Bitvise SSH Server Changelog

What's new in Bitvise SSH Server 9.36

Apr 17, 2024

SFTP:
Version 9.34 added logic to ensure SFTP responses are sent in the same order requests are received. Due to an oversight, the SSH Server's file transfer subsystem would hang, most readily if a client sent consecutive SFTP requests with the same request ID. This was observed with WS_FTP (version 12.9) and also with phpseclib. Fixed.
The SSH Server now implements the SFTP extended request [email protected] for files opened with unbuffered I/O.

New in Bitvise SSH Server 9.35 (Apr 12, 2024)

New in Bitvise SSH Server 9.34 (Apr 11, 2024)

Control Panel and Settings:
When sending a test email, the email queue window now opens automatically instead of requiring the administrator to find it.
If the administrator edited the Comment field for a client public key or server host key immediately after importing the key, the SSH Server Control Panel would crash. Fixed.
Setting focus on any input field would cause the Unsaved settings banner to appear, even if the setting was not modified. Fixed.
To avoid login errors and delays that can be challenging to diagnose, newly created Windows group settings entries now disable the setting Map remembered shares by default. The setting can still be enabled in Advanced settings, both in account and group settings entries.
SSH:
A client which identifies itself as SSH OpenVMS V5.5 VMS_sftp_version 3 sends an SSH_MSG_IGNORE message at the start of the SSH connection. This behavior is indistinguishable from the packet sequence manipulation technique used in the Terrapin attack. This makes this client incompatible with Terrapin attack mitigations introduced in SSH Server version 9.32.
The SSH Server now implements relaxed checking to accommodate this type of client. Clients which do not support strict key exchange are allowed to send SSH_MSG_IGNORE during the first key exchange, as long as the connection does not negotiate an encryption or data integrity algorithm which is vulnerable to Terrapin.
FTPS:
The FTPS protocol does not allow for broken session detection. If the administrator did not configure the Connection timeout setting in Advanced settings, under Connections, FTPS connections could disconnect silently in a way not detectable by the SSH Server, until they were disconnected manually by the administrator.
The SSH Server now implements an FTP connection timeout which is set to at most 45 minutes, or shorter if the SSH connection timeout setting is stricter. The next feature release which changes the configuration format will add a setting to configure the FTP connection timeout separately.
File transfer:
For mount points backed by the Windows file system, the SSH Server now implements optimizations which may improve performance for clients that send small SFTP read/write requests, in particular for uploads to non-local storage (Windows file shares):
When uploading files which are detected to reside on non-local storage (Windows file shares), the SSH Server now opens the files for unbuffered I/O (the Windows flag FILE_FLAG_NO_BUFFERING). This has been observed to improve performance for some types of network shares.
A client may now use the extended SFTP attribute [email protected] to express a preference whether the server should use unbuffered I/O.
When the client pipelines non-overlapping read/write requests, mount points which use the Windows file system now process these I/O requests asynchronously. Responses are still sent in the order requests were received.
When the client pipelines non-overlapping read/write requests, the SSH Server is now able to merge I/O for two or more consecutive read/write requests. The client still receives separate responses.
A client may now use the extended SFTP attribute [email protected] to indicate the size of an intended upload. This can help detect and diagnose incomplete transfers.

New in Bitvise SSH Server 9.32 (Dec 21, 2023)

Version information:
This version continues the upgrade access amnesty introduced in version 9.25, so it can be used with any license that is valid for a previous SSH Server 9.xx version. The minimum upgrade access expiry date to activate this version is January 1, 2022.
You can download this version here. (Alternative)
Security:
Terrapin - CVE-2023-48795: Researchers have identified an issue where all SSH connections which use the encryption algorithm ChaCha20-Poly1305, or any integrity algorithm of type encrypt-then-MAC, are vulnerable to packet sequence manipulation by an active attacker, if the attacker can intercept the network path. This can be used to sabotage SSH extension negotiation. This affects extensions with security impact, such as server-sig-algs.
Since the attacker can only remove packets sent before user authentication, this does not seem to fatally break the security of the SSH connection. However, it is a cryptographic weakness to address.
Bitvise software versions 9.32 and newer support strict key exchange. This is a new SSH protocol feature which mitigates this attack. The SSH client and server must both implement strict key exchange for mitigation to be effective. Other SSH software authors are also releasing new versions to support this.
If you must interoperate with SSH software which does not support strict key exchange, consider disabling the encryption algorithm ChaCha20-Poly1305, as well as integrity algorithms of type encrypt-then-MAC. These are the newer data integrity protection algorithms whose names contain -etm.
Bitvise software versions 8.xx and older are not substantially affected because they do not implement algorithms where this issue is practically exploitable. Nevertheless, we suggest updating all SSH software to new versions that support strict key exchange.
The encryption algorithms aes256-gcm and aes128-gcm are substantially immune from this attack. Users who are committed to older SSH software versions should consider using AES GCM. If this is not possible, the data integrity protection algorithms which are not named -etm are not entirely immune, but are also not believed to be practically exploitable. For compatibility with SSH software which does not support strict key exchange or AES GCM, an algorithm combination such as AES CTR with non-ETM data integrity protection may continue to be acceptable.
General:
If the SSH Server was configured to accept FTPS connections, but no certificate was employed; or if the employed certificate was not usable because it expired; the SSH Server would stop running and refuse to start, even for SSH connections, until the administrator fixed the certificate issue.
The SSH Server will now start, and continue running, as long as the configuration allows connections to be handled on at least one SSH or FTPS binding.
SSH:
When a user authentication banner is entered directly in SSH Server settings, the SSH Server will no longer strip leading and trailing whitespace. If the banner does not end with a newline, the SSH Server will now append it. This avoids OpenSSH displaying the last line incorrectly.
Email notifications:
Further improved error messages when SMTP sending fails.
Settings:
When a list of address accept rules was imported from CSV using the options Import blocked IPs or Import permitted IPs, IP address ranges were imported incorrectly. Fixed.
File transfer:
When using a mount point of type Another SFTP server, the other SFTP server may support SFTP protocol version 5 or higher, but not SFTP v5+ file locking. In this case, the SSH Server now strips file open block flags sent by the client if the block flags include SSH_FXF_BLOCK_ADVISORY.
As in previous versions, it is possible to always strip block flags by configuring mount point settings:
File sharing behavior: Force
File sharing for uploads: Read, Write, Delete
File sharing for downloads: Read, Write, Delete
When using a mount point of type Another SFTP server, and the other server uses SFTP v3, the SSH Server now lets an SFTP v4+ client set a file modification time without having to also include the last access time.
The SSH Server now logs most SFTP flags and bits as human-readable strings instead of hexadecimal values.
FTPS:
The SSH Server would replace non-US-ASCII bytes with "." when sending reply lines on the FTP control connection. To improve compatibility with clients, the SSH Server now preserves UTF-8 (which may appear in directory names) in FTP control connection replies.

New in Bitvise SSH Server 9.31 (Sep 25, 2023)

Version information:
This is not a new feature release, but a successor to 9.29 with continued maintenance updates.
We skip versions containing zeros to avoid misunderstandings. For example, 9.03 and 9.30 might both be called "9.3".
This version continues the upgrade access amnesty introduced in version 9.25, so it can be used with any license that is valid for a previous SSH Server 9.xx version. The minimum upgrade access expiry date to activate this version is January 1, 2022.
You can download this version here. (Alternative)
Settings:
If you last saved settings using SSH Server version 6.31 or older; and then updated to, or imported such settings into, an SSH Server version from 9.12 to 9.29; then these SSH Server 9.xx versions would upgrade terminal shell settings incorrectly. Other settings would be preserved, but terminal shell settings for accounts and groups would be reset to default 6.xx values.
Version 9.31 again correctly imports terminal shell settings last saved by versions 6.31 and older.
If you never used SSH Server version 6.31 or older, you are not affected by this issue.
If you used SSH Server version 6.31 or older; then updated to any version from 6.41 to 8.49, and caused settings to be saved by this version; and then updated to a 9.xx version; you are not affected by this issue.
You are affected by this issue if you previously used SSH Server version 6.31 or older, so that your settings were last saved by this version; then updated to, or imported settings into, any version from 9.12 to 9.29. In this case, the issue would trigger when settings were first saved by the 9.xx version. Once the settings were first saved:
Shell access type for Windows groups would be reset to Command Prompt.
Shell access type for virtual groups would be reset to No shell access.
Shell access type for Windows and virtual accounts would be reset to Use group default.
This is a security issue if you have Windows accounts which should not have terminal shell access. It is a functional issue if you have accounts which should be able to access the terminal shell, but this issue caused the terminal shell settings to be changed or disabled.
If you are affected by this issue, you should either:
Use Advanced settings to manually review your Windows group, Windows account, virtual group, and virtual account settings, and ensure that terminal shell access is configured as you intend, for all accounts and groups.
Alternately, you can update to SSH Server version 9.31 or later, and import or restore settings from a previous automatic or manually-saved backup where the terminal shell settings were correct.
Names and strings containing the & character were not properly displayed in lists. Fixed.
Improved display of list entry numbers when editing list settings entries.
The setting Undefined group mount points has been renamed to Excluded group mount points.
Tasks and actions:
When a configured task cannot be run because a Windows logon session could not be obtained, this is now more properly logged as a warning instead of an information event.
Execute command tasks which capture command output now more properly use the OEM code page instead of the ANSI code page. The OEM code page is generally used by Windows command-line programs.
Windows file shares:
For new installations, the default setting for Max total share wait time has been reduced from 20 seconds to 11 seconds. This reduces issues with common client software which times out if the server does not respond to a login attempt within 15 seconds.
File transfer:
If the administrator does not define any mount points for a user, the log message I_CHANNEL_SESSION_SFTP_REJECTED now contains more useful help.
IP blocking:
When using automatic permanent IP blocking, the automatically added Client IP address rule would be incorrectly added after other entries, including after any geographic IP rules. This could make the permanent block ineffective. Automatically added rules are now inserted more correctly at the start.

New in Bitvise SSH Server 9.29 (Jul 23, 2023)

New in Bitvise SSH Server 9.28 (Jul 2, 2023)

New in Bitvise SSH Server 9.27 (Feb 14, 2023)

General:
Previous SSH Server 9.xx versions would incorrectly and unnecessarily allocate some thread-local storage indices for each connection, instead of at startup. This would effectively prevent the SSH Server from handling more than about 500 concurrent connections. Fixed.
Cryptography:
OpenSSL version updated to 1.1.1t. Bitvise software primarily uses Windows CNG for cryptography. We use OpenSSL for specific cryptographic algorithms not supported by Windows. Currently, these are chacha20-poly1305 and on older Windows versions, the elliptic curve secp256k1. Our software does not use OpenSSL features affected by recent OpenSSL security advisories.
Tasks and email notifications:
If more than one task was triggered by the same event, tasks could be removed from the execution queue which should not be removed, and the task that should have been removed would stay in the queue. Fixed.
The SSH Server would log an error when sending an email notification to multiple addresses that were duplicates of each other. Fixed.
File transfer:
When previous 9.xx versions upgraded settings from versions before 9.xx, the virtual filesystem mount point setting File sharing behavior was upgraded incorrectly. The correct behavior is to map the old Default value to Free, and the old Force value to Force. Instead, upgrading to 9.xx would change the old Default value to Force, and the old Force value to Use global defaults.
This does not affect most users in a significant way since Free and Force behave the same for most clients. However, for users who previously changed mount point settings to force a specific file sharing mode, this oversight reset their custom file sharing settings to the new global defaults.
This version fixes the issue for users who newly upgrade from a version before 9.xx. Users who already upgraded to a previous 9.xx version, and used the Force setting before upgrading, should check the new global file sharing settings in Advanced settings > File transfer to ensure these settings meet their requirements.
Control Panel and Settings:
When using the Log folder viewer to select and delete all log files, the SSH Server Control Panel would crash. Fixed.
Improved validation behavior for a number of field types in settings.

New in Bitvise SSH Server 9.26 (Jan 16, 2023)

EULA:
We updated our EULAs to formalize our existing practices regarding the nature and behavior of our software (it is a product, not a service; the data it handles is not sent to Bitvise; risk tradeoffs with updates) and the way we provide support (via email and our case management system, in written form).
Installation:
In previous versions, an automatic update would fail if the installer encounters an unexpected minor error. The SSH Server installation could be left inoperable, requiring the administrator to perform the update manually, if the installer e.g. could not create a shortcut.
The SSH Server installer now treats specific conditions as warnings and continues if those non-critical conditions occur during an automatic update. Currently, these conditions include exit codes 105 (could not create shortcut) and 115 (could not configure authentication package). These now result in a warning exit code.
Cryptography:
OpenSSL version updated to 1.1.1s. Bitvise software primarily uses Windows CNG for cryptography. We use OpenSSL for specific cryptographic algorithms not supported by Windows. Currently, these are chacha20-poly1305 and on older Windows versions, the elliptic curve secp256k1.
General:
The SSH Server now runs auto-execute commands, such as the On-upload command, without creating a console window for each command. This dramatically increases the number of auto-execute commands that can run simultaneously. In previous versions, auto-execute commands would fail to start if approximately 100 were already running in the same Windows logon session.
If the SSH Server defines the environment variable USERPRINCIPALNAME, it now also adds environment variables USERPN_USERPART and USERPN_DOMAINPART. These contain the separate user and domain parts of USERPRINCIPALNAME.
File transfer:
The SSH Server's file transfer subsystem would exit with an exception, aborting the file transfer session, if the client tries to set a negative file time. If the SSH Server receives such file times, it will now continue the file transfer session, but will treat negative file times as invalid.

