is entered.
  • The -flowDebugFile feature will no longer truncate quantum data, allowing a complete debug log of the SSH session to be recorded.

New in Bitvise SSH Client 6.22 (Feb 2, 2015)

  • The SSH Client now supports SSH protocol obfuscation. When connecting to an SSH server that supports it, obfuscation makes it harder for an observer to determine that the protocol being used is SSH.
  • The sftpc command line client now supports tab completion.
  • If a command is configured to be run under On Login > Execute on the Options tab, the SSH Client can now also be configured to close or terminate the program launched this way after the SSH session ends.
  • Remote Desktop forwarding: ?A username and password can now be configured for single-click Remote Desktop forwarding, separately from the credentials used to log in via SSH.
  • If the user name for Remote Desktop starts with ".\", it will now be communicated to the Remote Desktop client in the same way as in version 6.08 and older.
  • Graphical xterm console: ?Block selection and copying is now supported by using the mouse to select while pressing the left Alt key.
  • A tooltip is now displayed when text is copied to clipboard, or pasted in the terminal window. The tooltip can be turned off through the console's system menu.
  • Fixed an issue which would cause a Ctrl+Alt+key event to be sent to the server in addition to a national character, when the user intended to input only a national character with AltGr+key.
  • Links on the SSH Client's About tab now work correctly again.
  • Fixed an issue that would cause the SSH session to terminate with an error after applying removal of some, but not all, client-configured C2S or S2C port forwarding rules.
  • To maintain installer size, an initial Bitvise SSH Client 6.22 installation no longer includes files to support the Remote Control Panel feature for WinSSHD versions older than 5.22. The files necessary to use this feature with such older versions continue to be available separately.

New in Bitvise SSH Client 6.21 (Jan 23, 2015)

  • Profiles:
  • Per-profile host keys and client keypairs: Host authentication public keys, as well as client authentication keypairs, can now be stored in individual profiles. This allows a profile to contain all information needed to establish an SSH session, without requiring host key or client keypair information to be passed via command line parameters, or stored in Windows registry.
  • When a host key is verified by the user, and the SSH session uses a profile, a copy of the host key will now be automatically saved in the profile.
  • Per-profile proxy settings: Proxy settings can now be configured for individual profiles as well, allowing a profile to override globally configured proxy settings.
  • Implemented measures to ensure profile consistency when accessed by multiple SSH Client instances.
  • When opening profiles created using Bitvise SSH Client 4.xx, previous 6.xx versions would be unable to open profiles with an invalid Remote Desktop Computer field. Attempts to open such profiles would fail with a validation error, but a description of the validation error would not be displayed. Fixed.
  • SSH:
  • Delayed negotiation of zlib compression, as advertised by servers using the '[email protected]' algorithm, is now supported. Because of an inherent race condition in the OpenSSH implementation of delayed compression, Bitvise SSH Client implements this in the same way as PuTTY - by triggering a second key exchange after successful authentication.
  • Authentication:
  • Graphical management of server-side public keys: The graphical SSH Client now supports management of the user's public keys trusted by the server using SPKS, the Secure Shell Public Key Subsystem. As in previous 6.xx versions, this functionality also continues to be available in the spksc command line client.
  • Agent forwarding: The SSH Client now supports agent forwarding if it is supported by the SSH Server. A remote SSH client running on the server can use agent forwarding to perform public key authentication using client keypairs managed by the local SSH Client.
  • Agent support: Both the graphical client, as well as the command line clients, now support public key authentication using keypairs available through the OpenSSH authentication agent (ssh-agent) or the PuTTY authentication agent (pageant).
  • Improved the choice of default subsequent authentication method offered when the server requires both password and public key authentication.
  • Fixed an issue which prevented use of public key authentication as configured in a profile supplied with the "-profile" command line parameter.
  • File transfer:
  • sftpc now supports launching local commands prefixed with '!' in scripted mode. A non-zero return code is treated as an error.
  • sftpc can now execute "ldir" to provide expected results if the current local directory points to a network share.
  • Remote Desktop:
  • Automatic sign-on for Remote Desktop now works with Microsoft accounts, as well.
  • General:
  • Sessions that attempted to register a large number of simultaneous client-to-server port forwarding rules could be terminated by an error. Fixed.
  • Improved disconnection responsiveness and reliability.
  • Improved trace logging.
  • In recent 6.xx versions, a license code could not be applied unless the client was started using elevation. Fixed.
  • Terminal:
  • Mouse input is now supported. Supported mouse modes are X10 compatible, Normal, Cell Motion and All Motion. Supports X10, UTF8, SGR, and URXVT coordinates. Supported are all 3 main mouse buttons; combinations with Alt, Shift, and Ctrl keys; and the mouse wheel. When mouse tracking is enabled by the server, client-side text selection and copying remains possible using the left Shift key.
  • The terminal window color palette can now be configured.
  • A setting is now supported to allow the terminal window to remain open after a terminal session closes.
  • The terminal client will now display terminal titles received from the server via xterm. The client will append such titles to the initial title.
  • Characters that could not normally be entered using the currently active input method can now be entered using Alt + NumPad or using copy and paste.
  • When using the graphical SSH Client in conjunction with a non-bvterm terminal protocol, such as xterm, the SSH Client will now use a custom terminal window with features not available with a Windows console window:
  • Draggable resizing
  • Support for xterm-256color
  • Support for non-block copy & paste
  • Improved performance

