The following is installed with the Pragma SSH Server and the information on this page is also available in the "readme.txt" file. These are notes on the fixes and enhancements that have been added to Pragma SSH Server 5.0 since it's initial release.
Some of these enhancements may not be documented in the Help files or in the manual. Report problems and your feedback via email to support@pragmasys.com or by visiting our web site for support. You can obtain the latest product or evaluation copies by contacting us via any of the following means :
(512) 219-7270 (TEL)
(512) 219-7110 (FAX)
Email :
Web:
https://www.pragmasys.com/ssh-server/try
Highlights on what's new in this release:
----------------------- Build 10 Start -----------------------------
Release Date: Dec 10 2024
Revision #:4524
Enhancements:
- FIPS 140-2 Compliant as our PragmaCrypto lib uses Microsoft Base Crypto Primitive library which is FIPS 140-2 Certified
(NIST #4536 certificate)
- We will be soon be FIPS 140-3 Compliant as Microsoft achieves FIPS 140-3 Certification for their Base Crypto Primitives
library which our cryptp is based on
- Elliptic curve host key support: ED25519, ECDSA (nistp521, nistp384, nistp256)
- New EC based Kex Exchanges:"curve25519-sha256","ecdh-sha2-nistp521","ecdh-sha2-nistp384","ecdh-sha2-nistp256"
- Add cipher: and mac: in env variable PRAGMASYS_MODE of a sshd session. Run "set pragma" to see all env var pragma sshd sets in a ssh session.
- FortressCL avoids Cisco aes256-gcm and aes128-gcm ciphers without openssh.com variants if offered as Cisco implementation of these ciphers
are incorrect and do not work with any vendors' clients.
- FortressCL now has hmac-sha2-512 hmac support
Fixes:
- FortressCL password login to Cisco IOX XE 17.14.01 were disconnecting with failures. It has been fixed in this
build.
- fix ssh cmd line client's key exchange "diffie-hellman-group-exchange-sha256" to work with recent Pragma sshd servers.
Release Date: Oct 1 2024
Revision #: 4295
Enhancements:
-New AES-GCM Cipher support: aes256-gcm@openssh.com, aes128-gcm@openssh.com, aes256-gcm, aes128-gcm in
FortressCL, FortressFX, ssh cmdline, sftp, scp and sshd server
- New ETM MAC support: hmac-sha2-512@openssh.com and hmac-sha2-256@openssh.com in ssh, sftp, scp clients and sshd server
- EC keys (as well as RSA and DSA) can be used for public key authentication in FortressCL, FortressFX,
ssh cmd line, sftp, scp, sshd server
Fixes:
Release Date: Jun 28 2024
Revision #: 4278
Revision #: 4271
Enhancements:
- FIPS 140-2 Compliant as our PragmaCrypto lib uses Microsoft Base Crypto
Primitive library which is FIPS 140-2 Certified (NIST #4536 certificate)
- We will be soon be FIPS 140-3 Compliant as Microsoft achieves FIPS 140-3
Certification for their Base Crypto Primitives library which our crypto is based
on
- Elliptic curve host key support: ED25519, ECDSA (nistp521, nistp384, nistp256)
- New EC based Kex Exchanges:"curve25519-sha256","ecdh-sha2-nistp521",
"ecdh-sha2-nistp384","ecdh-sha2-nistp256"
- New Ciphers: AES-GCM; AES-CTR and AES-CBC were already supported before.
Fixes:
-telmc list first user in wrong location
Release Date: Feb 07 2024
Revision #: 4247
Enhancements:
- Logging can now be enabled/disabled for active sessions. There could be up to 10 second delay for changes to take affect
Fixes:
- users that do not have a local profile can now log on with certifcate.
NOTE: directory location cannot be configured with USERPROFILE, APPDATA, or LOCALAPPDATA
for domain users
- application crash during authentication key exchange for some keys
Release Date: Nov 20 2023
Revision #: 4229
Enhancements:
-public key error messages added to event log
Fixes:
-user session limit never reseting, causing lock on sessions
-missing icons/banners returned to Local Server Configuration program
-XML import stops in middle of import
Release Date: September 12 2023
Revision #: 4212
Enhancements:
- new sftp client get/put option, -i/I, to ignore case
- faster file transfers when using command line proxy program, connect.exe
- sftp logging can be configured on Logging page of Local FortressSSH Configuration program
- Minumum bit size of key exchange can be configured manually in registry.
please contact support for instruction
Fixes:
- key code for LF character returns LF instead of CR in Stream Mode
- sftp client correctly processes Unicode input batch files
- local users with same name as domain can logon without computer name specified
- proxy program connect.exe fixed to prevent file transfer stalls
- FortressCL typo fix in trace window output
- Unicode code page translation displaying duplicate characters in Chinese
- install failure to create "Pragma Admins" group does not cause installation failure
- FortressCL initial default screen wise made 102 charcater width instead of 80 so that toolbar icons are all visible. width can chnaged and will be remembered
- pragmareg not detecting clientsuite product after adding a registration key correctly fixed
Release Date:October 22, 2022
Revision #: 4176
Enhancements:
- osinfo.exe enhanced to detect Winodows Server 2019 and also provide windows public rel
name ( e.g. 1803, 1809), and provide build number.revisions
- Add sftp get option for case insensitive match
- FortressCL - Mouse wheel support added
Fixes:
- Allowing all users with key authenitcation request allowed access when auto store to
file is enabled
- settings import not importing users correctly
- Fix x509v3-sign-rsa support in server and command line ssh/scp/sftp clients
- FortressCL allows for multiple certificate key types
Release Date: Dec 12 2021
Revision #: 4106
Enhancements:
- Windows 11 support
- sftp client support for creating symbolic links
- added more error codes to sftp client
- sftpserver uses profile home directory for any user that does not have access
to server settings in registry
- -H and -? parameters added to pragmareg utility to get help information
Fixes:
- sftpserver regression bug fixed so that it works in other modes than full file system tree access ("Allow user to traverse above home directory")
Release Date: September 15 2021
Revision #: 4040
Release Date: September 3 2021
Revision #: 4038
Enhancements:
- sha2 hashes for x509 signatures
- authentication speed up
- removed sshV1
Fixes:
- Account lockout during repetitive logins
- fix for Windows 7 signature failure
- sha2 added to default rsa host key in client
- weak key exchange algorithms removed
- sftp client fix using proxy.