New in Bitvise SSH Server 9.25 (Oct 31, 2022)

New in Bitvise SSH Server 9.24 (Oct 9, 2022)

General:
Previous SSH Server 9.xx versions did not run on older Windows versions, such as Windows Server 2008 R2, unless KB 2533623 was installed. This version implements a workaround for this dependency, so that KB 2533623 is again not required.
Email:
The maximum length of the local part of an email address is now raised from 64 bytes to 128.
BvShell:
Improved inconsistent Tab auto-complete behavior.
The cd command now displays a warning when more than one parameter is passed. (In most shells, supplying more than one parameter to cd is invalid.)
Master/follower synchronization:
Fixed multiple issues associated with activation code synchronization.
The user interface in the follower now displays more clearly when the activation code could not be synchronized because master settings do not permit it.
Control Panel and Settings:
Settings entries, such as virtual groups and connect profiles, whose names are referenced by other settings entries, can now be renamed, so that references are automatically updated.
When editing an account settings entry in Easy settings, mount point settings (including permissions) would be reset on mount points, even if the mount points were not changed. Fixed.
Mount point permissions can now be configured in Easy settings.
CSV import for settings entries that contain nested lists would incorrectly fail to clear these lists when importing. Most significantly, importing a Windows account from CSV would fail to clear or overwrite a default "/" mount point inherited from the Everyone Windows group in Advanced settings. Fixed.
When starting a CSV import on a list that already contains entries, the interface now asks whether to clear existing entries before importing.
The Custom events interface can now display events filtered by name or description.
In SSH Server settings, a single press of the Alt key would block Alt+Tab and the Windows Key from working until the user switched windows using the mouse. Fixed.
Additional improvements to the behavior of the pop-up menu for the SSH Server Control Panel icon in the system notification area.

New in Bitvise SSH Server 9.23 (Jun 6, 2022)

New in Bitvise SSH Server 9.22 (May 31, 2022)

New in Bitvise SSH Server 9.21 (May 30, 2022)

New in Bitvise SSH Server 9.19 (May 29, 2022)

New in Bitvise SSH Server 9.18 (May 6, 2022)

New in Bitvise SSH Server 9.17 (Mar 13, 2022)

New in Bitvise SSH Server 9.16 (Feb 14, 2022)

Upgrade:
A major new feature in SSH Server 9.xx versions is the Windows session cache. This is enabled by default for new installations. When enabled, settings such as the On-logon command have a different effect than in previous SSH Server versions.
To preserve behavior, the Windows session cache is now disabled when upgrading existing settings from versions 8.xx and earlier.
In versions 8.xx and earlier, it was possible to configure settings in subtly inconsistent ways. For example, it was possible to remove or rename a Connect profile so that the port forwarding settings in a group settings entry referenced a Connect profile which no longer exists.
In previous 9.xx versions, the settings interface would not open after upgrading an installation which had settings configured this way. Fixed.
Control Panel and Settings:
When configuring an encrypted volume in Advanced settings, the setting Full path to data file now won't display an overwrite prompt when selecting an existing file.
Default settings in Tasks and actions now include straightforward examples for email notifications for uploads and downloads. These examples won't appear when updating from previous 9.xx versions unless the task list is reset to apply the new defaults.
The Log folder viewer now once again supports the Enter key to open the selected file.
Connections:
In previous 9.xx versions, the Connection on-logon command was broken and did not work. Fixed.
File transfer:
The Encrypted volume and Other SFTP server filesystem providers can now be configured to limit access to a subdirectory of the encrypted volume or remote SFTP filesystem.
Bitvise SSH Server provides access to filesystems which do not support POSIX permissions. In versions 8.xx and older, the SSH Server would respond to attempts to set POSIX permissions, such as using chmod, by simulating success. In previous 9.xx versions, the SSH Server would respond with failure if a client attempted to set only POSIX permissions, but not any supported attributes. This is a problem for scripts that assume chmod to succeed. The SSH Server will now once again simulate success for such requests.
If the feature Move completed uploads was configured in an account settings entry, as opposed to a group settings entry, the account would not be able to log in. Fixed.
The correct filesystem provider is now logged when an SFTP client attempts to use an invalid handle.

New in Bitvise SSH Server 9.14 (Jan 24, 2022)

New in Bitvise SSH Server 9.12 (Jan 24, 2022)

New in Bitvise SSH Server 8.48 (May 24, 2021)

New in Bitvise SSH Server 8.47 (Apr 4, 2021)

New in Bitvise SSH Server 8.45 (Apr 4, 2021)

Automatic updates:
If the automatic update process encountered an error while downloading a new version installer from the primary download location, resulting in a partial executable being stored; and if download was then successful from the secondary download location; the resulting executable would be corrupted. Fixed.
Improved the automatic update locking mechanisms.
Control Panel and settings:
When the SSH Server Control Panel was started hidden in the system notification area, it would cause a phantom Alt-Tab menu entry to appear. Fixed.
Generating a new employed certificate for FTPS did not immediately update certificate information on the Server tab. Fixed.
When monitoring session activity on busy servers, the Activity tab could experience repeated overflows of events from the SSH Server. Buffering flexibility has been improved to reduce this problem.
Fixed a GDI leak that could lead to resource exhaustion in the SSH Server Control Panel (not the main SSH Server process). This could happen, for example, if UI elements were opened and closed a very large number of times that is not usually experienced by users.
General:
Previous SSH Server versions came configured by default to limit the number of sessions with processes to 60. This can be easily changed, but requires finding the setting in Advanced settings, under Session. The default limit accommodated an OS desktop heap limitation in Windows XP and Windows Server 2003, which are now rarely used. For new settings, the default limit is now 500 sessions, and applies to all sessions (not only sessions with processes).
The SSH Server process could stop unexpectedly if settings in Advanced settings, under Logging, were first configured so that the settings description event would not be logged, and then changed so that it's logged. Fixed.
BvShell:
Improved compatibility of BvShell with virtual filesystem settings configured as blind drops. BvShell will no longer fail to start if the initial directory cannot be opened for listing.

New in Bitvise SSH Server 8.44 (Oct 4, 2020)

Version information:
The SSH Server's upgrade access amnesty continues, so that all users of previous 8.xx version can update to the latest version with accumulated fixes. The minimum upgrade access to use this version is October 23, 2018.
We are at this point highly confident in the security, stability and compatibility of our latest 8.xx versions. We are aware of users still relying on versions 7.xx and 6.xx, and sometimes even older. The SSH Server is security-sensitive, network-facing software, and updating is the only way to receive the latest security and reliability fixes. We suggest all users update.
Automatic updates:
If an update is available and settings are configured to automatically apply it, then when the SSH Server Control Panel is started, it will no longer initiate the update immediately, but will instead wait for some time (currently 5 minutes). This offers the administrator a window in which to change automatic update settings, in case the administrator wants to modify them.
SSH:
When using the authentication method keyboard-interactive, an implementation that identifies itself as "SSH-2.0-libssh-0.6.5" sends the message SSH_MSG_USERAUTH_REQUEST without encoding fields for the language tag and submethods. These fields are required, but since they are not critical, the SSH Server will now treat them as empty if they are missing.
Terminal:
Improved stability of the new Windows 10 terminal console when resizing. The new Windows 10 console has a bug where it will crash if the cursor lands outside of the screen buffer after a resize. The SSH Server now detects this situation and works around it.
FTPS:
In previous versions, each FTPS connection would cause a small file to be created, and never deleted, in the directory C:ProgramDataMicrosoftCryptoRSAS-1-5-18. Fixed.
File transfer:
Changed the behavior of the Maximum wait time setting for the On-upload command. Previously, it was a mistake to set this to a value other than 0 seconds (the default). However, when this value was set to 0 seconds, and Execute as service was disabled (also the default), the last On-upload command in a session could be terminated prematurely if it did not complete quickly when a session disconnected.
The SSH Server now no longer waits for an On-upload command to complete, except optionally after a session has disconnected. The Maximum wait time now applies only in this situation, and it causes the SSH Server to wait for this amount of time before forcefully terminating the command. If set to zero, the SSH Server will not wait with session cleanup, and will also not forcefully terminate the command.

New in Bitvise SSH Server 8.42 (May 10, 2020)

Version information:
This version continues a minor upgrade access amnesty so that users who would otherwise upgrade to version 8.36 for a security fix can instead upgrade to the latest version with more fixes. The minimum upgrade access to use minor versions since 8.36 is October 27, 2019.
Installation:
The SSH Server no longer supports installation on Windows 10 versions 1507 and 1511. These versions contain a flawed cryptographic implementation which prevents a number of SSH algorithms from working correctly. The lowest Windows 10 version supported is 1607.
During an initial, interactive installation; when installing into a non-default directory (e.g. outside of C:Program Files); the SSH Server installer will attempt to detect if any parent of the installation directory grants insecure permissions for non-administrative users. The installer will display a warning about installing into such insecure directories.
When updating an installation in such a directory, the update will succeed, but the SSH Server Control Panel will display a warning.
Control Panel and settings:
The FTPS passive port is now configurable in Easy settings and has a default fixed value 20020. The previous default value, 0, would cause the passive port for data connections to be randomly selected each time the SSH Server was started. This required using Advanced settings to configure FTPS access from the internet when a router or firewall needed to be manually configured.
The Log Folder Viewer now starts faster when the log directory contains many log files.
The SSH Server Control Panel could crash when interacting with the Host keys and fingerprints interface in instance type settings for slaves and secondary masters. Fixed.
During CSV import, boolean values are now recognized regardless of character case. Boolean values had to be lowercase previously.
Reliability:
The difference comparison algorithm used for logging settings changes had a rare corner case which would cause the SSH Server to stop in a controlled but definitely unintended way. Fixed.
SSH:
In rare circumstances, an SSH session could terminate in such a way that the SSH Server would crash. Fixed.
OpenSSH 6.2 and 6.3 can be configured to enable AES GCM, but crash if it is used. Bitvise software versions 8.42 and higher will now disable AES GCM if the remote version string indicates an affected OpenSSH version.
The SSH Server will now log the host key algorithm negotiated by a client in the message I_SESSION_KEY_EXCHANGE_ALGORITHMS.
Authentication:
In specific circumstances, a logon attempt could get stuck waiting for serialization due to the Penalty login attempt delay setting. The session would not be released until the next login attempt initiated by another session. Fixed.
The log message I_LOGON_AUTH_DISCARDED has been changed from info-level to more appropriate trace-level.
Subsystems:
Improved protections on SSH Server subsystems for file transfer, terminal shell and exec requests. The improvements protect against SSH clients with non-administrative access which are nevertheless granted the ability to run arbitrary code, such as through unrestricted Command Prompt or PowerShell access. The improvements are not effective on Windows 7 and Windows Server 2008 R2 due to limitations in those Windows versions.
BvShell:
Fixed an issue where BvShell would log superfluous, non-informative info-level messages for each entry in a directory listing.
BvShell now supports the command sh to enter a simulated sh-like shell. This is to improve compatibility with the SCP implementation in the IBM Workload Scheduler on AIX, which supports SCP but not SFTP, and expects to invoke an sh shell. These are some poor design decisions on behalf of IBM, so that further accommodations may still be needed.

New in Bitvise SSH Server 8.39 (Feb 15, 2020)

New in Bitvise SSH Server 8.38 (Jan 13, 2020)

Automatic updates:
The SSH Server installer now supports more convenient command line parameters to configure automatic updates (including to disable them) without having to accompany the installer with an additional instance settings file.
Any error that may have occurred during the last check for updates will now be cleared and no longer shown after disabling checking for updates.
General:
Since versions 8.xx, the SSH Server now uses multiple heaps to reduce contention for memory allocation and freeing. Among other things, this dramatically reduces time to shutdown when handling many simultaneous connections.
In previous 8.xx versions, on computers with many CPU cores, the SSH Server could use too many heaps. In certain usage scenarios, this could cause very excessive memory consumption. The SSH Server will now use a radically smaller number of heaps on computers with many cores.
When public key or private key import fails, a more accurate error message will now be displayed in certain cases.
In 7.xx and earlier versions, automatic IP blocking could be disabled by setting any of the three main IP blocking settings to 0. When upgrading to 8.xx, if the setting IP blocking - threshold was set to 0, but the other two settings were non-zero, then IP blocking would be incorrectly enabled after the upgrade. Fixed.
Authentication:
Thanks to user feedback, we identified a circumstance where looking up a Windows account in a different domain, where the relationship is an external trust, may cause Windows to return a malformed account name such as domainuser@domain. The SSH Server is now able to handle this, so that such accounts can still log in.
Terminal:
Changes in the SSH Server's terminal subsystem in versions 8.xx have made the bvterm protocol unreasonably slow with certain console applications. Bitvise SSH Server and SSH Client versions 8.38 implement optimizations in both the server and client to address these issues.
BvShell:
For improved compatibility with clients such as the vCenter Server Appliance which expect an SCP server to support chmod, BvShell now supports a chmod command which always succeeds and does nothing.
FTPS:
Re-categorized another type of event related to FTPS disconnect as an Info which was previously incorrectly a Warning.

New in Bitvise SSH Server 8.36 (Oct 28, 2019)

New in Bitvise SSH Server 8.34 (Jun 17, 2019)

New in Bitvise SSH Server 8.33 (May 27, 2019)

Authentication:
Previous 8.xx versions would not trim leading and trailing spaces from client-provided user names on the basis that technically, such accounts could be configured in Windows. In practice, there are effectively no users who want to use usernames like that, but there are clients that unknowingly send usernames with leading or trailing spaces. The SSH Server will now trim leading and trailing spaces from user names, including Unicode spaces.
An added difficulty was that the SSH Server would trim the spaces from user names when logging them, but not when looking them up. This would make it difficult to realize that extra spaces were the reason login did not work.
Improved logging for two types of ADSI errors where the underlying issue is that the SSH Server lacks necessary permissions in the Active Directory. The errors would manifest as:
ADsOpenObject(user, Kerberos) failed: COM error 0x80072030: There is no such object on the server.
IADsUser::Get(msDS-User-Account-Control-Computed) failed: COM error 0x8000500D: The property cannot be found in the cache.
Check Using Bitvise SSH Server in a domain for more information about the Active Directory permissions needed.
Session:
SSH: Very old PuTTY versions before 0.58 are now treated as not global-request capable. When these versions are waiting for a channel open confirmation, they will treat any packet other than a channel open confirmation as a failure (including if the packet is a global request).
If synchronization with authorized_keys was enabled, and a user was logged off due to changed settings no longer permitting login, a null pointer read would occur. Fixed. The issue did not have consequences besides logging an error.
SCP: Reduced superfluous logging of I_SFS_GET_FILE_STATUS due to an internal event at the start of an SCP command.
Installation and upgrade:
In previous 8.xx versions, when upgrading from WinSSHD 4.xx and earlier (last such version was released in November 2008), users who should be limited to a specific directory would be incorrectly granted unlimited filesystem access. Fixed.
Automatic updates would fail for instances with non-normalized names (for example, names containing dots). Fixed. Users of affected instances may still need to manually update to this version or later by directly running the new version installer.
Added some verbosity in the installer, in particular to help diagnose situations where an antivirus might prevent the installer from launching a child process. This can prevent an installation or an update from completing.
The SSH Server EULA received a minor update to clarify the meaning of Machine. The meaning remains consistent with our current and past licensing practice.

