v0.0.0.9

_This is a pre-release (non-production ready)_

See features\improvements here

5_30_2016

_This is a pre-release (non-production ready)_

See release notes of 5_15_2016. Following issues are fixed in this release:

• ssh and sftp now log into user's profile folder (if user's profile exists) 209
• fix to issue 229
• fixes to issue 218

5_15_2016

_This is a pre-release (non-production ready)_

The release adds the following security enhancements:

• sshd now runs in the context of a restricted service account. This account (visible in task manager as "sshd") only has SeAssignPrimaryTokenPrivilege required to spawn off session processes under client context).
• ssh-agent in implemented for Windows as a service running as "SYSTEM". This will execute key related privileged operations on sshd's behalf. It differs from UNIX version of ssh-agent as follows - it provides persistent storage of ssh private keys (both user and host). The keys are locked using user's password (using Data protection APIs). The storage is ACLed system only. As long as system is root-trusted, this ensures that the private keys are protected from malware. This also provides a single-sign on experience for Windows. Additional details
  • ssh-agent service can be started by any user but can only be stopped by admin
  • keys can be added to ssh-agent using ssh-add. Following flags are supported - lLdD
  • see wiki for details on how to register and secure host-keys.
• ssh-agent also implements key-based authentication for Windows - this includes verification of signature, authorizing the public key and generating client token. support for domain accounts is now added.
  • ssh-lsa from previous versions needs to be uninstalled and replaced with latest version. See wiki for details on how to do ths.

Known REGRESSIONS in this release:

• Secure loading of user profile is currently being worked on. Logging in using ssh and sftp will take you to %Windir%. If you are blocked on this, work around is to run sshd as Local System instead. This is being tracked as this issue

4_5_2016

_This is a pre-release (non-production ready)_

This release has the following in addition to 3_19_2016

• SIGALRM support added. This enables the following
  • SFTP progress bar
  • ConnectTimeout for ssh client
  • Login grace timeout in sshd
• SIGCHLD support added. This helped in converging Unix and Windows code around child process management
• Misc code refactoring to remove redundant code
• Fixing the artifact around misbehaving "ENTER" on most clients - work around added in server to minimize impact.

Note: "sshd -install" is no longer supported. Service can be installed using the provided PS script. See updated wiki for instructions

3_19_2016

_This is a pre-release (non-production ready)_

_Note: Thanks to folks testing this release - we have identified an issue on 2012 R2 (and possibly Win8) with read() routine of underlying transport. This manifests as a failure while starting sshd. Try using 1.1 versions if you see this issue_

What's in this release:

• Completely rewritten underlying transport that adapts POSIX calls to Win32 overlapped APIs.
• Transport is now truly single threaded with no synchronization overhead. Stream throughput over loopback has improved ~15%.
• Transport has been stress tested with 10 tunnelled TCP (port forwarded) full duplex full throughput streams multiplexed over a single connection/session (ssh and sshd running with AppVerifier enabled). It held well, compared to the previous transport that froze after 5 streams. Hopefully, connection reliability issues reported so far will be resolved with this update.
• PW auth will now result in network logon so admins will end up with sessions capable of performing admin tasks.
• SCP is taken offline as it needs significant changes to get it on board the new transpor and I'm still working on it.
• ssh-add and ssh-agent are taken offline as we are working on the right security model and user experience for Windows.
• there are not changes to ssh-lsa.dll (for key based auth). So you may continue to use the previous version if its already installed.

I haven't yet fixed ssh-lsa installation script issue on Windows 7. Please continue to use the work around for now
reg add HKLM\System\CurrentControlSet\Control\Lsa /v "Authentication Packages" /t REG_MULTI_SZ /d msv1_0\0ssh-lsa.dll -f

There will be some regressions in terminal experience as I refactored related code that was coupled with protocol code. That said, its understood that current terminal experience is very primitive. Focus over the next couple of months will be on enriching this experience along with security enhancements.

2_25_2016

_This is a pre-release (non-production ready)_

64-bit and 32-bit payload from Master on 2/25/2016. Slight modification in how ssh-lsa.dll is installed. See deployment instructions in wiki

NOTE: It has been reported that ssh-lsa installation script is not working on Windows 7. Please use this work around for now
reg add HKLM\System\CurrentControlSet\Control\Lsa /v "Authentication Packages" /t REG_MULTI_SZ /d msv1_0\0ssh-lsa.dll -f

12_22_2015

This release contains 64 bit build of OpenSSH binaries. See Deployment instructions in Wiki for more details. Build is from 12_22_2015 sources

11_09_2015

The release contains several fixes to improve ssh.exe terminal experience. Also includes changes to support launching sshd as service. See Deployment instructions in Wiki for more details.

10_13_2015

Zipped Binary payload from Master 10-13-2015