For issues that might arise using the latest SSH Server versions, see Known issues.
Changes in Bitvise SSH Server 9.23: [ 5 June 2022 ]
On installations where all of the following is true:
Windows accounts can log in using password authentication.
Virtual accounts are in use and are backed by the automatically managed Windows account.
An account lockout policy is configured in Windows.
In such configurations, it was possible for a remote attacker to lock out the automatically managed Windows account (usually BvSsh_VirtualUsers) by attempting password authentication against it. This would cause connections from virtual accounts to fail. If the SSH Server's automatic IP blocking is stricter than the Windows account lockout policy, the attacker could connect from multiple IP addresses to successfully lock the account.
The automatically managed Windows account could also get locked out accidentally if its password expired, followed by many simultaneous connections from one or more virtual accounts. For example, this could occur with password expiry followed by 100 login attempts in the same second.
The SSH Server now unlocks the automatically managed Windows account if it is locked out. If the password expires, the SSH Server now also takes steps to prevent a lockout due to other simultaneous logins.
Version 9.19 introduced the issue where passwordless authentication required a Windows restart in order to fully function after updating from a previous SSH Server version. Version 9.21 fixed this for updates from previous 9.xx versions, but this was not effective after updating from versions 8.xx. Fixed.
Updating from versions older than 7.21 still always requires a Windows restart for passwordless authentication to fully function.
When sending email through an outgoing SMTP server, the SSH Server now supports the SMTP authentication method AUTH LOGIN. This allows compatibility with servers such as smtp.office365.com.
Changes in Bitvise SSH Server 9.22: [ 31 May 2022 ]
In versions 9.19 and 9.21, it was not possible to create directories through virtual filesystem mount points that provide unlimited access. Fixed.
Changes in Bitvise SSH Server 9.21: [ 30 May 2022 ]
Fixed an issue in version 9.19 where passwordless authentication required a Windows restart, or uninstallation and reinstallation followed by restart, in order to work after updating from a previous SSH Server version.
Changes in Bitvise SSH Server 9.19: [ 28 May 2022 ]
On some systems, the Windows function GetSystemTimes can return inconsistent values. In this case, previous SSH Server 9.xx versions would stop due to an unexpected condition if the setting Health monitoring > Monitor CPU usage was enabled. Fixed.
In general, the SSH Server will no longer stop if one of the health monitoring features encounters an error, but will instead only log the error.
Control Panel and Settings:
Double-clicking the system tray icon for the SSH Server Control Panel would put the window into the foreground if it was hidden, but not if it was minimized, or behind other applications' windows. Fixed.
In the Custom events interface under Advanced settings > Logging, events are now sorted by default according to name, rather than number. Events can still easily be sorted by any column.
In previous 9.xx versions, DKIM signing did not work. Fixed.
When the Real root path for a mount point did not exist, and the setting Create root path was disabled, the SSH Server would still create the directory if the client sent a "create directory" request. The SSH Server will no longer create the mount point root path in this circumstance.
For newly created mount points, the default value of the setting File sharing for uploads is now Delete instead of the previous value, Read, Delete. This is to prevent files from being read or copied in an inconsistent state by another application or connection while they are being uploaded.
Further improvements to diagnostic logging for SFTP jump server mount points.
When logging the flags attribute for an auto-execute command, the Windows job object setting would be logged incorrectly. Fixed.
Changes in Bitvise SSH Server 9.18: [ 5 May 2022 ]
Installation and update:
Improved reliability of creating temporary directories which could previously cause installation to fail.
Fixed behavior of the pop-up menu when clicking the notification area icon.
Added support for Ctrl+A and Ctrl+Backspace key combinations in a variety of user interface elements that did not previously support them.
Addressed support for Esc and Tab keys in the Manage certificates dialog.
Fixed issue when deleting log files in the Log folder viewer.
In Easy settings, the Back and Next buttons were incorrectly swapped. Fixed.
In previous 9.xx versions, the Connection timeout feature did not work. Fixed.
Configuring an On-logon command for an Execute command task would result in an error when running the task. Fixed.
Improved elevation handling for Windows sessions created for tasks.
SFTP jump server mount points:
Greatly improved diagnostic logging for connection issues when configuring Another SFTP server mount points.
Fixed an issue which would cause the SSH Server to emit an invalid SFTP packet when using Another SFTP server mount points. This would cause repeated connects and disconnects.
Changes in Bitvise SSH Server 9.17: [ 12 March 2022 ]
Installation and update:
Due to a bug in the log utility included with SSH Server version 9.12, using built-in update functionality to update from version 9.12 to versions 9.14 and 9.16 would fail. Now, when updating from version 9.12, the first attempt will still fail, but will replace the log utility so that a second attempt succeeds.
Running the new version installer directly to update manually works for all versions and does not trigger this issue.
When an SSH Server update was started automatically, but uninstallation of the existing version failed, the SSH Server would not automatically restart. When updating to future versions from version 9.17 or higher, if uninstallation fails but rollback succeeds, the main SSH Server service will now be restarted.
When pasting from clipboard, password fields would accept ASCII control characters, including newline characters that are included by Excel when copy & pasting a selected cell. Password fields will now filter out control characters when pasting, including the Tab character.
Improved detection of misconfigured obfuscation settings.
