Bitvise SSH Client Version History
For issues that might arise using the latest SSH Client versions, see Known issues.
Changes in Bitvise SSH Client 9.41: [ 20 November 2024 ]
Installation:
Windows Server 2025 ships with Windows Terminal 1.18. This contains an issue where, if a console application enlarges the screen buffer height, Windows Terminal later crashes due to division by zero.
In previous Bitvise software versions, the installer would enlarge the screen buffer height if it is small. If the installer is run with Windows Terminal as the console application, and Windows Terminal has not yet updated to a more recent version, this would cause a later installation step to fail with error code 0xC0000142. The issue does not occur if Windows Terminal has already updated.
To improve compatibility with Windows Terminal, Bitvise installers no longer increase the screen buffer height if the console reports it as equal to the window height.
Command-line clients:
The command-line clients sftpc, stermc, sexec and spksc no longer enable the no-flow-control extension by default, unless it is enabled using an explicit parameter. The extension prevents opening additional SSH channels, which prevents the use of the exec command in sftpc, and agent forwarding in stermc.
sftpc:
sftpc now displays the default file transfer mode on startup. The default file transfer mode depends on the server and SFTP protocol version. It is either b (binary) or std (automatic text file detection; text files use SFTP v4+ text mode).
sftpc now detects the Maverick SSHD server via the vendor-id extension, and sets the default file transfer mode for this server to binary instead of std. This SFTP server does not properly implement SFTP v4+ text mode, so the std file transfer mode causes file transfer errors.
SFTP:
For downloads, text file auto-detection should now work with servers such as Maverick SSHD, which do not support re-reading data that was already read.
When errors occur while using SFTP v4+ text mode, the error description will now include a remark that the file was opened using SFTP v4+ text mode.
If the server sends a vendor-id SFTP extension, the information is now displayed or logged as part of the SFTP version message.
stermc:
On Windows 10 versions up to 1909, the Windows function ScrollConsoleScreenBufferW can return errors even though it succeeds. stermc now ignores errors from this function on these Windows versions.
Changes in Bitvise SSH Client 9.39: [ 2 August 2024 ]
General:
When used with -noRegistry, the SSH Client would still create a disk-based lock file for update checking. The SSH Client now avoids creating this lock file when used with -noRegistry.
SSH:
A server which identifies itself as SSH-2.0-HOSTED~FTP~ SFTP claims to support SSH_MSG_EXT_INFO, but disconnects if the client sends it. The SSH Client now automatically disables sending of SSH_MSG_EXT_INFO to this server by default. This is controlled by the setting Send EXT_INFO on the SSH tab in the main SSH Client window, or using the command-line parameter -sendExtInfo.
SFTP:
The graphical SFTP interface now shows in its menus keyboard shortcuts which were already supported. Furthermore, the F3 shortcut for Edit was previously shown, but did not work. Fixed.
Terminal:
If a server-side program enables mouse tracking in the terminal window, the graphical SSH Client's terminal now supports overriding mouse tracking (for selection and copy to clipboard) using either Shift key. Previously, only Left Shift would override mouse tracking.
Changes in Bitvise SSH Client 9.38: [ 7 May 2024 ]
Graphical interface:
The graphical SSH Client now supports command-line parameters for Window behavior preferences. Users who are running the SSH Client in a portable manner, or using the -noRegistry parameter; and who relied on the previous default for Closing behavior; can now select that behavior using the parameter:
BvSsh -wndClose=hideIfConn
Changes in Bitvise SSH Client 9.37: [ 4 May 2024 ]
Graphical interface:
The SSH Client setting Window behavior > Closing behavior now defaults to Always exit. This is to improve experience for users unfamiliar with the system notification area, who are not expecting the SSH Client to hide there when the main window is closed with a connection active.
To use the previous default, configure Closing behavior to Hide to notification area if connected, exit otherwise.
If the Windows setting Roll the mouse wheel to scroll was set to One screen at a time, the SSH Client would exit abruptly when attempting to scroll. Full page mouse wheel scrolling is now supported.