New in Bitvise SSH Client 6.08 (Sep 9, 2014)

  • Improved reliability and responsiveness of disconnecting a session, resolving an issue where the client could hang during a disconnect.

New in Bitvise SSH Client 6.07 (Sep 9, 2014)

  • In version 6.05, an issue was introduced that would cause the SSH session to terminate with an error during a server-to-client port forwarding failure. Fixed.
  • In "Reconnect always" mode, when automatically reconnecting without first being successfully authenticated, the client would display the user authentication dialog instead of proceeding with the configured initial authentication method. Fixed.
  • In SFTP Upload and Download panes, the individual file progress bar in the list control was always stuck at 0% when transferring. Fixed.

New in Bitvise SSH Client 6.06 (Aug 26, 2014)

  • Implemented support for unattended password authentication via the "keyboard-interactive" method. When the SSH Client is configured to authenticate with a stored password, it will now try to pass the stored password to the "keyboard-interactive" method if "password" authentication is not available.
  • User authentication keypairs can now be imported and exported in the PuTTY format.
  • Since migrating Bitvise SSH Client to use Crypto++ as a FIPS 140-2-certified cryptographic provider in versions 6.xx, Diffie Hellman-based SSH key exchange methods that use group exchange have not been working well with servers including OpenSSH, Tectia, and IBM Sterling Connect. The issue arises because these servers generate random DH group parameters which do not pass validation by Crypto++, and we cannot disable this validation in FIPS mode. To avoid this issue, we are changing default Bitvise SSH Client settings to disable DH key exchange methods that use group exchange. We encourage use of the new ECDH key exchange methods instead.
  • The User keypair manager failed to show the first few characters of MD5 fingerprints below the keypair list. Fixed.

New in Bitvise SSH Client 6.05 (Aug 16, 2014)

  • SFTP: When downloading, characters in the file name that are invalid on Windows will now be replaced with an underscore. Files whose name contains a colon (':') will no longer be downloaded to an alternate NTFS stream.
  • Remote Desktop: When using a custom Remote Desktop profile, prompting for credentials will now be properly disabled if "Use SSH login credentials" is checked.
  • Added support for UTF-8 and UTF-16 byte order markers when importing keys from textual files.
  • Fixed log message describing when reconnection attempt is scheduled.
  • Fixed issues with proxy support for outgoing connections when "Resolve DNS names locally" was enabled.
  • The SOCKS/HTTP proxy forwarding subsystem (dynamic tunneling) did not correctly handle IPv6 HTTP CONNECT request. Fixed.
  • Several warning messages related to port forwarding are now informational messages, to avoid unnecessary pop-ups from being displayed.
  • Graphical SFTP: Fixed an issue which prevented the "Target file already exists" dialog from opening when resuming is not available.

New in Bitvise SSH Client 6.04 (Jul 14, 2014)

  • When creating remote directories and files, Bitvise SSH Client will no longer send a default set of POSIX permissions, instead letting the server choose appropriate POSIX permissions for the new directories and files
  • In sftpc, batch list and download operations, such as "get *.txt", would always return an unsuccessful exit code. Fixed

New in Bitvise SSH Client 6.03 (Jul 7, 2014)

  • In sftpc, the exit code would not be set properly after failed transfers. Fixed.
  • When the SSH Client is run for the first time after installation, it would be run under the installer's elevated security context. This could cause subtle discrepancies in behavior compared to when the client is run without elevation later. Fixed.
  • Since the new terminal client implementation introduced with version 4.60, the bvterm client would close with an exception if the server sent a particular rarely sent packet (BVT2_WRITEOUTPUTCHAR). Fixed.