- download/upload to UNC network directories used as virtual directories
Known issues:
- if key exchange fails using sha2-rsa algorithms, increase key size to greater than 2048 bits
Release Date: March 17 2021
Revision #: 3096
Enhancements:
- new automatic IP filtering for IP service
- easier to read sftp log files
Fixes:
- fix for sapconsole output misalignment
- scp failure with long file names
- fix for sftp server in Windows 7 and 2008 R2 failing to run
Known issues:
- failure to authenticate with rsa keys from some openssh 7.6 clients
- cannot add Pragma server as backup device from Cisco CUCM disaster recovery
- cannot sftp to WS_FTP server
- cannot get/display files from sftp server if very long server path
Release Date: Sept 8 2020
Revision #: 2122
Enhancements:
- RSA-SHA2-256 key exchange added
RFC 8332 and RFC 8308 implementation
- packet tracing added in server
- removed some erroneous error events
Fixes:
- 0 byte file left behind when using two step
- data output is now using remote window size to send right amount of data.
specifically fixes issue with Cisco scp client
- signature types added for X.509 keys
- fix for slow sftp file transfer
- splash banner and banner packet fixes
Release Date: April 12 2020
Revision #: 2011
Fixes:
- transfer issue with large files
Release Date: April 6 2020
Revision #: 2008
Enhancements:
- configuration option to set crypto library. Separate option for
sftp server, sshd server, and ssh client
- telmc tool can output a single column, use -1 option
-Session Manager refreshes event based, less manual refreshes required
Fixes:
-removed empty password error event message
- Handle leak in the Session Manager service
- orphan sessions cleanup fix
-sftp command line client gives correct name if a full path used in source file
-sftp command line client transfer works if destination file used
-sftp session closed if path used in put command using / character
-Session Manager fix for checking administrative rights on server to View/Logoff sessions
Release Date: Sep 18 2019
Revision #: 1909
Enhancements:
-New throttle feature added to file transfer clients, FortressFX and cli sftp
-New throttle feature added to server
-FortressFX rate transfer added to logging
Fixes:
-leaving orphan processes if reconnect feature in use and session not reconnected -Control-C not operating as expected -removed empty password error event message
Release Date: March 05 2019
Revision #: 1696
Enhancements:
- sshd, sftp, scp servers support multi factor authentication (mfa) and use of Yubi keys
- perist toggle added to individual put/mput command in sftp client
- osinfo.exe enhanced to detect Winodows Server 2019 and also provide windows public rel
name ( e.g. 1803, 1809), and provide build number.revisions
Fixes:
- Server was not properly tearing down connections during IDLE SESSION TIMEOUT
processing. This resulted in clients being unable to reconnect to the sessions.
- telmc help file telmc.txt was missing from install. Now help messages are shown by telmc
- persist flag fixed on sftp client
- Key Exchange page returned to Configuration program
- sftp session fails if logging enabled and user does not have write access to directory
- Application Fault during session cleanup on idle session timeout
- fix in diffie-hellman-group16-sha512 implementation
- Continue running in Full Console if Access Denied error hit on SP 1903 and Windows 2019
- two step upload removes all temporary files after copy
- fix for sftp client logging when /n used in batch file
- Unicode logging fixes
- sftp session disconnects immediately after connect
Known Issues:
- Persist timestamp fails on Windows 10 and Windows 2016 versions before SP 1809
Release Date: Nov 29 2018
Revision #: 1629
Enhancements:
- Unicode supported added to sftp
- Datestamp added to SFTP client logging
Fixes:
- Server Heartbeat cannot be turned off if time configured
- Temporary file created when using Two -Step Upload feature always deleted, even if error
Release Date: May 3 2018
Revision #: 1563
Enhancements:
-oConnectionTimeout=time added to ssh cmd line client for connection timeout. can be given in seconds, minutes, etc. 10s, 1m, 5m30s sftp and scp can also use it.
Fixes:
- sshkeygen can now do conversion of larger RSA keys (bigger than 1024 bit)
- ssh command line client SSHv1 mode was trapping after user authentication
Release Date: Mar 22 2018
Revision #: 1520
Enhancements:
- SSHD shell exec now allows env vars to be passed before a shell is started.
"SSH_SHELL" environment var value allows selection of shell for Fortress SSH server.
"powershell" value will allow running Windows powershell. Full path of the shell can be provided also.
- Environment vars are passed by using -oSendEnv=Name[:value] option from ssh clients
To run powershell using pragma ssh client, type:
ssh remotehost -oSendEnv=SSH_SHELL:powershell
In Linux openssh client
SSH_SHELL=powershell
export SSH_SHELL
ssh remotehost -oSendEnv=SSH_SHELL
- sshd now supports zlib@openssh compression mode in addition to zlib which it supported before.
Fixes:
Release Date: Mar 14 2018
Revision #: 1507
Enhancements:
- new logging implementation in sftp command line client
- updated to latest version of group key exchange
- new ACSII conversion of files during sftp file transfer, using command line sftp client
- use -a as command line parameter to convert all files during session
- use the ascii on/off command within the session to turn of/off
- license registration keys for FortressCl and FortressFX are stored per user, no longer
requiring administrative privileges to enter registration key
- Wildcard option in sftp.exe cmd line client's ls or dir is now supported
Fixes:
- wrong user configuration being used when GSSAPI and PublicKey authentication were allowed
- no longer prompting for password when using trying to use default id_dsa, id_rsa, and identity keys
- issue with session disconnect when X509 certificate used for authentication
- DSA keys bigger than 1024 bits, like 2048, were failing sometime to login in ssh or sftp
Release Date: April 5 2017
Revision #: 1265
Enhancements:
- new sftp server feature that allows files to be uploaded using either temporary directory or file extension. This is intended for use with directory monitoring software.
FortressCL:
- content of trace window can be saved to a file
- more detailed trace logging.
Fixes:
FortressCL:
- fix for user not prompted for a pin if a password is stored for the site.
- fix where non-etm ciphers would fail
Release Date: Jan 10 2017
Revision #: 1027
Enhancements:
-ssh cmd line client fixed to avoid Cisco SSH diffie-hellman bug where our nbits prefer had to be 4096 instead of 8192
Fixes:
- FortressCL chacha cipher connection works with Openssh 6.6p1 on Ubuntu 14.04; Set limits on pbit calculation for dh gex as Ubuntu 14.04 openssh
has a problem accepting too large of pbits.
- FortressCL fix so that aes ctr mode would disconnect over some network traffic like over vpn.
Fix was crReturn cases for not etm modes needing to return remainder data rather than 0.
- FortressFX delete of directories in left panel (local) were not working.
Release Date: Dec 20 2016
Revision #: 1005
Enhancements:
- new AES GCM and ChaCha ciphers added to ssh gui client (FortressCL.exe)
- LOGONSERVER environment variable updates to show SSH authentication server
- in ssh server, use elevated token for the user logon if available
Fixes:
- sftp server "permission denied" error on network shares
- sftp server releases drives mapped in session
- FortressCL disconnects on listing on Unix systems
- command line ssh client scrolled lines could not be seen and margin setting issues
Release Date: Nov 21 2016
Revision #: 957
Enhancements:
- ssh.exe Add -oTraceLimit=nnnnn new option to say how many bytes in each ssh packet are to be traced. Works in conjunction with -oTraceFile=filename option. sftp.exe and scp.exe clients can pass these options also to ssh like other -o options.
Fixes:
- ssh.exe change ansi parser to handle cursor position out of bounds (MS openssh port server was sending these ).
We now limit it to screen size.
- FortressCL bug where the serial stop bits were not being set correctly.
- FortressCL fixed clipping of wrapped lines for cases where the line has been expanded after being set.
Line resizing and clipboard copying works better now.
Release Date: Sept 20 2016
Revision #: 865
Enhancements:
Fixes:
- Fix bug in Server FIPS setting resulting in no ciphers being negotiated
Release Date: Aug 10 2016
Revision #: 814
Enhancements:
- RFC 4819 based publickey subsystem is now provided in the sshd server to upload/delete/list a user's public key.
Currently Pragma and Vandyke support this specification in their SSH servers and clients.
- Upload-key.exe new command line tool added to list/add/delete a user's public key. This tool now works to upload
keys to Pragma and Vandyke SSH servers which support RFC 4819. We plan to keep improving this tool to work with OpenSSH and other vendor's ssh servers.
Fixes:
- PragmaReg.exe returns the correct success and failure codes to check via Windows batch scripts. 0 return code means
success. 1 or higher numbers means various errors.
Release Date: May 25 2016
Revision #: 678
Enhancements:
- FortressCL
- If UserPrincipalName is selected to be filled from Smart Card and there is no UPN in the smart card,
user will be prompted to enter it.
- logs show ssh client and ssh server versions at the top to assist in customer support
- returned support for Windows XP and Windows Server 2003 OS
Fixes:
- FortressCL
-sshd server rekeying of SSH session keys was causing FortressCL.exe to fail.
- Choosing Public key button was causing certificate store load to be triggered and "key or Certificate from file" could not be chosen.
- If SSH1 is chosen and the server does not support it, FortressCL will disconnect instead of giving an SSH2 session
- Shortcuts at Install for FortressCL and FortressFX are done correctly for Standard users
- handles smartcard x509v3-sign-rsa login better without traps for OpenSSH and Tectia ssh servers that support this
older way of x509v3 authentication.
- handles non-smartcard certificates better if read from the store and no card in the reader
- Cmd line ssh client handles first screen correctly if console screen buffer height and console window size height is the same.
Release Date: May 06 2016
Revision #: 643
Enhancements:
-insert mode support
-FortressCL
- improved logging
- improved tracing
Fixes:
- color anomalies on large screens
- applications that cannot use Pragma Wrap technology gracefully dealt with
- Window size restricted to Maximum Windows size on Windows versions Win2003 and less
Release Date: Apr 26 2016
Revision #: 601
Enhancements:
-Advanced Console "Clear to eoln outside of drawing rectangle" feature. This allows for
a smaller screen to be sent from the application with the server clearing any data outside of
the rectangle
- New environment variable to show largest possible window size for server session
-command line clients
-set xterm as default terminal type
-Add support for XTERM Send Device Attributes (CSI [>c)
-support for xterm "set title" verb
-added VERASE pty mode
-FortressCL
-Add option to selectively restrict smartcards based to those with the smartcard EKU.