Security Clarification: [ April 2024 ]
We are receiving inquiries about whether our software is affected by the recent PuTTY ECDSA/nistp521 private key compromise due to signature nonce generation described in CVE-2024-31497.
Bitvise software implements ECDSA/nistp521 using Windows cryptography on all recent versions of Windows, or using Crypto++ on Windows XP and Windows Server 2003. These are different cryptographic implementations than PuTTY and are not known to be affected by this issue.
Security Clarification: [ April 2024 ]
We are receiving inquiries about whether our software is affected by the recent XZ Utils backdoor described in CVE-2024-3094.
Bitvise software does not use XZ Utils and is not affected by this issue.
Changes in Bitvise SSH Client 9.35: [ 12 April 2024 ]
sftpc:
Improved behavior of the -noBuf parameter for put and get commands.
Changes in Bitvise SSH Client 9.34: [ 11 April 2024 ]
Installation:
When installing using command-line parameters, the -autoUpdates parameter could previously be used only to disable automatic updates. It now also supports other values (stronglyRecommended, recommended or allAvailable).
The FlowSshNet library, an optional SSH/SFTP scripting feature included with the SSH Client, now uses the Universal C Runtime. This allows the SSH Client to no longer include the outdated Visual C++ 2010 CRT. As a result, FlowSshNet is now installed only on Windows 7 SP1 or newer. (Previously, this feature was compatible with Windows Vista or newer.)
SFTP drive:
Updated the WinFsp version included with the SSH Client to 2.0.23075.
Improved the WinFsp installation process.
SSH:
When connecting through an SSH jump proxy, interactive authentication methods can now be used to authenticate against the jump proxy. Previously, only pre-configured (unattended) authentication could be used.
When the SSH Client fails to connect to a server, the error message now contains more detailed information about IP addresses to which the client attempted to connect.
stermc:
In certain versions of Windows, the Windows function ScrollConsoleScreenBufferW fails if the destination coordinate is the same as the origin. This would cause previous stermc versions to exit with an error. Fixed.
sftpc:
The sftpc command-line client now supports new get/put command parameters:
-rv: Resume verifiably. Acts like -r for Resume, but does not resume unless the server supports synchronization using block-by-block hashing. This avoids corruption which is possible if heuristic resume detects the file can be resumed, but there are subtle changes in the middle of the file.
-noSync: Disables synchronization using block-by-block hashing, even if the server supports it. This can be used with -r to achieve a faster heuristic resume, but corruption is possible if there are subtle changes in the middle of the file.
-noBuf[=y|n]: If the server supports the extended SFTP attribute no-buffering@bitvise.com, this allows the user to express a preference whether the server should open the file for unbuffered I/O.
SFTP:
The graphical SFTP interface now remembers its maximization state.
The graphical SFTP interface now offers an option to clear recent folder history.
When using cut & paste (rather than copy & paste) between Local and Remote panes, files are now moved instead of copied.
In both graphical SFTP and sftpc, the Resume and Overwrite options are now once again available separately, even if the server supports synchronization using block-by-block hashing. This allows the user to express a preference to resume a file, but only if the partial destination file is unchanged relative to the source.
When uploading, the SSH Client now includes the extended SFTP attribute intended-size@bitvise.com to communicate the final intended size of the file. This can help detect and diagnose incomplete transfers.
The mirror feature would incorrectly remove destination files after they were mirrored, if the file names were present in the destination with a different case than in the source. Fixed.
The mirror feature now supports a fast skip option which attempts to skip files which are present in both source and destination with the same size and last modification time. This can dramatically improve the speed of large mirror transfers where most files are unchanged, but at the cost of not verifying the content of skipped files.
Changes in Bitvise SSH Client 9.33: [ 20 December 2023 ]
Security:
Terrapin - CVE-2023-48795: Researchers have identified an issue where all SSH connections which use the encryption algorithm ChaCha20-Poly1305, or any integrity algorithm of type encrypt-then-MAC, are vulnerable to packet sequence manipulation by an active attacker, if the attacker can intercept the network path. This can be used to sabotage SSH extension negotiation. This affects extensions with security impact, such as server-sig-algs.