New in Bitvise SSH Client 6.02 (Jul 1, 2014)

  • The graphical SFTP remote files pane was incorrectly using start directory and other settings from the local pane.

New in Bitvise SSH Client 6.01 (Jun 30, 2014)

  • New features in the sftpc command line client:
  • The put and get commands now support a "-del" flag to delete files after they have been transferred successfully.
  • When using put or get with the "-s" flag (recursive transfer), matching empty directories will now also be transferred.
  • Importing of OpenSSH private keys encrypted using "aes192-cbc" and "aes256-cbc" algorithms is now also supported.
  • When converting file times from UTC for display in local time, the SSH Client would not correctly account for DST when there was a mismatch between the file's DST offset and current DST. Fixed.
  • An SFTP pane resizing issue is now believed fixed.
  • Fixed a number of 6.00 beta issues:
  • If exiting of the graphical client was canceled through the "profile changed" dialog, the Login button would no longer work.
  • When viewing help for command line clients piped through a pager such as "more" or "less", the command line clients would terminate with an error if the pager was exited prematurely.
  • Tooltips would not show when hovering the mouse pointer over an SSH Client icon in the system notification area.
  • sftpc would show file modification times in UTC instead of local time when listing files.
  • In the graphical SFTP window, under Browse, selecting the local or remote path from the dropdown list failed to work properly.
  • On older Windows versions, including Windows XP, the Remote Desktop window title would not update properly when opening a single-click Remote Desktop window in full screen mode.
  • On older Windows versions that did not include IPv6 support, including Windows XP, the newly added IPv6 support would fail, interfering with some aspects of the client.

New in Bitvise SSH Client 6.00 Beta (Jun 30, 2014)

  • Bitvise SSH Client now uses FlowSsh and the technological platform of Bitvise SSH Server versions 5.xx and 6.xx. This includes, but is not limited to:
  • The cryptographic algorithms used by the SSH Client are now implemented in a FIPS 140-2 certified cryptographic module.
  • The SSH Client now supports Elliptic Curve algorithms - key exchange using ECDH, and ECDSA public keys for client and server authentication.
  • The SSH Client now implements defensive measures against attacks based on the CBC encryption mode.
  • IPv6 is now supported.
  • Command line clients:
  • A new command line client, stnlc, supports scriptable and command line access to port forwarding functionality and the FTP-to-SFTP bridge.
  • A new command line client, spksc, supports scriptable and command line access to the SSH public key subsystem. With Bitvise SSH Server, and other servers that support SPKS, the client can manage public keys which the server will accept for the client's authentication.
  • The sftpc and stermc command line clients now also support an implied trailing command without the "-cmd=..." parameter, for example: "sftpc user@host get *.txt", or "stermc user@host dir".
  • The sexec command line client now supports X11 forwarding.
  • FTP-to-SFTP bridge:
  • Wildcards (* and ?) can now be used in directory listings.
  • As a compatibility improvement, the FTP-to-SFTP bridge now attempts to detect and ignore parameters passed to the LIST command.
  • An optional FTP password can now be configured, which an FTP client then must provide in order to access the bridge.
  • A port range for PASV mode transfers can now be configured.
  • The starting directory for the FTP-to-SFTP bridge session can now be configured.
  • Usability improvements:
  • Settings changes in the Options, Terminal, Remote Desktop, and SFTP tabs now have immediate effect even if a session is active.
  • Settings changes in the Services, C2S, and S2C tabs can now take effect, even if a session is active, after clicking Apply.
  • Settings changes in the Login and SSH tabs continue to take effect for the next SSH session, and are not applied to any currently active session.
  • Errors in initializing a port forwarding or the FTP-to-SFTP bridge will now no longer prevent establishment of the SSH session.
  • Algorithms in the SSH settings tab can now be reordered in terms of priority.
  • The graphical client's close behavior can now be configured. (Whether to exit, or hide to the system notification area.)
  • When using single-click Remote Desktop forwarding in full screen mode, the Remote Desktop window title now reflects the destination server.

