Windows accounts can now log into Bitvise SSH Server using public key authentication without requiring the Windows account password to be stored in the SSH server's password cache.
Virtual accounts can now use an arbitrary Windows account to provide security context without requiring the backing account's password to be stored in the SSH server's password cache. The password cache is now expected to be used much less, but is still supported for users who wish to store a Windows account's password in the password cache, so that a logon for that Windows account will have access to network resources. Windows accounts that log in without either a password provided by the client, or a password stored in the password cache, will require separate authentication to access network resources.
New passwords stored in the password cache will now be resilient to computer name change. Password change can now be allowed or disallowed for individual Windows accounts and virtual accounts through their account settings entry.
This avoids a problem if BCMLogon. It is unwisely implemented using. The Logon Delayer component now properly serializes only login attempts for the same account name, or attempts from the same IP. Previous versions incorrectly serialized all login attempts, even if the account name and remote address were both different. Session: Virtual accounts may now be configured to use the BvSshServer service account - usually Local System - as their security context.
The SSH protocol implementation will now ignore channel messages received after a channel is closed, rather than aborting the SSH session. Fixed an issue which could lead to the SSH server failing to disconnect a remote share configured in "Windows file shares" for an individual group or account in Advanced settings.
The default wait time for newly configured on-logon and on-logoff commands is now seconds. The previous default value, 0 seconds, could cause the command to be terminated before it even starts on systems under heavy load. Sockets and port forwarding: IPv6 addresses and interfaces are now supported throughout the SSH server. Previous SSH server versions would create sockets with a default setting which allows sockets to be inherited to child processes. On busy installations that use server-to-client port forwarding simultaneously with terminal sessions or file transfer, socket handles would be inherited by child processes and prevent listening sockets from closing.
Terminal: Console windows for the terminal subsystem will now use a tiny font size, to prevent a low screen resolution on the SSH server machine from restricting the size of terminal windows that can be opened by clients. Some popular clients, such as PuTTY, transmit an Escape key pressed by the user as a single Escape character, without encoding necessary to disambiguate the single Escape key from a terminal escape sequence.
Bitvise SSH Server now supports a setting to handle such single Escape characters gracefully, based on timing in the character's transmission.
A new setting, "Always use 'dumb' pseudo terminal", can now be configured for an individual account or group in Advanced settings. Enabling this setting causes Bitvise SSH Server to always behave as if the client requested no terminal emulation e. File transfer: Windows accounts and virtual accounts can now inherit mount points from their group, adding their mount points to those defined by the group, instead of replacing group mount points entirely.
An account settings entry can also undefine specific group mount points. The Virtual Filesystem Provider interface has been re-designed to use a plain C interface without dependencies on Bitvise's internal libraries.
It is now possible to implement filesystem providers whose builds won't be tied to an individual SSH server build. Third party developers who wish to implement a virtual filesystem provider can contact us for header files and examples. When generating SFTP directory listings, the detailed time format including hour and minute is now used for times in the near future up to 24 hours ahead.
Previously, file times that were even slightly ahead of the server's clock would be encoded using the format that includes year, but not hour and minute. This change improves compatibility with clients that parse textual directory listings, but has no effect on clients which properly use binary time information provided by SFTP. Fixed the SFTP server's reply to "check-file" requests. Notably affected was msysgit.
This fix should allow WinSSHD to reset the account's password as intended, without requiring a restart. Subsystems: It turns out that there are third party DLLs that may get loaded as part of WinSSHD on some systems, which intrusively modify the process's current working directory.
Previously, WinSSHD would attempt to look up this empty user or group name, causing the request to fail. Terminal: Microsoft has tinkered with how the Windows console is implemented in Windows 7, and apparently introduced a bug which causes the console window to crash when running a program that switches screen buffers under the WinSSHD terminal subsystem.
Port forwarding: Some systems appear to suffer from a problem where listening sockets do not always close correctly, but may instead linger and prevent connections to future listening sockets opened on the same port. To avoid this problem, WinSSHD now caches listening sockets, keeping listening sockets around for 5 minutes after they would otherwise have been released, and reusing them if a client re-connects requesting the same listening socket.
This avoids an issue in environments running Windows Server under a virtual machine hypervisor which fails to provide the hooks required by the OS to properly implement the high performance timer. In WinSSHD advanced settings, the settings entry for the Everyone Windows group will now always be last, to prevent it taking precedence over more specific group entries.
WinSSHD would sometimes fail to report a child process exit code to the client. It was previously not possible to clear hidden password cache entries without also clearing all revealed entries. This includes settings about when, and for what events, pop-ups should appear, as well as enabling or disabling the persistent tray icon. Virtual users can now change their passwords remotely using SSH clients, such as Tunnelier, that support password change.