-Added 4 new rejection criteria fox X509 certificates
-Added EKU list fox X509 certificates
-Added Trusted Certificates List fox X509 certificates
-FortressFX
-support for symbolic links
Fixes:
-ctr ciphers allowed in FIPS mode
-FortressCL - added x509 failover to support tectia x509 certificate authentication
-fix for Linux GNOME Nautilus file browser sftp client to connect to our sftp-server
-fix for sessions where client window size is greater than 62 rows
-Advanced Console unexpected output to screen when error occurs
-fix for session close if resize window to very large window
-allow multiple commands from Linux in non-interactive commands when using && symbol
Release Date: Jan 18 2016
Revision #: 410
Enhancements:
- osinfo.exe tool included detects Windows 10 and Windows Server 2016 operating systems correctly
- sftp-server shows linked file destination end-points. E.g. "Application Data" will show where it is pointing to.
- packet tracing enhanced in ssh cmd line, sftp and Fortress FX gui sftp. -oPacketTrace=filename used to create a trace file
Fixes:
- ls from Linux on non-existent directory closes session
- sftp client - unable to transfer larger than 2 GB files from/to Serv-U server
- hmac-sha2-512 MAC picked up correctly if requested by the other side
- added SHA2 MAC algorithms to ssh client and server default MACs so that they are available right away after install
Release Date: Nov 23 2015
Revision #: 343
Enhancements:
- Settings export/import can now include authorization keys stored in the registry
- Updated Help Files
- New Screen comparison feature, Compare by line, which forces a redraw of entire line if
any difference on the line
- FortressCL - Client support for ActivClient 6.2 and 7.0.
Fixes:
- SSH1 host key browse button not changing file
- Apply button enables when changing the custom field for DEC Character set
- Cmdserver doesn't incorrectly exit if stream mode cmds in shell fails which is normal if a bad command is given
- PragmaAuth application fault caused during certificate authentication when authenticating domain greater than 15 characters
Release Date: Sept 23 2015
Revision #: 273
Enhancements:
- Configuration by IP address. If Auto Logon is use IP configuration
will override user configuration.
- FortressCL - improved CAC implementation.
- FortressCL - special enhancements for connection to Cisco hardware
- FortressFX - smart card support
- new option to create a temporary file on file transfers to prevent file lock
Fixes:
- noninteractive commands get correct exit code returned
- out of order echo when running stream mode and data received in blocks
----------------------- Build 9 Start -----------------------------
Release Date: August 25 2015
Revision #: 3380
Enhancements:
- improvement in logon process
- command line ssh client reports a more accurate status code in verbose mode
- creation of temporary file during file transfer to prevent locked files. Files are renamed to
actual file name after successful file completion
Fixes:
- sftp file transfer to Teleboss device
- Configuration program crashes when entering a bad registration key
- fix for user shell remaining after session closes gracefully
- telmc column spacing
Release Date: June 12 2015
Revision #: 3283
Fixes:
- noninteractive commands get correct exit code returned
- out of order echo when running stream mode and data received in blocks
- returned sftp file transfers to not be case-sensitive
- removed call that was preventing cmdserver from running on Windows 2003
Release Date: Jan 26 2015
Revision #: 3103
Fixes:
- sftp fails on subdirectories of network shares
- sftp client intermittently hangs on quit when run in batch mode
- removed limit on number of virtual directories allowed
- removed IP address from protocol version identification
Release Date: 11/05/2014
Revision #: 2904
Fixes:
- sshd server handles "channel end of input" packet better, allowing sshd server to finish jobs correctly when
invoked from some ssh clients which use ceoi packet.
- removed duplicate event message when application fails within session
- fix for non-interactive command if comspec not defined on system
Release Date: 10/07/2014
Revision #: 2841
Enhancements:
- Changed authentication attempt logic to only apply to password tries
- Added code to send debug packets with error information in the event of a logon failure.
- Add parsing for Binding host and ipv6 addresses for command line invocation of reverse forwarding.
- Add flag to enable proper rfc processing of reverse forwarding requests. This is off by default.
- Changed the Manager to allow the user to specify the full path spec of the authorized keys file. This
allows better integration with the Tectia Client key upload feature. Tectia uploads to .ssh/authorized_keys. If
the user specifies %USERPROFILE%\.ssh\authorized_keys as the authorized keys file path, then tectia key uploads will
be fully supported.
- sftp server now supports links/junctions of directories or files.
- sftp command line utility now supports two new commands: open and close
- sftp client now supports "-p" flag to allow/disallow file attribute and time preservation
- -i switch in sftp cmd client is now documented; -i pubkey allows public key authentication
- -i and -A params in sftp client are applied in open verb for automated authentication with pubkey or password
- sftp client now has new cmd 'umask' to be used for remote systems
- Event Log can be opened from Local Server Configuration program Logging page
- Increased number of allowed services monitored by InetD to 512
- new installation feature to use xml file to set configuration settings
- added support for hmac-sha2
- silent install support using network image
Fixes:
- Fixed issue where remotely forwarded ports were not being cleaned up if the forwarding session was terminated uncleanly.
- Fixed issue where SecureCRT would not accept our reverse forwarded channel requests.
- Fixed issue where checking for a global flag in reverse forwarding caused all listens to be on the loopback address.
- Fixed issue with Tectia Broker where subsequent sessions would hang.
- Fixed issue processing SFTP Opens when using FXF_APPEND flag.
- Fixed issue in SFTP using relative paths with a leading period.
- Fixed trap when using an active directory specified logon batch file.
- When a sftp client batchfile processing command fails, next commands are continued to be processed. Before sftp client used to exit.
- sftp client failing to set times for readonly files transferred
- sftpserver "put" verb not updating file permissions mode like read only bit in Windows file system
- sftp client default mask for remote systems changed to 755 from 775. New umask allows it to be changed
- sftp client cmd errors are given clearer messages
- fixed trap when authenticating by certificate. Error messages recorded to Event Log.
Release Date: 06/12/2014
Revision #: 2696
Fixes:
- Local Server Configuration Host Key key generation dialog generates the proper key for generate button selected
Release Date: 05/27/2014
Revision #: 2680
Enhancements:
- RFC 6187 certificate support to ssh servers and clients
- better rsync support
- Registration key information displayed on InetD page
- Better monitor child process implementation
- PRAGMASYS_LOCAL_ADDR env var in shell shows the ip address of the server a remote client connected to. Useful for
debugging if a machine has multiple network cards or has multiple ip addresses in a virtual server environment
- Graphical Key Generation program guikeygen.exe added for generating SSH keys
Fixes:
- certain commands, including as ipconfig and hostname, do not output in Advanced Console
- Client fix for HostKeyAlias processing when validating host keys
- Added signing support for CNG generated certificates
- printing support fix for Windows 2008 and later
- Fixed sftp-server to work with Ipswitch WS_FTP Pro version 12.4 sftp client - could not change to directories sh/own after connection.
- sftp-server now handles version 3 features it does not support properly
- Mouse support fixed to work when WindowsTerm emulation is used with Pragma clients and servers
- FortressFX key generation from menu is fixed
Release Date: 07/15/2013
Revision #: 2294
Enhancements:
- ssh cmd line adds -oPullKeyFromCert=yes option to pick public key from CAC or x509 v3 cards so that
authentication can be done to sshd servers that support public key authentication but not x509
- FortressCL supports sending public key from CAC or x509 v3 cards so that authentication can be done
to sshd servers that support public key authentication but not x509
- sshkeygen -h option added to extract public key from CAC or x509 v3 cards so that the public
key can be stored in sshd servers for public key authentication
- Improved help files
- new environment variable added PRAGMASYS_USER_CONFIG to note which user configuration is in use
- New options added in User Configuration
Fixes:
- sftp client may hang when 0 length file is "put" and target file name is not given. First reported seen to Mainframe sftp server
ad then duplicated to Linux openssh sftp servers.
- sftp home directory could not contain any environment variable other than %USERPROFILE%
- Remote printing problems fixed and now works again
- Group checking against BUILTIN\Administrators now works
- removed check for valid user when adding to configuration to avoid logon domain mismatch
- custom environment variables duplicated when authenticating with Public Key
Known issues:
- If a mapped drive is unreachable to the server, session exit takes several seconds to end in Windows Server 2003.
Release Date: 11/28/2012
Revision #: 2031
Enhancements:
- Pragma SSH Server and clients now support Password Change option.
This feature conforms to SSH password change RFC which is described in SSH_MSG_USERAUTH_PASSWD_CHANGEREQ message specified in
RFC 4252 (SSH Authentication Protocol). The feature should work with all SSH servers that conforms to the RFC standard.
Fixes:
- Public key authentication for domain or local users will now work without the user needing to do a password or interactive logon once
- Public key authentication now works for the same user name in multiple domains
- Form feed values not loading on Print Monitoring page of configuration program
- Client and CL registration key is now kept intact when installing a SSH updated install
Known issues:
- If a mapped drive is unreachable to the server, session exit takes several seconds to end in Windows Server 2003.
Release Date: 10/18/2012
Revision #: 1956
Enhancements:
- Improved FortressFX user interface, allowing drag and drop and removal of extra dialog prompts
- All time values can be configured user hours/minutes/seconds instead of only seconds
- new configuration file option for ssh client to ignore message of a new host fingerprint, IgnoreChangedHost
- FortressCL improved port forwarding
- new Configuration Management page in the Configuration programs
- allow admins to easily grant/deny access to users who can modify configuration changes
- export/import settings moved from General Settings page
- export/import settings using XML files
- ability to restore to installation defaults using XML file
- Directory for authorized_keys2 file created if option on to autostore keys and directory doesn't exist
- session viewing now accounts for code page translation
Fixes:
- sftp and scp -oidentityfile=filename options now work to pass certificate for certificate authentication.Known issues:
- If a mapped drive is unreachable to the server, session exit takes several seconds to end in Windows Server 2003.
Release Date: 04/18/2012
Revision #: 1715
Enhancements:
- telmc column formatting improved to work in both 80 column and larger 132 column consoles.
Shows connected state in a column labeled "S" meaning state with one character: C means connected. R means awaiting reconnect.
- scp now supports giving * pattern in source file names. E.g. scp mydir/t*.txt targetmachine:.
- scp will accept drive letters in file path or directory; in paths both forward and back slashes are accepted
- Support for 1.5.x versions of cygwin bash.
- Beeping is eliminated in the server side. Rather Control-G character is captured and sent to the client side for the client to beep.
System beep call was already handled properly in previous release to beep in the client and not the server, so continues to work properly.
- Non-interactive command execution shell and shell parameters can now be specified. It is useful for running cygwin shells like bash
- Powershell parameters can be specified allowing Powershell XML objects to be generated in place of flat text outputs.
- View Session now uses advanced Gen2 architecture and allows viewing ssh sessions. Before one could only view telnet protocol sessions, but not ssh.
- Install adds Windows firewall enabling entries so that Pragma Inetd and Cmdserver can open needed TCP ports for connections. Before this,
one had to manually add the entries in the Windows Firewall after install. For Non Windows firewall, one still has to do it manually.
Fixes:
- Directory Locations of where certificate authorization public files are stored for a user can be specified.
E.g. Typically it is "%APPDATA%\PragmaSSH" but it can be changed to C:\certs\.ssh2\%USERDOMAIN%\%USERNAME%
- Session count is reduced properly before a session goes to waiting reconnect state. This allows a new session to come in
and reconnect. Limiting session to 1 also would work for reconnect which was failing before this fix.
- Fix for non-interactive command execution with command plus parameters greater than 512
- Fix for non-interactive command specifications supporting arguments.
- Fix for command server trap under advanced console when logging 3 or higher is enabled and large data is written to the console.