New in Bitvise SSH Client 4.63 (Mar 10, 2014)

  • SFTP: For compatibility with WS_FTP servers, when attempting to verify existence of the target directory during upload, the client will now assume that a generic failure response means the directory does not exist, and will try to create it. Previously, the client acted this way only if the server's response was along the lines of "path does not exist".
  • When the graphical client is closed, it will no longer pop up a profile save dialog if profile contents were modified only through a command line parameter.
  • With newer Remote Desktop clients, the feature "Use SSH login credentials" would fail when using local accounts. Now fixed.
  • Terminal client for non-bvterm protocols: Fixed issue with reporting cursor position.

New in Bitvise SSH Client 4.62 (Nov 19, 2013)

  • The support for Ctrl+Alt+[A-Z] character combinations implemented in version 4.61 was conflicting with AltGr+[A-Z] combinations on non-US keyboards. The implementation has been improved so that Left Ctrl + Left Alt + [A-Z] will send the Ctrl+Alt+[A-Z] combination, but AltGr+[A-Z] will send the special character defined by the current keyboard configuration.

New in Bitvise SSH Client 4.61 (Nov 5, 2013)

  • Fixed an issue which caused Bitvise SSH Client 4.60 to display incorrect Bubble-Babble fingerprints.
  • Fixed an issue which caused the graphical SSH client to either crash, or open an incomplete dialog, when clicking the Initial Directory link on the SFTP tab.
  • Changed command line handling so that double backslashes ("\\") will be replaced with a single backslash only if followed by a quotation mark.
  • The sexec command line client no longer hangs if the exec request is rejected by the server.
  • Fixed an issue which could have caused the graphical SSH client to become unresponsive if a third-party application was installed that sent an unexpected GUI message.
  • vt100/xterm terminal client:
  • Implemented support for Ctrl+Alt+[A...Z] key combinations. Additionally, with xterm, Ctrl, Alt and Shift combinations are now supported with the following keys: cursor arrow keys, Home, End, Insert, Delete, PgUp, PgDn, and F1-F12. (However, Shift+PgUp and Shift+PgDn are used to scroll the history buffer, and are not sent to the server.)
  • Restored behavior from previous client versions so that Ctrl+Break does not end the terminal client, but instead sends the appropriate signal to the server.
  • The vt100/xterm terminal client will no longer exit if it receives characters from the server that are invalid with the character encoding being used.
  • Fixed a bug with cursor position reporting in the vt100/xterm terminal client, so it will no longer cause strange characters to appear on screen, e.g. when starting Vim.

New in Bitvise SSH Client 4.60 (Jul 15, 2013)

  • The xterm/vt100 terminal client has been re-implemented to improve performance and add new features.
  • Default colors displayed by the xterm/vt100 terminal client can now be configured on the Terminal tab.
  • Command-line clients (sftpc, stermc, sexec) now support a parameter to enable delegation when using Kerberos user authentication with standard SSH host authentication and key exchange. Previously, the command line clients supported delegation only when using Kerberos-based key exchange.
  • The Host Key Manager can now store multiple host key fingerprints per SSH host. When a new host key is verified by the user, it is now added to other known keys for that host, instead of replacing them.
  • To improve compatibility with some FTP clients, FTP-to-SFTP bridge will now send more conventional reply codes to USER and PASS commands, mimicking the behavior of FTP servers that require authentication.
  • When launched from the Bitvise SSH Client graphical client, the terminal client now supports executing a custom command (as an exec request) instead of requesting a plain shell.
  • When using single-click Remote Desktop forwarding, temporary RDP profiles are now removed from the "most recently opened" list for the Remote Desktop Connection shortcut.
  • WoW64 filesystem redirection is now disabled when creating temporary RDP profiles for single-click Remote Desktop forwarding.
  • Improved keyboard accessibility for launch bar icons in the graphical client.

