FlowSsh: SSH client library for C, C++ and .NET
The same SSH library as we use in our SSH server for Windows is available for licensing for SSH client applications.
Separate easy to use interfaces for C, C++, and .NET.
Comes with several complete sample applications in C, C++, C#, and Visual Basic.
Full support for public key authentication.
Full support for SFTP and tunneling / port forwarding.
Support for general channel types, including exec requests and terminal sessions. (Terminal emulation not included.)
Supports ZLIB compression. (But does not use the widely used zlib library.)
Supports connecting through a proxy.
Compatible with both 32-bit and 64-bit Windows applications. (Non-Windows platforms not supported.)
Code base separate and independent of other SSH implementations. Does not use OpenSSH, libssh, or similar.
Does not contain parts subject to GPL or similar licenses.
Included in Bitvise SSH Client
FlowSshNet is included with our SSH Client, and can be used under the Bitvise SSH Client license on computers where the Client is installed. PowerShell scripts are included under the SSH Client installation directory, demonstrating how to use FlowSshNet with PowerShell. Look for the following samples in your installation:
Use of FlowSsh for evaluation and testing is free of charge. To include FlowSsh in your production application, contact us.
When used without a license, FlowSsh will display an evaluation dialog unless Bitvise SSH Client is also installed. To avoid the evaluation dialog during testing, install Bitvise SSH Client.
Complete FlowSsh documentation can be found here.
FlowSsh is available in the following license types:
It can be used free of charge under the Bitvise SSH Client license on computers where Bitvise SSH Client is installed. All paid licenses are intended for use in applications independently of Bitvise SSH Client.
A per-developer license costs USD 599.95 per developer. It is valid for any number of programs and applications, but requires a fee for each developer involved in writing programs that use FlowSsh.
A per-application license costs USD 599.95 per application. It permits use by an unlimited number of developers, but is valid only for a single, specific application.
A full source code license costs USD 5,000. It permits modification of source code, and use in multiple products. It allows use of the inner FlowSsh library in server applications, which the outer FlowSshC, C++, and .NET wrappers do not. However, it does not permit distribution of FlowSsh source code, or use in general-purpose SSH products, competing with Bitvise's.
There are no royalty fees based on use of the resulting applications. Use in commercial programs is permitted and encouraged.
Each license type comes with 12 months of free access to new versions of FlowSsh. Subsequently, upgrade access extension is optional, and is available at 20% of the license price per year. Like with our other licenses, upgrade access years cannot be skipped, but there are also no penalties for retroactive upgrade access extension.
To purchase a license, please contact us.
In our current design, FlowSsh is incompatible with applications that use .NET Application Domains. The FlowSsh implementation makes heavy use of fibers, which .NET Application Domains do not support. This means FlowSsh is currently not a suitable choice for use in ASP.NET (within an IIS process).
Bug reports, suggestions, and specific questions to which direct responses are possible are handled free of charge. Please contact us if you would like to suggest a feature or report an issue.
In-depth support to help you use FlowSsh, or any other of our products, is available at USD 399.95 per incident.
Encryption and security features
SSH and SFTP:
Key exchange algorithms:
- ECDH over elliptic curves secp256k1, nistp256, nistp384, nistp521 using SHA-512, SHA-384, or SHA-256
- Diffie Hellman with group exchange using SHA-256 or SHA-1
- Diffie Hellman with fixed 4096, 3072, 2048, or 1024-bit group parameters using SHA-512, SHA-256, or SHA-1
- GSSAPI key exchange using Diffie Hellman and Kerberos authentication
- ECDSA over elliptic curves secp256k1, nistp256, nistp384, nistp521 using SHA-512, SHA-384, or SHA-256
- RSA using 4096, 3072, 2048, 1024-bit key sizes with SHA-512, SHA-256, or SHA-1
- DSA using SHA-1 (legacy)
- AES with 256, 128-bit keys in GCM mode
- AES with 256, 192, 128-bit keys in CTR mode
- AES with 256, 192, 128-bit keys in CBC mode (legacy)
- 3DES in CTR or CBC mode (legacy)
Data integrity protection:
- AES with 256, 128-bit keys in GCM mode
- HMAC using SHA-256, SHA-1
- Client verifies server identity using server host key fingerprint or public key
- Automatic synchronization of new host keys to client supported
- Password authentication
- Password change during password authentication
- Public key authentication
FIPS 140-2 validation
When FIPS is enabled in Windows, our software uses Windows built-in cryptography, validated by NIST to FIPS 140-2 under certificates #2937, #2606, #2357, and #1892. On Windows XP and 2003, our software uses the Crypto++ 5.3.0 FIPS DLL, originally validated by NIST under certificate #819 (historical). When FIPS mode is not enabled, additional non-FIPS algorithms are supported.
Cryptographic implementations and availability
Current Bitvise software versions (8.36 and higher) use the following cryptographic implementations for different algorithms, on different versions of Windows:
|Windows Vista to 8.1,
Server 2008 to 2012 R2
Server 2016 to 2019
|RSA||Crypto++ 5.3||Windows CNG||Windows CNG|
|ECDSA (NIST curves)||Crypto++ 5.3||Windows CNG||Windows CNG|
|ECDSA/secp256k1||Crypto++ 5.3||OpenSSL||Windows CNG|
|1024-bit DSA||Crypto++ 5.3||Windows CNG||Windows CNG|
|Non-standard DSA||Crypto++ 5.3||Crypto++ 5.6||Crypto++ 5.6|
|Classic DH||Crypto++ 5.3||Windows CNG||Windows CNG|
|ECDH (NIST curves)||Crypto++ 5.3||Windows CNG||Windows CNG|
|ECDH/secp256k1||Crypto++ 5.3||OpenSSL||Windows CNG|
|AES||Crypto++ 5.3||Windows CNG||Windows CNG|
|3DES||Crypto++ 5.3||Windows CNG||Windows CNG|
|GCM||n/a||Windows CNG||Windows CNG|
|HMAC-SHA2||Crypto++ 5.3||Windows CNG||Windows CNG|
|HMAC-SHA1||Crypto++ 5.3||Windows CNG||Windows CNG|
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)
This product includes cryptographic software written by Eric Young (firstname.lastname@example.org).