Since the attacker can only remove packets sent before user authentication, this does not seem to fatally break the security of the SSH connection. However, it is a cryptographic weakness to address.
Bitvise software versions 9.32 and newer support strict key exchange. This is a new SSH protocol feature which mitigates this attack. The SSH client and server must both implement strict key exchange for mitigation to be effective. Other SSH software authors are also releasing new versions to support this.
If you must interoperate with SSH software which does not support strict key exchange, consider disabling the encryption algorithm ChaCha20-Poly1305, as well as integrity algorithms of type encrypt-then-MAC. These are the newer data integrity protection algorithms whose names contain -etm.
Bitvise software versions 8.xx and older are not substantially affected because they do not implement algorithms where this issue is practically exploitable. Nevertheless, we suggest updating all SSH software to new versions that support strict key exchange.
The encryption algorithms aes256-gcm and aes128-gcm are substantially immune from this attack. Users who are committed to older SSH software versions should consider using AES GCM. If this is not possible, the data integrity protection algorithms which are not named -etm are not entirely immune, but are also not believed to be practically exploitable. For compatibility with SSH software which does not support strict key exchange or AES GCM, an algorithm combination such as AES CTR with non-ETM data integrity protection may continue to be acceptable.
Graphical client:
Error and warning popups would not be shown if the main SSH Client window was visible when the message was logged, but lost focus immediately after. This would happen, for example, if there was an issue with terminal session logging, which occurs just before opening the terminal window.
The SSH Client now shows popups if the main window loses focus immediately after errors or warnings were logged.
SFTP:
The SSH Client now prefers to open remote files using the flags SSH_FXF_BLOCK_WRITE and SSH_FXF_BLOCK_ADVISORY, instead of only SSH_FXF_BLOCK_WRITE. This allows the server to strip the block flag if it is not supported by a part of its filesystem.
Changes in Bitvise SSH Client 9.31: [ 24 September 2023 ]
Command-line clients:
Even when output was redirected, the command-line clients sftpc, sexec, stermc, stnlc and spksc would not run unless the process was associated with a console window. Fixed.
User interface:
Names and strings containing the & character were not properly displayed in lists. Fixed.
File transfer:
When using the Move to dialog in the SFTP window, the SSH Client could crash. Fixed.
Changes in Bitvise SSH Client 9.28: [ 1 July 2023 ]
Installation:
If Install WinFsp was unchecked, the SSH Client installer would still unpack WinFsp files, without registering them. The installer will no longer unpack WinFsp files unless Install WinFsp is selected.
SSH:
The SSH Client is now compatible with the OpenSSH-style authentication agent in 1Password. The SSH Client previously refused to connect to the Windows named pipe created by 1Password because the pipe owner is not a member of the Administrators group or Local System. For compatibility with this agent, the SSH Client no longer checks pipe ownership, but implements more validation of information received over the pipe.
Port forwarding:
The command-line parameters -c2sFile and -s2cFile now also import comment fields, if present.
Terminal:
If the accent color was enabled for window title bars in Windows, the SSH Client's terminal window title could be hard to read. Fixed.
Double-click word selection did not work correctly on the first word of the first line in the terminal window. Fixed.
The terminal window now supports 5-hexadecimal-digit Unicode characters, i.e. Unicode code points higher than 65535.
Changes in Bitvise SSH Client 9.27: [ 14 February 2023 ]
Cryptography:
OpenSSL version updated to 1.1.1t. Bitvise software primarily uses Windows CNG for cryptography. We use OpenSSL for specific cryptographic algorithms not supported by Windows. Currently, these are chacha20-poly1305 and on older Windows versions, the elliptic curve secp256k1. Our software does not use OpenSSL features affected by recent OpenSSL security advisories.