- scp use like "scp file.txt localhost:." trapping is now fixed.
- HOME environment variable was incorrectly set to user's APPDATA directory which affected cygwin commands like pwd as cygwin sets HOME to
a user's home directory. HOME environment variable is no longer touched or modified by Pragma sshd server.
- HOMEPATH was incorrectly set to the user's APPDATA directory in place of the user's home directory. Now Pragma sshd server does not modify
HOMEPATH and HOMEDRIVE environment variable as Windows sets them properly when a user profile is loaded in Pragma sshd server.
- Servers with Pragma SSH Server installed were sometime rebooting itself spontaneously as CmdServer.exe process terminated the csrss.exe
process during shell process cleanup.
Release Date: 01/18/2012
Revision #: 1584
Enhancements:
- SSHD server works in the new pre-release Windows 8 operating system
- Works and certified for IBM Cloud and Intel Cloud
- Add config option for specifying kex algorithms. This setting uses the following syntax in the sshd_config file:
kexalgorithms=xxx,xxx
- Add CTR mode ciphers to default client set
- Add AES CTR mode support to server
- Forward slash allowed in client config file
Fixes:
- Command execution was not blocked when shell access was disallowed
- Our ssh.exe command line client wasn't requesting confirmation of the channel request to execute a command
and therefore wasn't handling the error of command execution failure properly
- SCP access was blocked when shell access was blocked. Now it functions based on whether scp is allowed or not.
- Race condition during reconnection. Clients would get no session (old or new) when this reconnection race
condition occur for reconnection timer expiring.
- Stream mode was terminating when user typed a character
Release Date 08/19/2011
Revision #: 1370
Enhancements:
- Added directory check for scp copies if target ends with trailing slash
- Recursive mget added to console sftp client, syntax: mget -R directory
- Clients can set the kex algorithm
- improved logging
- Improved processing with latest version of cygwin
- Modified how scp root is define
- Ability to run .NET applications compiled with AnyCPU in Advanced Console
- Ability for sftp client to use escape characters
- Improved path handling from Sun sftp clients
Fixes:
- Fixed SSH1 connections failing issue
- Removed erroneous possible resource issue warning
- Fixed SSH1 protocol negotiation issue
- Fixed memory leak in key verification
- Fixed the failure with ssh_rsa_verify with some keys
Release Date 04/20/2011
Revision #: 1225
Enhancements:
- Added PTY output processing
- Added new session variable PRAGMASYS_REMOTE_CLIENT to provide information clients version string to session
- Improved speed on group membership checking.
- Added / Enhanced UNC path utilization in setting user home directory on a mapped drive
- Modified how scp root is define
\ - refers to start path from root
. - refers to start path from home directory
Fixes:
- Application error on large path variables
- file size in sftp displayed incorrectly on files larger than 4GB
- Fix for clients with very large sftp buffer sizes
- Fix for channel closing session when only channel should be closed
- Fixed intermittent application error when session closes
- Fixed intermittent CPU spike
- Fixed %APPDATA% setting
- Fixed user drive mapping issue
Release Date 11/29/2010
Revision #: 1055
Enhancements:
- US DOD CAC PKI, Microsoft Windows PKI and Smart card support added
- x509 Certificate use is now supported throughout the Pragma SSH Server product - server, clients, gui clients
and management programs. x509 Certificates can be in Windows Certificate Store/LDAP/smart cards
or exported files. x509 Certificate can be used as host keys and in user authentication.
Certificate Chain is verified & Certificate revocation list is checked for certificate validity.
- Full support of x509 and Smart card in FortressCL
- PragmaAP (Pragma Authentication Process) subsystem added to enhance certificate/keys authentication. Windows AD domain account can now be authenticated with x509 certificates or keys.
- PAD is enhanced with PAD2. Credential storage is secured with stronger cryptography
- Keyboard interactive mode is added and used to inquire users for auto-enrollment/store of certificates/keys.
Fixes:
- fixed CuteFTP sftp and WinSCP sftp upload problem to Pragma sftp server is fixed.)
Release Date 06/28/2010
Revision #: 827
Enhancements:
- Added options to turn on/off the different modes of certificate authentication
- Added Admin and MapRoot modes for scp.
- Added scp home directory option.
- Added configurable home directory for sftp administrator client mode
- Improved subsystem (scp, sftp, shell) performance
- "Put" transfer speed into SFTP server has been increased substantially
- SFTP server and client speeds increased with data path performance optimization
- SFTP and SCP server configurations can now be separately set via enhanced gui management
- Use FIPS 140-2 PragamCrypto.dll in all parts of the product ( servers, clients, management )
- Improved Enterprise Push options, including pull from remote server, and multi select of servers for pushing
- added option to map user drives based on type of subsystem
- New Administrative group added at installation to increase security on configuration settings. Only group members
allowed to alter server settings
- Conversion option added to sshkeygen to convert from competitors key syntax
- Added option to limit server operation log file size.
To use add string value, "DebugFileSize", to registry HKLM\SOFTWARE\PragmaSystems\SSHD. Value is in KBs.
Fixes:
- PragmaMgrC.exe invokes registry editor correctly (regedtc.exe in place of re.exe)
- fixed scp/sftp Cisco connectivity issues
- fixed scp parsing issues.
- fixed FortressCL connection issue with Cisco routers.
- fixed upload problem to Cisco routers with scp.
- fixed session limit on a per user basis
- fixed domain user Windows scripts failing to run
- fixed environment variable overwrite
- fixed group access verification requiring computer name and not domain name
Release Date 12/02/09
Revision #: 507
Enhancements:
- "Certified for Windows Server 2008 R2" logo status achieved.
- "Compatible with Windows 7" logo status achieved.
- FIPSMode introduced to choose product features to conform to FIPS 140-2 certification.
- Build with FIPS certified OpenSSL-fips1.2 library and headers to achieve FIPS 140-2 certifications for few calls we still make to OPENSSL
- FortressCL now uses Pragma SSH library instead of its own crypto code. Pragma SSH library used MS Crypto calls and some OPENSSSL, both of which are FIPS 140-2 certified.
- IPv6 is now supported in all parts of the product (sshd, ssh, sftp, scp, gui, management programs)
- scp now has -A option like in our ssh and sftp so that password can be passed for automated file transfers
- diffie-hellman-group-exchange-sha256 support added in ssh key exchange
- CmdServer passes its shell/application return code so that sshd can pass it to the client side.
- Returned call to TerminateJobObject to our TerminateCommandShell so that MonitorChildProcesses is checked, graceful termination is available, and Recording of terminated events occurs.
- Return call to NetworkCleanup and changed OS version check to run on anything since Win2000 instead of Win2000 only
- Returned code to clean up mapped drives
- Modified logging for server process to create unique file name based off PID and time and pass as argument to CmdServer
- Multiple sessions within one remote channel are logged correctly now.
- Changed how log files are opened so that now they can be read during live session; ssh session input is logged to files
- Added check box for mapping network drives in separate thread, exposing existing registry value via PrgamaMgr.exe gui.
- SCP: removed check for / and \\ in search for colon() to determine if parameter is remote machine. This allows domain accounts
to be used for scp file transfer.
- Sha-1 algorithm is used in place of md5 for fingerprint to ease support of FIPS
- FortressCL updated with numerous fix to support both FIPS or non-FIPS modes.
- PragmaCrypto.dll introduced which contains all crypto code used to comply with FIPS 140-2 guidelines/tests.
Fixes:
- SSH server Reconnect was turned off. Now it works.
- Running it in Win 2000 server does not need turning on "Replace a Process Level Token" user rights change
- FortressCL will not get getaddrinfo() not available error in Windows Server 2000.
- ssh.exe cmd line client's -R option stopped working. The problem was limited to our ssh command line client,
other vendor's ssh client's -R option worked fine.
- scp -o option used to crash scp and has now been fixed.
- Use SHA1 hash for fingerprint instead of MD5 in sshkeygen
- SSH2 standard's diffie-hellman oakley group14 support added
- default value for ThreadDriveMap changed to off, so that drives can be available for non-interactive sessions
- Default value for CustomAppSupport now set to yes.
- Fix for garbage characters showing up on screen in Advanced Console
- PragmaMgrC.exe invokes registry editor correctly (regedtc.exe in place of re.exe)
Release Date 07/23/09
Revision # 342
Enhancements:
- New Pragma Gen2 architecture for higher speed, reliability and enterprise
deployment readiness.
- Multiple sessions within a single sshd are now supported. Up to 64
shell, sftp, scp or port forwarding sessions within one sshd can be started.
- Advance console and Shell support greatly improved by reducing APIs needed to be redirected
- Reconnection of dropped sessions is now supported by sshd. Useful for Handhelds
An industry first for a sshd server
- Server to client heartbeat feature added to sshd. SSH_MSG_IGNORE packet is sent to
the client by sshd to know that the ssh client is alive
- Handheld configuration settings consolidated in a separate page on Local Server Configuration
program for ease of setting up Handheld connectivity options
- Server has added smart logic to distinguish between explicit disconnect issued by user versus disconnect
due to network connection drop. The former will not cause "Reconnect" mode to be entered but the latter will
Handhelds reconnection support needs this smart disconnection difference detection for real life use.
- SSH1 protocol support added for legacy support of old devices
SSH1 can be disabled with a config entry change for sites that do not need it
- Improved Group Membership algorithm for group based access restriction control
- Customer Application has clean documented way to send custom code for beep or special functions
sshd and Pragma telnetd can work from the same custom code
- User drive letter mapping improvements to get logon prompts quickly by launching an extra
thread that maps user drives in the background; this thread exits when done. ThreadDriveMap
can be set to "no" to avoid this asynchronous drive mapping for scripts who may need drive letters
at the launch
- Windows PowerShell is now fully supported and can be set as the default shell
- Supports new Windows Server 2008 R2 and Windows 7
- All languages supported by Windows are now supported by sshd server and clients.
UTF-8 (65001) is a good page to choose. Users can choose any CodePage and Fonts that support their national language.
Fixes:
- Group access not detected correctly
- Ports not forwarded correctly on some occasions
- scp not showing all filenames in recursive transfer
- scp not showing file transfer status for all files
- Client disconnects at any time will not tie up sshd/sftp/scp servers
- sshd, sftp, scp start or later failures reported better to clients
- Auto load of Certificate login fixed to work for new users who had not logged in before.
Auto load of certificates now works correctly for Windows 2000 and all later Windows operating systems
- If "PATH" in user level was set, it would override "PATH" in system level. Now User level PATH is appended after system's PATH.
Clients/Tools:
- telnetc supports TelnetSSL protocol. telnetc /s option is used to invoke SSL
FortressCL
- control-c and control-break is now passed to server enabling application termination/exit
- TelnetSSL protocol is now supported
>Known Issues:
- NONE.
----------------------- Build 9 End -------------------------------
----------------------- Build 8 Start -------------------------------
Release Date 03/18/09
Revision # 183
Enhancements:
- Support for Microsoft's new PowerShell. Many fixes done (listed below) to
have PowerShell run well with Pragma SSH server.
- Tested to run with new Windows server 2008 R2 and Windows 7.
- SSH1 protocol support added and can be easily disabled if desired
Fixes:
- Line editing insert key toggle is handled correctly by SSH server
- Server turns on AutoWrap at start as PC screens assumes/expects it
- Server handles tab command completions by command shells
- Works with any screen sizes. Sizes like 120x50 was a problem before.