In previous versions including 8.xx, if an SCP client interrupted a download – such as by disconnecting – the SSH Server's SCP subsystem would still completely read the file and record a complete download in the I_SFS_TRANSFER_FILE event. Interrupted SCP downloads are now correctly logged as incomplete.
Changes in Bitvise SSH Server 9.16: [ 14 February 2022 ]
A major new feature in SSH Server 9.xx versions is the Windows session cache. This is enabled by default for new installations. When enabled, settings such as the On-logon command have a different effect than in previous SSH Server versions.
To preserve behavior, the Windows session cache is now disabled when upgrading existing settings from versions 8.xx and earlier. This feature can be enabled or disabled in Advanced settings, under Sessions > Windows session sharing.
In versions 8.xx and earlier, it was possible to configure settings in subtly inconsistent ways. For example, it was possible to remove or rename a Connect profile so that the port forwarding settings in a group settings entry referenced a Connect profile which no longer exists.
In previous 9.xx versions, the settings interface would not open after upgrading an installation which had settings configured this way. Fixed.
Control Panel and Settings:
When configuring an encrypted volume in Advanced settings, the setting Full path to data file now won't display an overwrite prompt when selecting an existing file.
Default settings in Tasks and actions now include straightforward examples for email notifications for uploads and downloads. These examples won't appear when updating from previous 9.xx versions unless the task list is reset to apply the new defaults.
The Log folder viewer now once again supports the Enter key to open the selected file.
In previous 9.xx versions, the Connection on-logon command was broken and did not work. Fixed.
The Encrypted volume and Other SFTP server filesystem providers can now be configured to limit access to a subdirectory of the encrypted volume or remote SFTP filesystem.
Bitvise SSH Server provides access to filesystems which do not support POSIX permissions. In versions 8.xx and older, the SSH Server would respond to attempts to set POSIX permissions, such as using chmod, by simulating success. In previous 9.xx versions, the SSH Server would respond with failure if a client attempted to set only POSIX permissions, but not any supported attributes. This is a problem for scripts that assume chmod to succeed. The SSH Server will now once again simulate success for such requests.
If the feature Move completed uploads was configured in an account settings entry, as opposed to a group settings entry, the account would not be able to log in. Fixed.
The correct filesystem provider is now logged when an SFTP client attempts to use an invalid handle.
Changes in Bitvise SSH Server 9.14: [ 23 January 2022 ]
When upgrading from versions before 9.xx, the automatic log archival task is now disabled. This is to avoid interfering with any log maintenance the administrator has already set up.
If settings before 9.xx configured no limit to the number of simultaneous connections, such settings would be upgraded incorrectly to apply a lower limit. Fixed.
If the FTPS protocol is enabled, the SSH Server now supports TLS 1.3 on Windows versions where it is available. Currently, this requires Windows 11 or Windows Server 2022.
Log maintenance and command execution tasks now log an Info-level log event when they start.
Task triggers now support endsWith and contains as operators that work on strings. The contains operator also continues to work on structures, as it did previously.
Control Panel and Settings:
When configuring an encrypted volume in Advanced settings, the setting Full path to data file would have a misleading browse interface which did not allow selecting a filename which does not yet exist. Instead, a full path to a nonexistent file had to be entered manually. The browse interface now supports configuring a file which does not yet exist.
The Log Folder Viewer was not showing file icons in version 9.12. Fixed.
In the Statistics CSV export dialog, suggested filenames could include invalid characters. Fixed.
In account and group lists, reduced the number of columns for improved clarity and performance.
The log utility did not work at all in version 9.12. Fixed.
New features in Bitvise SSH Server 9.12: [ 1 January 2022 ]
Windows session cache: Multiple connections for the same user, either concurrent or consecutive, can now use the same Windows session. This can greatly improve reliability for clients that make frequent connections that access network shares.
Network share control: Settings now provide additional control over how network share connections are established where such connections could time out or occasionally fail.
Encrypted volumes: Clients can now access files which are encrypted at rest by the SSH Server. Concurrent users can access virtual filesystem mount points backed by one or more encrypted volumes. A volume is encrypted with a key configured in SSH Server settings.
SFTP jump server: Users can now access virtual filesystem mount points backed by a remote SFTP server to which the SSH Server connects on the user's behalf.
Tasks: The SSH Server can now run commands periodically, or triggered by configurable conditions based on recorded log events.
Email notifications: The SSH Server can now send email notifications triggered by configurable conditions based on recorded log events.
Log file maintenance: Automatic log file archival or deletion can now be configured as a scheduled task, without resorting to the Windows Task Scheduler.
Cryptography: New cryptographic algorithms include chacha20-poly1305 and encrypt-then-MAC hashing.
Windows XP: All versions of our software that we recommend using are built using Visual Studio 2015. The C++ run-time library used by this Visual Studio version has a known issue where 1-2 kB of memory are leaked each time a new thread is created. This issue does not occur on later Windows versions; it does not occur e.g. on Windows Server 2003. Microsoft has stated they do not intend to fix this issue. Bitvise's view is that the impacts on our SSH Client and FlowSsh are manageable; whereas our SSH Server is rarely used on Windows XP. We therefore do not plan to work around this; but we warn that this can be a potential denial of service vector on Windows XP.