New in Bitvise SSH Server 8.31 (Apr 15, 2019)

New in Bitvise SSH Server 8.29 (Apr 15, 2019)

New in Bitvise SSH Server 8.28 (Mar 15, 2019)

New in Bitvise SSH Server 8.27 (Mar 4, 2019)

New in Bitvise SSH Server 8.26 (Mar 4, 2019)

New in Bitvise SSH Server 8.25 (Feb 18, 2019)

New in Bitvise SSH Server 8.24 (Jan 27, 2019)

New in Bitvise SSH Server 8.22 (Dec 21, 2018)

New in Bitvise SSH Server 8.21 (Dec 19, 2018)

In past versions, when using default settings for logging, the SSH Server would record its entire settings in the textual log file each time they were changed while the SSH Server was running. To improve readability of changes, and to reduce log spam on servers with large settings, the SSH Server will now record difference comparisons between old and new settings.
A number of network share filesystems – including specific NAS devices and Linux-based network shares – do not support a file attribute operation on which the SSH Server has been relying since version 7.21. With such filesystems, subdirectory traversal would fail with an error involving GetFileInformationByHandleEx and FileAttributeTagInfo. The SSH Server now implements a workaround for this issue.
We are investigating reports of further workarounds needed for similar filesystems.
Since versions 8.xx, Bitvise SSH Server and Client support an important new feature, host key synchronization. This allows a supporting client to automatically roll over to new server host keys without requiring manual configuration.
Host key synchronization requires clients – all that connect, including those that do not implement host key sync – to accept global requests. Almost all clients do – this is what RFC 4254 requires. Our users have identified clients which, in violation of the SSH protocol, disconnect when they receive a global request.
We have reports of the following SSH version strings sent by clients with this behavior:
"Cisco"
"AutoMate"
"WeOnlyDo" – older versions, but new ones send the same version info
Ancient OpenSSH: clients older than version 3.1 (released 2002 – 2004)
To accommodate these clients, SSH Server 8.21 now implements a whitelist of clients which can handle global requests. For now, global requests will not be sent to clients not on the whitelist. In a future version, this will be configurable.
Clients that support RFC 8308 and wish to receive global requests can include the extension global-requests-ok in their SSH_MSG_EXT_INFO.
With versions 8.xx, the SSH Server Control Panel switched to newer, nicer Windows UI elements for dialogs such as exporting settings. It turns out these UI elements are unavailable on Windows Server Core. The SSH Server Control Panel will now detect Windows Server Core and use older versions of UI elements.
This may not resolve all issues on Windows Server Core. Administrators may need to use the BssCfg command line configuration utility or PowerShell scripting.
For FTPS clients, the SSH Server will now close the control connection if password authentication is not available or no longer available.
To improve compatibility with the vCenter SCP client, BvShell now responds to test -r and test -w in addition to previously supported test -d and test -f parameters.
The SSH Server implements further improvements to automatic IP blocking.
In previous 8.xx versions, the SSH Server would not import RSA private and public keys larger than 8192 bits. This limit is once again 16384 bits.
The SSH Server installer will now offer to wait instead of exiting when another Bitvise installation is already in progress.
Slightly improved the user friendliness of the installer and uninstaller for command-line installations.

New in Bitvise SSH Server 8.19 (Nov 18, 2018)

New in Bitvise SSH Server 8.18 (Nov 7, 2018)

New in Bitvise SSH Server 8.17 (Nov 4, 2018)

New in Bitvise SSH Server 8.16 (Oct 29, 2018)

New in Bitvise SSH Server 8.15 (Oct 26, 2018)

Highlights:
The SSH Server can now accept incoming file transfer connections using FTPS. This is the FTP protocol over TLS (SSL). This is in addition to SFTP and SCP, which are the file transfer protocols associated with SSH, which the SSH Server has always supported.
Only authenticated and encrypted FTP connections over TLS (SSL) are supported. To work with Bitvise SSH Server, an FTPS client must support explicit TLS (using the AUTH TLS command), must use FTP passive mode, and must use TLS resume functionality for data connections. The SSH Server receives FTP data connections at the same port as control connections.
Unlike the SSH protocol, where our own Bitvise implementation is used, the SSH Server uses the Windows implementation of TLS (Schannel). Therefore, available TLS versions and configurations depend on the version of Windows on which the SSH Server is used. All versions of Windows that are in support by Microsoft will work. However, we recommend a recent Windows version.
Connections made using FTPS can log into the same Windows and virtual accounts as SFTP and SCP connections, and can interact with the same virtual filesystem. However, FTPS connections are limited to password authentication.
The SSH Server now supports automatic updates. The administrator can configure the SSH Server to automatically apply all updates; only recommended updates; only strongly recommended updates; to apply updates only manually; or to never check for updates.
The SSH Server will not automatically update to a new version if the new version would require an upgrade access extension for the activation code that's currently applied.
The SSH Server's terminal subsystem now fully supports the new Windows 10 console. ANSI escape sequences and other new console behaviors are supported. Processes such as bash under the WSL (Windows Subsystem for Linux) are now supported.
Two-factor authentication using time-based one-time passwords is now supported. The SSH Server implements RFC 6238, which is supported by a number of authenticator apps including Microsoft Authenticator, Google Authenticator, LastPass, Authy, and FreeOTP. The SSH Server allows configuring, individually for each account, a secret key which can be shared with the user either textually or as a two-dimensional code image. Once configured, the user's authenticator can generate a one-time password specific to the user, which the user's SSH client will prompt for, and which the user can use to log in. The SSH Server can be configured to require this one-time password for a user or a group of users in addition to authentication using a password or public key.
Bitvise SSH Client and SSH Server now implement automatic host key rotation. The SSH Client will synchronize keys from the SSH Server and any other servers that support the OpenSSH mechanism "hostkey update and rotation". The SSH Server will announce to clients all configured host keys, including those not employed, to facilitate host key rotation. The SSH Client will automatically trust new keys announced by a trusted server and remove any keys the server has removed, as long as they were added automatically.
Most lists in SSH Server settings can now be exported and imported in CSV format.
The graphical aspects of the SSH Server now support high resolutions and will display crisp text on high-DPI displays such as retina or 4K. The SSH Server now comes with new, higher resolution icons.
Installation:
Instance names for new installations are now validated more strictly to avoid use of names that could lead to issues.
SSH Server Control Panel:
An option is now available to copy all fingerprints to clipboard, making it easier to share host key information with clients.
The Activity tab, as well as textual log files, now displays the country (if available) of incoming connections. The SSH Server uses the MaxMind GeoLite2 Country database (under license). The country database comes with the SSH Server installation and is not automatically updated, other than by updating the SSH Server itself.
In many domain environments, the domain logon names used by the SSH Server (in format DOMAINusername) are generated and hard to read. The SSH Server Control Panel will now display User Principal Names (UPNs) on the Activity tab and in Statistics. Textual log files now also record UPNs in addition to domain logon names.
The Log Folder Viewer now supports an option to Force log rollover without having to stop and restart the SSH Server.
The Manage blocked IPs interface now supports selecting multiple IP addresses to permanently block.
The SSH Server will now keep track of whether any warnings or errors have been logged. If there are errors or warnings, the SSH Server Control Panel will now alert the administrator by displaying a yellow notification.
On the Sessions tab, it is now possible to disable real-time session monitoring to reduce load on busy servers.
Settings:
Additive settings import now allows the administrator to select which aspects of settings to import. The administrator can review the final settings and choose whether to save them or to cancel the import.
It is now possible to configure IP address rules based on country instead of manually entered address ranges. The SSH Server uses the MaxMind GeoLite2 Country database (under license). The country database comes with the SSH Server installation and is not automatically updated, other than by updating the SSH Server itself.
An administrator can now force a virtual account to change password during their next logon.
The virtual account password policy can now be configured to prevent reuse of the user's existing password.
All IP address rules that previously used a subnet mask and significant bits are now configured as more readable IP address ranges.
In settings for a virtual filesystem mount point, full filesystem access - allowing access to all drives, limited only by Windows filesystem permissions - is now expressed with a more obvious, explicit setting instead of an empty Real root path.
Easy settings, and settings for delegated administrators, now support a Blind drop virtual filesystem layout. This maps to an Advanced settings mount point configuration appropriate for users that should be allowed only to upload, but not view or modify existing files.
Scriptable configuration:
The properties and methods available under $cfg - the root BssCfgManip object - have been substantially cleaned up and rationalized. Keypairs are now available under $cfg.keypairs, certificates under $cfg.certificates, activation state under $cfg.actState, information about installed instances under $cfg.instances, and so on.
Commonly called prologue and epilogue methods are now also rationalized. For example, $cfg.LockServerSettings is now $cfg.settings.Lock, while $cfg.SaveServerSettings is now $cfg.settings.Save.
The $cfg.SetSite method is now more appropriately called $cfg.SetInstance.
All list interfaces that previously had two forms, listNameEx and listName, have now been consolidated as listName and listName.entries.
To de-clutter the $cfg namespace, enumeration values are now under $cfg.enums.
The settings layout remains substantially the same, however some settings have moved. For example, IP blocking settings were previously under $cfg.settings.session and are now under $cfg.settings.ipBlock.
Service:
The SSH Server now supports the PROXY protocol for use with non-transparent load balancers. The PROXY protocol can be enabled in Advanced settings for individual port and interface bindings. If enabled, the SSH Server will require incoming connections on that binding to be prefixed with a PROXY protocol header which will be trusted to contain the IP address of the actual client.
In Advanced settings, under Logging, it is now possible to configure a list of whitelisted monitor IP addresses. Connections coming from these addresses will not be logged unless they exhibit SSH or FTPS protocol activity. This helps avoid filling up logs with trivial connections that can come from load balancers or health monitors several times per minute.
Greatly improved shutdown performance when the server is handling many concurrent sessions.
Cryptography:
Bitvise SSH Server, SSH Client and FlowSsh once again support non-standard DSA keys larger than 1024 bits. We do not recommend using these keys, and new keys of this type cannot be generated. Also, these keys cannot be used when FIPS mode cryptography is enabled in Windows. Re-adding support for these keys is intended to resolve an obstacle that may still be preventing some users of 6.xx versions from upgrading.
When using Windows cryptography, Bitvise SSH Server, SSH Client and FlowSsh now implement a backup strategy for DH and ECDH key exchange. Windows implements key exchange, but it does not expose the agreed value in a form suitable for SSH. Bitvise software must retrieve the value by carefully traversing undocumented Windows structures. In versions 7.xx, this required our software to be upgraded to continue working after the Windows 10 1803 update. Our software will now log a warning and fall back to Crypto++ if it cannot perform key exchange because Windows internal structures have changed. However: if FIPS mode is enabled in Windows, this backup strategy is not used, and the software must be updated.
When importing keys, such as from files, the stage at which an import failed is now described in more detail.
SSH session:
Bitvise SSH Server and Client now support the elevation extension. In previous versions, if a Windows account with administrative rights connected to the SSH Server, the server would always elevate the session if possible. Otherwise, the user would not be able to get an elevated session because there was no way to convey the user's preference. With the elevation extension, the user can request a non-administrative security context by requesting no elevation (elevation is still applied by default). In command line clients including stermc, sexec and sftpc, this is controlled using the switch -elevation=n.
Bitvise SSH Server and Client now support the no-flow-control extension. This disables SSH flow control for clients that only support opening one channel. No flow control is now preferred by sftpc, stermc, sexec and spksc, which only need to open one channel in the SSH session.
Bitvise SSH Server and Client now support the delay-compression extension. Delayed compression reduces attack surface for unauthenticated clients by delaying availability of compression until after a user is authenticated. The delay-compression extension is an improvement over previously supported alternatives: the [email protected] method contains a by-design race condition, while the approach of invoking a second key exchange doubles the overhead of establishing an SSH session.
If the Omit server version setting was enabled, then in previous SSH Server versions, the server would send a trailing space at the end of its version string. Some versions of some clients incorrectly trimmed this space, which caused the session to abort with a key exchange error. This trailing space will now no longer be sent.
Authentication:
The SSH Server now supports global settings to completely disable password authentication; or to disable it for all Windows accounts, or for all virtual accounts.
If the SSH Server is configured in a way such that no Windows accounts could possibly log in, it will no longer perform any Windows account lookups during authentication.
The handling of public key authentication has been reorganized to reduce attack surface. For example, the SSH Server will halt public key processing early if it detects that the public key being used does not even exist in its configuration.
Bitvise SSH Server and Client now support the ext-auth-info extension. This allows the server to respond to user authentication failures with more detailed information in situations where this is safe. For example, if the client attempts to perform a password change but the new password does not meet complexity requirements, the server can communicate this instead of making the user guess.
The SSH Server now supports password authentication over the keyboard-interactive method, in addition to the standard password method. This accommodates some custom clients which may only support password authentication over keyboard-interactive.
The SSH Server now supports PuTTY and OpenSSH agent forwarding. In this situation, an SSH client A, which has access to an authentication agent, can connect to the SSH Server and make the agent available in the SSH session. Within the session, the user can now run client B, located on the server, which will be able to use public keys from the authentication agent on client A. The clients can be Bitvise SSH Client or any other client that supports PuTTY or OpenSSH agent forwarding. However, in the role of client B, Bitvise SSH Client and Cygwin OpenSSH will work; but the OpenSSH client included in Windows 10 will not work because it cannot communicate with an authentication agent outside of the Windows Subsystem for Linux.
The SSH Server will now apply an IP blocking penalty to sessions which make a large number of authentication attempts of a kind that would not otherwise be penalized, unless there are too many.
Terminal and exec requests:
An obstacle for users trying to configure a bash shell for rsync has been that the directory containing the bash and rsync executables may not be present by default in the PATH environment variable. When using the bash shell access type, the SSH Server now offers the option to add the bash directory to PATH.
If the exec request prefix configured for a user begins with cmd /c, and the user's client sends an exec request that also begins with cmd /c, the extra cmd /c prefix is now stripped. This results in more intuitive behavior for commands like cmd /c cd SomeDir && command. Before, the effects of cd would be undone by the time command was run because the cd would be executed by the inner cmd, and command by the outer.
Custom named subsystems are now supported and available by default to accounts with Shell access type set to Command Prompt, PowerShell or bash. A new powershell subsystem is defined by default, which supports PowerShell remoting over SSH if PowerShell 6 is installed on the system.
File transfer:
Execution of an On-upload command is now delayed for some time after the client closes the respective file. This allows a client to complete any follow-up actions, such as a file rename, before the On-upload command is executed. If the client renames the file, the On-upload command is now run with the final filename.
Utilities:
bvRun now supports a -pid command line option which will cause it to return the PID of the started process as an exit code.
Known issues
Windows XP: All versions of our software that we recommend using are built using Visual Studio 2015. The C++ run-time library used by this Visual Studio version has a known issue where 1-2 kB of memory are leaked each time a new thread is created. This issue does not occur on later Windows versions; it does not occur e.g. on Windows Server 2003. Microsoft has stated they do not intend to fix this issue. Bitvise's view is that the impacts on our SSH Client and FlowSsh are manageable; whereas our SSH Server is rarely used on Windows XP. We therefore do not plan to work around this; but we warn that this can be a potential denial of service vector on Windows XP.

New in Bitvise SSH Server 7.46 (Oct 15, 2018)

Highlights:
The SSH Server can now accept incoming file transfer connections using FTPS. This is the FTP protocol over TLS (SSL). This is in addition to SFTP and SCP, which are the file transfer protocols associated with SSH, which the SSH Server has always supported.
Only authenticated and encrypted FTP connections over TLS (SSL) are supported. The SSH Server does not accept plaintext FTP. Unlike the SSH protocol, where our own Bitvise implementation is used, the SSH Server uses the Windows implementation of TLS (Schannel). Therefore, available TLS versions and configurations depend on the version of Windows on which the SSH Server is used. All versions of Windows that are in support by Microsoft will work. However, we recommend a recent Windows version.
Connections made using FTPS can log into the same Windows and virtual accounts as SFTP and SCP connections, and can interact with the same virtual filesystem. However, FTPS connections are limited to password authentication.
The SSH Server now supports automatic updates. The administrator can configure the SSH Server to automatically apply all updates; only recommended updates; only strongly recommended updates; to apply updates only manually; or to never check for updates.
The SSH Server will not automatically update to a new version if the new version would require an upgrade access extension for the activation code that's currently applied.
The SSH Server's terminal subsystem now fully supports the new Windows 10 console. ANSI escape sequences and other new console behaviors are supported. Processes such as bash under the WSL (Windows Subsystem for Linux) are now supported.
Two-factor authentication using time-based one-time passwords is now supported. The SSH Server implements RFC 6238, which is supported by a number of authenticator apps including Microsoft Authenticator, Google Authenticator, LastPass, Authy, and FreeOTP. The SSH Server allows configuring, individually for each account, a secret key which can be shared with the user either textually or as a two-dimensional code image. Once configured, the user's authenticator can generate a one-time password specific to the user, which the user's SSH client will prompt for, and which the user can use to log in. The SSH Server can be configured to require this one-time password for a user or a group of users in addition to authentication using a password or public key.
The graphical aspects of the SSH Server now support high resolutions and will display crisp text on high-DPI displays such as retina or 4K. The SSH Server now comes with new, higher resolution icons.
The SSH Server once again supports non-standard DSA keys larger than 1024 bits. We do not recommend using these keys, and new keys of this type cannot be generated. Also, these keys cannot be used when FIPS mode cryptography is enabled in Windows.
Re-adding support for these keys is intended to resolve one of the main obstacles that may still be preventing some users of 6.xx versions from upgrading. With the release of this new version, we no longer plan to make updates to versions 6.xx - even if security issues are discovered.

New in Bitvise SSH Server 7.45 (Aug 12, 2018)

New in Bitvise SSH Server 7.44 (Jul 2, 2018)

New in Bitvise SSH Server 7.43 (Jun 20, 2018)

File transfer:
Fixed issues in past Bitvise software versions that resulted in incorrect file times when using subsecond times with SFTP protocol versions 4 and 6. This would result in incorrect last modified times after a file transfer which affected, on average, about one in several hundred files. Affected files would receive a last modified timestamp incorrect by up to 7+ minutes.
Authentication:
Since version 7.32, the SSH Server would send additional information to the client if authentication failed due to a Windows account restriction. This information was sent under the assumption that Windows checks the provided password and returns information about the restriction only if the password is correct. Our investigation shows that for a number of restrictions, if the restriction prevents login, Windows reports the restriction without checking the password. We found this was previously reported e.g. in 2007 under CVE-2007-2999, and remains unaddressed.
The presence of this issue allows a remote unauthenticated party to check for the existence of Windows accounts that cannot login due to a restriction, without requiring knowledge of those accounts' passwords. To avoid this issue, Bitvise SSH Server now no longer sends information about Windows account restrictions, except where our testing indicates that Windows checks the password before reporting the restriction. At present, our testing indicates that only ERROR_LOGON_TYPE_NOT_GRANTED, and the alias ERROR_LOGON_NOT_GRANTED, are safe to report to the client. Other restrictions may or may not check the password depending on whether the account is domain or local.
Settings:
For virtual accounts and groups, the default file transfer home directory is now "/" instead of "/%HOME%". This makes more sense for virtual accounts which usually have restricted virtual filesystem access. For Windows accounts, the default file transfer home directory remains "/%HOME%".
Installation:
Updated installer and uninstaller manifests to reduce the likelihood that Windows will incorrectly run the Program Compatibility Assistant during or after installation. This mainly affects older Windows versions such as Windows 7.
As a maintenance release, this version continues an upgrade amnesty. Any Bitvise SSH Server activation code that could activate a previous 7.xx version will also activate this version.

New in Bitvise SSH Server 7.42 (May 11, 2018)

New in Bitvise SSH Server 7.41 (Apr 30, 2018)

This is not a new feature release, but a successor to 7.39 with continued maintenance updates. (We skip over versions containing zeros to avoid ambiguities. For example, 7.04 and 7.40 might both be referred to as "7.4".)
This version continues an upgrade amnesty. Any Bitvise SSH Server activation code that could activate a previous 7.xx version will also activate this version.
SSH:
Fixed an issue in zlib compression provided by the Crypto++ library. There existed a race condition which could cause data to be decompressed incorrectly in specific circumstances. For this to happen, the first SSH session to use compression, and the second SSH session to use compression, would have to connect at the exact same time after the SSH Server is started.
Fixed a denial of service attack vector. This remains to be described in more detail.
Authentication:
Improved handling of disjoint namespaces in domain environments where the domain name is of the form region.example.com, but the computer is in a disjoint DNS suffix such as country.region.example.com. Previously, if the Windows function GetComputerNameEx failed with Windows error 1788 ("The trust relationship between the primary domain and the trusted domain failed"), the SSH Server would use LsaQueryInformationPolicy as backup. Now, the SSH Server will perform this fallback if GetComputerNameEx fails with other error codes, as well.
File transfer:
Some SFTP clients, including Bitvise SSH Client up to and including version 7.39, may send a fire-and-forget SSH_FXP_CLOSE message followed by immediately closing the SFTP channel and the SSH session. Depending on circumstances such as network latency, Bitvise SSH Server could fail to process the SSH_FXP_CLOSE request and incorrectly log that the final transfer may not have completed as intended. The SSH Server now takes steps to complete processing of any final requests sent by an SFTP client just before it disconnects.
Control Panel:
Fixed an issue which would cause the SSH Server Control Panel (the user interface; not the main SSH Server service) to crash after receiving more than 5,000 Activity tab entries while the last entry was not being shown.
Scriptable configuration:
The SetSite method of the BssCfgManip scriptable configuration COM object would previously fail to work for instances whose full name does not match the normalized instance name. This prevented using scriptable configuration for such instances. Fixed.

New in Bitvise SSH Server 7.39 (Jan 21, 2018)

New in Bitvise SSH Server 7.38 (Jan 7, 2018)

New in Bitvise SSH Server 7.36 (Nov 28, 2017)

New in Bitvise SSH Server 7.35 (Sep 17, 2017)

New in Bitvise SSH Server 7.34 (Aug 2, 2017)

New in Bitvise SSH Server 7.33 (Jul 12, 2017)

New in Bitvise SSH Server 7.32 (Jun 10, 2017)

New in Bitvise SSH Server 7.31 (May 3, 2017)

New in Bitvise SSH Server 7.29 (Apr 2, 2017)

New in Bitvise SSH Server 7.28 (Mar 13, 2017)

New in Bitvise SSH Server 7.27 (Mar 2, 2017)

New in Bitvise SSH Server 7.26 (Feb 8, 2017)

New in Bitvise SSH Server 7.25 (Jan 22, 2017)

New in Bitvise SSH Server 7.24 (Jan 16, 2017)

New in Bitvise SSH Server 7.23 (Jan 10, 2017)

New in Bitvise SSH Server 7.22 (Jan 3, 2017)

New in Bitvise SSH Server 7.21 (Jan 2, 2017)

Cryptography:
On Windows Vista, Windows Server 2008, and newer, our SSH Server, SSH Client, and FlowSsh now support server and client public key authentication using Ed25519, and ECDH key exchange using Curve25519. These algorithms are not available when Windows is running in FIPS mode.
We have updated support for OpenSSH private keys, so that our software is now able to import and export them in their new format as introduced by OpenSSH in December 2013.
Our SSH Server, SSH Client, and FlowSsh now support Diffie Hellman key exchange with 3072-bit and 4096-bit fixed groups, using SHA-512 as the exchange hash; and with the 2048-bit fixed group using SHA-256 as the exchange hash.
In SSH Server's Advanced settings, under Algorithms > Key Exchange, the minimum and maximum group size for Diffie Hellman group exchange can now be configured. The SSH Server continues to support only fixed groups. By default, the minimum is 2048 bits, and the maximum is 3072 bits. Therefore, either group 14 (2048-bit) or group 15 (3072-bit) will be used with group exchange algorithms.
General:
Improved detection and reporting - via log files and the SSH Server Control Panel - for clients that connect with incorrect obfuscation settings.
Fixed an issue which would cause the SSH Server to remove and re-add Windows firewall rules unnecessarily when retrying to synchronize main SSH Server listening sockets (bindings).
Previously, the SSH Server initialized its listening sockets with a low backlog value of 5. When the accept delay threshold was met, for protection against too many incoming connections, the SSH Server would allow the backlog to fill, causing Windows to refuse additional connections. This was causing problems under heavy load, when there were a large number of simultaneous connections, but the accept delay threshold was not met. Therefore, the SSH Server now uses a large backlog value, and actively clears connections - accepts and closes them immediately - when the accept delay threshold is met.
Other listening sockets used by the SSH Server, such as for server-to-client port forwarding, now also use a large backlog value to reduce the likelihood of connections being refused.
When upgrading, the uninstaller will now automatically retry moving files that are still in use for a brief period before prompting.
Master/slave synchronization:
When slaves are configured to not maintain a persistent connection, but reconnect on a periodic basis, slaves will now hold off on reconnecting if unsuccessful. Previous behavior was to enter a state where slaves kept trying to reconnect on a short delay. If a master went down and was unavailable to all slaves for a period of time, this would cause an accidental denial of service effect on the master when it was returned online.
Secondary masters are now assigned ranks to help avoid cyclical configurations.
Settings:
The SSH Server Control Panel will now display a dialog box to warn the administrator if they attempt to import a client authentication public key that cannot be used due to current settings configured under Advanced settings > Algorithms > Signature.
Pop-up events (if enabled) will now consume less CPU, and the scrolling should be much smoother.
If a new account was created in Easy settings, group mount points were not properly copied to the new account settings entry. Fixed.
Under Advanced settings > Session, the setting IP blocking - lockout time is now expressed in minutes instead of seconds. On new installations, the default lockout period is now 3 hours instead of 1 hour.
Account and group settings entries now have a Comment field. This field can be left empty, or can be set by an administrator to an arbitrary description of a user or group settings entry.
Logon:
Since versions 5.5x, our SSH Server has supported passwordless creation of logon sessions for Windows accounts that use public key authentication, or for virtual accounts that use a custom security context, where the password for the Windows account has not been entered in the SSH Server's password cache. This feature is made possible using a custom authentication package, which can only be loaded by Windows at system startup. In past versions, upgrading the SSH Server often required a system restart to restore passwordless logon functionality. This feature has been rearchitected so that fewer restarts will be required for future upgrades. Because of the depth of the changes, upgrading to version 7.21 will require a system restart in order for passwordless logon to work.
We have revised in-depth the Windows APIs we use to obtain Windows account information, and eliminated as much as possible older APIs that rely on less secure SMB-based protocols in domain environments. In modern environments, the SSH Server should now require only an LDAP (ADSI) connection to the domain controller. This means that all communication with the DC will be secured by default using Kerberos sealing. SMB-based protocols will now only be used for passwordless logon in legacy environments where the domain controller is Windows Server 2000.
The speed of LDAP (ADSI) queries performed by the SSH Server has been much improved. The SSH Server now connects to the DC in a way that avoids unnecessary NetBIOS lookups; ADSI connections are cached to improve performance; and the SSH Server avoids retrieving information it does not need. A passwordless logon to a Windows domain account should now be as fast as a logon with a password.
A new account and group setting, Session setup > On failure to obtain account info, now controls what should happen if the SSH Server can log the user in successfully, but cannot obtain information from Windows such as the location of the user's profile directory. In this case, environment variables such as %HOME% are likely to be set incorrectly. This may lead to security issues if sensitive settings, such as a Real root path, depend on such environment variables. For existing groups, previous behavior is preserved, which is No restrictions. For new groups, default behavior is now more conservative, and is set to Disable access to child processes.
File transfer:
Since versions 6.2x, our SSH Server has supported filename pattern whitelists and blacklists for the virtual filesystem used by SFTP, SCP, and BvShell. This feature has been split into separate file and directory blacklists. For example: the SSH Server can now be configured to allow access to a directory with a name that fits a pattern such that access would not be permitted if it was instead a file.
The main virtual filesystem provider used by SFTP, SCP, and BvShell has been rearchitected to improve consistency of filesystem operations. All operations that can be performed on file handles are now performed on file handles (instead of paths).
Improved handling of requests to change file attributes. Addressed issues where: the Read-only attribute would prevent enabling Sparse, or changing Compression or Encryption; the System attribute would prevent enabling Encryption; and changing Compression and Encryption at the same time could fail.
Advanced mount point settings provide a new setting, Delay initialization until accessed. This setting is enabled for new mount points by default, so that users who configure many mount points that are expensive to initialize (e.g. file shares) will not experience delays when a client connects for file transfer. However, the setting can be disabled so that mount points will be initialized immediately. This can be useful e.g. for users who rely on Create real root path to create directories on login.
Advanced mount point settings provide a new setting, File sharing behavior. This can be used to specify whether the SSH Server should use the configured file sharing mode always (even if the SFTP client requests a different file sharing mode), or only if the SFTP client does not indicate a file sharing preference (which is the case for many clients).
An SFTP client can now remove a symbolic link to a directory with the regular SSH_FXP_REMOVE message (in addition to SSH_FXP_RMDIR). This allows a symbolic link to a directory to be removed using clients that were previously not able to remove it (including graphical SFTP in our SSH Client).
Personal Edition:
The SSH Server Personal Edition can now be used on domain controllers. In this case, only domain accounts that are part of the domain controller's own domain can be used. Otherwise - when installed on a domain member - the restriction remains in place that only local Windows accounts (and virtual accounts) may be used.
It is now possible to change licensed-to information for the Personal Edition by uninstalling and reinstalling.
Delegated settings:
The SSH Server now supports delegated settings. In Advanced settings, an administrator with full access to SSH Server settings can configure specific Windows or virtual accounts so that they can view and edit specific, limited aspects of SSH Server functionality and settings. Functionality that can be made accessible to delegated administrators includes: Limited virtual account management / Server host key management / Viewing of session information / Temporary blocking of IP addresses.
In order to access delegated SSH Server settings, users who are given access must connect to the SSH Server using Bitvise SSH Client, and use the Bitvise SSH Server Control Panel feature in the SSH Client. It is currently only possible to access delegated SSH Server settings via our SSH Client.