New in Bitvise SSH Client 4.51 (Oct 30, 2012)

  • Command line clients: Improved text colors; added a color scheme for dark blue background, and a color scheme for PowerShell's default colors and palette.
  • Remote Desktop: Fixed an issue which could cause the SSH client to not detect the Remote Desktop client version on 64-bit platforms.
  • Tunneling: Implemented a workaround for the Dropbear server, which translates the client's request to listen on 127.0.0.1 into "localhost" in server-to-client forwarding

New in Bitvise SSH Client 4.50 (Oct 30, 2012)

  • Bitvise Tunnelier is now Bitvise SSH Client. The main graphical client, previously Tunnelier.exe, can now be launched as BvSsh.exe.
  • The SSH client and its components now use Unicode internally.
  • Command line: The graphical SSH Client (BvSsh) now supports the hide=trayIcon parameter to hide the notification area icon.
  • Command line: If the -host and/or -port parameter is provided, the default profile will be loaded instead of the most recently used profile.
  • Command line: -keypairPassphrase had no effect in sftpc, stermc and sexec if -keypairFile specified a keypair in Bitvise format. Fixed.
  • Command line: A BvSshCtrl command line utility is now included with Bitvise SSH Client, and can be used to send login, logout, and exit commands to a graphical BvSsh client process. Run BvSshCtrl for usage instructions.
  • User interface: The Host value on the Login tab of the graphical client will now have its whitespace trimmed. Previously, whitespace in the Host value caused DNS lookup to fail.
  • User keypair manager: Can now import OpenSSH private keys encrypted with AES-128-CBC. (Previously, only OpenSSH keys encrypted with 3DES were supported.)
  • Command line clients: sftpc, sexec, and stermc will no longer exit when they are being run as a service, and an interactive user on the same machine logs off.
  • Authentication: Keyboard-interactive authentication now makes it easier to try common keyboard-interactive submethods ("bsdauth" and "pam").
  • Banner: Empty banner messages are no longer displayed. (VMWare ESXi 5.0 sends such a banner message.)
  • Banner: Banner messages are now displayed using a monospace font, so that ASCII art will render as intended.
  • SSH: Some Dropbear servers do not support SSH_MSG_GLOBAL_REQUEST, and would send SSH_MSG_UNIMPLEMENTED in response to Bitvise SSH Client's keep-alive requests. The Client will now recognize the UNIMPLEMENTED response as resetting the keep-alive timeout, no longer causing the session to break.
  • SSH: Some broken terminal servers start sending channel data as soon as a 'session' channel is open, without waiting for a subsystem request. Subsequently, the server sends a response to the subsystem request after the channel is already closed. Bitvise SSH Client is now resilient against such implementations, and will ignore the belated channel response.
  • Terminal: The non-bvterm terminal implementation (e.g. xterm/vt100) now supports sending the Backspace key as ASCII code 127, correcting Backspace behavior on some servers. This feature can be enabled in the Terminal tab of the main SSH Client. When using the command line client, stermc, this behavior can be enabled using the parameter -altBksp=y.
  • SFTP: The SFTP client now supports larger pipelines, to enable faster transfers on high-bandwidth connections with some latency. The default pipeline size is now 512 kB, and can be increased to up to 4096 kB on the SFTP tab of the main SSH Client. The command line client, sftpc, also supports the -pipelineSize=... parameter.
  • SFTP: The size of the initial chunk used to determine whether a file is binary or textual has been increased from 1000 bytes to 32 kB.
  • SFTP: Resume is now disabled for file transfers by default. Due to limitations of most SFTP implementations, Resume cannot be implemented with 100% reliability, and may fail to update content that changed in the middle of the file between the initial transfer operation and the resume. Resume is now disabled by default to reduce the incidence of this issue, and to emphasize the notion that Resume should be enabled when needed, but not necessarily always.
  • SFTP: Setting the file time on a recently uploaded file, whose handle has remained open, fails after uploading to some servers. If this happens, Bitvise SSH Client will now attempt to set the file time again after closing the uploaded file.
  • bvterm: Fixed an issue which could have caused the bvterm client to fail with the error "parameter is incorrect" after a call to SetConsoleWindowInfo().

New in Bitvise SSH Client 4.40 (Jan 10, 2011)

  • Tunnelier now includes the WinSSHD Remote Control Panel for WinSSHD versions 5.22 and newer. WinSSHD Remote Control Panel versions 5.06+, 5.11+, and 5.18+ also continue to be included.
  • Fixed issue introduced in version 4.39 that prevented Tunnelier from functioning correctly when used with the -noRegistry setting.
  • Fixed issue where the Tunnelier graphical SFTP interface would fail to list a drive that was completely empty of all directory entries (did not even contain the default '.' or '..' entries).