This feature can be enabled or disabled under "Access control" in Advanced settings. Implemented workaround for Comodo Firewall, which would prevent the WinSSHD terminal subsystem from functioning correctly on bit versions of Windows 7, and possibly other bit platforms. Fixed issue which caused some applications to crash when running under the WinSSHD terminal subsystem on Windows without Service Pack 3 installed.
At the time of this release, we are not aware of any ways to exploit this issue. WinSSHD would continue to run normally, but would report an access violation in the logs. The terminal shell and exec request subsystems will now send their exit code to the client before reporting end of data on the SSH channel.
This is intended to help clients such as OpenSSH properly report the exit code. Fixed encoding and decoding of SFTP extension requests and responses. This should improve compatibility with SFTP clients that send extended requests. This would lead to transmission stalling after the client has miscalculated window sizes enough. There appear to be more clients with this issue e.
TurboFTP , so a dummy modification time will now be sent to all clients except those known to handle this correctly. Fixed a possible cause for incorrect triggering of an SSH session unresponsiveness timeout.
This prevented downloading files currently being written to by other applications, e. WinSSHD will now allow another application to write to a file if the client opens it with read access for downloading only. Improved Windows firewall-related error handling on Windows Vista and newer. Added support for the xterm-color terminal type for better compatibility with Mac clients. WinSSHD Control Panel: Fixed issue where opening a log file from the log folder viewer would fail if a third-party program caused certain registry settings to be set incorrectly.
This feature is enabled by default on new installations, and can be enabled manually on upgraded installations. WinSSHD will now properly send the chosen listening port number to a client that requests server-to-client tunneling on port 0. Firewall service initialization compatibility improvements. WinSSHD now supports the "xterm-new" terminal type, which is requested by some clients. WinSSHD now supports the "env" channel request for "exec" and "shell" subsystems.
This allows clients that also support this request type to set environment variables before remotely executing a program or shell. This feature can be enabled or disabled on a per-user and per-group basis.
Previously, virtual user login would fail due to this error if a Windows password expiration policy was in place and WinSSHD had been running for longer than the password expiration period configured in Windows. WinSSHD 5. This may have introduced problems for installations that receive many such connections from IP addresses that should not be blocked, due to e.
WinSSHD now has a new setting to control whether such connections should or should not be penalized towards IP blocking. Thus, no one can sniff your password or see what files you are transferring when you access your computer over SSH. You are looking for an SSH server if you want to set up a computer to receive connections from other people and their computers. If you want to initiate connections or file transfers, you are looking for an SSH client.
You are looking for an SSH client if you wish to initiate connections or file transfers to someone else's computer. If you are looking to receive connections, you are looking for an SSH server. Bitvise SSH Client can be used free of charge in environments of any type. SSH server settings for these accounts are also configurable on a virtual group basis.
Bandwidth limits : Separate upload and download speed limits can be configured for each user and group. Our terminal subsystem employs sophisticated techniques to render output accurately like no other Windows SSH server. When used with Bitvise SSH Client, our bvterm protocol supports the full spectrum of a Windows console's features: colors, Unicode characters, and large scrollable buffers.
BvShell: Users whose filesystem access should be restricted to specific directories can have their Shell access type configured to BvShell. Similar to chroot , this provides access to a limited terminal shell which can allow for more powerful access than a file transfer client, but still restricts the user to root directories configured for them.
Server-side forwarding : with Bitvise SSH Server and Client, a server and multiple clients can be set up so that all port forwarding rules are configured centrally at the server, without requiring any client-side setting updates.
The SSH clients only need to be configured once, and port forwarding rules can easily be changed when necessary. Scriptable settings : Using the supplied BssCfg utility, or using PowerShell, all settings can be configured from a text file, from a script , or interactively from the command-line. Multi-instance support : Bitvise SSH Server supports multiple simultaneous, independent installations on the same computer for customers needing completely separate instances for different groups of users.
Multiple SSH server versions can run concurrently, as separate instances on the same server. This feature can be used both for cluster support , and to reproduce aspects of SSH server settings on a large number of similar installations. Delegated administration : Users can be granted limited access to SSH Server settings, where they can add or edit virtual accounts using the remote administration interface in Bitvise SSH Client.
Limited administration tasks can be delegated without requiring full administrative access. The SSH Server is network-facing, security-sensitive software. Using a recent version is the only way to receive updates. Therefore, we do not recommend indefinite use of older versions. Current Bitvise software versions 9. Try our SSH Server free for 30 days, or use it free of charge as a non-commercial personal user!
Click here to download.
0コメント