New in Bitvise SSH Server 7.16 (Dec 5, 2016)

New in Bitvise SSH Server 7.15 (Sep 5, 2016)

New in Bitvise SSH Server 7.14 (Aug 4, 2016)

New in Bitvise SSH Server 7.12 (Aug 4, 2016)

Cryptography:
On Windows Vista, Windows Server 2008, and newer, our software now uses a new cryptographic provider, CiWinCng, which uses built-in Windows cryptography. This provider adheres to FIPS 140-2 requirements as long as FIPS mode is enabled in Windows security policy. In FIPS mode, ECDSA and ECDH are supported with curves nistp256, nistp384 and nistp521, but not with curve secp256k1 because this curve is not implemented in Windows. When FIPS mode is disabled in Windows, the curve secp256k1 remains available (implemented using Crypto++).
On Windows XP and Windows Server 2003, our software continues to use our previous cryptographic provider, which uses the Crypto++ 5.3.0 DLL. This DLL was FIPS-certified, but its certificate has been moved to the historical list due to changed random number generator requirements since January 1, 2016.
DSA keys larger than 1024 bits are no longer supported. The implementation of these keys in Bitvise software pre-dated the NIST standard for large DSA keys, and was incompatible both with the NIST standard and other implementations that might have used large DSA keys. In general, support for the DSA algorithm is being deprecated by SSH implementations. For interoperability with older SSH installations, we continue to support 1024-bit DSA keys, but we recommend migrating either to 3072-bit RSA, or ECDSA.
When using the new CiWinCng cryptographic provider - default on all recent Windows versions - the encryption/integrity algorithms aes256-gcm and aes128-gcm are now supported. Our implementation is interoperable with the OpenSSH implementation of these algorithms.
New RSA signature algorithms rsa-sha2-256 and rsa-sha2-512 are now supported for host authentication.
The EXT_INFO extension negotiation mechanism is now supported, allowing for the use of new RSA signature algorithms rsa-sha2-256 and rsa-sha2-512 for client authentication.
On initial installation, the SSH Server will now generate two default host keys: 3072-bit RSA, and ECDSA over the curve nistp384. This replaces ECDSA/nistp256 as the default curve for the ECDSA host key, to match recent NSA recommendations about key strength.
SSH:
The SSH Server will now disable gssapi-keyex authentication if Kerberos authentication is disabled. In previous versions, it was necessary to also disable NTLM authentication in order to disable gssapi-keyex.
The default logon type for Windows groups is now Network, instead of Interactive. This addresses a common support case where non-administrator users cannot log in because the Windows security privilege "Log on locally" is not granted in the Windows security policy. As is true in general for changes to default settings, this does not affect upgraded settings or settings imported from previous versions, but does affect new installations and new groups created in Advanced settings.
BvShell:
Bitvise SSH Server now supports a new terminal shell access type: BvShell. This is a command-line shell provided by the SSH Server which does not provide full access to the Windows filesystem, but instead limits a user's access to mount points configured for the user in SSH Server settings. The shell supports basic Unix and Windows commands, and allows users to access the SSH Server's virtual filesystem in ways that may not be supported by the user's SFTP or SCP client; for example, global search of file content, or file copy.
In previous versions, WinSCP was able to connect to Bitvise SSH Server when used in SFTP mode, but not in SCP mode. Now, the SSH Server will automatically activate BvShell when WinSCP opens a terminal session, allowing WinSCP to function in SCP mode.
Terminal:
Addressed a compatibility issue with Comodo Internet Security which would cause 64-bit processes to not run in an SSH terminal session on recent Windows versions.
The Telnet forwarder utility that has been included in recent SSH Server versions is now fully integrated as a shell access type in Advanced SSH Server settings. This allows an administrator to replace the SSH Server's terminal subsystem so as to instead forward access to an existing Telnet server.
The terminal subsystem now properly handles Alt, Shift, Ctrl + F1-F4 escape sequences in xterm.
The terminal subsystem now recognizes alternative Shift + F3-F10 escape sequences as sent by PuTTY.
File transfer:
The SSH Server now properly supports getting and setting Windows file attributes using an SFTP client that supports this.
Virtual filesystem mount points now support delayed initialization. Previously, when a user had a large number of mount points mapped to network shares, the connections to the network shares were all initialized at the beginning of the file transfer session. This could cause delays in session initialization. Each mount point provider is now initialized the first time it is accessed.
In recent SSH Server versions, the setting "Load profile for SCP and SFTP" has been disabled by default for virtual accounts. It is now disabled by default for Windows accounts also. Windows has issues related to profile loading, and it is best to disable it for file transfer. Normally, a profile only needs to be loaded for terminal shell access, so that programs can be run which require the current user's profile to function.
The SFTP protocol contains a legacy "long name" field which is mostly not used by graphical clients or by automated clients, but is used to display directory listings by a number of command line clients. There is now a new setting in Advanced settings, SFTP display time format, which can be used to change the date and time format sent as part of this field.
The On-upload command now supports an additional environment variable, SSHUPLOADENDBY, which can have values CLIENT or CLEANUP. The script executed by the On-upload command can use this information to decide whether a transfer was fully completed (value CLIENT), or if it was most likely terminated prematurely (value CLEANUP).
Port forwarding:
In Advanced settings, it is now possible to configure a listening rule so as to override the listening interface requested by the client with a server-configured listening interface (and optionally, port).
It is now possible to configure free-form listening rules that can match any textual interface requested by the client, including DNS names, as well as names that are not a valid DNS name or IPv4/6 address (such as Unix sockets). This is intended to be used together with a listening interface override to specify a valid interface on which to listen (previous bullet).
IPv4 and IPv6 listening rules have now been merged into a single list, which also supports the new free-form rules.
Logging:
Improved consistency of event timestamps on computers where Windows current time functions may return inconsistent values.
Control Panel and Settings:
Usability improvements in Easy and Advanced settings: saving of dialog sizes when minimized or maximized; improved support for multi-monitor environments; treatment of default values in Easy settings.
The default virtual filesystem layout for virtual accounts is now Limit to root directory instead of allowing full filesystem access.
A virtual account password can now be cleared (to "not set" state) even if password complexity requirements are configured.
The SSH Server will now display a more useful message on the Activity tab if a client connects but cannot establish an SSH session because the client and the server do not have any common algorithms that are supported or enabled.
The contents of hidden fields that are not currently in effect are no longer displayed in list columns when editing or viewing settings.
SSH Server settings may contain sensitive information, such as proxy authentication passwords or passwords to access network shares. For fields where this is possible, such as virtual account passwords, the information has always been stored irreversibly. For fields where the information must be decrypted, past versions stored it encrypted using a static key that could be decrypted on any computer. Now, the SSH Server will encrypt such sensitive configuration fields using a key that is available only to administrators on the SSH Server computer. To export settings that contain sensitive information for import on another computer, a password can now be provided during export which must be provided to decrypt settings on import.
When editing a temporary IP blocking entry, the old entry will now be removed if the IP address is changed.
Previously, when a list of client address rules included a DNS name rule, this rule would cause connections to be rejected when they arrived from an IP address for which a reverse DNS lookup did not succeed. In this case, the DNS name rule could not be evaluated, and the response was to always reject the connection in this case. It is now possible to configure, for each DNS rule, what should happen if the rule cannot be evaluated because DNS lookup failed. The default action is now to ignore the rule and proceed with any subsequent rules.
The SSH Server Control Panel will no longer try to create or delete its auto-start task when the -noRegistry flag is passed on the command line.
Scriptable/textual configuration:
The SSH Server's textual configuration has been completely revamped. The structure of the settings and the operations supported remain mostly the same. However, when accessing settings using the BssCfgManip COM object, each settings structure can now be accessed as a separate COM object instead of having to compose text strings and pass them to ProcessInstruction or QueryValue. This allows SSH Server settings to be managed much more naturally using PowerShell or VBScript.
As part of the textual configuration changes, the Query tab is no longer available in Advanced settings. Instead, it is now possible to use the SSH Server Control Panel to open a PowerShell window which can be used to query or change settings.
The BssCfg commands exportText and importText continue to be supported. These commands now support exporting and importing settings in a textual format which is a subset of PowerShell syntax which can now be used to configure SSH Server settings.
A virtual account password can now be cleared (to "not set" state) using the scriptable/textual configuration interface.
Host authentication public keys can now be exported programmatically using BssCfgManip in the SSH2 and OpenSSH formats.
The SSH Server installation now includes PowerShell scripts VirtAccountExporter.ps1 and VirtAccountImporter.ps1, allowing for export and import of basic virtual account entries to and from CSV (comma-separated values) files. The scripts can be extended to support additional fields in a custom CSV format.
Master/slave synchronization:
A slave can now be configured to connect to a master that uses SSH protocol obfuscation.
Instance type settings (master/slave configuration) have been moved from the Windows registry to the Config subdirectory of the SSH Server installation directory, where the main SSH Server settings and host keypairs reside.
General:
In previous versions, in domain environments, the SSH Server would retrieve user information from Active Directory using default parameters, which would cause results to be sent from the domain controller to the SSH Server computer without encryption. The SSH Server will now use ADSI using Kerberos sealing by default. It is now also possible to enable a TLS (SSL) connection to Active Directory in Advanced settings, if available in the domain environment.
The SSH Server should now support authentication with domain accounts in domains with an Active Directory name different from their DNS name.
The SSH Server should now work in cluster environments where the virtual server name of the cluster computer is different from the physical computer name.
Versions 6.4x targeted the SSE2 instruction set, which caused them to not run on old computers lacking support for SSE2. Versions 7.xx now target the SSE instruction set, which allows for compatibility with old CPUs, at the cost of a small performance penalty - in our measurements, between 0 and 0.5%.

New in Bitvise SSH Server 6.47 (Apr 26, 2016)

New in Bitvise SSH Server 6.45 (Nov 23, 2015)

New in Bitvise SSH Server 6.44 (Nov 10, 2015)

New in Bitvise SSH Server 6.43 (Nov 2, 2015)

New in Bitvise SSH Server 6.42 (Sep 18, 2015)

New in Bitvise SSH Server 6.41 (Aug 31, 2015)

Installation and upgrade:
This is the first version tested on Windows 10 as part of the development process.
In previous versions, the SSH Server's LSA authentication package (BvLsa) would not load if a previous third-party application added incorrect null characters to the LSA authentication packages registry key. The SSH Server installer is now better prepared to handle a partially malformed registry value.
On Windows Vista and newer, the installer did not auto-run correctly after the uninstaller prompted for restart during upgrade. Fixed.
Failed and incomplete installations are now detected and displayed, to help the user choose the correct installation directory.
Publisher and version information is now added for display in Add/Remove Programs.
Control Panel and Settings:
In both Easy and Advanced SSH Server settings, terminal shell access can now be configured much more intuitively via a number of default selections: Command Prompt, PowerShell, bash, and Git access only.
The new terminal shell setting Git access only now makes it much easier to configure the SSH Server to provide access to Git repositories. The settings provided by the SSH Server are more secure than can be achieved using git-shell, and are able to restrict the user to a particular repository directory. Both Cygwin and msysGit-style Git implementations are supported.
In Advanced SSH Server settings, account settings have been rearranged into several categories, to make it easier to find and understand settings.
Inline editing of list entry settings is no longer supported. Some users would use only inline editing, and miss essential settings such as Virtual filesystem layout. List entries such as accounts and access rules now need to be opened, via double-click or Edit, in order to edit them.
When the SSH Server Control Panel is started automatically on logon, it was being started by the Windows Task Scheduler with a "below normal" process priority. This caused the SSH Server Control Panel to be sluggish when the machine was under load. The SSH Server Control Panel now auto-starts with "normal" priority.
Conversion to uppercase and lowercase is now supported via =LOWER and =UPPER in environment variable expansion.
Separate SSH Server installations on the same machine are now called instances instead of "sites". This is to avoid confusion with a Site License, where the term "site" refers to a building or a group of buildings at a geographical location.
The input box on the Query tab in Advanced SSH Server settings is now larger and vertically resizable.
Improved responsiveness in case a timeout occurs when an administrator disconnects a session.
Strengthened the security of communication between the SSH Server and the local SSH Server Control Panel. The Control Panel now authenticates the SSH Server to ensure it is communicating, not necessarily with the SSH Server, but with a process that has administrative permissions. Implemented steps to prevent hijacking of the named pipe used for this communication.
Improved detection and reporting of installation and configuration issues that might lead to the SSH Server's authentication package not loading, thereby preventing use of password-less authentication, such as for public key login into Windows accounts.
Master-slave synchronization:
It is now possible for a master server instance to disable password cache synchronization.
In previous SSH Server versions, the security of host key verification by a slave instance connecting to a master would always boil down to the strength of an MD5 key fingerprint - even if a full master host key was imported. Since attacks against MD5 would require the true master's key to be generated maliciously, this is not currently known to be exploitable. However, slaves running version 6.41 will now check the master's host key against full information available: for example, the full imported host key. To protect against future uncertainty, we recommend slave servers to be upgraded.
When upgrading from a previous version to 6.31, a master server's instance settings would revert to a standalone instance. Fixed.
Statistics:
Optimized statistics-related file writes under heavy use scenarios.
SSH:
SHA-256 public key fingerprints, compatible with the latest OpenSSH versions, are now supported.
On initial installation, the SSH Server will now generate and employ an ECDSA/nistp256 host key, in addition to the previously standard 1024-bit DSA host key. The ECDSA host key provides the equivalent of 128 bits of symmetric security, and is compatible with recent versions of Bitvise SSH Client as well as OpenSSH. ECDSA over nistp256 is stronger than a 1024-bit DSA host key, which provides the equivalent of 80 bits of symmetric security; and stronger than 2048-bit RSA, which provides the equivalent of 112 bits of symmetric security. We recommend migrating older SSH clients to new versions supporting ECDH and ECDSA.
The key exchange method gssapi-group14-sha1 with Kerberos 5, which uses Diffie Hellman with a 2048-bit fixed prime, is now supported and enabled by default.
The 1024-bit fixed prime Diffie Hellman key exchange methods, diffie-hellman-group1-sha1 and gssapi-group1-sha1 with Kerberos 5, are now disabled by default, due to doubts about continuing security of Diffie Hellman with a 1024-bit fixed prime. Compatibility with most older clients should be retained via the diffie-hellman-group14-sha1 method, which uses a 2048-bit fixed prime. We recommend migrating older SSH clients to new versions supporting ECDH and ECDSA.
Symmetric encryption algorithms that use CBC mode are now disabled by default. Bitvise SSH Server and Client implement defenses against attacks on CBC mode, but other implementations that still use CBC mode are unlikely to implement such defenses. Most implementations should now support encryption in CTR mode.
Authentication:
The SSH Server now again supports changing the username during authentication. This resolves a common issue with PuTTY, where PuTTY would send an undesired GSSAPI (Kerberos) authentication request by default, and thereby lock the client into an authentication username that cannot login, and which the user did not intend.
When a user successfully authenticates using GSSAPI (Kerberos or NTLM), the SSH Server can now optionally verify that the username submitted in the SSH authentication request matches the GSSAPI identity. This is now enabled by default for PuTTY, but disabled for other clients. It is necessary for PuTTY, because it is configured by default to send an undesired GSSAPI (Kerberos) authentication request which may be for a different account than the one with which the user intends to authenticate.
When a virtual account password is entered and stored irreversibly by the SSH Server, the SSH Server previously hashed the password with a simple, fast SHA-1 based construction. The SSH Server will now use a much more computation-intensive algorithm based on SHA-512 and BusyBeaver. The new construction makes it orders of magnitude more difficult for an attacker to brute force a password in case they know only the password hash; for example, if an attacker gains access to exported SSH Server settings. Note that this improves defenses against some types of attack only, and does not remove the need for users to use secure, randomly-generated passwords; and to avoid reusing passwords for different services and accounts.
File transfer:
The SSH Server will now always send consistent POSIX permissions to SFTP and SCP clients. By default, the permissions sent are 0660 for files, and 0770 for directories. These defaults can be changed in Advanced SSH Server settings, either in an individual account's settings entry; or in group settings as a default for multiple accounts; or on the Server tab, as a server-wide default.
The I_SFS_TRANSFER_FILE log message now includes additional information to distinguish whether a file transfer was ended via an SSH_FXP_CLOSE request sent by the client; or via session cleanup after the client ended the SFTP channel, or disconnected.
Previously, creation of an empty file that did not involve a transfer of data, as well as resizing of an existing file that did not involve a transfer of data, would not be logged using the I_SFS_TRANSFER_FILE message. These actions are now logged and distinguished from other types of transfers.
In versions 6.24 and 6.31, an SCP file transfer with syntax "scp -r server:/path" would behave as if "/path" was empty. To work around this, "/path/*" would need to be used. Fixed.
The SSH Server now checks for clients attempting to set invalid file times with special values 0 or -1. According to the SFTP specification, this is not a valid way to indicate that no time information is available, but some clients send such values regardless. Previously, this would result in file times being set to January 1, 1970, or December 31, 1969. The SSH Server will now set the file time to current time in this cases.
The SSH Server was returning incorrect values for sub-second file times. Fixed.
When an empty directory listing was sent due to the setting Show empty directory if no access, the listing would lack the '.' and '..' special directory entries. Fixed.
Terminal:
Changes to the terminal subsystem in version 6.31 caused .NET Any CPU programs to not run under terminal emulation on 64-bit Windows. Such executables should now work again.
The BvRun utility now disables WoW64 filesystem redirection. This allows it to run programs under the actual \Windows\System32 directory, rather than being redirected to \Windows\SysWoW64.
The SSH Server now includes SfsDll: a DLL-based API that allows a command line program to access the SSH Server's virtual filesystem when run as an exec request, or under terminal emulation. A usage sample, SfsDllSample.cpp, is included in the SSH Server installation directory.
Improved the security of interprocess communication for programs running under the SSH Server's terminal subsystem by securing shared objects with the logon SID; or if a logon SID is not available, the user's SID.

New in Bitvise SSH Server 6.31 (May 4, 2015)

Installation:
The SSH Server installer now supports the -renameExistingDir parameter. This allows an existing SSH Server installation directory to be renamed during upgrade or re-installation, as long as the new installation directory remains on the same drive.
The console output stream implementation provided by the C++ run-time library, and used by the SSH Server installer, did not properly handle Unicode characters that could not be represented in the output code page. Replaced with our own output stream implementation.
Control Panel and Settings:
The SSH Server now maintains a history documenting sources of recent changes to SSH Server settings.
The Reset or Revert Settings dialog now provides the change histories of available settings backups.
When the SSH Server receives a directory change notification for the Config subdirectory, the SSH Server will now check that settings and/or keypairs have truly changed before reloading them.
Fixed an issue where settings could not be imported or upgraded from versions prior to 5.00 if login attempt delay was set to a value higher than 29. Import would fail with 'invalid delayed login expiration'.
If upgrading, and the custom event list is not currently being used, it will now be reset to default state. This avoids a large number of irrelevant lines relating to custom event selections normally logged to textual log files as part of the event I_SERVICE_CONFIG_DESCRIPTION.
Fixed an issue which caused the feedback dialog accessed via the Send us feedback link in the SSH Server Control Panel to fail when sending feedback with an access violation. (The feedback dialog in the uninstaller still worked correctly.)
Master-Slave support:
An SSH Server instance can now be configured to run as secondary master. In this mode, the SSH Server will connect to another master to synchronize configured aspects of SSH Server settings; but will also accept connections from other slaves, and allow them to receive synchronized settings as configured on the primary master. This is intended for situations where a load-balanced cluster may serve as master to many slaves.
When configured to run as slave, the SSH Server can now be configured to keep local Windows Firewall settings.
Programmatic access:
Public key settings entries now support the ImportStr instruction to import a public key in one of the common formats from a directly passed string, instead of from a file.
BssCfgManip now implements the method GetServerVersion, allowing the SSH Server version to be retrieved for the instance previously selected using the method SetSite.
BssCfgManip now implements methods allowing discovery of currently employed ECDSA keypairs.
BssStat using the -s parameter (display sessions) now properly implements the latest WRC protocol version, and therefore works again.
Server:
For statistics purposes, connections that do not successfully authenticate now count as failed logins only if they completed key exchange. This avoids including regular connections from load balancers in the Failed login count statistic.
When key exchange fails due to no match in algorithms, the local and remote algorithm lists are now logged.
The SSH Server now uses Windows permissions to secure subsystem processes launched as part of an SSH session. Non-administrator users who can run arbitrary code, e.g. via exec request or terminal shell access, are now prevented from using this access to affect operation of SSH Server subsystem processes running in their security context. SSH Server subsystem processes include SftpServer, ScpServer, toterms, and sexec.
Terminal:
The terminal subsystem has been partially re-architected to avoid issues with certain anti-virus software, including Kaspersky, which could cause programs to fail to run under terminal emulation.
Fixed issues which could cause the terminal subsystem to not work correctly for programs run in Windows compatibility mode.
File transfer:
When a client creates a new file or sets file size on an existing file, the SSH Server will now treat this as an upload, generating an I_SFS_TRANSFER_FILE event and executing an on-upload command, even if file content was not written to by the client.

New in Bitvise SSH Server 6.24 (Feb 17, 2015)

New in Bitvise SSH Server 6.23 (Feb 4, 2015)

New in Bitvise SSH Server 6.22 (Jan 31, 2015)

New in Bitvise SSH Server 6.21 (Jan 23, 2015)

Statistics and quotas. Bitvise SSH Server now supports collection and monitoring of transfer and login statistics on a per-user, per-group, and server-wide basis. In Advanced settings, it is possible to configure users with upload and download quotas. If a user's quota is exceeded, the server can be configured to further restrict that user's bandwidth, or to deny connections until more quota is available.
Installer:
The installer's "-keypairs" parameter now also accepts keypairs in non-passphrase protected Bitvise, OpenSSH, and PuTTY export formats. Previously, only the SSH Server's internal format of the BvSshServer-Keypairs.wpk file was supported.
Control Panel and Settings:
When importing public keys, the SSH Server will now recognize and import text files with UTF-8 or UTF-16 byte order markers.
Fixed an issue which caused mouse wheel scrolling to stop working after expanding and collapsing some help texts.
When authorized_keys synchronization was enabled, or when an SSH client managed their public keys using the SSH public key subsystem, the SSH Server would incorrectly create duplicate account settings entries. Fixed.
The list that stores Windows account settings entries now implements static sorting, and can no longer be reordered.
The settings wizard launched after first installation will no longer be started if the installation was performed non-interactively, or if settings were already modified in another way after installation.
Slave-Master synchronization:
Slave synchronization sessions are now no longer subject to a session timeout, if it is configured.
SSH:
Delayed negotiation of zlib compression is now supported. If delayed compression is enabled in Advanced SSH server settings, the SSH Server will not advertise "zlib" compression upfront, but will start a second key exchange to negotiate compression after user authentication is successful, if the client indicated a preference for compression over no compression. A concerned administrator can enable this feature to reduce the server's exposure to unauthenticated attack in the event that an issue is found in the Crypto++ implementation of zlib compression, which our SSH implementation uses.
File transfer:
The SSH Server can now be configured to execute an On-upload command after a file is written to by an SSH client. The on-upload command can reference expanded parameters SSHUPLOADFILE and SSHUPLOADBYTES, as well as other environment variables. The command can execute a custom action, such as moving the uploaded file to a different directory, or invoking a third-party program to send a notification email.
Advanced mount point parameters FileWhitelist and FileBlacklist are now supported. Using these parameters, the server can be configured to block file operations (e.g. uploads, downloads, and renames) on files that match or do not match specific file name patterns (e.g. extensions).
In mount point settings for Windows accounts and groups in Advanced SSH Server settings, Windows accounts can now be configured to inherit mount points from multiple groups, instead of only the group from which the user normally inherits settings. This allows users to be granted access to a set of mount points A if they are in group 1; a set of mount points B if they are in group 2; and both sets of mount points if they are in both groups, without having to configure individual account settings entries.
Added CuteFTP to the list of clients that must be sent dummy modification time information when an actual modification time is not available. This works around an issue in CuteFTP which prevented it from displaying a directory listing when no root mount point was configured.
Added support for SFTP version packet extensions "supported2", "acl-supported", and "versions". Added support for "version-select" extended packet.
The SFTP STAT request now works with only List permission on the mount point, without requiring the Read permission as well.
Terminal:
The terminal server now sends window titles to xterm clients.
Port forwarding:
Sessions that attempted to register a large number of simultaneous server-to-client port forwarding rules could be terminated by an error. Fixed.
Fixed issues that would arise if a proxy was configured for outgoing connections; if an outgoing connection was attempted to a DNS name that resolved to multiple IP addresses; and if the first of the addresses could not be reached, so that another had to be attempted.
Fixed issues that could arise when transferring server-to-client port forwarding rules between sessions. Improved handling of transferred server-to-client port forwarding rules.
General:
The SSH Server will no longer stop if no interfaces are configured on which it can accept connections. The server will now continue to try to bind any configured listening interfaces, and wait for any settings changes, while the SSH Server Control Panel displays a warning notifying about this state.
Implemented improvements to environment variable expansion.
Dramatically improved handling of LOG_I_SERVICE_CONFIG_DESCRIPTION with large settings.
Most case-insensitive string comparisons in the SSH Server are now Unicode-aware. We nevertheless do NOT recommend using non-US-ASCII characters in security identifiers, such as account names. Unicode is ever-changing, and consistency of string comparisons for non-US-ASCII characters is not ensured.
Improved disconnection responsiveness and reliability.
BvRun now supports the "-w" flag. Providing this flag causes BvRun to wait until the child process has exited, and return its exit code plus 9000.