Terminal:
The key combination Alt+Backspace would incorrectly open the terminal window's system menu. Fixed.
Changes in Bitvise SSH Client 9.26: [ 16 January 2023 ]
EULA:
We updated our EULAs to formalize our existing practices regarding the nature and behavior of our software (it is a product, not a service; the data it handles is not sent to Bitvise; risk tradeoffs with updates) and the way we provide support (via email and our case management system, in written form).
Installation:
The SSH Client installer now offers the option whether to install WinFsp. WinFsp is required to use the SSH Client's SFTP drive feature, but is not needed for other functions.
The SSH Client can now use WinFsp installed from another source, such as the official WinFsp distribution, or installed by a third-party application, instead of installing its own. We cannot guarantee reliability or performance when using such other versions of WinFsp. However, the SSH Client now tries to use them.
Cryptography:
OpenSSL version updated to 1.1.1s. Bitvise software primarily uses Windows CNG for cryptography. We use OpenSSL for specific cryptographic algorithms not supported by Windows. Currently, these are chacha20-poly1305 and on older Windows versions, the elliptic curve secp256k1.
Terminal:
Since version 9.23, the SSH Client's terminal window disables client-side scrolling when the server switches to the alternate screen. This is correct behavior, and it avoids confusing users, but it has confused other users, who were used to scrolling in the alternate screen.
The SSH Client's terminal window now displays a padlock icon in the title bar when the alternate screen is enabled. This indicates that the terminal window is in a special state and explains why scrolling is disabled.
The SSH Client's terminal window did not work on Windows XP. Fixed.
SSH Server Remote Control Panel:
When using the SSH Client to remotely administer Bitvise SSH Server, the SSH Server Remote Control Panel would exit unexpectedly when trying to manually apply an update. Fixed.
Changes in Bitvise SSH Client 9.25: [ 30 October 2022 ]
Graphical client:
User Authentication Banner dialog text can now be selected and copied to clipboard.
Improved default file browse filter for client authentication keypair import.
Changes in Bitvise SSH Client 9.24: [ 9 October 2022 ]
General:
SSH Client help windows now allow selection and copy & paste.
Updated keyboard shortcuts in the pop-up menu for the SSH Client icon in the system notification area. This resolves conflicts and makes the shortcut keys consistent with Ctrl+Shift shortcuts in SSH Client windows.
SSH:
The SSH Client now displays the signature algorithm used during client authentication with a public key.
The default list of submethods for keyboard-interactive authentication is now empty.
Command-line clients:
Improved output of command-line clients when output is piped into another program, or redirected into a file.
sftpc:
When output is redirected, sftpc no longer truncates file and directory paths shorter than 1,000 bytes. For easier processing, file transfer results such as "OK" and "in sync" are now displayed as "<OK>" and "<sync>".
The remove/delete commands del, ldel, rm, lrm, rmdir and lrmdir now support the -ifExist parameter. If passed, this parameter causes the command to test whether the path exists before attempting to delete it. If the path does not exist, the command succeeds.
Terminal:
Due to Ctrl+Shift+... keyboard shortcuts new in versions 9.xx, the terminal window in the graphical SSH Client would no longer send to the server Ctrl+Shift key combinations such as Ctrl+Shift+F1. These combinations are now sent again.
The clear command now causes the terminal window to scroll down instead of overwriting visible screen content.
A full reset, or a soft terminal reset, now avoids clearing the primary screen buffer, such as when the screen command exits.
Changes in Bitvise SSH Client 9.23: [ 5 June 2022 ]
Terminal:
When the alternative window buffer is activated, the terminal window now prevents client-side scrolling. This interfered with display of server-side applications which provide their own scrolling via keyboard.
SFTP drive:
There exist servers, such as GlobalSCAPE, which support neither the SFTP request space-available, nor the alternative statvfs@openssh.com. These requests are used to query free space on the server. With such servers, this information cannot be queried, so the SSH Client will now report a very large amount of free space on the SFTP drive. The client previously reported zero free space, which prevented some applications from writing files.
Changes in Bitvise SSH Client 9.19: [ 28 May 2022 ]
Terminal:
Restored behavior from previous SSH Client versions, including 8.xx, where right-click can be used immediately after selecting to copy-and-paste the selected text.
The DECSTBM message (Set Top and Bottom Margins) should now be handled correctly.
spksc:
The command-line client for the SSH Public Key Subsystem, spksc, now supports commands to list local keys in addition to public keys configured for public key authentication on the server.
If Ctrl+C was pressed during command execution, spksc would previously hang. Fixed.
Host key manager:
When using the Modify Host Key dialog, pasting a host address containing spaces would cause the SSH Client to crash. Fixed.
Changes in Bitvise SSH Client 9.18: [ 5 May 2022 ]
Installation and update:
Improved reliability of creating temporary directories which could previously cause installation to fail.
Main window:
The FTP bridge password input fields on the Services tab now scroll horizontally.
Terminal:
Fixed issues that could cause the terminal window to display output incorrectly in situations that are difficult to reproduce. We continue to investigate and welcome feedback from users who experience these issues.
SSH:
When using Diffie-Hellman key exchange methods with group exchange, the SSH Client would accept only server-generated groups with a generator much smaller than the modulus. Some servers, such as Rebex, send a generator parameter as large as the modulus. The SSH Client will now accept such groups.
We cannot guarantee that unusual server-generated groups will work with Windows CNG cryptography. We continue to disrecommend Diffie-Hellman key exchange methods that use group exchange due to such compatibility issues. The SSH Client continues to downrank these key exchange methods by default.
Changes in Bitvise SSH Client 9.17: [ 12 March 2022 ]
Installation and update:
Due to a bug in the log utility included with SSH Client version 9.12, using built-in update functionality to update from version 9.12 to versions 9.14 - 9.16 would fail. Now, when updating from version 9.12, the first attempt will still fail, but will replace the log utility so that a second attempt succeeds.
Running the new version installer directly to update manually works for all versions and does not trigger this issue.
SSH:
Starting with versions 9.xx, at the start of an SSH connection, the SSH Client would wait to send its SSH_MSG_NEWKEYS message until it has received it from the server. As a result, connections to certain SSH servers would not work. Affected servers include xlightftpd and RomSShell used by certain Brocade network equipment. The client now once again sends this message promptly.
Fixed issue which could cause the SSH Client to disconnect and generate the error "SSH manager has been terminated by exception: Null pointer read". This was more likely when using an SSH jump proxy, configurable in Proxy settings, but could occur generally using SSH tunneling.
Improved detection of misconfigured obfuscation settings.
Graphical client:
Logout behavior is now configurable. When disconnecting, the SSH Client can now be configured to close open windows without asking for confirmation.
SFTP GUI:
The graphical SFTP interface can now display Owner and Group columns for remote files.
Remote directory properties now show disk usage and free space information.
sftpc:
A new df command now shows disk usage and free space information.
Terminal:
The terminal window in the graphical SSH Client now supports additional settings for text selection and copying: word boundary characters for double-click select; whether double-click select can span more than one line; and whether to trim any trailing spaces when copying.
Terminal window settings now display fonts alphabetically sorted.
SSH Server Remote Control Panel:
The SSH Server Remote Control Panel window did not close when the SSH connection disconnected, and the window was not usable after. The window now closes as intended.
Changes in Bitvise SSH Client 9.16: [ 14 February 2022 ]
SFTP drive:
When disconnecting, the SFTP drive will no longer cause a prompt that the SSH session is still active, unless another application is holding a file or directory handle open.
Note that the Windows Command Prompt does keep a directory handle open indefinitely, as long as the window (or the cmd.exe process) is open.
Terminal:
In previous 9.xx versions, the key combinations Ctrl+_ and Ctrl+^ could not be sent. Fixed.
SSH Server Remote Control Panel:
This version contains the Bitvise SSH Server Remote Control Panel (WRC) necessary to remotely administer SSH Server versions 9.16 and higher.