New in Bitvise SSH Client 4.39 (Dec 14, 2010)

  • Added support for fully automated password + public key login. Previously, a login that required both password and public key authentication required the user to click through at least one dialog displayed by Tunnelier. This can now be avoided by selecting an initial authentication method such as "publickey - slot 1 + password".
  • Added configurable code page support for non-bvterm terminals. (bvterm always uses Unicode.)
  • Fixed line drawing in xterm and xterm-alt.
  • Replaced cases where the "MS Sans Serif" font was used with "MS Shell Dlg", fixing font anti-aliasing issues.
  • Removed support for protected mode handling from non-bvterm terminals - it was introducing issues without a known benefit.

New in Bitvise SSH Client 4.37 (Sep 23, 2010)

  • SFTP: Tunnelier will now transfer files even if file size information cannot be retrieved from the server.
  • sftpc: Pressing the Esc key on an empty prompt would incorrectly disable further input of SFTP commands. Fixed.
  • Terminal: added setting in Tunnelier Terminal tab, and -beep command line switch for stermc, to allow disabling of beeping sounds sent by the server.
  • When connecting through a proxy server, some proxy servers choose to just send EOF to Tunnelier, instead of sending an error code. In this circumstance, Tunnelier would previously hang indefinitely, waiting for an explicit error response. Tunnelier will now handle the EOF response correctly, as well as timeout on its own if no response is forthcoming.

New in Bitvise SSH Client 4.36 (Aug 9, 2010)

  • The Tumbleweed compatibility fix in version 4.33 introduced a side effect which would sometimes cause Tunnelier to get stuck in an infinite loop while sending data. Fixed.
  • The Tunnelier SFTP clients will now disable filesystem redirection on 64-bit platforms, allowing file transfer to and from directories such as C:\Windows\System32.
  • For compatibility with some OpenSSH versions, Tunnelier will now accept SFTP version 3+ packets that do not contain an error message and language tag.
  • The Tunnelier terminal clients are now more resilient when the Windows registry contains invalid console geometry settings.

New in Bitvise SSH Client 4.35 (May 28, 2010)

  • Fixed issue in Tunnelier SFTP graphical user interface where icons would drift slowly apart when Tunnelier was running for prolonged periods.
  • Tunnelier now supports a new command line parameter, "-disableSftpLocation", which disables direct input of local and remote paths in the SFTP graphical user interface.
  • Tunnelier now includes the WinSSHD Remote Control Panel for WinSSHD versions 5.18 and newer. WinSSHD Remote Control Panel versions 5.06+ and 5.11+ also continue to be included.

New in Bitvise SSH Client 4.34 (May 27, 2010)

  • Fixed issue in Tunnelier SFTP graphical user interface where icons would drift slowly apart when Tunnelier was running for prolonged periods.
  • Tunnelier now supports a new command line parameter, "-disableSftpLocation", which disables direct input of local and remote paths in the SFTP graphical user interface.
  • Tunnelier now includes the WinSSHD Remote Control Panel for WinSSHD versions 5.18 and newer. WinSSHD Remote Control Panel versions 5.06+ and 5.11+ also continue to be included.

New in Bitvise SSH Client 4.33 (Apr 22, 2010)

  • The default xterm terminal selection will now again send the same cursor key movement sequences as in Tunnelier 4.31 and earlier. For servers such as AIX that need alternative key sequences, a separate xterm terminal selection is now available, named "xterm-alt".
  • sftpc now supports the "-progress=percent" command line parameter, which will cause it to print the progress indicator in a new line instead of updating it on the same line each time. Useful for programs that process sftpc's redirected output.
  • The SSH implementation now takes steps to prevent the initial packet (KEXINIT) from being sent in separate IP frames. This should improve compatibility with servers such as Tumbleweed, which expect (incorrectly) to receive the entire KEXINIT packet in a single receive call, and fail the connection if this condition is not met.

New in Bitvise SSH Client 4.32 (Apr 22, 2010)

  • Titles of forwarded Remote Desktop sessions will now be set properly on Windows 7.
  • When using SFTP protocol version 3, the command line SFTP client (sftpc) will now generate directory listing entries like it does with SFTP 4 or higher, instead of displaying verbatim the listing sent by the server. This ensures that file times will be displayed using the client's local time if the server is in a different time zone.
  • When displaying a directory listing in the command line SFTP client (sftpc), the detailed time format (with hours and minutes) will now be used if the time is less than half a year ago, rather than if the time is in the current year.
  • The VT-100/xterm client will now properly handle extremely large buffer widths (2000+ characters or more).
  • The terminal client will now send alternative key cursor movement sequences when using xterm for compatibility with AIX servers.