- 16bit programs, like edit.com, do not have 43 lines limitations any more
- Server sets the screen margins
- Server properly clears the screen buffer and maintains attributes
- Screen attributes/color maintained during erase, clearing, region drawing.
- Screen flicker reduced in large screen drawing/updates
- PowerShell can execute commands passed. Advanced Console/Console mode and not
Stream mode is needed by Powershell for its run or running passed commands
Known Issues:
- NONE.
----------------------- Build 8 End -------------------------------
----------------------- Build 7 Start -------------------------------
Release Date 01/12/09
Revision # 108
*** This build is Certified for Windows Server 2008 and has passed Microsoft Hyper-V virtualization test ***
Enhancements:
- New NamedPipe for ssh aware applications to write to clients
- New trouble shooting logging option to log server operation to debug window or file
Fixes:
- Removed limit on number of virtual SFTP directoriesKnown Issues:
- NONE.
----------------------- Build 7 End -------------------------------
----------------------- Build 6 Start -------------------------------
Release Date 09/23/08
Revision # 149
Enhancements:
- New technology used (Detours) to make AdvancedConsole mode more robust
- Native Itanium 64 bit support now available with Detours use for
AdvancedConsole and wrap.
- New graphic set definition added for use with StayLinked console client
add registry value "DECCharSet" under configured users with a value
of 6, plus true vt220 character map
Fixes:
- Characters outside ASCII character set allowed in password and username
- PRB: User defined in 3rd or greater Active Directory group in Pragma Manager
Group page cannot gain access
- AdvancedConsole mode enhanced to give these features and robustness:
a) Backspace now works when tabbed command completion text is edited
b) Backspace processing will not erase passed command prompts
c) Backspace processing technique redone to use Windows console
for more accurate backspace processing in all cases
c) F7 popped command history works robustly
d) F2, F3, F4 cmd shell processing works correctly
e) In editors like vi.exe, ": " command now erases texts where command is typed.
ESC-K clear line server was sending was not getting out properly to client
- PRB: environment variables defined for user appending s to variable in session
- Multiple groups added from single dialog selection list all groups
- Configuration values for groups near end of long list work
- Pragma Manager stops Remote Registry service
- forwarded ports not closing when client disconnects
- forwarded ports closing unexpectedly
Known Issues:
- NONE.
----------------------- Build 6 End -------------------------------
----------------------- Build 5 Start -------------------------------
NOTE: There is no Build 5 for Pragma SSH Server.
----------------------- Build 5 End -------------------------------
----------------------- Build 4 Start -------------------------------
Release Date 12/07/07
Revision # 289 (pragmareg displays this revision number as # 33)
Enhancements:
- Client size not limited by server side maximum window size
- New Configuration Push in Pragma Manager
- improved search for user profiles for key authentication
Fixes:
- FIX: PCI Compliance issue which reports a buffer-overflow. Our
testing did not result in a buffer overflow, so there is no security
risk of execution of arbitrary code. The complaint would cause the
server to appear to freeze.
- Updated child process termination
- Advanced Console redraw when using special input keys
- sftp bad address error on directory change
Known Issues:
- NONE.
----------------------- Build 4 End -------------------------------
----------------------- Build 3 Start -------------------------------
Release Date 01/24/07
Enhancements:
- Groups configurable by domain name and not domain controller machine name.
Fixes:
- In Vista 64-bit, 64-bit programs failed to show output
- Improved key generation for writing to user shell
- Report of invalid character map value in environment variable
- sftp.exe command line client hung in file uploads to BITVISE WinSSHD
- fix for ssh client script processing
- ssh client display fixes
- PROB: crash for some group access
- backspace fix in Advanced Console
- InetD handle leak if maximum number of connections reached
- support for Windows 2003 Active Directory domain functional level
added
- PROB: SSHD process hangs if user shell cannot be launched
- sftp file transfer hanging
Known Issues:
- NONE.
----------------------- Build 3 End -------------------------------
----------------------- Build 2 Start -------------------------------
Release Date 12/08/06
Enhancements:
- Network shares referenced by UNC name allowed as virtual directories
Fixes:
- FIX 09272006: FortressFX SSH/sftp Port number not passed to lower
layer.
This would disallow connection to server port other than standard
22.
- FIX: ESC key can be pressed once to send ESC to server
- FIX: port forwarding
- FIX: SFTP from some clients does not close
- FIX: screens clear completely
- FIX: Server and client exit status reported
- FIX: SCP access does not need Shell Access as well
- FIX: Term environment variable assigned correctly
Known Issues:
- NONE.
----------------------- Build 2 End -------------------------------
----------------------- Build 1 Start -------------------------------
Release Date 09/26/06
Enhancements:
- Full 64 bit x64 version support for Intel EM64T and AMD64
processors
- Two separate packages available. One for 32-bit and another for
64-bit.
- Support for Windows Vista (both 32 and 64 bit) and Windows Longhorn
server
- Session Monitoring configurable by Pragma Manager
- More troubleshooting features added
- More sessions possible with smaller desktop count
- Optimized for both 64bit and 32bit with the newest compiler
technologies
- 64 bit version allows for reaching new scalability heights in
terms
of session support and larger file transfer size
- environment variable can be used in Home Directory designation
- Import/Export of Configuration Settings
- Easier Configuration of Idle Session Timeout
- Reverse Video configuration
- Bigger and faster File transfer speeds
- Escape sequences can be sent in multiple packets allowing improved
emulation
- SSH1 code taken out to improve product security. Only SSH2 is
supported
Fixes:
- New Release. N/A
Known Issues:
- NONE.
----------------------- Build 1 End -------------------------------