New in Bitvise SSH Server 6.07 (May 5, 2014)

New in Bitvise SSH Server 6.06 (Apr 22, 2014)

New in Bitvise SSH Server 6.05 (Apr 7, 2014)

New in Bitvise SSH Server 6.04 (Feb 11, 2014)

Elliptic Curve support: ECDSA host keys and client keys, as well as ECDH key exchange, are now supported. Initially supported curves are secp256k1, nistp256, nistp384, and nistp521. When used with clients that also support ECDSA and ECDH, this is an improvement in effective cryptographic security from 80 - 112 bits of symmetric security, to 128 or more, depending on the curve chosen.
Installer:
A command line option is now available to abort installation if a specified warning occurs.
Full help text for installer exit codes is now available.
Control Panel and Settings:
Master/slave settings are now fully configurable from the command line using BssCfg, and programmatically using the BssCfgManip COM object.
Virtual account password expiration can now be configured on a per-account basis. If password change is disabled for the virtual account user, this can be used to configure virtual accounts with an expiry date.
For new Windows groups and new installations, the "Map remote home directory" and "Map remembered shares" settings are now enabled by default, to better meet initial user expectations when logging into a Windows account.
On Windows Vista and later, HTTP links are now opened in a non-elevated browser window.
Fixed an error which caused an assertion failure when a Remote Control Panel session fails due to packet overflow.
Fixed two slow GDI handle leaks that could lead to the Control Panel crashing in specific circumstances after running for a period of several weeks (e.g. in slave installations).
Dates are now displayed in a fixed YYYY-MM-DD format, so that lists containing date columns can be sorted by date regardless of Windows locale.
A newly added Listen rule in account settings entries will now have a default Accept rule entry. Previously, an Accept rule entry had to be configured manually for the Listen rule to allow any connections.
Improved log path links in Log folder viewer.
SSH session:
Improved disconnect handling, so that sessions are less likely to hang.
Username blacklisting is now supported. If a client attempts to authenticate with a username blacklisted by the server administrator (e.g. "root"), the originating IP address will be immediately locked out for the default IP blocking duration.
Implemented several adjustments to reduce the possibility of a channel blocking due to buffering and window adjustment issues.
The server will no longer try to create a window station and desktop when a virtual account is running in Local System context, avoiding a log warning.
Implemented several debugging features related to in-window size and window adjustments, to help investigate compatibility issues with JSCH-based clients that block during SFTP upload.
File transfer:
An SFTP success reply will now be sent without a description, cutting packet size by 39 bytes. This might improve compatibility with clients that send a large number of small write requests, but lack a large enough buffer to receive all status replies.
SFTP can now be limited to version 3 on a per-group and per-account basis, to allow focusing specifically on those users who connect with clients that require this.
Terminal:
For clients that do not support UTF-8, the terminal code page used by the server is now configurable on a per-group and per-account basis.
BvLsa authentication module:
Auditing and logging improvements.

New in Bitvise SSH Server 6.03 (Nov 5, 2013)

Utilities:
The bvRun utility now supports specifying the command to run on the command line without having to enclose it as part of the -cmd="..." parameter.
Control Panel and Settings:
Settings pages are now easier to scroll using the mouse wheel.
Implemented accessibility improvements in SSH Server Control Panel and Settings.
Fixed an issue which could have caused the Log Folder Viewer user interface to become unresponsive if a third-party application was installed that sent an unexpected GUI message.
Version 6.01 implemented tolerance for importing invalid keys from a previous version of SSH server settings, but only for public keys stored under accounts. This handling is now extended to public keys stored under groups, as well.
Authentication:
Implemented a workaround for a memory leak in lsass.exe, which would previously appear when handling SSH logins on recent Windows versions.
SSH session:
Implemented ability to log and debug changes in channel window sizes.
Fixed an issue which caused an SSH session to terminate prematurely if the client sent a characteristic SSH_MSG_DEBUG packet.
Exec requests:
Implemented a workaround to improve compatibility with Git. The SSH server can now detect exec requests sent by Git, and convert any single-quoted strings into double-quoted strings that work on Windows.
Terminal:
Fixed an issue with Home and End keys not working with PuTTY.
Installation:
Fixed an issue which caused the uninstaller to incorrectly believe that a system restart is necessary in order to complete uninstallation.
File transfer:
With clients that do not specify otherwise, the SSH server will no longer request exclusive write access when opening files the client requested to open for writing. This improves compatibility with clients that open multiple handles to a file and expect to be able to write to them simultaneously; and also, occasions when a client reconnects and attempts to resume a transfer when the server hasn't yet detected termination of the previous session.

New in Bitvise SSH Server 6.02 (Jul 31, 2013)

New in Bitvise SSH Server 6.01 (Jul 15, 2013)

Control Panel and Settings:
Bitvise SSH Server now supports master/slave configuration. In clusters and large installations, one SSH server installation can be configured as the master, while secondary installations can be configured as slaves. The slaves will connect to the master, and automatically download and apply settings and configuration changes from the master.
Per-user bandwidth limits are now supported. The administrator can limit the maximum speed with which a user can transfer data to or from the server, either per session, or for all concurrent sessions from a user.
It is now possible to configure different IP address restrictions for incoming connections on a per-account or per-group basis.
Improved automatic router configuration to also support devices that expose only UPnP version 2.
File transfer speeds will now again be correctly displayed on the Activity tab. A bug caused file transfer speeds to not be displayed correctly in versions 5.50 - 5.60.
Improved memory consumption of SSH server settings when a large number of accounts are configured.
Improved support for Microsoft identity accounts (e.g. of the format [email protected]).
Improved backward compatibility when importing settings from versions 3.xx and 4.xx. Proxy profiles and SFTP root directories will now be properly imported from WinSSHD 3.xx. Any invalid public keys in account or group settings entries will now be skipped when importing from WinSSHD 3.xx or 4.xx.
BssCfg command line parameters are no longer case-sensitive.
The SSH Server Control Panel will now work correctly in high-contrast mode.
A warning dialog will now be displayed when the SSH server is started with the Windows Firewall management feature configured so as to restrict access to connections from the local subnet only.
Unblocking an IP address will now also clear records of previously failed authentication attempts, so that the next authentication failure will not immediately result in another blocking.
The settings "Tolerate first window fault" and "Maximum subsequent fault bytes" have been obsolete since SSH server version 5.00, and have been removed.
Authentication:
The SSH public key management subsystem is now supported. Access to this feature can be enabled on a per-user or per-group basis in Advanced SSH server settings. Users for whom this feature is enabled can manage their public keys on the SSH server if they connect with a client that also supports this feature.
Improved the way the SID of the local computer is retrieved. Previously, Bitvise SSH Server would retrieve the wrong local computer SID if there was a local account with the same name as the computer. This would cause the SSH server to incorrectly treat local accounts as if they were domain accounts.
SSH session:
Improved CPU usage in the SSH server's core infrastructure. Transfer speeds in local loopback testing should now again be where they were in WinSSHD 4.xx. Users should see a decrease in the server's CPU consumption, given the same transfer speeds.
Re-implemented SSH session data buffering in order to improve responsiveness for slow clients.
Fixed an issue which would cause high CPU usage if the client closed a channel in a non-ready state.
The SSH protocol specification is unclear on whether the maximum packet size in the channel data packet refers to the whole packet, or payload only. Previously, Bitvise SSH Server used the interpretation that the size refers to payload only. This caused a compatibility issue with the Axway client. Our implementation has been changed to interpret the outgoing maximum packet size as referring to the whole packet.
Environment variables:
Advanced environment variable syntax is now supported in the same style as used by the Windows command interpreter, and as described in "help set". In addition to basic syntax (), the following suffixes are supported: %SOMEVAR:~N%, %SOMEVAR:~N,M%, %SOMEVAR:findStr=replaceStr%, %SOMEVAR:*findStr=replaceStr%. This allows administrators to configure a single group-wide rule to map structured home directories. For example, a home directory structure such as M:\Home\a\Aaron, M:\Home\b\Benjamin, can be configured with M:\Home\%USERNAME:0,1%\.
Child processes launched over an SSH session will now receive an environment variable named SSHSESSIONID, which can be used to identify the SSH session. Separate terminal sessions will still receive the same SSHSESSIONID if they are launched over the same SSH connection.
If SSH server settings permit the client to set environment variables, environment variables set by the client will no longer be used when expanding environment variables in terminal shell or exec request prefix strings configured in SSH server settings. Environment variables provided by the client will still be available to child processes started by the client.
Terminal:
Advanced environment variable syntax is now supported in the same style as used by the Windows command interpreter, and as described in "help set". In addition to basic syntax (), the following suffixes are supported: %SOMEVAR:~N%, %SOMEVAR:~N,M%, %SOMEVAR:findStr=replaceStr%, %SOMEVAR:*findStr=replaceStr%. This allows administrators to configure a single group-wide rule to map structured home directories. For example, a home directory structure such as M:\Home\a\Aaron, M:\Home\b\Benjamin, can be configured with M:\Home\%USERNAME:0,1%\.
Child processes launched over an SSH session will now receive an environment variable named SSHSESSIONID, which can be used to identify the SSH session. Separate terminal sessions will still receive the same SSHSESSIONID if they are launched over the same SSH connection.
File transfer:
It is now possible to create multiple nested directories at the same time using a single "make directory" command.

New in Bitvise SSH Server 5.60 (Mar 22, 2013)

New in Bitvise SSH Server 5.59 (Jan 28, 2013)

New in Bitvise SSH Server 5.58 (Dec 5, 2012)

New in Bitvise SSH Server 5.57 (Oct 22, 2012)

New in Bitvise SSH Server 5.56 (Oct 22, 2012)

New in Bitvise SSH Server 5.55 (Sep 25, 2012)

New in Bitvise SSH Server 5.54 (Sep 1, 2012)

New in Bitvise SSH Server 5.53 (Aug 19, 2012)

New in Bitvise SSH Server 5.52 (Aug 2, 2012)

New in Bitvise SSH Server 5.51 (Jul 21, 2012)

New in Bitvise SSH Server 5.50 (Jul 21, 2012)

New in Bitvise SSH Server 5.26 (Nov 18, 2011)

New in Bitvise SSH Server 5.24 (Oct 21, 2011)

Virtual users: Implemented a further fix for the issue first addressed in version 5.18 - when WinSSHD has been running for a long time, the password for the WinSSHD_VirtualUsers account can expire on some systems due to their security policy, preventing virtual users from logging in until WinSSHD is restarted. This fix should allow WinSSHD to reset the account's password as intended, without requiring a restart.
Subsystems: It turns out that there are third party DLLs that may get loaded as part of WinSSHD on some systems, which intrusively modify the process's current working directory. Previous WinSSHD versions relied on the current directory of the WinSSHD service staying the same in order to start the terminal shell or file transfer subsystems. We implemented a workaround to no longer rely on this, allowing WinSSHD to be used with third party DLLs that change its current working directory.
SFTP: When a client requested a file to be opened in TRUNCATE_EXISTING mode, WinSSHD was using an incorrect combination of Windows file open flags, causing the request to fail. Fixed.
SFTP: Some clients attempt to open files while providing an empty POSIX user or group. Previously, WinSSHD would attempt to look up this empty user or group name, causing the request to fail. WinSSHD now ignores empty POSIX user or group names sent by the client.
Terminal: Microsoft has tinkered with how the Windows console is implemented in Windows 7, and apparently introduced a bug which causes the console window to crash when running a program that switches screen buffers under the WinSSHD terminal subsystem. To avoid triggering this bug, WinSSHD now refrains from closing screen buffer handles on Windows 7.
Port forwarding: Some systems appear to suffer from a problem where listening sockets do not always close correctly, but may instead linger and prevent connections to future listening sockets opened on the same port. To avoid this problem, WinSSHD now caches listening sockets, keeping listening sockets around for 5 minutes after they would otherwise have been released, and reusing them if a client re-connects requesting the same listening socket.

New in Bitvise SSH Server 5.23 (Mar 4, 2011)

Changed the implementation of time measurement in WinSSHD to avoid relying on the system's high performance timer. This avoids an issue in environments running Windows Server 2008 under a virtual machine hypervisor which fails to provide the hooks required by the OS to properly implement the high performance timer. This should solve premature session or authentication timeouts when WinSSHD is running on Windows Server 2008 in environments such as Amazon EC2.
In WinSSHD advanced settings, the settings entry for the Everyone Windows group will now always be last, to prevent it taking precedence over more specific group entries.
WinSSHD would sometimes fail to report a child process exit code to the client. Fixed.
WinSSHD would fail to disconnect Tunnelier, and other sshlib/FlowSsh clients, on session inactivity timeout, if the Keep alive / broken session detection feature was enabled, and set to a time shorter than the session inactivity timeout. Fixed.
The wstat utility and example program has been reimplemented to use the WinSSHD Remote Control Panel protocol instead of grabbing information from a memory table periodically updated by WinSSHD. The new wstat showcases how to communicate with WinSSHD and extract information in the same way that the WinSSHD Control Panel does.
The WinSSHD Control Panel now displays the list of revealed password cache entries in alphabetical order.
The WinSSHD Control Panel now provides the ability to clear all hidden password cache entries. It was previously not possible to clear hidden password cache entries without also clearing all revealed entries.
The WinSSHD Control Panel feature for resetting settings now also allows restoring WinSSHD settings to a previously generated backup. The WinSSHD Control Panel backs up settings each time they are edited and saved.
The wcfg command-line configuration utility now supports parameters allowing modification of WinSSHD Control Panel interface settings from the command line. This includes settings on when, and for what events, pop-ups should appear, as well as enabling or disabling the persistent tray icon.

New in Bitvise SSH Server 5.22 (Jan 10, 2011)

It is now possible to change the WinSSHD service startup type (automatic, manual, or disabled) from the WinSSHD Control Panel instead of having to configure it through Windows Services.
The "Manage password cache" dialog in the WinSSHD Control Panel now provides features to backup and re-import password cache entries.
The "Persistent tray icon" and popup settings are now saved for concurrent WinSSHD installations (sites) individually.
Fixed issue where WinSSHD Control Panel would freeze or crash on Windows XP if a parent settings window was closed before the child settings window.
Virtual users can now change their passwords remotely using SSH clients, such as Tunnelier, that support password change. This feature can be enabled or disabled under "Access control" in Advanced settings.
Fixed WinSSHD Control Panel issue where user authentication keys for an account managed through Advanced settings would be lost when changing Easy settings.
The WinSSHD installer has been modified so it does not require loading DLLs from the current directory and can run with an enabled CWDIllegalInDllSearch registry entry.
Implemented workaround for Comodo Firewall, which would prevent the WinSSHD terminal subsystem from functioning correctly on 64-bit versions of Windows 7, and possibly other 64-bit platforms.
Fixed issue which caused some applications to crash when running under the WinSSHD terminal subsystem on Windows 2000 without Service Pack 3 installed.
Fixed issue where an unauthenticated user could cause WinSSHD to dereference a null pointer, causing the SSH session to close. At the time of this release, we are not aware of any ways to exploit this issue. WinSSHD would continue to run normally, but would report an access violation in the logs.
The terminal shell and exec request subsystems will now send their exit code to the client before reporting end of data on the SSH channel. This is intended to help clients such as OpenSSH properly report the exit code.
For clients which have compatibility issues with WinSSHD when using SFTP version 4 or higher, administrators can now limit SFTP version to 3. The setting is on the "Server" page in Advanced WinSSHD Settings.
For compatibility with PHP libssh2, WinSSHD will now accept null-terminated SCP commands, and disregard trash data incorrectly sent by the client after the null character.
For compatibility with PHP libssh2, WinSSHD will now recognize single quote marks as an acceptable alternative to double quotes for paths in SCP.
Fixed issue in WinSSHD SFTP and SCP subsystems where they would fail to list a directory if it was a root directory completely empty of entries (i.e. did not even contain the "." and ".." entries).
Fixed issue in the SFTP subsystem where SFTP directory handles would be encoded incorrectly on systems with thousands of mount points defined.

New in Bitvise SSH Server 5.21 (Dec 13, 2010)

New in Bitvise SSH Server 5.20 (Sep 23, 2010)

New in Bitvise SSH Server 5.19 (Aug 3, 2010)

New in Bitvise SSH Server 5.18 (May 27, 2010)

WinSSHD now optionally supports synchronization of WinSSHD-configured user authentication public keys with public keys managed by Windows account users through ~/.ssh/authorized_keys. If the administrator enables this option in WinSSHD advanced settings, and the "authorized_keys" file is present in the ".ssh" subdirectory of the user's Windows profile directory, then WinSSHD will read that file when the user logs off, and synchronize the user's public keys in WinSSHD settings with the keys as contained in the file.
WinSSHD will now properly send the chosen listening port number to a client that requests server-to-client tunneling on port 0.
Firewall service initialization compatibility improvements.
Unless configured otherwise, WinSSHD will now load the logged on account's Windows profile before starting the SFTP or SCP subsystems.
The WinSSHD virtual filesystem provider for SFTP and SCP now supports an additional optional parameter named "ShowHidden". Setting it to "No" causes WinSSHD to omit files and directories with the Hidden attribute from directory listings sent to the client.
CuteFTP appears to not support SFTP directory entries that lack a modification time. WinSSHD now attempts to detect connections from CuteFTP clients and in that case sends a dummy modification time for mount point directories.
WinSSHD now supports the "env" channel request for "exec" and "shell" subsystems. This allows clients that also support this request type to set environment variables before remotely executing a program or shell. This feature can be enabled or disabled on a per-user and per-group basis.
The terminal console subsystem will now properly handle alternative F1-F4 key sequences as sent by PuTTY.
WinSSHD will now reset the password for the WinSSHD_VirtualUsers account if Windows returns the error code ERROR_PASSWORD_EXPIRED. Previously, virtual user login would fail due to this error if a Windows password expiration policy was in place and WinSSHD had been running for longer than the password expiration period configured in Windows.
WinSSHD will now only create the WinSSHD_VirtualUsers account if there are any virtual users configured. If created, the account will be disabled automatically when WinSSHD is stopped, and re-enabled when WinSSHD is started.
WinSSHD 5.15 introduced a change where connections that do not result in successful authentication would automatically be penalized towards IP blocking. This may have introduced problems for installations that receive many such connections from IP addresses that should not be blocked, due to e.g. network monitoring. WinSSHD now has a new setting to control whether such connections should or should not be penalized towards IP blocking.
Fixed WinSSHD Settings user interface issue where the account or group object selection dialog would fail to open on some Windows versions. (The account or group name could still be entered manually like in previous WinSSHD versions that did not feature the object selection dialog.)
WinSSHD Control Panel and Settings UI preferences are now saved in such a way that the persistent tray icon and other features can be disabled machine-wide (rather than per-user) with an HKEY_LOCAL_MACHINE-based registry setting.
Other WinSSHD Control Panel and WinSSHD Settings user interface fixes.
Improved WinSSHD installer resilience to the WinSSHD Control Panel being slow to exit when upgrading.

New in Bitvise SSH Server 5.15 (Feb 10, 2010)

New in Bitvise SSH Server 5.12 (Dec 25, 2009)

New in Bitvise SSH Server 5.11 (Dec 21, 2009)

New in Bitvise SSH Server 5.10 (Oct 14, 2009)

New in Bitvise SSH Server 5.09 (Aug 19, 2009)

New in Bitvise SSH Server 5.08 (Jul 29, 2009)

New in Bitvise SSH Server 5.07 (Jul 20, 2009)

New in Bitvise SSH Server 5.06 (Jun 19, 2009)

The WinSSHD Control Panel now features an additional Activity tab which displays recent SSH server activity in a more casual and accessible form than full log files.
When running, WinSSHD Control Panel can now display balloon popups on the Administrator's desktop when various types of SSH session activity occur.
The WinSSHD Control Panel now features its own log file folder viewer, to work around a UAC issue that could obstruct opening of the log file folder through Windows Explorer.
A remote version of the WinSSHD Control Panel can now again be used to administer WinSSHD remotely, using Tunnelier 4.29 or newer.
SFTP/SCP: WinSSHD now supports read/write/delete access restrictions for mount points, allowing more configurations to be expressed fully using virtual accounts and mount point settings, instead of involving separate Windows accounts and NTFS permissions.
SFTP/SCP: added advanced setting 'OwnerGroup' to disable sending of owner and group information to clients, and to ignore these data when they are received. Intended to resolve issues where files end up with undesired owners after transfer.
SFTP/SCP: added advanced setting 'OnDirPermissionDenied'. If set to ShowEmpty, WinSSHD will send an empty directory listing instead of an error if the client attempts to list a directory it is not permitted to access.
SFTP/SCP: fixed a path concatenation problem which was discovered with SecureFX 6.1.2.
WinSSHD can now be configured to automatically open ports in the Windows firewall, as well as to automatically configure UPnP-compatible routers to forward connections to the server running WinSSHD.
Added a setting which controls whether, as in previous versions, WinSSHD should use only a short list of trusted Windows Sockets Layered Service Providers (LSPs), promoting stability, but at a possible expense of connectivity; or whether WinSSHD should use any LSP, promoting connectivity, but at the possible expense of stability.
Increased stack sizes for WinSSHD components that use sockets, for increased compatibility with third-party Windows Sockets Layered Service Providers that use stack less efficiently than the default Windows provider.
Third-party product Net::SSH::Perl contains a bug where packet padding length is interpreted as a signed value (-128...127) instead of as an unsigned value (0...255). This prevented interoperability with WinSSHD 5. Reduced minimal packet size from 200 to 80 bytes to avoid this issue.
WinSSHD will now launch terminal consoles with small fonts, so that larger terminal windows can be supported.
Fixed a terminal compatibility issue with the 64-bit version of Windows 7.
Fixed behavior of the PgUp key under terminal.
On 64-bit platforms, WinSSHD will now launch any on-logon and on-logoff commands with WoW64 file system redirection disabled.
A number of user interface improvements and fixes in WinSSHD Settings and WinSSHD Control Panel.

New in Bitvise SSH Server 5.05 (Jan 20, 2009)

New in Bitvise SSH Server 5.04 (Dec 19, 2008)

New in Bitvise SSH Server 5.03 (Nov 28, 2008)

WinSSHD Control Panel now supports selecting multiple sessions in the Sessions tab.
Virtual accounts: When configuring the built-in Windows account for virtual users introduced in version 5.02, WinSSHD would use a hardcoded name for the 'Users' group instead of looking up the correct group name for the current language version of Windows. Fixed.
Virtual accounts: WinSSHD would not run if it failed to create the Windows account for virtual users. Fixed - if account creation fails, only a warning will be logged now.
SSH: common socket closing error codes were being logged as warnings instead of regular info messages. Fixed.
SCP failed to send an exit code in some cases. Fixed.
SFTP and SCP: Use of POSIX permissions is now disabled by default. Clients would send POSIX permissions which caused uploaded files to be inaccessible on the server. If you wish your clients to be able to set POSIX permissions, configure the specific mount point where this should be supported, by adding the advanced filesystem provider setting 'PosixPermissions' with value 'Enable'.
Exec requests: An exec request preceded with a terminal request will now open with terminal emulation, but a terminal request with an empty terminal string or for terminal 'dumb' will be treated as if no terminal request was sent. This brings WinSSHD 5.03 behavior in line with recent WinSSHD 4.xx versions.
Port forwarding: fixed an issue where a server-to-client port forwarding socket might not be closed, causing subsequent attempts to accept connections on that port to fail until WinSSHD was restarted.
SSH: Implemented mitigation for the recently discovered probabilistic CBC cipher vulnerability, which permits an attacker with full control over the TCP link, positioned between the client and the server, to extract up to 4 bytes of plaintext from an SSH session if a CBC cipher is used, at the expense of causing the SSH session to break. The attack requires the attacker to break the session about 100,000 times for each successful plaintext extraction attempt. An attack attempt can therefore be detected easily.
Our mitigation in WinSSHD 5.03 attempts to thwart this attack by denying the attacker any means of distinguishing a successful attempt from an unsuccessful one. This only protects data flowing in the direction to WinSSHD (e.g. the client's password). Clients which do not implement similar mitigation can still allow this attack to succeed, when CBC is used, for data flowing from WinSSHD.
To fully prevent this attack, use CTR ciphers (supported by all WinSSHD 5.xx versions).
Added support for additional alternative Microsoft Firewall Client 2004 Layered Sockets Provider IDs for compatibility with more versions of this client.
WinSSHD 5.xx uses fibers with small stacks, which has been causing trouble for people with third-party or OEM software such as network providers that load themselves into WinSSHD, assume the stack is large, and cause WinSSHD to crash. We increased the stack sizes of a few WinSSHD components to prevent this from occuring with the programs that were reported to us.

New in Bitvise SSH Server 5.02 (Nov 3, 2008)

WinSSHD now automatically creates a local Windows account for virtual users. Virtual users can now be configured without having to explicitly create and configure a backing Windows account, and without having to seed it in the WinSSHD password cache. This feature is however unavailable on domain controllers, because there are no local accounts on a domain controller, so WinSSHD cannot create one.
The terminal subsystem now supports the F8 key for command history.
WinSSHD can now write its textual log files in CSV (comma-separated values) format, with a single line per log entry. Enabling the CSV format in WinSSHD Settings can make it easier to process log files in bulk.
The WinsshdCfgManip COM object is now implemented as an out-of-process COM server rather than an in-process DLL. This avoids path problems with loading the FIPS cryptographic DLL into a process where the main executable resides in a different directory.
Added the MS Firewall Client 2004 Windows Sockets Layered Service Provider to the list of LSPs that WinSSHD will trust to use. This enables port forwarding for users who have this firewall client installed.
The WinSSHD Control Panel can now be started with the '-startMinimized' parameter, which will put it into the system tray - useful for users who need quick access to monitor SSH sessions.
SSH: fixed key re-exchange issue where the session would hang because higher-level packets weren't being buffered during key re-exchange.
SFTP and SCP: the file transfer subsystems will now use root ('/') as the default home directory if the home directory configured in settings does not exist.
SFTP version 3: fixed decoding of time values, which prevented SFTP version 3 clients from setting file times.
SFTP version 6: fixed encoding and decoding of ACLs.
The on-logoff command was being executed prematurely. Fixed.
Improved diagnostic logging facilities.
We spent several weeks for this release trying to determine why some of our customers are experiencing major slowdowns with WinSSHD version 5 relative to WinSSHD version 4, e.g. a transfer speed of 5 MB/s slowing down to 0.5 MB/s. We made several minor performance improvements in the process, but have been unable to reproduce this drastic slowdown in testing. In the environments we tested, WinSSHD 5 regularly delivered on the order of 10 MB/s. If you experience slow transfer speeds and wish to help us determine the cause of this problem, please contact us. Version 5.02 implements logging facilities that, if enabled, could provide us with the data we need.