Changes in Bitvise SSH Client 9.15: [ 5 February 2022 ]
SSH:
When using one of the key exchange methods with Diffie Hellman group exchange, the SSH Client and FlowSsh could perform an invalid memory access. Invalid DH group size parameters could be sent to the server. Fixed.
Graphical client:
When the setting Window behavior > New child windows was set to Restore last position (default value in versions 9.12 and 9.14), the SFTP window could open off-screen. Fixed. The default value of this setting is now Center to parent.
The following settings now support environment variable expansion:
- Options > Execute Local Command
- RDP > Remote Desktop > Profile
- RDP > Command-Line Parameters > Custom
- SFTP > Local and Upload Settings > Initial directory
Improved keyboard navigation via Tab-key.
Terminal:
The terminal window in the graphical SSH Client could crash or deadlock, especially during selection. Several issues fixed.
The terminal window title could be blank. Fixed.
SFTP:
If a custom SFTP subsystem is configured, this is now invoked as an SSH exec request instead of a subsystem request. This should work with more servers where this feature is needed.
Command line:
sftpc will now use the SFTP protocol version setting from the profile, if a -profile=... parameter is used.
The graphical SSH Client now supports the -sftpVersion command-line parameter to override the loaded profile.
All clients now support the -dhGexMinBits parameter.
The parameter -rdpCustomSettings is now -rdpCustomStg and can appear multiple times to configure multiple Remote Desktop settings.
Changes in Bitvise SSH Client 9.14: [ 23 January 2022 ]
SFTP drive:
On systems with negative UTC offsets, the Windows Command Prompt would display unexpected error messages as part of directory listings for directories without an SFTP file time. Fixed.
Terminal:
Starting a clipboard selection now pauses terminal output.
Double-clicking the system icon now once again closes the terminal window.
Remote Desktop:
The setting Share clipboard is now enabled for new profiles by default.
Window behavior:
The SSH Client can now be configured to prevent system sleep, for example when connected.
Command line:
The log utility did not work at all in version 9.12. Fixed.
The main SSH Client window now supports the option -start=login which can be used in conjunction with other -start=... options. For consistency with previous versions, the option -loginOnStartup is now an alias for -start=login,tray. This means the SSH Client connects automatically and also minimizes to the system notification area. When opening an SSH Client profile through right-click > Connect, the profile is now opened with -start=login, but not tray. This means the SSH Client connects automatically with the main window visible.
New features in Bitvise SSH Client 9.12: [ 1 January 2022 ]
SFTP drive: Access files on an SFTP server as if they were local, from any Windows application.
Terminal session recording: The content of terminal sessions can now be automatically saved to files.
SSH jump proxy: The SSH Client can now more conveniently connect to a final destination SSH or SFTP server, by first connecting to an SSH jump server. In the graphical SSH Client, this is configured in Proxy settings, accessible from the Login tab.
Keyboard shortcuts: An SFTP window can now be opened more practically from a terminal window, and vice versa.
Command-line help: The clients sftpc, stnlc and spksc now support -help-shell to receive help for interactive commands (such as get, put) directly from the command-line.
Cryptography: New cryptographic algorithms include chacha20-poly1305 and encrypt-then-MAC hashing.
Known issues
Windows XP: All versions of our software that we recommend using are built using Visual Studio 2015. The C++ run-time library used by this Visual Studio version has a known issue where 1-2 kB of memory are leaked each time a new thread is created. This issue does not occur on later Windows versions; it does not occur e.g. on Windows Server 2003. Microsoft has stated they do not intend to fix this issue. Bitvise's view is that the impacts on our SSH Client and FlowSsh are manageable; whereas our SSH Server is rarely used on Windows XP. We therefore do not plan to work around this; but we warn that this can be a potential denial of service vector on Windows XP.
Older versions
Bitvise SSH Client 8.xx Version History
Bitvise SSH Client 7.xx Version History
Bitvise SSH Client 6.xx Version History