New in Bitvise SSH Client 4.31 (Jan 4, 2010)

  • Command line clients will no longer wrap their output when redirected.
  • Tunnelier now includes the WinSSHD Remote Control Panel for WinSSHD versions 5.11 and newer.
  • Fixed an issue which caused no-wait loops (100% CPU consumption) in some situations, e.g. during intensive port forwarding.

New in Bitvise SSH Client 4.30 (Oct 14, 2009)

  • Implemented workaround for Ipswitch WS_FTP Server 7. Decreased the SSH maximum incoming packet size from 35 kB to 34 kB, which appears to avoid triggering a bug in WS_FTP Server 7 which would otherwise result in disconnect due to a MAC check failure. Warning: In our testing, WS_FTP Server 7 appeared to be highly susceptible to variations in the client's maximum incoming packet size. Observed symptoms included the server apparently entering an infinite loop and not responding to connections. It is our suspicion that, with high incoming packet sizes, the server incorrectly overwrites not only its buffers, but possibly also parts of its code. We suspect that this may indicate exploitable issues in WS_FTP Server 7. We have observed that it is possible for an authenticated client to mount at least a denial-of-service attack through a large maximum incoming packet size.
  • FTP-to-SFTP bridge: Resolved compatibility issue with Windows File Explorer, Firefox, and possibly other FTP clients when the SFTP listing sent by the SFTP server lacks the modification time attribute. This can happen when listing drives with WinSSHD 5. The FTP-to-SFTP bridge will now provide the FTP client with a dummy modification time attribute in this case.

New in Bitvise SSH Client 4.29 (Jun 19, 2009)

  • Now includes a WinSSHD Remote Control Panel for WinSSHD 5.06.
  • Added a setting which controls whether, as in previous versions, Tunnelier should use only a short list of trusted Windows Sockets Layered Service Providers (LSPs), promoting stability, but at a possible expense of connectivity; or whether Tunnelier should use any LSP, promoting connectivity, but at the possible expense of stability.
  • Improved text-mode file transfer support.

New in Bitvise SSH Client 4.28 (Jan 20, 2009)

  • Tunnelier now supports X11 forwarding, which can now be enabled in the Terminal tab.
  • Tunnelier and stermc now support a -title parameter which can be used to override the default session-dependent titles of Tunnelier windows.
  • The gssapi-keyex authentication method can now be used regardless of the username provided in the username field. Previously, the username field had to match the Windows account username of the current user.

New in Bitvise SSH Client 4.27 (Dec 2, 2008)

  • Tunnelier now supports block encryption algorithms in CTR mode, in addition to CBC mode.
  • Login tab: longer Service Principal Names (SPNs) for Kerberos authentication can now be entered.
  • FtpBridge: fixed problem with EOF being sent on an already closed channel (discovered with Macromedia Homesite 5.5).
  • Added various Layered Service Provider IDs belonging to Microsoft Firewall Client 2004 to the list of trusted LSPs that Tunnelier will use. This enables using Tunnelier with this firewall client.
  • Remote Desktop forwarding: listening interface 127.0.0.1 is now used on Vista and Windows Server 2008. Previously, 127.0.0.2 was being used, which caused problems in some situations.
  • Remote Desktop forwarding: implemented a one-second delay for the auto-logout feature. New RDP clients can establish two consequent connections to Tunnelier - disconnecting of the first connection would previously cause the auto-logout feature to close the SSH session.

New in Bitvise SSH Client 4.26 (Feb 26, 2008)

  • Tunnelier 4.26 is needed to remotely edit the settings of WinSSHD 4.26 and higher, until the next WinSSHD settings format change.
  • Remote Desktop: for compatibility with Windows Vista SP1, the Microsoft Remote Desktop client is now launched with the '/admin' switch rather than with '/console' if the RDC client version is 6.0.6001 or newer.
  • sftpc: When 'lmove' was used with a pattern like '*.txt', it acted as if '*' was used instead. Fixed.
  • Implemented a minor workaround in socket usage to make Tunnelier compatible with Wine as of 0.9.53.