@bingbing8 bingbing8 released this Sep 6, 2017 · 32 commits to L1-Prod since this release

Assets 6

This is a pre-release (non-production ready)

This release includes the following bug fixes/enhancements:

  • All changes/fixes from upstream branch openssh/openssh-portable/master
  • AllowGroups directive now works with domain groups (#816)
  • Fixes to various terminal related issues and misc issues listed here

@manojampalam manojampalam released this Aug 18, 2017 · 33 commits to L1-Prod since this release

Assets 6

This is a pre-release (non-production ready)

This release includes the following bug fixes/enhancements:

  • Key based authentication issue after a machine reboot (#727)
  • Fixes to various terminal related issues and misc issues listed here

@bingbing8 bingbing8 released this Jul 20, 2017 · 34 commits to L1-Prod since this release

Assets 6

This is a pre-release (non-production ready)

This release includes the following bug fixes/enhancements:

Known issue:

  • sshd service failed to start on 32-bit Windows 7 (#795).

@bingbing8 bingbing8 released this Jul 1, 2017 · 35 commits to L1-Prod since this release

Assets 6

This is a pre-release (non-production ready)

This release includes the following bug fixes/enhancements:

  • Security enhancements (#596, #766, #783, #789)
  • Improvements to UtilityScripts (#771) to work on localized machine
  • Support for windows-style absolute AuthorizedKeysFile path (#779)
  • Other misc issues listed here

Known issue:

  • sshd service failed to start after installation on Windows 7 (#770). See issue details for a workaround.

@bingbing8 bingbing8 released this Jun 21, 2017 · 36 commits to L1-Prod since this release

Assets 6

This is a pre-release (non-production ready)

This release includes the following bug fixes/enhancements:

  • Crypto transitioned from OpenSSL to LibreSSL
  • Improvements to UtilityScripts (#749, #750, #751, #756, #758)
  • Support for SFTP only server for Windows (#757)
  • Support for Unicode input in interactive sessions (#711)
  • UX issues with warning and passphrase promts (#692)
  • Other misc issues listed here

Known issue:

  • sshd service failed to start after installation on Win7(#770). See issue details for a work around.
  • UtilityScripts does not handle Localized User correctly(#771). See Security protection wiki to manually fix the file permissions if you run on non-English build.

@bingbing8 bingbing8 released this Jun 3, 2017 · 37 commits to L1-Prod since this release

Assets 6

This is a pre-release (non-production ready)

Note: This release added security enhancements that might break existing configurations.
The changes ensure that permissions on OpenSSH file based resources (keys and configuration) would not allow any unauthorized access. UtilityScripts are included to help with fixing permission related issues.

For automated host side upgrades, it is recommended to run the following included utility to prevent possible lockouts due to broken sshd configuration:
FixHostFilePermissions.ps1 -Confirm:$false

Also includes the following bug fixes/enhancements:

  • Added initial port of ssh-keyscan.exe (#732)
  • Support for binary data over SSH stdin (#658)
  • Removed unwanted sshd service account privileges (#726)
  • Improved WinSCP experience (#539)
  • Fixed regression in ssh-agent - rejecting key sign requests from sshd service. (#734)
  • Fixed issues in Docker scenarios (#666)
  • Other misc issues listed here

@bingbing8 bingbing8 released this May 16, 2017 · 38 commits to L1-Prod since this release

Assets 6

This is a pre-release (non-production ready)

Bug fixes

  • Fix for key based authentication for Docker containers. (#677)
  • Fix to ssh-agent when the sshd is not installed. (#558)
  • Fixed a bug where ssh-keygen would not overwrite an existing file, even if the user confirmed. (#685)
  • Fixed a bug where read values in registry would report error. (#645)
  • Fixed logging in sshd before loading the private host key files. (#708)
  • Fixed ssh client title. (#722)
  • Other misc issues listed here

Note on v0.0.13.0 release

You may have noticed that we pulled down the v0.0.13.0 release. With that release, we had an introduced a new requirement to securely ACL certain files.

That design proved somewhat premature, and before requiring everyone to re-ACL files across their environment, we decided to pull the release in order to get the design right. Expect a release in the near future that will require some kind re-ACL'ing (but not just yet). 👍

May 12, 2017
Source snapshot from Powershell/openssh-portable:latestw_all

@manojampalam manojampalam released this Apr 16, 2017 · 46 commits to L1-Prod since this release

Assets 6

This is a pre-release (non-production ready)

Includes:

  • Fixes to several redirection related issues with ssh.exe and sftp.exe
    • Following will now work
      • ssh ... > out.txt
      • $o = ssh ... (in Powershell)
      • sftp -b .... > out.txt
  • Removal of ssh-lsa.dll. There is now no reboot restriction on setup.

and other misc issues listed here

Note
It seems that the key based authentication is not working for docker containers. For docker scenarios, continue using v0.0.11.0 until this issue is fixed.

@manojampalam manojampalam released this Apr 4, 2017 · 47 commits to L1-Prod since this release

Assets 6

This is a pre-release (non-production ready)

Includes:

  • Latest changes from OpenSSH main repo (synced to 7.5p1)
  • Fix to Sshfs issue introduced in 0.0.9.0
  • Support for ssh redirection in Powershell ($o = ssh ... )
  • Install-sshd.ps1 support for Nano

and other misc issues listed here

NOTE - Breaking Change

  • Due to a security issue that got fixed in this release, SSHD account now needs read access to "authorized_keys. Otherwise pubkey authentication will fail. Do the following:
   $authorizedKeyPath = "c:\users\user\.ssh\authorized_keys"
   $acl = get-acl $authorizedKeyPath
   $ar = New-Object  System.Security.AccessControl.FileSystemAccessRule("NT Service\sshd", "Read", "Allow")
   $acl.SetAccessRule($ar)
   Set-Acl  $authorizedKeyPath $acl