v7.7.2.0p1-Beta

@bingbing8 bingbing8 released this Jul 27, 2018

This is a pre-release (non-production ready)

UPDATE -We have updated ssh-shellhost.exe binary (fix for #1222) in V7.7.2.0 payload on 8/4/2018.

This release includes

  • Support for auto updating known_hosts via ssh and ssh-keygen
  • Optimized group membership resolution that results in vast performance improvement in processing simple user/group configuration rules.
  • Fixed descriptor leaks in win32 fstat implementation(#1209) by @cbookg
  • Support for handling user resolution in absence of explicit UPN (#1213) by @NoMoreFood
  • Various other fixes listed here

Source - https://github.com/PowerShell/openssh-portable/releases/tag/v7.7.2.0

v7.7.1.0p1-Beta

@manojampalam manojampalam released this Jun 5, 2018 · 1 commit to L1-Prod since this release

This is a pre-release (non-production ready)

This release includes fixes for regressions introduced in v7.7.0.0.

Note

  • If you configure a default shell, ensure that OpenSSH installation path is in system PATH. If not already present, amend system PATH and restart sshd service.
  • Scp and Sftp are tested to work with Powershell and Cygwin's bash as default shells. There are still issues with WSL bash (manifest as hung sessions), we are working on investigating these.

List of all issues fixed - here

Source - https://github.com/PowerShell/openssh-portable/releases/tag/v7.7.1.0

v7.7.0.0p1-Beta

@manojampalam manojampalam released this May 30, 2018 · 1 commit to L1-Prod since this release

This is a pre-release (non-production ready)

Regressions

  • #1164 - scp and sftp won't work if OpenSSH is installed in "Program Files" or any directory with a white space.
    • Work around - install in a path with no white space - ex. c:\openssh
  • #1165 - SCP fails when using bash as alternative shell

Note

  • This release introduces new rules for specifying user/group based configuration rules for domain principals - these should now adhere to NameSamCompatible format. For more info refer sshd_config manual.

This release includes

  • OpenSSH 7.7 changes from upstream.
  • Normalized user/group principal resolution - by @NoMoreFood
  • Improvements to support nested groups while processing group based configuration rules - by @NoMoreFood
  • Chroot support for sftp (and scp via custom shell). See sshd_config manual
  • Support sshd in interactive mode (for testing and trouble shooting)
  • various other fixes listed here

Source - https://github.com/PowerShell/openssh-portable/releases/tag/v7.7.0.0

v7.6.1.0p1-Beta

@manojampalam manojampalam released this Mar 31, 2018 · 2 commits to L1-Prod since this release

This is a pre-release (non-production ready)

Note:

  • New Logging facility added (ETW). Check out Logging Facilities for options to switch to file based logging.
  • Binaries and PS files are now digitally signed.
  • Source code is no longer maintained in this repository, see below for tag in PowerShell/openssh-portable associated with the release

This release includes

  • Enhancements to overcome prior limitations in concurrent sessions and forwarded connections - by @NoMoreFood
  • Support for navigation via symlinks - by @NoMoreFood
  • Fixes in POSIX compat layer - by @revngnr and @djsweet
  • ETW logging
  • Wild card support in scp
  • various other fixes listed here

Source - https://github.com/PowerShell/openssh-portable/releases/tag/v7.6.1.0

v7.6.0.0p1-Beta

@manojampalam manojampalam released this Mar 1, 2018 · 3 commits to L1-Prod since this release

This is a pre-release (non-production ready)

Please note

  • to avoid confusion with various internal versions, we have made a conscious decision to synchronize future releases with the base OpenSSH software version (currently at 7.6).
  • to differentiate this fork from core OpenSSH portable, the software name reported on the wire is updated from OpenSSH to OpenSSH_for_Windows.

This release includes

  • security enhancement - sshd unprivileged workers will now run in runtime generated unique security identities.
  • support for ProxyCommand using stdio redirection
  • fixes to regressions in previous release
  • support to let applications break away from ssh session and run in background
  • various other fixes listed here

v1.0.0.0-Beta

@manojampalam manojampalam released this Jan 20, 2018 · 20 commits to L1-Prod since this release

This is a pre-release (non-production ready)

This release includes changes to further prepare this fork for future integration to upstream repository. Also included are changes incorporating community feedback.

  • Unix styled privilege separation is implemented for Windows

    • OpenSSh privilege separation model - http://www.citi.umich.edu/u/provos/ssh/privsep.html
    • Posix_spawn is implemented in POSIX adapter as an alternative to fork() that is heavily used in Privilege separation.
    • Additional state info is added to sshd to accommodate distinguishing the various modes (privileged monitor, unprivileged child, authenticated child).
    • Required service state (like config and host keys) is transmitted over pipes from monitor to child processes.
    • For every remote session, you'll now see 2 sshd processes, one running as SYSTEM and one running as the USER (similar to what you would see on Unix)
  • Changes to installation steps to adhere to the new architecture

    • SSHD server is installed to run as SYSTEM
    • SSHD no longer depends on ssh-agent server
    • SSHD resources (sshd_config, hostkeys and authorized_keys) no longer need "READ" access to NT Service\SSHD.
  • Config/State separation

    • SSHD resources - sshd_config, hostkeys are moved to a dedicated hidden directory - %ProgramData%\ssh
    • SSH global resources - ssh_config and ssh_known_hosts will now work and can be placed in the above directory
    • Logs would be written to the above directory too. This is a temporary solution while we evaluate moving logs to ETW sessions.
  • SSHD prerequisites auto setup

    • SSHD service prereq resources - sshd_config and hostkeys, if they don't already exist - will now be automatically generated as part of service startup.
    • This will reduce instllation steps to all but one step - i.e to run installsshd.ps1. There will be no more configuration steps needed.
  • Other misc issues listed here

Breaking Changes

  • You need to be SYSTEM to do SSHD debug mode (sshd -d), typically used in troubleshooting scenarios. Running as an administrator is no longer sufficient. You may use psexec -s cmd to open up cmd.exe running as SYSTEM.
  • To use existing customized sshd_config, you need to copy it to %programdata%\ssh\sshd_config (Note that %programdata% is a hidden directory).
  • To use existing host keys, you need to copy them from binary location to %programdata%\ssh\
  • Prior versions required SSHD resources (sshd_config, host keys and authorized_keys) to have READ access to "NT Service\SSHD". This is no longer a requirement and the corresponding ACL entry should be removed. You may run Powershell.exe -ExecutionPolicy Bypass -Command '. .\FixHostFilePermissions.ps1 -Confirm:$false' to fix up these permissions.
  • Make sure binary location has the write permissions to just SYSTEM, Administrator groups. It is recommended to extract binaries to %ProgramFiles%\OpenSSH

Known Issues:

  • You may not be able to connect with sshd logs showing that "unable to get security token for user sshd". Please see #1053
  • Match Blocks support has regressed. This will be fixed in the upcoming release.

v0.0.24.0

@bingbing8 bingbing8 released this Dec 5, 2017 · 21 commits to L1-Prod since this release

This is a pre-release (non-production ready)

This release includes the following bug fixes/enhancements:

  • Fixed service binary paths (#963 )
  • Fixed exceptions when stop sshd service (#957 )
  • Fixed unicode characters from the ssh.exe (#925)
  • Fixed issue in SFTP when downloading a very large file in chunks (#863)
  • Other misc issues listed here

v0.0.23.0

@bingbing8 bingbing8 released this Nov 19, 2017 · 22 commits to L1-Prod since this release

This is a pre-release (non-production ready)

This release includes the following bug fixes/enhancements:

  • Fixed issue with ssh redirected stdin (#929)
  • Fixed issue in POSIX layer that could truncate write streams(#908)
  • Other misc issues listed here

v0.0.22.0

@bingbing8 bingbing8 released this Oct 17, 2017 · 28 commits to L1-Prod since this release

This is a pre-release (non-production ready)

This release includes the following bug fixes/enhancements:

  • Support configuring default shell through windows registry. Please see bullet 12 at Install-Win32-OpenSSH
  • Other misc issues listed here

v0.0.21.0

@bingbing8 bingbing8 released this Oct 3, 2017 · 29 commits to L1-Prod since this release

This is a pre-release (non-production ready)

This release includes the following bug fixes/enhancements: