-
Der beliebte freie SSH-Client für Windows PuTTY steht in der Version 0.58 zum Download bereit, ebenso die als Sourcecode verfügbare Unix-Portierung. SSH besteht aus einer ganzen Kombination von Protokollen, die kryptographisch abgesicherte Kommunikation in unsicheren Netzen ermöglichen. Wichtigste Neuerung in PuTTY 0.58 ist nun die Unterstützung von IPv6, von der bislang aber wahrscheinlich nur die wenigsten Anwender profitieren werden.
Daneben gibt es weitere Funktionen, die das Arbeiten erleichtern. So unterstützt der Client nun auch rekursive Dateitransfers mit PSFTP. Praktisch: Session-Details lassen sich nun auch nach dem Aufbau einer Verbindung speichern. Auch das Port-Forwarding soll sich während einer Sessions rekonfigurieren lassen. Zudem versteht PuTTY nun die 256-Farb-Kontroll-Sequenzen von xterm. Darüber hinaus sind in der neuen Version diverse kleinere Fehler beseitigt.
Quelle und Links : http://www.heise.de/newsticker/meldung/58297
-
freeSSHd 1.2.4
Unix-artige Betriebssysteme lassen sich über das Internet sicher und schnell mit der Secure Shell (SSH) steuern. Das kostenlose FreeSSHd rüstet diesen Fernsteuerdienst für die Kommandozeile unter Windows nach, der als Systemdienst im Hintergrund läuft und sich als Taskbar-Icon einnistet. Die Benutzer, deren Accounts FreeSSHd selbst verwaltet, melden sich per Windows-Anmeldung, verschlüsseltem Passwort oder Public-Key-Verfahren am Server an. Die Software gewährt per SFTP Zugang zum Dateisystem des Windows-Rechners und tunnelt Anwendungs-Ports sicher über das Internet.
(http://www.freesshd.com/Images/capture.jpg)
http://www.freesshd.com/ (http://www.freesshd.com/)
-
freeSSHd: Unix-artige Betriebssysteme lassen sich über das Internet sicher und schnell mit der Secure Shell (SSH) steuern. Das kostenlose FreeSSHd rüstet diesen Fernsteuerdienst für die Kommandozeile unter Windows nach, der als Systemdienst im Hintergrund läuft und sich als Taskbar-Icon einnistet. Die Benutzer, deren Accounts FreeSSHd selbst verwaltet, melden sich per Windows-Anmeldung, verschlüsseltem Passwort oder Public-Key-Verfahren am Server an. Die Software gewährt per SFTP Zugang zum Dateisystem des Windows-Rechners und tunnelt Anwendungs-Ports sicher über das Internet.
(http://www.heise.de/software/screenshots/t11146.jpg)
http://www.freesshd.com/
-
Die freie Implementierung des SSH-Protokolls, OpenSSH, ist zu ihrem 10. Geburtstag in der Version 5.3 erschienen. Diese bringt vor allem Korrekturen mit und lässt die Unterstützung von Windows 95, 98 und Me fallen.
Bei OpenSSH handelt es sich um eine vollständige Implementierung des SSH-Protokolls in den Versionen 1.3, 1.5 und 2.0, samt STP-Client- und Serverunterstützung. Die neue Version 5.3 bringt gegenüber der Version 5.2 einige kleine Korrekturen. So sind beispielsweise Verzeichnispfade nicht länger auf 256 Zeichen beschränkt.
Die größte Veränderung bezieht sich aber auf den Wegfall der Unterstützung alter Cygwin-Versionen sowie von Windows 95, 98 und Me. Diese Systeme werden mit OpenSSH 5.3 nicht mehr unterstützt. Neuere Cygwin-Versionen sollen von einem vergrößerten IO-Buffer von 64 KByte profitieren, was die Geschwindigkeit signifikant erhöhen soll.
OpenSSH 5.3 steht unter http://openssh.com/ zum Download bereit. Die Neuerungen sind in der Release-Ankündigung (http://openssh.com/txt/release-5.3) zusammengefasst.
Quelle : www.golem.de
-
CopSSH ist ein Komplettpaket des Referenzsystems OpenSSH für Windows. Es bringt einerseits einen komfortablen Installer mit, der auch die nötigen Keys erzeugt, bietet aber andererseits mit etwas Fummelei in der Konfigurationsdatei sämtliche Funktionen von OpenSSH.
http://www.itefix.no/i2/copssh
-
CHANGES FROM VERSION 3.0.2
1. UPDATED - Cygwin 1.7.1-1
http://cygwin.com/ml/cygwin-announce/2009-12/msg00027.html
NEW major release: cygwin-1.7.1-1
The most important changes are:
- The mount table is no longer stored in the registry. Rather, it's
stored in /etc/fstab and /etc/fstab/$USER. See
http://cygwin.com/cygwin-ug-net/using.html#mount-table
- Support for pathnames beyond the former 260 chars border. PATH_MAX
is now set to 4096, but Cygwin will try to support even longer paths
up to the Windows maxium of 32767 Unicode chars,
- Multiple Cygwin installations can co-exist on a machine, as long
as you keep them separate.
- Support for IPv6.
- Default character set is now UTF-8, but other character sets are
supported via an improved internationalization support. See
http://cygwin.com/cygwin-ug-net/setup-locale.html
- Support for new authentication methods which are supposed to improve
changing the user context without password.
- No more support for Windows 95, Windows 98 and Windows Me.
Full details about changes:
http://cygwin.com/cygwin-ug-net/ov-new1.7.html
http://www.itefix.no/i2/copssh
-
hi,
ist es möglich in putty benutzername und passwörter zu hinterlegen?
wenn ich mich mit putty in meinem vdr einlocke will er jedesmal benutzername und passwort.wenn man 2 oder mehrere fenster aufmacht und öfters neustartet geht mir das ganz schön auf den kesks :D.ein eingabefeld für solches habe ich noch nicht gefunden aber vielleicht gibt es doch eine möglichkeit.
-
Hi...nee....ne Passwortverwaltung hat Putty nicht ...
p.s. Evtl. hilft dir das weiter : http://www.zeus-web.de/pc-it-undco/windows/puttystarter-v-053
-
dafür gibd's die public key authentifizierung bei ssh.
mit puttygen machst du für dich ein key-pair, und fügst den public dann in der entsprechenden config file für authorized keys unter openssh.
http://unixwiz.net/techtips/putty-openssh.html wäre ein beispiel für die konfiguration (einfach die passphrase auslassen, dann muss man nichts mehr weiters eingeben aber halt auch höllisch auf den private key aufpassen)
-
alternativ gäb's halt noch die möglichkeit, das ganze über den putty.exe parameter -pw zu lösen:
c:\putty\putty.exe -load "saved config" -l user -pw pass
... könnte man z.b. in einem shortcut reinsetzen.
aber wie gesagt, standard und empfohlen ist public key authentication.
-
dafür gibd's die public key authentifizierung bei ssh.
mit puttygen machst du für dich ein key-pair, und fügst den public dann in der entsprechenden config file für authorized keys unter openssh.
http://unixwiz.net/techtips/putty-openssh.html wäre ein beispiel für die konfiguration (einfach die passphrase auslassen, dann muss man nichts mehr weiters eingeben aber halt auch höllisch auf den private key aufpassen)
ich habe das mal durchgelesen und versuche heute abend mal.was ich aber nicht ganz verstehe (weil englisch) wie man den public key in linux installiert.
muß /home/.ssh/authorized_keys2 angelegt werden und der "public key" in die datei "authorized_keys2" kopiert werden?
was ist der nachteil wenn ich passphrase nutze?
-
muß /home/.ssh/authorized_keys2 angelegt werden und der "public key" in die datei "authorized_keys2" kopiert werden?
ja, nach ~/.ssh/authorized_key2, also ins benutzer home verzeichnis.
was ist der nachteil wenn ich passphrase nutze?
ich glaub dann musst du immer die passphrase eingeben. natürlich ist es immer noch einfacher, weil du dann ja für alle logins immer nur diese eine angeben musst.
-
wie bekomme ich den public key in linux gespeichert? ich bekomme das nicht hin ???
-
Kochbuch sagt:
3.8.3.8 `-pw': specify a password
A simple way to automate a remote login is to supply your password
on the command line. This is _not recommended_ for reasons of
security. If you possibly can, we recommend you set up public-key
authentication instead. See chapter 8 for details.
Hab ich hier her: http://the.earth.li/~sgtatham/putty/0.60/puttydoc.txt
Kapitel 8 zu kopieren erspar ich mir ;D ;D
-
so weit bin ich auch...aber wenn ich den key reinkopiere und die eingabetaste drücke kommt das
ssh-rsa: command not found :o
und nun?
-
http://www.openssh.org/de/faq.html könnte helfen. Ich kann es sicher nicht, ausser mit solche Tips...
siehe gurgel: 26. Apr. 2009 ... 3.6 - Configure oder sshd(8) beschweren sich über fehlende RSA- oder DSA-Unterstützung ... 3.7 - »scp: command not found«-Fehler ...
-
dann kann ichs wohl vergessen ???
-
authorized_keys2 sollte eine text datei sein (nur halt ohne .txt endung).
also mit "vi ~/.ssh/authorized_keys2" z.b. öffnen, ans ende einfügen und abspeichern.
natürlich kannst du einen editor deiner wahl verwenden, emacs, nano, was weis ich...
oder du erstellst die datei unter windows und kopierst sie mit pscp rüber.
-
authorized_keys2 sollte eine text datei sein (nur halt ohne .txt endung).
also mit "vi ~/.ssh/authorized_keys2" z.b. öffnen, ans ende einfügen und abspeichern.
natürlich kannst du einen editor deiner wahl verwenden, emacs, nano, was weis ich...
oder du erstellst die datei unter windows und kopierst sie mit pscp rüber.
habe ich gemacht und wollte mit dem mc rüberkopieren..geht nicht
Kann nicht auf"..."agieren!
auch mit "vi ~/.ssh/authorized_keys2" will es nicht funktionieren :o
wenn ich mit nano anlegen will kommt no such file oder directory
was mache ich blos falsch?
habs hinbekommen den key einzubauen ;D war ne schwere geburt
aber jetzt habe ich "wie immer" ein anderes problem.
da ich win 7 benutze bekomme ich putty nicht dazu direkt auf den vdr zu starten
das funkt bei mir nicht.
wenn ich in der verknüpfung die saison eingebe sagt windows pfad nicht gefunden.muß das win7 anders eingegeben werden?
Create and save the sessions
Shortcut with session name As we did in the previous section, create and save as many named sessions as needed, and make a note of the session names. These names can be referenced on the command line with the -load parameter, and can be embedded into the shortcut.
Right-click on the shortcut and select Properties, then enter the parameter -load along with the name of the session (in quotes, if necessary). Click OK to save the shortcut properties.
PuTTY shortcut with Session It's also a good idea to rename the shortcut to reflect the name of the server it's connecting to: right-click on the shortcut and select Rename.
Once the session shortcut is fully configured, double-clicking the icon launches the connection. Create as many pre-programmed shortcuts as needed.
-
da ich win 7 benutze bekomme ich putty nicht dazu direkt auf den vdr zu starten
das funkt bei mir nicht.
wenn ich in der verknüpfung die saison eingebe sagt windows pfad nicht gefunden.muß das win7 anders eingegeben werden?
welche felder hast du denn in der verknüpfung stehen?
also unter "Ziel" und "Ausführen in"
-
da ich win 7 benutze bekomme ich putty nicht dazu direkt auf den vdr zu starten
das funkt bei mir nicht.
wenn ich in der verknüpfung die saison eingebe sagt windows pfad nicht gefunden.muß das win7 anders eingegeben werden?
welche felder hast du denn in der verknüpfung stehen?
also unter "Ziel" und "Ausführen in"
Ziel: "C:\Program Files\Tools\Putty\putty.exe"
Ausführen in: "C:\Program Files\Tools\Putty"
so funktioniert die reine verknüpfung und sobald ich was öndere gehts nicht.
-
ja zeig die veränderte version, die eben nicht funktioniert.
-
ja zeig die veränderte version, die eben nicht funktioniert.
"C:\Program Files\Tools\Putty\putty.exe -load "VDR" sogehts nicht
"C:\Program Files\Tools\Putty\putty.exe -load"VDR" und so auch nicht
-
du gibsd genau folgendes ein:
"C:\Program Files\Tools\Putty\putty.exe" -load VDR
mit " musst du immer aufpassen, die sind in der regel nicht verschachtelbar.
warum sind überhaupt " drinn? weil der pfad zu putty.exe ein leerzeichen beinhaltet, aber leerzeichen dienen eben auch als trennzeichen bei der eingabe.
-
du gibsd genau folgendes ein:
"C:\Program Files\Tools\Putty\putty.exe" -load VDR
mit " musst du immer aufpassen, die sind in der regel nicht verschachtelbar.
warum sind überhaupt " drinn? weil der pfad zu putty.exe ein leerzeichen beinhaltet, aber leerzeichen dienen eben auch als trennzeichen bei der eingabe.
hut ab..jetzt geht die konsole für den vdr auf.aber login und passwort muß immer noch eingeben.
ich habe laut anleitung den privatkey in putty geladen aber das funkt nicht.
den produktkey ist unter /home/laurent/.ssh/authorized_keys2 gespeichert die rechte und eigentümer wie in der anleitung.
jetzt gilts noch das putty mit dem privatekey geöffnet wird...aber das will auch nicht
habe jetzt den privatkey in ptty gespeichert,jetzt geht die konsole des vdr nicht mehr auf
-
in der VDR session muss folgendes gespeichert sein:
* der private schlüssel (Connection/SSH/Auth/Private key file for authentication)
* und höchstwahrscheinlich der username beim login (Connection/Data/Auto-login username)
wenn du die werte veränderst, musst du nachher nochmal abspeichern.
-
in der VDR session muss folgendes gespeichert sein:
* der private schlüssel (Connection/SSH/Auth/Private key file for authentication)
* und höchstwahrscheinlich der username beim login (Connection/Data/Auto-login username)
wenn du die werte veränderst, musst du nachher nochmal abspeichern.
habe ich gemacht,aber ne konsole öffnet sich nicht,liegts vielleicht am publickey?
-
funktioniert das keyfile login wenn du es ohne shortcut startest?
hier wär noch mal eine deutsche version http://www.howtoforge.de/howto/key-basierte-ssh-logins-mit-putty/ .
-
funktioniert das keyfile login wenn du es ohne shortcut startest?
nein funkt auch nicht
putty mit shortcut startet sich jetzt genauso wie ohne.
-
aber es hat doch schon mal funktioniert oder?
ich werd morgen in der arbeit nachsehen, was ich dort alles eingestellt habe. aber bei mir gab's damals keine probleme...
-
ich (wir) habe es hinbekommen ;D der grund warum es nicht funktionierte ist das der dateiname "authorized_keys2"falsch ist :o
er muß "authorized_keys" heissen. und in der sshd_conf muß "AuthorizedKeysFile %h/.ssh/authorized_keys"auskommentiert sein.
jetzt geht es einwandfrei :D
vielen dank für deine unterstützung
-
Mit Version 5.4 haben die OpenSSH-Entwickler eine neue Version der freien SSH-Implementierung veröffentlicht, die neben Korrekturen auch eine Vielzahl von neuen Funktionen bringt.
OpenSSH ist eine komplette Implementierung der SSH-Protokollversionen 1.3, 1.5 und 2.0 und unterstützt außerdem scp (Secure Copy) und sftp (Secure FTP). In der neuen Version wurden viele Fehler bereinigt, vor allem auch sicherheitsrelevante Probleme. Nach über zehn Jahren deaktiviert OpenSSH nun standardmäßig die Version 1 des SSH-Protokolls. Clients und Server, die immer noch die alte Funktionalität wünschen, müssen diese nun in der Konfigurationsoption oder der Kommandozeile aktivieren.
Neu hinzugekommen ist auch eine Unterstützung für Zertifikatsauthentifizierung mittels eines neuen, minimalistischen OpenSSH-Zertifikatformats. Detailliertere Informationen zur Verwendung liefern entsprechende Dokumentationen von ssh-keygen(1), sshd(8) und ssh(1). Eine weitere Neuerung stellt ein »netcat mode« für ssh und eine Annullierung von Schlüsseln mittels der Option RevokedKeys dar. Darüber hinaus wurde die Multiplexing-Unterstützung in ssh komplett umgeschrieben.
Überarbeitet wurde auch der sftp-Client. Unter anderem unterstützt das Programm nun auch die Option »-h« für ls und Tab-Komplettierung für Kommandos. Ferner beherrscht sftp die meisten scp-Kommandozeilen-Argumente. Passwortgeschützte private Schlüssel für SSH Protokoll 2 werden nun mit AES-128 und nicht mehr mit 3DES verschlüsselt.
Eine Liste aller Änderungen kann dem Changelog (http://openssh.org/txt/release-5.4) entnommen werden. Der Download von OpenSSH 5.4 ist von einer großen Zahl von Mirror-Servern möglich.
Quelle : www.pro-linux.de
-
Windows-Installer für das Linux-Toolkit OpenSSL; ermöglicht das Arbeiten mit den Protokollen Secure Sockets Layer (SSL) und Transport Layer Security (TLS) zur verschlüsselten Datenkommunikation.
http://www.slproweb.com/products/Win32OpenSSL.html
-
CHANGES FROM VERSION 3.1.0
1. UPDATED - Cygwin 1.7.2-2
Major changes from 1.7.1-1:
o Localization support has been much improved.
o Enhanced Windows console support.
o Handle native DOS paths always as if mounted with "posix=0,noacl".
o Handle UNC paths starting with slashes identical to /cygdrive paths.
o Avoid overly agressive appending of .exe suffix when renaming Windows
executables.
o Fix some hangs and a potential crash using pipes and FIFOs.
o Fix multiple socket problems:
See http://cygwin.com/ml/cygwin-announce/2010-03/msg00018.html for more detailed info.
2. UPDATED - OpenSSL 0.9.8n
Major changes from 0.9.8m:
o a security and bugfix release which addresses CVE-2010-0740
URL for this Security Advisory: http://www.openssl.org/news/secadv_20100324.txt
See openssl directory in doc directory for more detailed info
SIGNATURES
MD5 Signature:
f3adc808223143a47fa74633a41eff6a *Copssh_3.1.1_Installer.zip
SHA256 Signature:
9c226b52ad27d59110d862a672c2c1bf48f3d1a4313819dddb75917d2a4593fd *Copssh_3.1.1_Installer.zip
Download: http://itefix.no/i2/download
http://www.itefix.no/i2/copssh
-
AutoPuTTY is a simple connection manager / launcher - It's written in C# so you'll need Microsoft .NET Framework Version 2.0. Manage a server list and connect thru PuTTY, WinSCP, Microsoft Terminal Server and VNC (only VNC 3.3 encryption is supported for passwords yet); Connect to multiple servers at once using the "Enter" key or the right click menu; Import a list from a simple text file; and Protect the application startup with a password (note that the list is always encrypted).
(http://images.betanews.com/screenshots/1254096102-1.png)
Latest Changes
- Fixed bugs with path handling (used to check tools paths)
- Fixed a bug with user specified ports not beeing used for PuTTY / WinSCP
- Added PuTTY "X11 Forwarding" switch
Freeware
http://r4dius.free.fr/autoputty/
-
KpyM Telnet/SSH Server is a free, open source telnet/ssh server for Windows NT/2000/2003/XP. It provides access to the host computer via the telnet or ssh protocol. Supports command line applications (dir, ftp, etc.) and full color console graphic applications (edit.com, tetris.exe, etc.). KTS accepts connection from any telnet/ssh client running on any OS.
(http://images.betanews.com/screenshots/1160297500-1.png)
Latest Changes
- Minor bug fixes
- Sftp bug fixes/should work now with more sftp clients/
- Built against cryptlib 3.3.2
Lizens : Open Source
http://www.kpym.com/2/kpym/index.htm
-
Die Entwickler der Verschlüsselungs-Software OpenSSH haben eine aktualisierte Version zur Verfügung gestellt.
Ab sofort gibt es OpenSSH 5.5/5.5p1. Es handelt sich hier um eine Wartungs-Version, die Fehler ausbessert. Eine kleine Verbesserung gibt es bei der Aufzeichnung von angemeldeten Anwendern.
Sie finden weitere Details in den Release-Notizen (http://openssh.org/txt/release-5.5). Herunterladen können Sie die freie SSH-Software von der Projektseite (http://www.openssh.com/). OpenSSH ist eine vollständige Version für das SSH-Protokoll Version 1.3, 1.5 und 2.0. Es beinhaltet sowohl den sftp-Client als auch Server-Unterstützung. Das Projekt finanziert sich ausschließlich durch Spenden.
Quelle : www.tecchannel.de
-
Latest Changes
- Fixed a bug with PuTTY "X11 Forwarding" setting not beeing saved..
http://r4dius.free.fr/autoputty/
-
Latest Changes
- Fixed a bug with the non working folder browser for RDP and VNC output paths, replaced code so that the missing dll is not needed anymore
http://r4dius.free.fr/autoputty/
-
Mit KiTTY gibt es eine Alternative zum bekannten Telnet/SSH-Client PuTTY. Die Software bringt nahezu alle Funktionen von PuTTY mit, ist aber um clevere Zusatzfeatures erweitert, welche die tägliche Arbeit auf der Kommandozeile erleichtern und teilweise automatisieren.
Funktionalität: KiTTY (http://kitty.9bis.com/) ist eine abgewandelte Form des Telnet/SSH-Clients PuTTY, genauer gesagt basiert das Tool auf der Version 0.60 von PuTTY. Die Software ist aber nicht nur eine einfache Kopie, sondern erweitert PuTTY um einige clevere Funktionen.
(http://img535.imageshack.us/img535/7139/4c78314cf887acf1571d84e.jpg)
Wer beispielsweise viele verschiedene Server per Kommandozeile verwaltet, wird sich über die Session-Filter-Funktion freuen. Damit lassen sich die einzelnen Logins in verschiedenen Ordnern speichern, was die Übersicht deutlich erhöht. Ebenfalls praktisch ist der Launcher. Dieser packt ein Icon in der Taskleiste, mit dem sich gespeicherte KiTTY-Sessions per Rechtsklick anzeigen und starten lassen können.
Installation: KiTTY ist eine kleine Exe-Datei, die direkt von der Homepage der Entwickler kostenlos heruntergeladen werden kann. Alternativ lässt sich die Software auch als portable Version einrichten und sich so etwa auf einem USB-Stick mitnehmen. Dazu muss man zunächst eine Datei namens kitty.ini erstellen, welche die Zeilen
[KiTTY]
savemode=dir
enthält. Anschließend erstellt der Kommandozeilenbefehl kitty.exe -convert-dir alle notwendigen Unterordner und richtet KiTTY so ein, dass sämtliche Informationen transportfähig gespeichert werden. Die neu erstellten Ordner müssen nur noch auf das entsprechende Medium kopiert werden.
Bedienung: Wer mit PuTTY umgehen kann, findet sich auch in KiTTY schnell zurecht. Das Interface ist nahezu identisch, die Änderungen stecken eher in kleinen Funktionen unter der Oberfläche. Auf der Homepage erklären die Macher alle Zusatzfunktionen in KiTTY, etwa, welche Registry-Keys geändert werden müssen, damit eine gespeicherte Session direkt aus dem Startmenü heraus aufgerufen werden kann.
Fazit: KiTTY bringt keine bahnbrechenden Neuerungen in den SSH/Telnet-Client mit, wer allerdings dieses Tool täglich nutzt, freut sich über die kleinen Annehmlichkeiten. Vor allem Funktionen wie die portable Version, der Session Launcher oder die automatisierbaren Kommandos machen KiTTY durchaus zu einer passenden Alternative zu PuTTY.
-
Kein Changelog verfügbar ...
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
What's new: >>
* a fix into the auto-login script managment when the server send NULL characters
* a fix into the window title managment
* a new -sshhandler option to set the ssh:// and putty:// links
* a new parameter in kitty.ini file: configdir to define the location of saved settings in portable mode
* an improvment into the settings loading from kitty.ini file
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
2010.08.09 -- Version 2.1.2
* Windows security issue:
Fixed potential local privilege escalation vulnerability in
Windows service. The Windows service did not properly quote the
executable filename passed to CreateService. A local attacker
with write access to the root directory C:\ could create an
executable that would be run with the same privilege level as
the OpenVPN Windows service. However, since non-Administrative
users normally lack write permission on C:\, this vulnerability
is generally not exploitable except on older versions of Windows
(such as Win2K) where the default permissions on C:\ would allow
any user to create files there.
Credit: Scott Laurie, MWR InfoSecurity
* Added Python-based based alternative build system for Windows using
Visual Studio 2008 (in win directory).
* When aborting in a non-graceful way, try to execute do_close_tun in
init.c prior to daemon exit to ensure that the tun/tap interface is
closed and any added routes are deleted.
* Fixed an issue where AUTH_FAILED was not being properly delivered
to the client when a bad password is given for mid-session reauth,
causing the connection to fail without an error indication.
* Don't advance to the next connection profile on AUTH_FAILED errors.
* Fixed an issue in the Management Interface that could cause
a process hang with 100% CPU utilization in --management-client
mode if the management interface client disconnected at the
point where credentials are queried.
* Fixed an issue where if reneg-sec was set to 0 on the client,
so that the server-side value would take precedence,
the auth_deferred_expire_window function would incorrectly
return a window period of 0 seconds. In this case, the
correct window period should be the handshake window
period.
* Modified ">PASSWORD:Verification Failed" management interface
notification to include a client reason string:
>PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']
* Enable exponential backoff in reliability layer
retransmits.
* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after
socket is created rather than waiting until after connect/listen.
* Management interface performance optimizations:
1. Added env-filter MI command to perform filtering on env vars
passed through as a part of --management-client-auth
2. man_write will now try to aggregate output into larger blocks
(up to 1024 bytes) for more efficient i/o
* Fixed minor issue in Windows TAP driver DEBUG builds
where non-null-terminated unicode strings were being
printed incorrectly.
* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support
was not being compiled in.
* Proxy improvements:
Improved the ability of http-auth "auto" flag to dynamically detect
the auth method required by the proxy.
Added http-auth "auto-nct" flag to reject weak proxy auth methods.
Added HTTP proxy digest authentication method.
Removed extraneous openvpn_sleep calls from proxy.c.
* Implemented http-proxy-override and http-proxy-fallback directives to make it
easier for OpenVPN client UIs to start a pre-existing client config file with
proxy options, or to adaptively fall back to a proxy connection if a direct
connection fails.
* Implemented a key/value auth channel from client to server.
* Fixed issue where bad creds provided by the management interface
for HTTP Proxy Basic Authentication would go into an infinite
retry-fail loop instead of requerying the management interface for
new creds.
* Added support for MSVC debugging of openvpn.exe in settings.in:
# Build debugging version of openvpn.exe
!define PRODUCT_OPENVPN_DEBUG
* Implemented multi-address DNS expansion on the network field of route
commands.
When only a single IP address is desired from a multi-address DNS
expansion, use the first address rather than a random selection.
* Added --register-dns option for Windows.
Fixed some issues on Windows with --log, subprocess creation
for command execution, and stdout/stderr redirection.
* Fixed an issue where application payload transmissions on the
TLS control channel (such as AUTH_FAILED) that occur during
or immediately after a TLS renegotiation might be dropped.
* Added warning about tls-remote option in man page.
http://openvpn.net/
-
IPsec-Client mit Xauth- und RSA-Unterstützung zum Kommunizieren mit Betriebssystemen, die ipsec-tools ausführen; anders als die Windows-Version nutzt die Unix-Version den IPsec-Kernel-Support des Betriebssystems und enthält den kompletten Programmcode für das Front-End des Clients
Lizenz: Open Source
http://www.shrew.net/?page=software
-
Windows-Version des SSH-Servers und -Clients OpenSSH
Lizenz: Open Source
http://www.itefix.no/i2/copssh
-
Die OpenSSH-Entwickler haben die Version 5.6 ihres freien SSH-Werkzeugs veröffentlicht. OpenSSH dient zum Verschlüsseln des Netzwerkverkehrs, erlaubt den Aufbau sicherer Tunnel zwischen zwei Rechnern und unterstützt mehrere Authentifizierungsmethoden.
OpenSSH 5.6 wurde um eine ControlPersist-Option erweitert, die einen ssh-Multiplex-Master im Hintergrund startet und dafür sorgt, dass eine Verbindung eine unbestimmte Zeit lang bestehen bleibt bzw. nach einer vorgegebenen Zeit der Inaktivität des Nutzers automatisch getrennt wird. Die hostbasierte Authentifikation kann jetzt über einen zertifizierten Host-Schlüssel erfolgen, ssh-keygen unterstützt Zertifikatssignierung mit einem CA-Schlüssel. Ssh protokolliert auf Wunsch Hostnamen und Adressen, um Pishing-Angriffe von Servern mit vertrauenswürdigen Schlüsseln besser erkennbar zu machen.
Der neue Platzhalter %h in der ssh-Konfiguration erlaubt die Arbeit mit unqualifizierten Hostnamen (z.B. Subdomains, %h.example.org). Sshd unterstützt das Überprüfen von Nutzernamen, die in Zertifikaten eingebettet sind, Veränderungen am Format der Zertifikatsschlüssel sollen die Schlüssel sicherer machen. Neben den Neuerungen behoben die Entwickler mehrere Fehler, eine Auflistung aller Änderungen bieten die Release Notes (http://www.openssh.com/txt/release-5.6).
Die Entwicklung von OpenSSH begann 1999. Das Verschlüsselungswerkzeug steht unter der BSD-Lizenz, die aktuelle Version ist für OpenBSD, Linux, Mac OS X und eine Reihe anderer Unix-Derivate auf mehreren Spiegelservern (http://www.openssh.com/portable.html) verfügbar.
Quelle : www.pro-linux.de
-
Copssh is an ssh server and client implementation for windows systems. It is a yet another packaging of portable openssh, cygwin, some popular utilites, plus implementation of some best practices regarding security. You can use COPSSH for remote administration of your systems or gathering remote information in a secure way.
(http://images.betanews.com/screenshots/1193485431-1.png)
Latest Changes
- UPDATED - OpenSSH 5.6p
Lizenz: Open Source
http://www.itefix.no/i2/copssh
-
Changelog for 2.1.3:
Windows Installer rebuilt. No other changes since 2.1.2.
http://openvpn.net/
-
z.Z. kein Changelog verfügbar ...
http://openvpn.net/
-
kein Changelog verfügbar..
http://www.itefix.no/i2/copssh
-
What's new: >>
Three new features:
* An URL clickable URL patch is now included into KiTTY (a must have for IRC users)
* Personnal icons can be associated to each session
* Session log can be timestamped
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
What's new: >>
Here is a major release with three main features:
* PuTTY new development shapshot: 20100914
* PuTTYCyg patch update: 20091228
* Integration of the ZModem patch from LePuTTY (experimental)
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
2010.11.09 -- Version 2.1.4
* Fix problem with special case route targets ('remote_host')
The init_route() function will leave &netlist untouched for
get_special_addr() routes ("remote_host" being one of them).
netlist is on stack, contains random garbage, and
netlist.len will not be 0 - thus, random stack data is copied from
netlist.data[] until the route_list is full.
Thanks to Teodo MICU and Gert Doering for finding and fixing this issue.
http://openvpn.net/
-
Changes since 2.2 Beta 3 include:
Adding support for SOCKS plain text authentication
Add HTTP/1.1 Host header
TAP support on Solaris
"topology subnet" made to work on Solaris
Lots of bugfixes, see Changelog for details
The Beta 2.2 release contains a number of important new features:
* Added IPv6 support to Windows TAP driver
* auth-pam plugin update: Support DOMAIN+USERNAME in config
* Added support for passing over SSL certificate fingerprint/digest to plugins
* Improved the logic which gives a filename to the script hooks for exchanging data between OpenVPN and the script.
* OpenVPN will now create the file and not just return a supposed to be unique filename.
* Added an improved example script for doing OCSP checks
* Enhanced client-up and client-down example scripts
* Added support for --x509-username-field, defaults to CN but can be set to use other X509 certificate elments as username
* instead.
* Allow --lport 0, to allow random port binding
* Implemented http-proxy-override and http-proxy-fallback directives
* Implemented multi-address DNS expansion on the network field of route commands.
* Added --register-dns option for Windows.
* Handle non standard subnets in PF grammar
http://openvpn.net/
-
SSH-Server für Windows-Systeme
(http://www.heise.de/software/screenshots/77652.jpg)
kostenlos
http://mobassh.mobatek.net/
-
Mit der Veröffentlichung der Versionen 0.9.8q und 1.0.0c haben die Entwickler zwei Schwachstellen von OpenSSL beseitigt. Eine Schwachstelle betrifft die Ciphersuite in der TLS-/SSL-Schicht und ist in allen Versionen in der freien Implementierung des TLS-/SSL-Protokolls vorhanden.
Die Schwachstelle in der Ciphersuite von OpenSSL ermöglicht es einem Angreifer, den Cache einer gespeicherten Sitzung zu modifizieren und den Algorithmus einer verschlüsselten Datenverbindung auf einen schwächeren herunterzusetzen. Damit vereinfacht sich das Knacken einer sicheren Verbindung.
Die Entwickler haben die Schwachstelle beseitigt, indem sie die Option "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG" deaktiviert haben, die der Kompatibilität zu Netscape-Browsern dient. Anwender können ihre OpenSSL-Versionen mit der abgeschalteten Option kompilieren. Alternativ kann noch die Option "SSL_OP_ALL" deaktiviert werden.
In Version 0.9.8j ist die Schwachstelle zwar vorhanden, allerdings kann dort ein Angreifer nur zu einem gleich starken Algorithmus wechseln. Benutzer der 0.9.8er Versionen sollten auf 0.9.8q aktualisieren. Benutzer von Version 1.0.0 sollten künftig die Version 1.0.0c verwenden.
Version 1.0.0c enthält auch Reparaturen für die Schwachstelle in dem J-Pake-Protokoll (Password Authenticated Key Exchange by Juggling). Über die Schwachstelle könnte sich ein Angreifer auch ohne Kenntnis des verwendeten geheimen Schlüssels legitimieren. J-Pake wird in OpenSSL nicht standardmäßig aktiviert, sondern muss explizit ausgewählt werden.
Die entsprechenden Patches haben die Entwickler auf ihrer Webseite veröffentlicht. Der Quellcode der reparierten Versionen liegt auf den Servern des Projekts (http://www.openssl.org/source/) zum Download bereit.
Quelle : www.golem.de
-
What's new: >>
Just a fix and an improvment:
* Stability fix when exiting in Windows 7 64 bits
* New feature: initial window position can be set
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Version 5.7 von OpenSSH enthält neben vielen weiteren Verbesserungen vor allem die Möglichkeit, effizientere, auf elliptischen Kurven beruhende Verschlüsselungsverfahren (ECC) zu verwenden.
Die OpenSSH (SSH steht für Secure Shell) ist ein sicherer Telnet-Ersatz, der Verbindungen zwischen zwei Rechnern verschlüsselt. Das Paket besteht aus einem Server- und einem Client-Programm sowie Hilfsprogrammen. Darüber hinaus unterstützt es sicheres FTP (SFTP) und sicheres Kopieren auf andere Rechner (SCP).
In den fünf Monaten seit Version 5.6 wurden etliche neue Features hinzugefügt. Das wichtigste davon ist die Möglichkeit, auf elliptischen Kurven beruhende Verschlüsselungsverfahren (ECC) zu verwenden. Die Implementierung des Schlüsselaustauschs und der Host- und Benutzerschlüssel folgt dabei RFC5656. Die Verfahren sollen bei gleicher Schlüssellänge effizienter sein als DH- und DSA-Verfahren, gleichzeitig kann man aber kürzere Schlüssel verwenden.
Aktuell werden nur die verpflichtenden Abschnitte von RFC5656 implementiert, das bedeutet die drei Kurven nistp256, nistp384 und nistp521 sowie der Schlüsselaustausch und Host- und Benutzerschlüssel. Punktkompression ist nicht nicht implementiert. Die erzeugten ECC-Host- und Benutzerschlüssel können für Zertifikate verwendet werden. Als Schlüssellänge wird 256 Bit bevorzugt, und ECC-Schlüssel werden bevorzugt von Hosts abgefragt.
Als weitere Neuerung wurde im SFTP-Protokoll eine Erweiterung vorgenommen, mit der das Erzeugen von Hard Links unterstützt wird. Verzeichnis-Listings in SFTP wurden außerdem beschleunigt, indem die Ergebnisse zwischengespeichert werden. SCP erhielt eine neue Option -3, mit der eine Kopieroperation zwischen zwei anderen Rechnern über den lokalen Rechner geleitet wird; normalerweise würde die Kopie direkt zwischen den beiden angegebenen Rechnern stattfinden. Darüber hinaus gab es weitere Verbesserungen und eine Reihe von Korrekturen, die im Detail in der Ankündigung (http://www.openssh.com/txt/release-5.7) zu finden sind.
Die aktuelle Version ist für OpenBSD, Linux, Mac OS X und eine Reihe anderer Unix-Derivate auf mehreren Spiegelservern (http://www.openssh.com/portable.html#mirrors) verfügbar.
Quelle : www.pro-linux.de
-
OpenSSH 5.8 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Changes since OpenSSH 5.7
=========================
Security:
* Fix vulnerability in legacy certificate signing introduced in
OpenSSH-5.6 and found by Mateusz Kocielski.
Legacy certificates signed by OpenSSH 5.6 or 5.7 included data from
the stack in place of a random nonce field. The contents of the stack
do not appear to contain private data at this point, but this cannot
be stated with certainty for all platform, library and compiler
combinations. In particular, there exists a risk that some bytes from
the privileged CA key may be accidentally included.
A full advisory for this issue is available at:
http://www.openssh.com/txt/legacy-cert.adv
Portable OpenSSH Bugfixes:
* Fix compilation failure when enableing SELinux support.
* Do not attempt to call SELinux functions when SELinux is disabled.
bz#1851
Checksums:
==========
- SHA1 (openssh-5.8.tar.gz) = 205dece2c8b41c69b082eb65320d359987aae25b
- SHA1 (openssh-5.8p1.tar.gz) = adebb2faa9aba2a3a3c8b401b2b19677ab53f0de
Reporting Bugs:
===============
- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.
http://www.openssh.com/
-
Changes include:
* Windows installer built and packaged with the new Python-based buildsystem that utilizes the Visual Studio 2008 toolchain
* Lots of enhancements and fixes to the Python-based Windows buildsystem (see Changelog for details)
* Make the --x509-username-field feature an opt-in feature
http://openvpn.net/
-
Changes include:
Several man-page updates
Several buildsystem fixes
Fixed a bug with GUI icon deletion on upgrade from 2.2-RC or earlier
Change the default --tmp-dir path to a more suitable path
Improve the mysprintf() issue in openvpnserv.c
Fixed bug in port-share that could cause port share process to crash
Fix the --client-cert-not-required feature
http://openvpn.net/
-
z:z. liegt kein aktuelles Changelog vor ...
Download : http://swupdate.openvpn.net/community/releases/openvpn-2.2.1-install.exe
http://openvpn.net/
-
Die Entwickler des SSH- und Telnet-Clients Putty melden sich nach vier Jahren mit einem Update zurück. Putty 0.61 enthält viele neue Funktionen, darunter die SSH-2-Authentifizierung über das GSSAPI.
Vor fast vier Jahren veröffentlichten die Putty-Entwickler zuletzt eine stabile Version. Nun erscheint ein Update des freien SSH- und Telnet-Clients. Die Aktualisierung Putty 0.61 enthält viele neue Funktionen. So wurde die Unterstützung für die SSH-2-Authentifizierung über das GSSAPI sowohl in der Variante für Windows als auch für Unix-ähnliche Systeme integriert.
Zu den Windows-spezifischen Änderungen gehört, dass Putty für eine X-Weiterleitung genutzt werden kann. Dazu ist es nicht mehr notwendig, den lokalen X-Server für alle Verbindungen zu öffnen. Die anderen Neuerungen der Windows-Variante sind grafischer Natur. So unterstützt Putty nun Aero in Windows 7. Gespeicherte Sitzungen können direkt über die Sprunglisten der Taskleiste gestartet werden.
(http://scr3.golem.de/screenshots/1107/Putty/thumb620/putty-0.61b-term.png)
Auf der Unix-Seite gibt es ebenfalls einige spezifische Neuerungen. So lässt sich der GTK-Client mit GTK 2 kompilieren, wodurch die Oberfläche schöner aussehen soll. Bisher haben viele Distributionen inoffizielle Versionen mit dieser Möglichkeit angeboten. Das Ganze wurde jedoch nie offiziell unterstützt.
Schnellerer Schlüsselaustausch
Der Austausch von SSH-Schlüsseln soll in der neuen Version rund dreimal so schnell erfolgen wie in der Version 0.6.0. SSH-2-Verbindungen werden auf eine andere Art und Weise gestartet, so dass weniger Pakete ausgetauscht werden müssen. Ähnliches gilt für das Windowmanagement, wovon die Übertragung großer Datenmengen profitiert, auch bei Port-Forwarding und SFTP sowie SCP.
Im Zusammenspiel mit OpenSSH kann mit Putty 0.6.1 wieder eine Kompression verwendet werden. Dazu unterstützt Putty die von OpenSSH verwendete, besser gesicherte Kompressionsvariante.
Nutzer von Keberos können ab sofort ihr bestehendes Sinlge-Sign-On auch für SSH-Verbindungen über Putty nutzen. Allerdings ist dies noch mit einigen kleinen Fehlern behaftet.
Zudem kann Putty künftig explizit der Hostname des Rechners übergeben werden, mit dem es sich verbinden soll. Wird beispielsweise Port-Forwarding genutzt, unterscheidet sich das angegebene Ziel von dem letztendlich erreichten. In solchen Fällen sucht Putty den Hostkey dann unter dem angegebenen Zielnamen.
Putty 0.6.1 steht unter http://www.chiark.greenend.org.uk/~sgtatham/putty/ zum Download bereit.
Quelle : www.golem.de
-
Auf OpenVPN GUI (http://openvpn.se/) basierende Alternative zur mitgelieferten grafischen Oberfläche von OpenVPN, die die Managementschnittstelle von OpenVPN verwendet, um einige Nachteile des Originals zu umgehen, etwa bei fehlenden Berechtigungen.
(http://www.heise.de/software/screenshots/86733.jpg)
Lizenz: Open Source
http://openvpn-mi-gui.inside-security.de/
-
What's new: >>
Original PuTTY has just been updated. The update contains Kerberos authentication and windows 7 jump lists.
So here it is the the new KiTTY release based on this 0.61 version.
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
MTPuTTY (Multi-tabbed PuTTY) helps you to manage different PuTTY connections in one tabbed GUI interface. Every PuTTY connection runs in a separate tab and you can switch between PuTTYs as easy as you switch between opened pages in web browsers. When you need, you can detach PuTTY window from tab and convert it back into normal PuTTY application.
Freeware
http://www.ttyplus.com/multi-tabbed-putty/
-
Mit der Veröffentlichung von Openssh 5.9 führen die Entwickler eine Sandbox-Option für den Child-Prozess einer Privilege Separation ein. Die noch experimentelle Funktion soll zum Standard werden.
Die freie Werkzeugsammlung für verschlüsselte Verbindungen Openssh 5.9 ist erschienen. Die neu eingeführte Sandbox soll vermeiden, dass andere Hosts über einen kompromittierten Child-Prozess einer Privilege Separation angegriffen werden können. Dazu verhindert die Sandbox bestimmte Systemaufrufe des Child-Prozesses. Noch ist die Sandbox-Funktion experimentell und muss manuell aktiviert werden. Die Entwickler planen jedoch, die Sandbox in der nächsten Veröffentlichung standardmäßig zu integrieren.
Außerdem enthält Openssh 5.9 neue HMAC-Integritätsmodi (Hash Message Authentication Code), die auf dem SHA-256-Algorithmus basieren. Ebenso wird nun eine Warnung ausgegeben, wenn ein Server die X11-Weiterleitung verweigert. Beim Laden von SSH-2-Schlüsseln werden nun deren Kommentare beibehalten. Diese Funktion geht auf einen fast neun Jahre alten Bugreport zurück.
Über die Konfigurationsdatei können Domains von einem Hostabgleich ausgeschlossen werden. Ab sofort kann auch die GSSAPI-Authentifizierung genutzt werden, um serverseitige Authentifizierungsfehler aufzuspüren. Diese Fehler werden dann nicht zu den maximalen Authentifizierungsversuchen hinzugezählt. Neben kleineren Fehlern behob das Entwicklerteam ebenfalls Bugs der portierbaren Version, die im Zusammenhang mit SELinux auftraten.
Eine komplette Liste der Änderungen findet sich in den Release-Notes (http://www.openssh.com/txt/release-5.9). Der Quelltext der Werkzeugsammlung steht auf der Webseite des Projekts (http://openssh.org/) für verschiedene freie Betriebssysteme zum Download zur Verfügung.
Quelle : www.golem.de
-
Latest Changes
- Ctrl+Tab and Ctrl+Shift+Tab switch between tabs
- Automatically detects installed PuTTY
- Automatically imports all PuTTY sessions into the tree
- Added option to replicate PuTTY titles as tab names
- Extended toolbar to connect any server without navigating in the tree
- The program strictly respects all CRLFs in the scripts. If you forget to add a closing CRLF in the script, Enter key will not be sent to PuTTY
- Basic KiTTY support added - you can specify kitty.exe instead of putty.exe, but it doesn't import KiTTY sessions
- Fixed lost focus issue when you switch back into MTPuTTY using Alt+Tab
- Added option to close tab if the session terminated normally
- Added option to leave PuTTY window if the session terminated unexpectedly
- Added hotkey to show/hide tree
- Send Script dialog now saves state of the checkboxes
- Password via command line (-pw) did not work. Fixed
http://www.ttyplus.com/multi-tabbed-putty/
-
Latest Changes
You can now create folders in the tree.
You can now sort items in the tree.
Hide toolbar command added.
Added hotkey (Ctrl + ~) to switch focus between the application and PuTTY.
MTPuTTY now saves and restores its position.
Fixed some minor bugs.
http://www.ttyplus.com/multi-tabbed-putty/
-
Latest Changes
- PuTTY 0.61 compatibility
http://www.ttyplus.com/multi-tabbed-putty/
-
Whats new: >>
Security fix: PuTTY no longer retains passwords in memory by mistake.
Bug fix: Pageant now talks to both new-style clients (0.61 and above) and old-style (0.60 and below).
Bug fix: PuTTY no longer prints a spurious "Access denied" message when GSSAPI authentication fails.
Bug fix: PSCP and PSFTP now honour nonstandard port numbers in SSH saved sessions.
Bug fix: Pageant no longer leaks a file handle when an authentication fails.
Bug fix: PuTTYtel no longer crashes when saving a session.
Bug fix: PuTTY now draws underlines under the underlined text instead of sometimes putting them somewhere off to the right.
Bug fix: PuTTY now should not draw VT100 line drawing characters at the wrong vertical offset.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Latest Changes
- Tiling. Putty tabs can be dragged and docked as tiles
- Full KiTTY support
- Putty System menu popups on right click on a tab
- MTPuTTY now remembers folder expand/collapse state
- MTPuTTY now remembers location of Server tree
- Optional confirmation on quit
http://www.ttyplus.com/multi-tabbed-putty/
-
Changes include:
Pkcs11 support built into the Windows version
Fixed a bug in the Windows TAP-driver
Download : http://swupdate.openvpn.net/community/releases/openvpn-2.2.2-install.exe
https://www.openvpn.net/
-
What's new: >>
* "Visual bell" option combined to a system tray session, implies the session icon will flash on BELL caracter reception
* with SSH sessions, automatic commands are sent after the connection is completely established
* by default the codivimus pacth (background image) is disabled
* in portable mode it is now possible to disable automatique sessions filter into the configuration box
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
What's new: >>
KiTTY 0.62.1.1
First update to merge the PuTTY 0.62 version
PuTTY 0.62 beta
Security fix: PuTTY no longer retains passwords in memory by mistake.
Bug fix: Pageant now talks to both new-style clients (0.61 and above) and old-style (0.60 and below).
Bug fix: PuTTY no longer prints a spurious "Access denied" message when GSSAPI authentication fails.
Bug fix: PSCP and PSFTP now honour nonstandard port numbers in SSH saved sessions.
Bug fix: Pageant no longer leaks a file handle when an authentication fails.
Bug fix: PuTTYtel no longer crashes when saving a session.
Bug fix: PuTTY now draws underlines under the underlined text instead of sometimes putting them somewhere off to the right.
Bug fix: PuTTY now should not draw VT100 line drawing characters at the wrong vertical offset.
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Latest Changes
- Docking and tiling of tabs is totally redesigned. Now it looks and behaves much better
- Portable mode. You may copy mtptutty.exe and mtputty.xml to a flash drive
- MTPuTTY now remembers logins, passwords and scripts in Putty Sessions folder
- Save/load script command added
- Setial connections are listed under Putty sessions
- WinMenu key popups Putty System menu
http://www.ttyplus.com/multi-tabbed-putty/
-
Latest Changes
- Attach command added to attach "orphan" PuTTY sessions
- Connect to command added to connect to any server (not listed in the tree)
- Fixed compatibility with Putty 0.60 and below. However version 0.61+ is recommended
- Minor bugs fixed
http://www.ttyplus.com/multi-tabbed-putty/
-
What's new: >>
From now the ZModem patch is removed by default. It was the cause for an issue while using X11 forwarding feature. A specific version is created.
New option "Put window on foreground on bell"
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(http://images.six.betanews.com/screenshots/scaled/1314194663-1.jpg)
MTPuTTY (Multi-tabbed PuTTY) helps you to manage different PuTTY connections in one tabbed GUI interface. Every PuTTY connection runs in a separate tab and you can switch between PuTTYs as easy as you switch between opened pages in web browsers. When you need, you can detach PuTTY window from tab and convert it back into normal PuTTY application.
Freeware
Latest Changes
- Added option to hide start page
- You can now duplicate servers/sessions (mouse + Ctrl key)
- Added commands to import and export tree
- Option to hide main menu added
- You can now rename tabs
- Added option to not show close buttons on tabs (use middle button to close)
http://www.ttyplus.com/multi-tabbed-putty/
-
(http://images.six.betanews.com/screenshots/scaled/1314194663-1.jpg)
MTPuTTY (Multi-tabbed PuTTY) helps you to manage different PuTTY connections in one tabbed GUI interface. Every PuTTY connection runs in a separate tab and you can switch between PuTTYs as easy as you switch between opened pages in web browsers. When you need, you can detach PuTTY window from tab and convert it back into normal PuTTY application.
Freeware
Latest Changes
- Now you can remap hotkeys
- Copy/paste servers added
- Added serial connections
- Added command to duplicate session
- Several minor improvements
- Several minor bugs fixed
http://www.ttyplus.com/multi-tabbed-putty/
-
(http://www.portablefreeware.com/screenshots/scrEDsCsa.gif)
KiTTY is a Telnet, SSH, and Rlogin client forked from PuTTY. In addition to adding portability, it supports many new features, including session filters, automatic login, session icon, transparency, roll-up, etc.
What's new: >>
Username saving while keyboard input in SSH protocol
New option UserPassSSHNoSave to avoid username and password saving during SSH authentication
New option WinSCPProtocol to choose the protocol for WinSCP (scp, ftp, sftp)
New menu item Refresh in launcher
New button Clear intto the config box to clear the Saved Sessions field
Saved Sessions list refreshed when session is deleted
New patterns %f et %t to print milliseconds and tabulation in log files timestamping
Bug fix in portable mode on sessions filters from new session menu item
Minor bugs fixed
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(http://images.six.betanews.com/screenshots/scaled/1254096102-1.jpg)
AutoPuTTY is a simple connection manager / launcher - It's written in C# so you'll need Microsoft .NET Framework Version 2.0. Manage a server list and connect thru PuTTY, WinSCP, Microsoft Terminal Server and VNC (only VNC 3.3 encryption is supported for passwords yet); Connect to multiple servers at once using the "Enter" key or the right click menu; Import a list from a simple text file; and Protect the application startup with a password (note that the list is always encrypted).
Freeware
Latest Changes
- Fixed a bug when server name had a space at the beginning or end
- Added environment variable expansion for utilities paths
- Added "Multiple monitors" option for RDP
- Added sort of documentation in readme.txt, no really ..?
http://www.r4dius.net/autoputty
-
Whats new: >>
Fix parameter type for IP_TOS setsockopt on non-Linux systems.
Fix client crash on double PUSH_REPLY.
https://www.openvpn.net/
-
(http://www.portablefreeware.com/screenshots/scrEDsCsa.gif)
KiTTY is a Telnet, SSH, and Rlogin client forked from PuTTY. In addition to adding portability, it supports many new features, including session filters, automatic login, session icon, transparency, roll-up, etc.
What's new: >>
A new timer in the log rotation managment
A new start button in the config box (the box is not closed anymore)
If the SSH session is broken, CTRL+SHIFT+left button is used to restart it
In the Launcher there no "Default Settings" session anymore
New right button menu in the Launcher
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(http://images.six.betanews.com/screenshots/scaled/1357814984-1.jpg)
SmarTTY is an SSH client for Windows that supports multiple tabs, transferring files and entire directories via SCP and on-the-fly tar, automatic public key authentication setup, seamless X11 forwarding any many more features.
Freeware
http://smartty.sysprogs.com/
-
Changelog : >>
Arne Schwabe (4):
Remove dead code path and putenv functionality
Remove unused function xor
Move static prototype definition from header into c file
Remove unused function no_tap_ifconfig
Christian Hesse (1):
fix build with automake 1.13(.1)
Christian Niessner (1):
Fix corner case in NTLM authentication (trac #172)
Gert Doering (6):
Update README.IPv6 to match what is in 2.3.0
Repair "tcp server queue overflow" brokenness, more <stdbool.h> fallout.
Permit pool size of /64.../112 for ifconfig-ipv6-pool
Add MIN() compatibility macro
Fix directly connected routes for "topology subnet" on Solaris.
Preparing for v2.3.1 (ChangeLog, version.m4)
Heiko Hund (5):
close more file descriptors on exec
Ignore UTF-8 byte order mark
reintroduce --no-name-remapping option
make --tls-remote compatible with pre 2.3 configs
add new option for X.509 name verification
Jan Just Keijser (1):
man page patch for missing options
Josh Cepek (2):
Fix parameter listing in non-debug builds at verb 4
(updated) [PATCH] Warn when using verb levels >=7 without debug
Matthias Andree (1):
Enable TCP_NODELAY configuration on FreeBSD.
Samuli Seppänen (4):
Removed ChangeLog.IPv6
Added cross-compilation information INSTALL-win32.txt
Updated README
Cleaned up and updated INSTALL
Steffan Karger (7):
PolarSSL-1.2 support
Improve PolarSSL key_state_read_{cipher, plain}text messages
Improve verify_callback messages
Config compatibility patch. Added translate_cipher_name.
Switch to IANA names for TLS ciphers.
Fixed autoconf script to properly detect missing pkcs11 with polarssl.
Use constant time memcmp when comparing HMACs in openvpn_decrypt.
https://www.openvpn.net/
-
What's new: >>
* Bug with absolute name in log file
* Bug with restore item menu in systray
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(http://www.heise.de/software/screenshots/77652.jpg)
SSH-Server für Windows-Systeme
kostenlos (für privaten Gebrauch)
http://mobassh.mobatek.net/
-
(http://securityxploded.com/images/sslcertstoreviewer_report.jpg)
SSLCertStoreViewer is the free Tool to view all the installed SSL certificates from your local system store.
Currently it can automatically scan and display Certificates from following type of stores,
CA Certificate Store
Private Certificate Store
Root Certificate Store
Software Publisher Certificate Store
For each discovered SSL certificate it displays following information
Certificate Store
Certificate Subject Name
Certificate Issuer Name
Issue Date
Expiry Date
It also checks if any of the certificate is expired. If so then it will be displayed in RED color.
Freeware
http://securityxploded.com/ssl-certificate-store-viewer.php
-
What's new: >>
* New feature: "Maximize on startup"
* Bug fix in portable mode: "folder" setting remained unchanged even if the session settings file was moved with windows explorer
* Bug fix in registry mode: "folder" setting could not be changed
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(http://u.jimdo.com/www9/o/se8088a344be15e14/img/i6ca3206d4746c46a/1312190830/thumb/image.jpg)
SilverSHielD, a tiny SSH and SFTP server for Windows. It features SSH2 password-based, interactive and public-key authentication methods and fully supports forwarding and sftp subsystem, along with state-of-the-art virtual folders management. Yet its management console makes it extremely easy to configure and deploy, both locally and remotely.
Features:
Secure Shell/Command (SSH2)
Forwarding
SFTP (supports files larger than 4 GB!)
Compression (Zlib)
Powerful script-based event handling subsystem, with support for 4 major scripting languages (NEW!)
http://www.k2sxs.com/
-
Whats new: >>
Arne Schwabe (3):
Only print script warnings when a script is used. Remove stray mention of script-security system.
Move settings of user script into set_user_script function
Move checking of script file access into set_user_script
Davide Brini (1):
Provide more accurate warning message
Gert Doering (3):
Fix NULL-pointer crash in route_list_add_vpn_gateway().
Fix problem with UDP tunneling due to mishandled pktinfo structures.
Preparing for v2.3.2 (ChangeLog, version.m4)
James Yonan (1):
Always push basic set of peer info values to server.
Jan Just Keijser (1):
make 'explicit-exit-notify' pullable again
Josh Cepek (2):
Fix proto tcp6 for server & non-P2MP modes
Fix Windows script execution when called from script hooks
Steffan Karger (2):
Fixed tls-cipher translation bug in openssl-build
Fixed usage of stale define USE_SSL to ENABLE_SSL
svimik (1):
Fix segfault when enabling pf plug-ins
http://openvpn.net/
-
(http://u.jimdo.com/www9/o/se8088a344be15e14/img/i6ca3206d4746c46a/1312190830/thumb/image.jpg)
SilverSHielD, a tiny SSH and SFTP server for Windows. It features SSH2 password-based, interactive and public-key authentication methods and fully supports forwarding and sftp subsystem, along with state-of-the-art virtual folders management. Yet its management console makes it extremely easy to configure and deploy, both locally and remotely.
Features:
Secure Shell/Command (SSH2)
Forwarding
SFTP (supports files larger than 4 GB!)
Compression (Zlib)
Powerful script-based event handling subsystem, with support for 4 major scripting languages (NEW!)
Whats new: >>
Ein Changelog liegt z.Z. nicht vor ...
http://www.k2sxs.com/
-
(https://superputty.googlecode.com/svn/wiki/superputty2.png)
SuperPuTTY is a handy and useful GUI software that enables the PuTTY SSH Client to be opened in multiple tabs.
Additionally, the software offers SCP to help you transfer files. It is can be used for both terminal sessions and file transfers both utilizing the secure SSH protocol.
License : MIT License
Whats new: >>
· New File Transfer implementation
· Hide search (Added option to hide)
· multi-second lag when right clicking on connection tab (Added option to disable menu; add suspend/resume layout)
· Unable to do ctrl-c from 'command' window (Added support for sending ctrl-c/ctrl-l, etc.)
· Auto-hide Main Menu (Merged in patch)
https://code.google.com/p/superputty/
-
Whats new: >>
Security fix: prevent a nefarious SSH server or network attacker from crashing PuTTY at startup in three different ways by presenting a maliciously constructed public key and signature.
Security fix: PuTTY no longer retains the private half of users' keys in memory by mistake after authenticating with them.
Revamped the internal configuration storage system to remove all fixed arbitrary limits on string lengths. In particular, there should now no longer be an unreasonably small limit on the number of port forwardings PuTTY can store.
Port-forwarded TCP connections which close one direction before the other should now be reliably supported, with EOF propagated independently in the two directions. This also fixes some instances of port-forwarding data corruption (if the corruption consisted of losing data from the very end of the connection) and some instances of PuTTY failing to close when the session is over (because it wrongly thought a forwarding channel was still active when it was not).
The terminal emulation now supports xterm's bracketed paste mode (allowing aware applications to tell the difference between typed and pasted text, so that e.g. editors need not apply inappropriate auto-indent).
You can now choose to display bold text by both brightening the foreground colour and changing the font, not just one or the other.
PuTTYgen will now never generate a 2047-bit key when asked for 2048 (or more generally n−1 bits when asked for n).
Some updates to default settings: PuTTYgen now generates 2048-bit keys by default (rather than 1024), and PuTTY defaults to UTF-8 encoding and 2000 lines of scrollback (rather than ISO 8859-1 and 200).
Unix: PSCP and PSFTP now preserve the Unix file permissions, on copies in both directions.
Unix: dead keys and compose-character sequences are now supported.
Unix: PuTTY and pterm now permit font fallback (where glyphs not present in your selected font are automatically filled in from other fonts on the system) even if you are using a server-side X11 font rather than a Pango client-side one.
Bug fixes too numerous to list, mostly resulting from running the code through Coverity Scan which spotted an assortment of memory and resource leaks, logic errors, and crashes in various circumstances.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://www.heise.de/software/screenshots/t98024.jpg)
Grafische Oberfläche für OpenVPN mit vielen Konfigurationsmöglichkeiten wie Remote-Access, Site-to-Site-VPN, und WiFi; fügt ein Icon in den Infobereich der Taskleiste.
Lizenz: Open Source
http://openvpn.se/
-
(http://securityxploded.com/images/sslcertscanner_mainscreen.jpg)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet.
It can greatly help you to track expired/rogue certificate on your SSL servers. You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate.
On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it. SSLCertScanner is completely portable tool which also comes with Installer to support local installation & uninstallation. It works on wide range of platforms starting from Windows XP to latest operating system Windows 8.
Freeware
Whats new: >>
Generate SSL Certificate Scanner Report in XML and TEXT format (in addition to HTML)
http://securityxploded.com/sslcertscanner.php
-
What's new: >>
* in classic mode session name now bracket [...].
* new option "Full screen on startup" (in Window/Behavior panel).
* new transparency managment (Window/Background panel). Don't forget transparency is disabled by default.
* new icon for KiTTY session launcher
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(http://u.jimdo.com/www9/o/se8088a344be15e14/img/i6ca3206d4746c46a/1312190830/thumb/image.jpg)
SilverSHielD, a tiny SSH and SFTP server for Windows. It features SSH2 password-based, interactive and public-key authentication methods and fully supports forwarding and sftp subsystem, along with state-of-the-art virtual folders management. Yet its management console makes it extremely easy to configure and deploy, both locally and remotely.
Features:
Secure Shell/Command (SSH2)
Forwarding
SFTP (supports files larger than 4 GB!)
Compression (Zlib)
Powerful script-based event handling subsystem, with support for 4 major scripting languages (NEW!)
Whats new: >>
· Fixed: the command-line interface (CLI) not properly sets the %ERRORLEVEL% in batch scripts
http://www.k2sxs.com/
-
What's new: >>
· complete rewrite of the auto-command feature
· improvment of the sessions filter in the config box of the portable mode (with many saved sessions the filter was very slow)
· bug: fix in the command-line cygterm feature, the auto-command (last parameter) did not work
· bug: in some configurations, saved password feature made KiTTY crash
· bug: folders filter did not work where folder name cointains a slash character
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
What's new: >>
· the logon script size was static (the buffer size was 4096). It is dynamic, now
· the transparency setting panel was available even when the transparency option was off
· the KEYMAPPINGPORT patch (https://github.com/troydm/putty-modified) is included
· at automatic telnet connection, the login was sent twice
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new: >>
Improved: added consistency check to the child-thread exit routine
6.0.21.121:
Improved: the upgrade process now correctly imports damaged old configuration files
http://www.k2sxs.com/
-
What's new: >>
* Add 64bits compatibility for the cygterm patch
* Add a new MouseShortcutsFlag option to disable mouse shortcuts
* Add a new AutoStoreSSHKeyFlag option (and a -auto_store_sshkey flag for klink) to auto save the server SSH keys
* Add the new version of regex library (memory leak issue with previous one)
* Fix the -cygterm command-line flag
* Fix a Zmodem patch issue
* Disable Hyperlink patch by default
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new: >>
Improved: management interface clarity over RDP connections
Fixed: bug in the memory management subsystem
http://www.k2sxs.com/
-
(https://puttytray.goeswhere.com/g/logo.png)
PuTTY is a free implementation of SSH and Telnet for both Win32 and Unix platforms, along with an xterm terminal emulator. PuTTY Tray is an improved version of PuTTY (Win32). It features some cosmetic changes, and a number of addons to make it more usefull and much more fun to use.
Freeware
Whats new: >>
Fixed:
Asserts while loading some keys!
Revert #88, which broke terminal titles for some people
Fiddled with default-settings-from-file(!)
Menu styling
Could generate illegal log paths
-title, -log, etc. from KiTTY
Can now be built with mingw
Missing tray icon after an Explorer crash
Can always restart session
Auto-reconnect in more cases
Paste delay
Crash with ssh-add --invalid
Can remove broken keys from pageant
Plus some fiddly code changes, as usual
https://puttytray.goeswhere.com/
-
What's new: >>
* Performance improvment in kitty.exe (patch https://svn.filezilla-project.org/filezilla?view=revision&revision=4863)
* Performance improvment in ksftp.exe (https://svn.filezilla-project.org/filezilla?view=revision&revision=4864)
* New feature: switch between KiTTY windows with CTRL+TAB
* New feature: the working directory, the config directory and the content of KITTY_PATH variable are appended to the PATH variable environment (used to search for third part softwares such as winscp.exe)
* New feature: search for the the configuration file in the KITTY_INI_FILE environment variable
* New patch integration: wincrypt (from https://code.google.com/p/puttywincrypt/) to work with certificate
* bug fix: window title should not be set to cfg.wintitle value when restoring from task bar
* hyperlink patch is converted from C++ to C
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new: >>
Fixed: minor bug in the Management Console user interface
http://www.extenua.com/k2sxs
-
Changes since OpenSSH 6.4
=========================
This is a feature-focused release.
New features:
* ssh(1), sshd(8): Add support for key exchange using elliptic-curve
Diffie Hellman in Daniel Bernstein's Curve25519. This key exchange
method is the default when both the client and server support it.
* ssh(1), sshd(8): Add support for Ed25519 as a public key type.
Ed25519 is a elliptic curve signature scheme that offers
better security than ECDSA and DSA and good performance. It may be
used for both user and host keys.
* Add a new private key format that uses a bcrypt KDF to better
protect keys at rest. This format is used unconditionally for
Ed25519 keys, but may be requested when generating or saving
existing keys of other types via the -o ssh-keygen(1) option.
We intend to make the new format the default in the near future.
Details of the new format are in the PROTOCOL.key file.
* ssh(1), sshd(8): Add a new transport cipher
"chacha20-poly1305@openssh.com" that combines Daniel Bernstein's
ChaCha20 stream cipher and Poly1305 MAC to build an authenticated
encryption mode. Details are in the PROTOCOL.chacha20poly1305 file.
* ssh(1), sshd(8): Refuse RSA keys from old proprietary clients and
servers that use the obsolete RSA+MD5 signature scheme. It will
still be possible to connect with these clients/servers but only
DSA keys will be accepted, and OpenSSH will refuse connection
entirely in a future release.
* ssh(1), sshd(8): Refuse old proprietary clients and servers that
use a weaker key exchange hash calculation.
* ssh(1): Increase the size of the Diffie-Hellman groups requested
for each symmetric key size. New values from NIST Special
Publication 800-57 with the upper limit specified by RFC4419.
* ssh(1), ssh-agent(1): Support PKCS#11 tokens that only provide
X.509 certs instead of raw public keys (requested as bz#1908).
* ssh(1): Add a ssh_config(5) "Match" keyword that allows
conditional configuration to be applied by matching on hostname,
user and result of arbitrary commands.
* ssh(1): Add support for client-side hostname canonicalisation
using a set of DNS suffixes and rules in ssh_config(5). This
allows unqualified names to be canonicalised to fully-qualified
domain names to eliminate ambiguity when looking up keys in
known_hosts or checking host certificate names.
* sftp-server(8): Add the ability to whitelist and/or blacklist sftp
protocol requests by name.
* sftp-server(8): Add a sftp "fsync@openssh.com" to support calling
fsync(2) on an open file handle.
* sshd(8): Add a ssh_config(5) PermitTTY to disallow TTY allocation,
mirroring the longstanding no-pty authorized_keys option.
* ssh(1): Add a ssh_config ProxyUseFDPass option that supports the
use of ProxyCommands that establish a connection and then pass a
connected file descriptor back to ssh(1). This allows the
ProxyCommand to exit rather than staying around to transfer data.
Bugfixes:
* ssh(1), sshd(8): Fix potential stack exhaustion caused by nested
certificates.
* ssh(1): bz#1211: make BindAddress work with UsePrivilegedPort.
* sftp(1): bz#2137: fix the progress meter for resumed transfer.
* ssh-add(1): bz#2187: do not request smartcard PIN when removing
keys from ssh-agent.
* sshd(8): bz#2139: fix re-exec fallback when original sshd binary
cannot be executed.
* ssh-keygen(1): Make relative-specified certificate expiry times
relative to current time and not the validity start time.
* sshd(8): bz#2161: fix AuthorizedKeysCommand inside a Match block.
* sftp(1): bz#2129: symlinking a file would incorrectly canonicalise
the target path.
* ssh-agent(1): bz#2175: fix a use-after-free in the PKCS#11 agent
helper executable.
* sshd(8): Improve logging of sessions to include the user name,
remote host and port, the session type (shell, command, etc.) and
allocated TTY (if any).
* sshd(8): bz#1297: tell the client (via a debug message) when
their preferred listen address has been overridden by the
server's GatewayPorts setting.
* sshd(8): bz#2162: include report port in bad protocol banner
message.
* sftp(1): bz#2163: fix memory leak in error path in do_readdir().
* sftp(1): bz#2171: don't leak file descriptor on error.
* sshd(8): Include the local address and port in "Connection from
..." message (only shown at loglevel>=verbose).
Portable OpenSSH:
* Please note that this is the last version of Portable OpenSSH that
will support versions of OpenSSL prior to 0.9.6. Support (i.e.
SSH_OLD_EVP) will be removed following the 6.5p1 release.
* Portable OpenSSH will attempt compile and link as a Position
Independent Executable on Linux, OS X and OpenBSD on recent gcc-
like compilers. Other platforms and older/other compilers may
request this using the --with-pie configure flag.
* A number of other toolchain-related hardening options are used
automatically if available, including -ftrapv to abort on signed
integer overflow and options to write-protect dynamic linking
information. The use of these options may be disabled using the
--without-hardening configure flag.
* If the toolchain supports it, one of the -fstack-protector-strong,
-fstack-protector-all or -fstack-protector compilation flag are
used to add guards to mitigate attacks based on stack overflows.
The use of these options may be disabled using the
--without-stackprotect configure option.
* sshd(8): Add support for pre-authentication sandboxing using the
Capsicum API introduced in FreeBSD 10.
* Switch to a ChaCha20-based arc4random() PRNG for platforms that do
not provide their own.
* sshd(8): bz#2156: restore Linux oom_adj setting when handling
SIGHUP to maintain behaviour over retart.
* sshd(8): bz#2032: use local username in krb5_kuserok check rather
than full client name which may be of form user@REALM.
* ssh(1), sshd(8): Test for both the presence of ECC NID numbers in
OpenSSL and that they actually work. Fedora (at least) has
NID_secp521r1 that doesn't work.
* bz#2173: use pkg-config --libs to include correct -L location for
libedit.
Checksums:
==========
- SHA1 (openssh-6.5.tar.gz) = 0a375e20d895670489a9241f8faa57670214fbed
- SHA256 (openssh-6.5.tar.gz) = sK5q2rB0o5JCbEmbeE/6N9DtJkT81dwmeuhogT4i900=
- SHA1 (openssh-6.5p1.tar.gz) = 3363a72b4fee91b29cf2024ff633c17f6cd2f86d
- SHA256 (openssh-6.5p1.tar.gz) = oRle1V25RSUtWhcw1KKipcHJpqoB7y5a91CpYmI9kCc=
Please note that the PGP key used to sign releases has been rotated.
The new key has been signed by the old key to provide continuity. It
is available from the mirror sites as RELEASE_KEY.asc.
Reporting Bugs:
===============
- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.
http://www.openssh.org/
-
Whats new: >>
Fixed: bug in the Unix Time encoding function
Critical update: fixes a bug that broke compatibility with CoreFTP and the JSCH library
http://www.extenua.com/k2sxs
-
(http://images.six.betanews.com/screenshots/scaled/1226525565-1.jpg)
MyEnTunnel is a simple system tray application that establishes and maintains TCP SSH tunnels. It does this by launching Plink (PuTTY Link) in the background and then monitors the process. If the Plink process dies (e.g. connection drops, server restarts or otherwise becomes unreachable) MyEnTunnel will automatically restart Plink to reestablish the tunnels in the background. It tries to use as little CPU and system resources as possible when monitoring.
Optionally, MyEnTunnel can actively monitor the connection by creating looped tunnels (either a looped remote/local tunnel pair or a single local tunnel to the ssh servers echo service) and periodically send pings. If too many consecutive pings are lost it will restart the connection.
Since it uses Plink, you can use utilities such as Pageant (a SSH authentication agent for PuTTY, PSCP and Plink) and PuTTYgen (a RSA and DSA key generation utility), as well as named PuTTY sessions. All of the networking and encryption is done by plink.exe; not by MyEnTunnel.
Freeware
Latest Changes
- Version 3.6.0 is a unicode rewrite of version 3.4.2.1
- GUI now supports dynamic languages
- Made some additional translations using Google Translate
- (However, the phrasing may not be correct or even make sense in other languages
- But hopefully it will convey the gist. And maybe a chuckle.)
- Now including both 32 and 64 bit builds
- Switched to INNO setup to create a multilingual installer
- The INNO installer will automatically install the 32 or 64 bit version based on the OS
- Note:
- If you're on a 64 bit system and want to make a portable install please use the 32 bit version
- You'll need to manually extract it from the installer
- See: innounp available at http://innounp.sourceforge.net/
- The plink monitoring routine has been placed in it's own thread
- The "Slow Poll" option has been removed as the application thread no longer blocks waiting on aitForSingleObject to return
- Updated bundled plink.exe to version Beta 0.63
- Added GUI fields for to pass additional command line arguments to plink
- Removed NT service as it requires rewriting for Windows 7/Vista
- Added two methods of detecting dead SSH connections after taking a look at autossh for unix. (Thanks for the ideas!)
- A remote and local tunnel pair to create a "looped back" connection
- Or a single tunnel to the servers Echo service
- The Echo service method uses less resources and should be used if available on the ssh server
- The default ping time is 10 seconds
- Three (3) pings must be missed to trigger a reconnect
- The round trip time (rtt) calculations are based on GetTickCount
- Both loopback and echo service pinging methods are on separate threads
- MyEnTunnel now has the RUNASADMIN flag in AppCompatFlags registry section
- The form will now minimize to the system tray instead of closing when clicking the Windows close button on the title bar
- Please use the right click menu option "Exit" to close the application
- Added popup menu on right click to the row of buttons on the bottom and main form body
- Local and Remote tunnels will ignore blanks and commented hash (#) lines
- GUI window can be resized at runtime
- Additional GUI changes, tweaks and internal clean ups
- The system tray icons have been slightly modified to help those who are color blind
- They will now be "unlocked" when red or yellow and "locked" when green
http://nemesis2.qx.net/software-myentunnel.php
-
Latest Changes
- Fixes a bug when the login fails. (MyEnTunnel would assume it was logged in when it wasn't.)
http://nemesis2.qx.net/software-myentunnel.php
-
Whats new: >>
Redesigned socket thread-pool: it's now faster and uses less memory (RAM)
http://www.extenua.com/k2sxs
-
This is primarily a bugfix release.
Security:
* sshd(8): when using environment passing with a sshd_config(5)
AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could be
tricked into accepting any enviornment variable that contains the
characters before the wildcard character.
New / changed features:
* ssh(1), sshd(8): this release removes the J-PAKE authentication code.
This code was experimental, never enabled and had been unmaintained
for some time.
* ssh(1): when processing Match blocks, skip 'exec' clauses other clauses
predicates failed to match.
* ssh(1): if hostname canonicalisation is enabled and results in the
destination hostname being changed, then re-parse ssh_config(5) files
using the new destination hostname. This gives 'Host' and 'Match'
directives that use the expanded hostname a chance to be applied.
Bugfixes:
* ssh(1): avoid spurious "getsockname failed: Bad file descriptor" in
ssh -W. bz#2200, debian#738692
* sshd(8): allow the shutdown(2) syscall in seccomp-bpf and systrace
sandbox modes, as it is reachable if the connection is terminated
during the pre-auth phase.
* ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1 bignum
parsing. Minimum key length checks render this bug unexploitable to
compromise SSH 1 sessions.
* sshd_config(5): clarify behaviour of a keyword that appears in
multiple matching Match blocks. bz#2184
* ssh(1): avoid unnecessary hostname lookups when canonicalisation is
disabled. bz#2205
* sshd(8): avoid sandbox violation crashes in GSSAPI code by caching
the supported list of GSSAPI mechanism OIDs before entering the
sandbox. bz#2107
* ssh(1): fix possible crashes in SOCKS4 parsing caused by assumption
that the SOCKS username is nul-terminated.
* ssh(1): fix regression for UsePrivilegedPort=yes when BindAddress is
not specified.
* ssh(1), sshd(8): fix memory leak in ECDSA signature verification.
* ssh(1): fix matching of 'Host' directives in ssh_config(5) files
to be case-insensitive again (regression in 6.5).
Portable OpenSSH:
* sshd(8): don't fatal if the FreeBSD Capsicum is offered by the
system headers and libc but is not supported by the kernel.
* Fix build using the HP-UX compiler.
http://www.openssh.org/
-
What's new: >>
Parts of the TuTTY patch is added
you can now disable maximize, minimize and close button from system menu
you can now select a different font for underline characters, and mouse selected characters
A new comment field is added
New mecanism for login script feature: the file content is loaded when the session is saved. The original file can now be deleted
Bug fixe: the window in the task bar did not flash when receiving a BELL code
New 0.63 big bang bug fix: key authentication without running agent did not work
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(http://www.heise.de/imagine/swvz-programme/akZDnEQqswdlmPjYlGVxW7LdoFM/thumbnail/stunnel.jpg)
Ermöglicht es normalerweise unverschlüsselte Dienste wie POP3, IMAP und SMTP mittels SSL zu schützen.
Freeware
Whats new: >>
Security bugfixes:
Added PRNG state update in fork threading (CVE-2014-0016)
New global configuration file defaults:
Default "fips" option value is now "no", as FIPS mode is only helpful for compliance, and never for actual security
Default "pid" is now "", i.e. not to create a pid file at startup
New service-level configuration file defaults:
Default "ciphers" updated to "HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2" due to AlFBPPS attack and bad performance of DH ciphersuites
Default "libwrap" setting is now "no" to improve performance
New features:
OpenSSL DLLs updated to version 1.0.1f
zlib DLL updated to version 1.2.8
autoconf scripts upgraded to version 2.69
TLS 1.1 and TLS 1.2 are now allowed in the FIPS mode
New service-level option "redirect" to redirect SSL client connections on authentication failures instead of rejecting them
New global "engineDefault" configuration file option to control which OpenSSL tasks are delegated to the current engine. Available tasks: ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS, DIGESTS, PKEY, PKEY_CRYPTO, PKEY_ASN1
New service-level configuration file option "engineId" to select the engine by identifier, e.g. "engineId = capi"
New global configuration file option "log" to control whether to append (the default), or to overwrite log file while (re)opening
Different taskbar icon colors to indicate the service state
New global configuration file options "iconIdle", "iconActive", and "iconError" to select status icon on GUI taskbar
Removed the limit of 63 stunnel.conf sections on Win32 platform
Installation of a sample certificate was moved to a separate "cert" target in order to allow unattended (e.g. scripted) installations
Reduced length of the logged thread identifier. It is still based on the OS thread ID, and thus not unique over long periods of time
Improved readability of error messages printed when stunnel refuses to start due to a critical error
Bugfixes:
LD_PRELOAD Solaris compatibility bug fixed (thx to Norm Jacobs)
CRYPTO_NUM_LOCKS replaced with CRYPTO_num_locks() to improve binary compatibility with diverse builds of OpenSSL (thx to Norm Jacobs)
Corrected round-robin failover behavior under heavy load
Numerous fixes in the engine support code
On Win32 platform .rnd file moved from c:\ to the stunnel folder
https://www.stunnel.org/index.html
-
Whats new: >>
Fixed a minor bug in the incoming connection acceptance loop
http://www.extenua.com/silvershield
-
Whats new: >>
pkcs11: use generic evp key instead of rsa
Add support of utun devices under Mac OS X
Add support to ignore specific options.
Add a note what setenv opt does for OpenVPN < 2.3.3
Add reporting of UI version to basic push-peer-info set.
Fix compile error in ssl_openssl introduced by polar external-management patch
Fix assertion when SIGUSR1 is received while getaddrinfo is successful
Add warning for using connection block variables after connection blocks
Introduce safety check for http proxy options
man page: Update man page about the tls_digest_{n} environment variable
Remove the --disable-eurephia configure option
plugin: Extend the plug-in v3 API to identify the SSL implementation used
autoconf: Fix typo
Fix file checks when --chroot is being used
Document authfile for socks server
Fix IPv6 examples in t_client.rc-sample
Fix slow memory drain on each client renegotiation.
t_client.sh: ignore fields from "ip -6 route show" output that distort results.
Make code and documentation for --remote-random-hostname consistent.
Reduce IV_OPENVPN_GUI_VERSION= to IV_GUI_VER=
Document issue with --chroot, /dev/urandom and PolarSSL.
Rename 'struct route' to 'struct route_ipv4'
Replace copied structure elements with including
Workaround missing SSL_OP_NO_TICKET in earlier OpenSSL versions
Always load intermediate certificates from a PKCS#12 file
Support non-ASCII TAP adapter names on Windows
Support non-ASCII characters in Windows tmp path
TLS version negotiation
Added "setenv opt" directive prefix.
Set SSL_OP_NO_TICKET flag in SSL context for OpenSSL builds, to disable TLS stateless session resumption.
Fix spurious ignoring of pushed config options (trac#349).
Refactor tls_ctx_use_external_private_key()
--management-external-key for PolarSSL
external_pkcs1_sign: Support non-RSA_SIG_RAW hash_ids
Correct error text when no Windows TAP device is present
Require a 1.2.x PolarSSL version
tls_ctx_load_ca: Improve certificate error messages
Remove duplicate cipher entries from TLS translation table.
Fix configure interaction with static OpenSSL libraries
Do not pass struct tls_session* as void* in key_state_ssl_init().
Require polarssl >= 1.2.10 for polarssl-builds, which fixes CVE-2013-5915.
Use RSA_generate_key_ex() instead of deprecated, RSA_generate_key()
Also update TLSv1_method() calls in support code to SSLv23_method() calls.
Update TLSv1 error messages to SSLv23 to reflect changes from commit 4b67f98
If --tls-cipher is supplied, make --show-tls parse the list.
Add openssl-specific common cipher list names to ssl.c.
Add support for client-cert-not-required for PolarSSL.
Fix "." in description of utun.
http://openvpn.net/
-
Whats new: >>
Fix man page and OSCP script: tls_serial_{n} is decimal
Fix is_ipv6 in case of tap interface.
IPv6 address/route delete fix for Win8
Add SSL library version reporting.
Minor t_client.sh cleanups
Repair --multihome on FreeBSD for IPv4 sockets.
Rewrite manpage section about --multihome
More IPv6-related updates to the openvpn man page.
Conditionalize calls to print_default_gateway on !ENABLE_SMALL
Use native strtoull() with MSVC 2013.
When tls-version-min is unspecified, revert to original versioning approach.
Change signedness of hash in x509_get_sha1_hash(), fixes compiler warning.
Fix OCSP_check.sh to also use decimal for stdout verification.
Fix build system to accept non-system crypto library locations for plugins.
Make serial env exporting consistent amongst OpenSSL and PolarSSL builds.
Fix SOCKSv5 method selection
Fix typo in sample build script to use LDFLAGS
http://openvpn.net/
-
What's new: >>
New feature: It is now possible to set a port knocking sequence in connection panel (tested with knockd)
New feature: Auto reconnection delay is now configurable
Bug fix: CTRL+LEFT and CTRL+RIGHT keyboard sequences did not work
Bug fix: Since the previous update, login script feature in portable mode did not work anymore
Bug fix: mouse scrolling with a huge value in "Lines of scrollback" causes a crash
Feature modification: new "port forwarding" information window
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(http://www.heise.de/software/screenshots/77652.jpg)
SSH-Server für Windows-Systeme
kostenlos (für privaten Gebrauch)
Whats new: >>
OpenSSL Heartbleed Bug correction
Advanced features for SSH server configuration and more
http://mobassh.mobatek.net/
-
(http://www.heise.de/imagine/swvz-programme/akZDnEQqswdlmPjYlGVxW7LdoFM/thumbnail/stunnel.jpg)
Ermöglicht es normalerweise unverschlüsselte Dienste wie POP3, IMAP und SMTP mittels SSL zu schützen.
Freeware
Whats new: >>
Security bugfixes
OpenSSL DLLs updated to version 1.0.1g. This version mitigates TLS heartbeat read overrun (CVE-2014-0160).
New features
X.509 extensions added to the created self-signed stunnel.pem.
"FIPS = no" also allowed in non-FIPS builds of stunnel.
Search all certificates with the same subject name for a matching public key rather than only the first one (thx to Leon Winter).
Create logs in the local application data folder if stunnel folder is not writable on Win32.
Bugfixes
close_notify not sent when SSL still has some data buffered.
Protocol negotiation with server-side SNI fixed.
A Mac OS X missing symbols fixed.
Win32 configuration file reload crash fixed.
Added s_pool_free() on exec+connect service retires.
Line-buffering enforced on stderr output.
https://www.stunnel.org/index.html
-
Whats new: >>
Security bugfixes:
OpenSSL DLLs updated to version 1.0.1h.
New features:
Major rewrite of the protocol.c interface: it is now possible to add protocol negotiations at multiple connection phases, protocols can individually decide whether the remote connection will be established before or after SSL/TLS is negotiated.
Heap memory blocks are wiped before release. This only works for block allocated by stunnel, and not by OpenSSL or other libraries.
The safe_memcmp() function implemented with execution time not dependent on the compared data.
Updated the stunnel.conf and stunnel.init templates.
Added a client-mode example to the manual.
Bugfixes:
Fixed "failover = rr" broken since version 5.00.
Fixed "taskbar = no" broken since version 5.00.
Compilation fix for missing SSL_OP_MSIE_SSLV2_RSA_PADDING option.
https://www.stunnel.org/index.html
-
What's new: >>
bug fix in Window/Appearance panel: Top et Left were pointing on the same value
bug fix in Window/Appearance panel: xpos and ypos initial values can be defined outside the main screen
bug fix in kageant: saved sessions menu was not available
and just for fun, a version with a football main icon
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(http://www.bitvise.com/files/tunnelier-sftp.png)
Bitvise SSH Client is a fast, easy to use and robust SSH client that offers flexible TCP/IP tunneling support. It incorporates an FTP-to-SFTP bridge which performs translation between the FTP and SFTP protocols, allowing any FTP client application to connect securely to an SFTP server through Bitvise SSH Client.
Freeware
Whats new: >>
In sftpc, the exit code would not be set properly after failed transfers. Fixed.
When the SSH Client is run for the first time after installation, it would be run under the installer's elevated security context. This could cause subtle discrepancies in behavior compared to when the client is run without elevation later. Fixed.
Since the new terminal client implementation introduced with version 4.60, the bvterm client would close with an exception if the server sent a particular rarely sent packet (BVT2_WRITEOUTPUTCHAR). Fixed.
http://www.bitvise.com/tunnelier
-
Whats new: >>
When creating remote directories and files, Bitvise SSH Client will no longer send a default set of POSIX permissions, instead letting the server choose appropriate POSIX permissions for the new directories and files
In sftpc, batch list and download operations, such as "get *.txt", would always return an unsuccessful exit code. Fixed
http://www.bitvise.com/tunnelier
-
(https://sites.google.com/site/macdsite/_/rsrc/1376686075580/utilidades/puttytabmanager/puttytm.png)
PuTTYTabManager is a handy application that allows you to run multiple PuTTY applications using a single GUI. The application support all the PuTTY protocols, such as SSH, Telnet, Rlogin and Raw.
The tab-based interface makes the application very easy to use, enabling you to manage multiple PuTTY sessions at the same time. Instead of opening multiple PuTTY windows, simply open PuTTYTabManager and initiate every session in a new tab.
Freeware
Whats new: >>
now: hides statusbar, toolbar & menubar
https://sites.google.com/site/macdsite/utilidades/puttytabmanager
-
Die OpenSSL-Entwickler beseitigen neun Sicherheitslücken, die meisten von Google-Forschern entdeckt. Allerdings ist diesmal nichts wirklich dramatisches dabei.
Insgesamt neun Sicherheitslücken sollen die soeben veröffentlichten OpenSSL-Versionen fixen. "Nichts so schlimmes wie die letzten Probleme" bilanziert Adam Langley, der den Crypto-Code in Googles Chrome verantwortet und selber vier davon entdeckt und bei OpenSSL gemeldet hat.
Offenbar hat Google seine Heartbleed-Lektion gelernt und investiert jetzt mehr Ressourcen in systematische Checks der Krypto-Bibliothek, die zukünftig auf allen Plattformen zum Einsatz kommen soll. Die beim Aufräumen im eigenen OpenSSL-Fork BoringSSL gefundenen Fehler melden Googles Security-Experten den Entwicklern des Originals. Allein bei sechs der neun aktuellen Bugs verweisen die OpenSSL-Entwickler auf Google als Entdecker.
Der ganze Artikel (http://www.heise.de/newsticker/meldung/OpenSSL-Updates-diesmal-nicht-ganz-so-schlimm-2288164.html)
Quelle : www.heise.de
-
(http://www.heise.de/imagine/swvz-programme/akZDnEQqswdlmPjYlGVxW7LdoFM/thumbnail/stunnel.jpg)
Ermöglicht es normalerweise unverschlüsselte Dienste wie POP3, IMAP und SMTP mittels SSL zu schützen.
Freeware
Whats new: >>
Security bugfixes:
OpenSSL DLLs updated to version 1.0.1i.
New features:
FIPS autoconfiguration cleanup.
FIPS canister updated to version 2.0.6.
Improved SNI diagnostic logging.
Bugfixes:
Compilation fixes for old versions of OpenSSL.
Fixed whitespace handling in the stunnel.init script.
https://www.stunnel.org/index.html
-
(http://www.bitvise.com/files/tunnelier-sftp.png)
Bitvise SSH Client is a fast, easy to use and robust SSH client that offers flexible TCP/IP tunneling support. It incorporates an FTP-to-SFTP bridge which performs translation between the FTP and SFTP protocols, allowing any FTP client application to connect securely to an SFTP server through Bitvise SSH Client.
Freeware
Whats new: >>
SFTP: When downloading, characters in the file name that are invalid on Windows will now be replaced with an underscore. Files whose name contains a colon (':') will no longer be downloaded to an alternate NTFS stream.
Remote Desktop: When using a custom Remote Desktop profile, prompting for credentials will now be properly disabled if "Use SSH login credentials" is checked.
Added support for UTF-8 and UTF-16 byte order markers when importing keys from textual files.
Fixed log message describing when reconnection attempt is scheduled.
Fixed issues with proxy support for outgoing connections when "Resolve DNS names locally" was enabled.
The SOCKS/HTTP proxy forwarding subsystem (dynamic tunneling) did not correctly handle IPv6 HTTP CONNECT request. Fixed.
Several warning messages related to port forwarding are now informational messages, to avoid unnecessary pop-ups from being displayed.
Graphical SFTP: Fixed an issue which prevented the "Target file already exists" dialog from opening when resuming is not available.
http://www.bitvise.com/tunnelier
-
What's new: >>
New feature: Password, now can be empty in SSH protocol.
New feature: Mouse events are disabled in protected mode (ctrl+F9).
New feature: New menu item "Export current settings" to save the running session settings into a .ktx file.
New feature: New "-kload" command-line option to load a session from a .ktx file.
New feature: New "-fileassoc" command-line option to associate .ktx files with KiTTY.
New feature: Password field are now encrypted in memory config structure.
Bug fixed: PSCP.exe path was not detected in portable mode (even if set in kitty.ini file).
Bug fixed: In background image patch, memory leak in strech function.
Bug fixed: Memory leak error in internal command feature.
Bug fixed: In hyperlink patch, user-made regex was not used, and replace by default one.
Bug fixed: HyperlinkRegularExpression setting was written twice in session file in portable mode.
Hyperlink patch is disabled by default (suspected memory leak into the external regex library).
... and back to the original icon.
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
What's new: >>
New option -kload is now available in plink.exe.
New default regex to try to avoid memory leak in hyperlink patch.
New pre-build binary without hyperlink patch.
"No ini file" message is now removed from klink.exe (portable mode).
Bug fix: password entred interactively was not saved into configuration settings structure.
Bug fix: -pass option did not work anymore (from 0.63.1.2 version).
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
New features
Support for local mode ("exec" option) on Win32.
Support for UTF-8 config file and log file.
Win32 UTF-16 build (thx to Pierre Delaage for support).
Support for Unicode file names on Win32.
A more explicit service description provided for the Windows SCM (thx to Pierre Delaage).
TCP/IP dependency added for NT service in order to prevent initialization failure at boot time.
FIPS canister updated to version 2.0.8 in the Win32 binary build.
Bugfixes
load_icon_default() modified to return copies of default icons instead of the original resources to prevent the resources from being destroyed.
Partially merged Windows CE patches (thx to Pierre Delaage).
Fixed typos in stunnel.init.in and vc.mak.
Fixed incorrect memory allocation statistics update in str_realloc().
Missing REMOTE_PORT environmental variable is provided to processes spawned with "exec" on Unix platforms.
Taskbar icon is no longer disabled for NT service.
Fixed taskbar icon initialization when commandline options are specified.
Reportedly more compatible values used for the dwDesiredAccess parameter of the CreateFile() function (thx to Pierre Delaage).
A number of minor Win32 GUI bugfixes and improvements.
https://www.stunnel.org/index.html
-
What's new: >>
New feature: jumplist managment in portable mode
Patch integration
Improvment: it is not possible to create a folder called "Default" anymore
Bug fix: forcer l'option -scp au lancement de la commande pscp (intégration avec scp)
Bug fix: anti-deconnection delay modifcation
Bug fix: the property Window/Colours/Indicate bolded text by changing was not saved
Bug fix: memory leak fix when closing configuration box in a running session
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Security bugfixes:
OpenSSL DLLs updated to version 1.0.1j.
The insecure SSLv2 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv2".
The insecure SSLv3 protocol is now disabled by default. It can be enabled with "options = -NO_SSLv3".
Default sslVersion changed to "all" (also in FIPS mode) to autonegotiate the highest supported TLS version.
New features:
Added missing SSL options to match OpenSSL 1.0.1j.
New "-options" commandline option to display the list of supported SSL options.
Bugfixes:
Fixed FORK threading build regression bug.
Fixed missing periodic Win32 GUI log updates.
https://www.stunnel.org/index.html
-
Whats new: >>
new option 'Bring focus to the window'
new option 'Windows always on top'
https://sites.google.com/site/macdsite/utilidades/puttytabmanager
-
What's new: >>
Bug fix: Memory leak into auto-password management feature.
New feature: Pause can be included into port knocking sequence.
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Changelog
Andris Kalnozols (2):
Fix some typos in the man page.
Do not upcase x509-username-field for mixed-case arguments.
Arne Schwabe (1):
Fix server routes not working in topology subnet with --server [v3]
David Sommerseth (4):
Improve error reporting on file access to --client-config-dir and --ccd-exclusive
Don't let openvpn_popen() keep zombies around
Add systemd unit file for OpenVPN
systemd: Use systemd functions to consider systemd availability
Gert Doering (4):
Drop incoming fe80:: packets silently now.
Fix t_lpback.sh platform-dependent failures
Call init script helpers with explicit path (./)
Preparing for release v2.3.5 (ChangeLog, version.m4)
Heiko Hund (1):
refine assertion to allow other modes than CBC
Hubert Kario (2):
ocsp_check - signature verification and cert staus results are separate
ocsp_check - double check if ocsp didn't report any errors in execution
James Bekkema (1):
Fix socket-flag/TCP_NODELAY on Mac OS X
James Yonan (6):
Fixed several instances of declarations after statements.
In socket.c, fixed issue where uninitialized value (err) is being passed to to gai_strerror.
Explicitly cast the third parameter of setsockopt to const void * to avoid warning.
MSVC 2008 doesn't support dimensioning an array with a const var nor using %z as a printf format specifier.
Define PATH_SEPARATOR for MSVC builds.
Fixed some compile issues with show_library_versions()
Jann Horn (1):
Remove quadratic complexity from openvpn_base64_decode()
Mike Gilbert (1):
Add configure check for the path to systemd-ask-password
Philipp Hagemeister (2):
Add topology in sample server configuration file
Implement on-link route adding for iproute2
Samuel Thibault (1):
Ensure that client-connect files are always deleted
Steffan Karger (13):
Remove function without effect (cipher_ok() always returned true).
Remove unneeded wrapper functions in crypto_openssl.c
Fix bug that incorrectly refuses oid representation eku's in polar builds
Update README.polarssl
Rename ALLOW_NON_CBC_CIPHERS to ENABLE_OFB_CFB_MODE, and add to configure.
Add proper check for crypto modes (CBC or OFB/CFB)
Improve --show-ciphers to show if a cipher can be used in static key mode
Extend t_lpback tests to test all ciphers reported by --show-ciphers
Don't exit daemon if opening or parsing the CRL fails.
Fix typo in cipher_kt_mode_{cbc, ofb_cfb}() doxygen.
Fix regression with password protected private keys (polarssl)
ssl_polarssl.c: fix includes and make casts explicit
Remove unused variables from ssl_verify_openssl.c extract_x509_extension()
TDivine (1):
Fix "code=995" bug with windows NDIS6 tap driver.
http://openvpn.net/
-
New features
Several SMTP server protocol negotiation improvements.
Added UTF-8 byte order marks to stunnel.conf templates.
DH parameters are no longer generated by "make cert". The hardcoded DH parameters are sufficiently secure, and modern TLS implementations will use ECDH anyway.
Updated manual for the "options" configuration file option.
Added support for systemd 209 or later.
New --disable-systemd ./configure option.
setuid/setgid commented out in stunnel.conf-sample.
Bugfixes
Added support for UTF-8 byte order mark in stunnel.conf.
Compilation fix for OpenSSL with disabled SSLv2 or SSLv3.
Non-blocking mode set on inetd and systemd descriptors.
shfolder.h replaced with shlobj.h for compatibility with modern Microsoft compilers.
https://www.stunnel.org/index.html
-
Whats new: >>
Fixed a bug in the data socket that could cause slow downloads in certain network conditions
http://www.extenua.com/silvershield
-
(http://images.six.betanews.com/screenshots/scaled/1357814984-1.jpg)
SmarTTY is an SSH client for Windows that supports multiple tabs, transferring files and entire directories via SCP and on-the-fly tar, automatic public key authentication setup, seamless X11 forwarding any many more features.
Freeware
http://smartty.sysprogs.com/
-
What's new: >>
The Hyperlink patch from NuTTY (http://groehn.net/nutty/) was included into KiTTY a long time ago.
This patch was "buggy" !
the specific regular expression managment functions have a memory leak
the default regex was not right
In certain conditions, software crashes may occur.
We finally decided to rewrite the regex managment functions, using GNU libregex.a library. In the same time we modify the default regex with a more efficient once.
We also provide a new option -hyperlinkfix to generate a .reg file in order to change the regex in all sessions settings for people who save the previous buggy one.
Beside these modification we also fix some minor issues:
bug fix: "Window has Close button" option did not work at startup, but only after reconfiguration
bug fix: into registry file kitty.sav (auto saving of the KiTTY registry content), REG_DWORD type fields were not saved correctly
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
This release fixes a critical denial of service vulnerability in OpenVPN servers (CVE-2014-8104). The vulnerability only be exploited by authenticated clients only. Also note that confidentiality and authenticity of traffic are not affected.
http://openvpn.net/
-
New features:
Updated automake to version 1.14.1.
OpenSSL directory searching is now relative to the sysroot.
Bug fixes:
Fixed improper hangup condition handling.
https://www.stunnel.org/index.html
-
(http://www.heise.de/software/screenshots/77652.jpg)
SSH-Server für Windows-Systeme
kostenlos (für privaten Gebrauch)
Whats new: >>
Security fix: Updated bash to fix shellshock and associated bugs
Security fix: Updated OpenSSL/OpenSSH
Improvement: Enhanced listing of Active Directory users
Improvement: Enhanced startup speed and cleaning of old files
http://mobassh.mobatek.net/
-
Changelog
New features:
Added PSK authentication with two new service-level configuration file options "PSKsecrets" and "PSKidentity".
Added additional security checks to the OpenSSL memory management functions.
Added support for the OPENSSL_NO_OCSP and OPENSSL_NO_ENGINE OpenSSL configuration flags.
Added compatibility with the current OpenSSL 1.1.0-dev tree.
Bugfixes:
Removed defective s_poll_error() code occasionally causing connections to be prematurely closed (truncated). This bug was introduced in stunnel 4.34.
Fixed ./configure systemd detection (thx to Kip Walraven).
Fixed ./configure sysroot detection (thx to Kip Walraven).
Fixed compilation against old versions of OpenSSL.
Removed outdated French manual page.
https://www.stunnel.org/index.html
-
Changelog
OpenSSL Security Advisory [08 Jan 2015]
=======================================
DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)
===========================================================
Severity: Moderate
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due
to a NULL pointer dereference. This could lead to a Denial Of Service attack.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
OpenSSL 0.9.8 DTLS users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Markus Stenberg of
Cisco Systems, Inc. The fix was developed by Stephen Henson of the OpenSSL
core team.
DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)
=======================================================
Severity: Moderate
A memory leak can occur in the dtls1_buffer_record function under certain
conditions. In particular this could occur if an attacker sent repeated DTLS
records with the same sequence number but for the next epoch. The memory leak
could be exploited by an attacker in a Denial of Service attack through memory
exhaustion.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 DTLS users should upgrade to 1.0.1k.
OpenSSL 1.0.0 DTLS users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 7th January 2015 by Chris Mueller who also
provided an initial patch. Further analysis was performed by Matt Caswell of the
OpenSSL development team, who also developed the final patch.
no-ssl3 configuration sets method to NULL (CVE-2014-3569)
=========================================================
Severity: Low
When openssl is built with the no-ssl3 option and a SSL v3 ClientHello is
received the ssl method would be set to NULL which could later result in
a NULL pointer dereference.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 17th October 2014 by Frank Schmirler. The
fix was developed by Kurt Roeckx.
ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)
==========================================================
Severity: Low
An OpenSSL client will accept a handshake using an ephemeral ECDH ciphersuite
using an ECDSA certificate if the server key exchange message is omitted. This
effectively removes forward secrecy from the ciphersuite.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
==============================================================
Severity: Low
An OpenSSL client will accept the use of an RSA temporary key in a non-export
RSA key exchange ciphersuite. A server could present a weak temporary key
and downgrade the security of the session.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
DH client certificates accepted without verification [Server] (CVE-2015-0205)
=============================================================================
Severity: Low
An OpenSSL server will accept a DH certificate for client authentication
without the certificate verify message. This effectively allows a client
to authenticate without the use of a private key. This only affects servers
which trust a client certificate authority which issues certificates
containing DH keys: these are extremely rare and hardly ever encountered.
This issue affects OpenSSL versions: 1.0.1 and 1.0.0.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team.
Certificate fingerprints can be modified (CVE-2014-8275)
========================================================
Severity: Low
OpenSSL accepts several non-DER-variations of certificate signature
algorithm and signature encodings. OpenSSL also does not enforce a
match between the signature algorithm between the signed and unsigned
portions of the certificate. By modifying the contents of the
signature algorithm or the encoding of the signature, it is possible
to change the certificate's fingerprint.
This does not allow an attacker to forge certificates, and does not
affect certificate verification or OpenSSL servers/clients in any
other way. It also does not affect common revocation mechanisms. Only
custom applications that rely on the uniqueness of the fingerprint
(e.g. certificate blacklists) may be affected.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and
0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
One variant of this issue was discovered by Antti Karjalainen and
Tuomo Untinen from the Codenomicon CROSS program and reported to
OpenSSL on 1st December 2014 by NCSC-FI Vulnerability
Co-ordination. Another variant was independently reported to OpenSSL
on 12th December 2014 by Konrad Kraszewski from Google. Further
analysis was conducted and fixes were developed by Stephen Henson of
the OpenSSL core team.
Bignum squaring may produce incorrect results (CVE-2014-3570)
=============================================================
Severity: Low
Bignum squaring (BN_sqr) may produce incorrect results on some
platforms, including x86_64. This bug occurs at random with a very
low probability, and is not known to be exploitable in any way, though
its exact impact is difficult to determine. The following has been
determined:
*) The probability of BN_sqr producing an incorrect result at random
is very low: 1/2^64 on the single affected 32-bit platform (MIPS) and
1/2^128 on affected 64-bit platforms.
*) On most platforms, RSA follows a different code path and RSA
operations are not affected at all. For the remaining platforms
(e.g. OpenSSL built without assembly support), pre-existing
countermeasures thwart bug attacks [1].
*) Static ECDH is theoretically affected: it is possible to construct
elliptic curve points that would falsely appear to be on the given
curve. However, there is no known computationally feasible way to
construct such points with low order, and so the security of static
ECDH private keys is believed to be unaffected.
*) Other routines known to be theoretically affected are modular
exponentiation, primality testing, DSA, RSA blinding, JPAKE and
SRP. No exploits are known and straightforward bug attacks fail -
either the attacker cannot control when the bug triggers, or no
private key material is involved.
This issue affects all current OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 2nd November 2014 by Pieter Wuille
(Blockstream) who also suggested an initial fix. Further analysis was
conducted by the OpenSSL development team and Adam Langley of
Google. The final fix was developed by Andy Polyakov of the OpenSSL
core team.
[1] http://css.csail.mit.edu/6.858/2013/readings/rsa-bug-attacks.pdf
Note
====
As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
releases will be provided after that date. Users of these releases are advised
to upgrade.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150108.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
http://www.openssl.org/
-
Changelog
Changes between 1.0.1k and 1.0.1l [15 Jan 2015]
*) Build fixes for the Windows and OpenVMS platforms
[Matt Caswell and Richard Levitte]
http://www.openssl.org/
-
What's new: >>
New feature: New shortcut CTRL+PrintScreen to generate a screen copy.
Bug fix: Crash into configuration box if Start button is pressed twice.
Bug fix: Modification of the delay in automatic reconnection on network failure and system wakeup.
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Changelog
Profiles:
Per-profile host keys and client keypairs: Host authentication public keys, as well as client authentication keypairs, can now be stored in individual profiles. This allows a profile to contain all information needed to establish an SSH session, without requiring host key or client keypair information to be passed via command line parameters, or stored in Windows registry.
When a host key is verified by the user, and the SSH session uses a profile, a copy of the host key will now be automatically saved in the profile.
Per-profile proxy settings: Proxy settings can now be configured for individual profiles as well, allowing a profile to override globally configured proxy settings.
Implemented measures to ensure profile consistency when accessed by multiple SSH Client instances.
When opening profiles created using Bitvise SSH Client 4.xx, previous 6.xx versions would be unable to open profiles with an invalid Remote Desktop Computer field. Attempts to open such profiles would fail with a validation error, but a description of the validation error would not be displayed. Fixed.
SSH:
Delayed negotiation of zlib compression, as advertised by servers using the 'zlib@openssh.com' algorithm, is now supported. Because of an inherent race condition in the OpenSSH implementation of delayed compression, Bitvise SSH Client implements this in the same way as PuTTY - by triggering a second key exchange after successful authentication.
Authentication:
Graphical management of server-side public keys: The graphical SSH Client now supports management of the user's public keys trusted by the server using SPKS, the Secure Shell Public Key Subsystem. As in previous 6.xx versions, this functionality also continues to be available in the spksc command line client.
Agent forwarding: The SSH Client now supports agent forwarding if it is supported by the SSH Server. A remote SSH client running on the server can use agent forwarding to perform public key authentication using client keypairs managed by the local SSH Client.
Agent support: Both the graphical client, as well as the command line clients, now support public key authentication using keypairs available through the OpenSSH authentication agent (ssh-agent) or the PuTTY authentication agent (pageant).
Improved the choice of default subsequent authentication method offered when the server requires both password and public key authentication.
Fixed an issue which prevented use of public key authentication as configured in a profile supplied with the "-profile" command line parameter.
File transfer:
sftpc now supports launching local commands prefixed with '!' in scripted mode. A non-zero return code is treated as an error.
sftpc can now execute "ldir" to provide expected results if the current local directory points to a network share.
Remote Desktop:
Automatic sign-on for Remote Desktop now works with Microsoft accounts, as well.
General:
Sessions that attempted to register a large number of simultaneous client-to-server port forwarding rules could be terminated by an error. Fixed.
Improved disconnection responsiveness and reliability.
Improved trace logging.
In recent 6.xx versions, a license code could not be applied unless the client was started using elevation. Fixed.
Terminal:
Mouse input is now supported. Supported mouse modes are X10 compatible, Normal, Cell Motion and All Motion. Supports X10, UTF8, SGR, and URXVT coordinates. Supported are all 3 main mouse buttons; combinations with Alt, Shift, and Ctrl keys; and the mouse wheel. When mouse tracking is enabled by the server, client-side text selection and copying remains possible using the left Shift key.
The terminal window color palette can now be configured.
A setting is now supported to allow the terminal window to remain open after a terminal session closes.
The terminal client will now display terminal titles received from the server via xterm. The client will append such titles to the initial title.
Characters that could not normally be entered using the currently active input method can now be entered using Alt + NumPad or using copy and paste.
When using the graphical SSH Client in conjunction with a non-bvterm terminal protocol, such as xterm, the SSH Client will now use a custom terminal window with features not available with a Windows console window:
Draggable resizing
Support for xterm-256color
Support for non-block copy & paste
Improved performance
http://www.bitvise.com/tunnelier
-
Whats new:>>
New features:
OCSP AIA (Authority Information Access) support. This feature can be enabled with the new service-level option "OCSPaia".
Additional security features of the linker are enabled: "-z relro", "-z now", "-z noexecstack".
Bugfixes:
OpenSSL DLLs updated to version 1.0.1l. https://www.openssl.org/news/secadv_20150108.txt
FIPS canister updated to version 2.0.9 in the Win32 binary build.
https://www.stunnel.org/index.html
-
Changelog
The SSH Client now supports SSH protocol obfuscation. When connecting to an SSH server that supports it, obfuscation makes it harder for an observer to determine that the protocol being used is SSH.
The sftpc command line client now supports tab completion.
If a command is configured to be run under On Login > Execute on the Options tab, the SSH Client can now also be configured to close or terminate the program launched this way after the SSH session ends.
Remote Desktop forwarding: ?A username and password can now be configured for single-click Remote Desktop forwarding, separately from the credentials used to log in via SSH.
If the user name for Remote Desktop starts with ".\", it will now be communicated to the Remote Desktop client in the same way as in version 6.08 and older.
Graphical xterm console: ?Block selection and copying is now supported by using the mouse to select while pressing the left Alt key.
A tooltip is now displayed when text is copied to clipboard, or pasted in the terminal window. The tooltip can be turned off through the console's system menu.
Fixed an issue which would cause a Ctrl+Alt+key event to be sent to the server in addition to a national character, when the user intended to input only a national character with AltGr+key.
Links on the SSH Client's About tab now work correctly again.
Fixed an issue that would cause the SSH session to terminate with an error after applying removal of some, but not all, client-configured C2S or S2C port forwarding rules.
To maintain installer size, an initial Bitvise SSH Client 6.22 installation no longer includes files to support the Remote Control Panel feature for WinSSHD versions older than 5.22. The files necessary to use this feature with such older versions continue to be available separately.
http://www.bitvise.com/tunnelier
-
Changelog
SSH:
Key exchange methods that use group exchange will now be de-prioritized when connecting to all non-Bitvise SSH server implementations. This serves to avoid a compatibility issue where most non-Bitvise SSH servers will generate weak DH groups which cannot be used with the FIPS 140-2 validated cryptographic provider used by Bitvise SSH Client. Previously, group exchange was already de-prioritized for a handful of known SSH server implementations with this issue.
It is now easier to turn compression on and off using the "Prefer zlib compression" setting on the SSH tab.
File Transfer:
The sftpc command line client now supports batch rename (using wildcards).
The sftpc command line client now supports command, path, and filename completion using the Tab key.
Remote file copy is now supported, in the graphical SFTP interface as well as the sftpc command line client, with SSH servers that implement the SFTP version 6 file copy extension (including Bitvise SSH Server).
The graphical SFTP interface now supports drag and drop, copy, cut, and paste features.
Remote Desktop:
Smart sizing - automatic adjustment of remote desktop resolution to local client window size - can now be enabled or disabled for forwarded Remote Desktop connections in the SSH Client profile.
Improved compatibility of authentication credentials with Remote Desktop servers running on Windows Server 2003 and XP.
When not using SSH login credentials, the domain name to use for Remote Desktop authentication can now be configured in a field separate from the user name.
Fixes:
Fixed a problem with newlines when pasting text into joe/nano editors.
Fixed an issue which would cause the SSH Client to stop with an assertion failure if it was configured to use a proxy of type SOCKS4 with "Resolve locally" disabled.
Fixed an issue which would cause command-line proxy parameters to not work correctly.
Fixed an issue introduced in version 6.21 which would cause the SSH Client to close a connection before sending a failure reply in the event of a connect failure when using dynamic port forwarding (the SOCKS/HTTP CONNECT proxy forwarding feature).
Fixed an issue which would cause Export and Remove buttons to not be available in the Host Key Manager unless a named (file-based) profile was opened.
Fixed an issue which would prevent the Client Key Manager from importing ECDSA private keys in OpenSSH format if they were password protected. Improved accuracy of error messages if an invalid password is entered.
The -flowDebugFile feature will no longer truncate quantum data, allowing a complete debug log of the SSH session to be recorded.
http://www.bitvise.com/tunnelier
-
Whats new: >>
Security fix: PuTTY no longer retains the private half of users' keys in memory by mistake after authenticating with them. See private-key-not-wiped-2. (Sorry! We thought we'd fixed that in 0.63, but missed one.)
Support for SSH connection sharing, so that multiple instances of PuTTY to the same host can share a single SSH connection instead of all having to log in independently.
Command-line and configuration option to specify the expected host key(s).
Defaults change: PuTTY now defaults to SSH-2 only, instead of its previous default of SSH-2 preferred.
Local socket errors in port-forwarded connections are now recorded in the PuTTY Event Log.
Bug fix: repeat key exchanges in the middle of an SSH session now never cause an annoying interactive host key prompt.
Bug fix: reset the bolded-text default setting back to what it used to be. (0.63 set it to something wrong, as a side effect of refactoring.)
Bug fix: IPv6 literals are handled sensibly throughout the suite, if you enclose them in square brackets to prevent the colons being mistaken for a :port suffix.
Bug fix: IPv6 dynamic port forwardings should work again.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Changelog
File transfer:
The graphical SFTP client now supports editing of remote files. A remote file can be edited using right click > Edit. The client will automatically download the file; open it in the editor associated with its file extension in Windows; then monitor the local copy of the file for changes. When changes are saved, the file will be uploaded automatically.
The graphical SFTP client now supports right click > 'Open with...', both for local and remote files.
Further improvements to tab completion in sftpc.
The 'move' and 'lmove' commands in sftpc now support the -o (overwrite) parameter.
In command line clients, the -keypairFile parameter would only work if another keypair (even if unused) was available, either in the profile being used, or in global client settings. Fixed.
Fixed a long-standing graphical glitch which would cause edit boxes in the graphical SSH Client to temporarily lose borders whenever the Sysinternals Process Explorer was launched.
http://www.bitvise.com/tunnelier
-
Whats new:>>
New features
OpenSSL DLLs updated to version 1.0.2.
Removed dereferences of internal OpenSSL data structures.
PSK key lookup algorithm performance improved from O(N) (linear) to O(log N) (logarithmic).
Bugfixes
Fixed peer certificate list in the main window on Win32 (thx to @fyer for reporting it).
Fixed console logging in tstunnel.exe.
_tputenv_s() replaced with more portable _tputenv() on Win32.
https://www.stunnel.org/index.html
-
Changelog
PuTTY 0.64 merge: Go to PuTTY page to see the improvements made by the team of PuTTY. The ZModem patch is not maintained in this new version
New Feature: Added option "Allow ACS line drawing in UTF."
New Feature: added key mapping to manage the comma digital paver (VK_OEM_COMMA)
New Feature: Added new command line option "-loginscript" to load a "login script file" file in clear start
New Feature: added the management of Windows WM_WTSSESSION_CHANGE Message to manage the reopening of a session. This message is no longer compatible with Windows XP
New Feature: creation of a new timer to manage the anti-idle
New Feature: enlargement of the input field SSH tunnels
Fixed a bug in portable mode it was not possible to save a session in another. The backup is always remade in the initial session
Bug fix: memory leak in the Stetch + feature functionality "background image"
Fixed a bug: when redimenssionnement a window refresh the background image was done throughout the change. Now it is no longer at the end
Debug - Fixed: Remote File Recovery (integration of pscp) was not managing the port number
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
* New features
- The "service" option was modified to also control the syslog
service name.
* Bugfixes
- Fixed Windows service crash.
https://www.stunnel.org/index.html
-
Whats new:>>
Security bugfixes:
The "redirect" option now also redirects clients on SSL session reuse. In stunnel versions 5.00 to 5.12 reused sessions were never redirected regardless of their certificate verification result.
New features:
Windows service is automatically restarted after upgrade
Bugfixes:
Fixed a memory allocation error during Unix daemon shutdown
Fixed handling multiple connect/redirect destinations
OpenSSL FIPS builds are now correctly reported on startup
https://www.stunnel.org/index.html
-
Changelog
New features
Added now service-level options "checkHost", "checkEmail" and "checkIP" for additional checks of peer certificate subject. These options require OpenSSL version 1.0.2 or higher.
Added session persistence based on negotiated TLS sessions. https://en.wikipedia.org/wiki/Load_balancing_%28computing%29#Persistence The current implementation does not support external TLS session caching with sessiond.
MEDIUM ciphers (currently SEED and RC4) were removed from the default cipher list.
OpenSSL version checking improved to distinguish FIPS and non-FIPS builds.
Improved compatibility with the current OpenSSL 1.1.0-dev tree.
Bugfixes
Fixed compilation against old versions of OpenSSL.
https://www.stunnel.org/index.html
-
Changelog
New features
Added new service-level options "checkHost", "checkEmail" and "checkIP" for additional checks of the peer certificate subject. These options require OpenSSL version 1.0.2 or higher.
Win32 binary distribution now ships with the Mozilla root CA bundle. This bundle is intended be used together with the new "checkHost" option to validate server certs accepted by Mozilla.
New commandline options "-reload" to reload the configuration file and "-reopen" to reopen the log file of stunnel running as a Windows service (thx to Marc McLaughlin).
Added session persistence based on negotiated TLS sessions. https://en.wikipedia.org/wiki/Load_balancing_%28computing%29#Persistence The current implementation does not support external TLS session caching with sessiond.
MEDIUM ciphers (currently SEED and RC4) are removed from the default cipher list.
The "redirect" option was improved to not only redirect sessions established with an untrusted certificate, but also sessions established without a client certificate.
OpenSSL version checking modified to distinguish FIPS and non-FIPS builds.
Improved compatibility with the current OpenSSL 1.1.0-dev tree.
Removed support for OpenSSL versions older than 0.9.7. The final update for the OpenSSL 0.9.6 branch was 17 Mar 2004.
"sessiond" support improved to also work in OpenSSL 0.9.7.
Randomize the initial value of the round-robin counter.
New stunnel.conf templates are provided for Windows and Unix.
Bugfixes
Fixed compilation against old versions of OpenSSL.
Fixed memory leaks in certificate verification.
https://www.stunnel.org/index.html
-
Changelog
Bug fixes:
Fixed compilation with old versions of gcc.
https://www.stunnel.org/index.html
-
Changelog
Windows compatibility:
Fixed a change implemented in version 6.22 which prevented the SSH Client from running on Windows XP SP1 and Windows Server 2003.
In terms of the oldest Windows versions supported, the SSH Client now officially requires Windows XP, Windows Server 2003, or later. The SSH Client no longer supports Windows 2000.
Installation:
The console output stream implementation provided by the C++ run-time library, and used by the SSH Client installer, did not properly handle Unicode characters that could not be represented in the output code page. Replaced with our own output stream implementation.
General:
The graphical client now displays the current date in the log area when the client is started, when the date changes, and when the log is cleared.
When key exchange fails due to no match in algorithms, the local and remote algorithm lists are now logged.
File transfer:
The graphical file transfer client now accepts drag and drop from other applications.
The Edit context menu option is now available for files of all extensions, including no extension. An Edit with... context menu option is now also available, and a default editor can be configured.
For compatibility with non-Bitvise servers that support SFTP version 6, the SSH Client no longer requests the flag SSH_FXF_BLOCK_WRITE when sending an SSH_FXP_OPEN request. This restores compatibility with servers including ProFTPD with mod_sftp when SFTP version 6 is used.
Terminal:
On Windows 7, an apparent bug in the Windows console implementation would cause stermc to crash when exiting. The console window itself would close shortly thereafter. We implemented a workaround for this issue.
For compatibility with nano, the SSH Client's new xterm/vt100 terminal console now attempts to make smarter decisions about what type of newlines to send when pasting from clipboard.
The SSH Client will now log any messages sent by the server as SSH_EXTENDED_DATA_STDERR before closing a successfully opened terminal channel.
Remote Desktop:
Improved the method the SSH Client uses to update the Remote Desktop window title.
Command line clients:
Implemented support for Ctrl+Left/Right to move to previous/next word, and Ctrl+Home/End to delete text until beginning/end of line. Clients stnlc and spksc now also support Tab-completion.
http://www.bitvise.com/tunnelier
-
Whats new:>>
Bug fixes:
Fixed a NULL pointer dereference causing the service to crash. This bug was introduced in stunnel 5.15.
https://www.stunnel.org/index.html
-
(http://images.six.betanews.com/screenshots/scaled/1357814984-1.jpg)
SmarTTY is an SSH client for Windows that supports multiple tabs, transferring files and entire directories via SCP and on-the-fly tar, automatic public key authentication setup, seamless X11 forwarding any many more features.
Freeware
Release Notes -> http://sysprogs.com/w/smartty-2-0-is-out/
http://smartty.sysprogs.com/
-
Changelog
ne command-line option -auto_store_sshkey into klink, kscp, and ksftp tools, that allow to automatically store host keys
bug fix: CTRL+TAB did not work with two windows only
bug fix: program crash with very large password
new feature: it's now possible to print forwarded ports list into windows title bar
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(https://sites.google.com/site/macdsite/_/rsrc/1376686075580/utilidades/puttytabmanager/puttytm.png)
PuTTYTabManager is a handy application that allows you to run multiple PuTTY applications using a single GUI. The application support all the PuTTY protocols, such as SSH, Telnet, Rlogin and Raw.
The tab-based interface makes the application very easy to use, enabling you to manage multiple PuTTY sessions at the same time. Instead of opening multiple PuTTY windows, simply open PuTTYTabManager and initiate every session in a new tab.
Freeware
Whats new: >>
New features:
PuTTY command line (-a )
Auto login (SSH protocol.)
Portable mode
https://sites.google.com/site/macdsite/utilidades/puttytabmanager
-
Whats new:>>
* New features
- Warnings are logged on potentially insecure authentication.
* Bugfixes
- Fixed handling of trailing whitespaces in the Content-Length
header of the NTLM authentication.
https://www.stunnel.org/index.html
-
Whats new:>>
* New features
- Log file is reopened every 24 hours. With "log = overwrite"
this feature can be used to prevent filling up disk space.
- Temporary DH parameters are refreshed every 24 hours, unless
static DH parameters were provided in the certificate file.
- Unique initial DH parameters are distributed with each release.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree:
removed RLE compression support, etc.
https://www.stunnel.org/index.html
-
Whats new:>>
ZModem patch is back
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
* New features
- Added "include" configuration file option to include all
configuration file parts located in a specified directory.
- Updated stunnel.spec (thx to Bill Quayle).
* Bugfixes
- Fixed --sysconfdir and --localstatedir handling (thx to
Dagobert Michelsen).
https://www.stunnel.org/index.html
-
Changelog
Alexander Pyhalov (1):
Default gateway can't be determined on illumos/Solaris platforms
Arne Schwabe (1):
Warn that tls-auth with free form files is going to be removed from OpenVPN 2.4
David Sommerseth (6):
autotools: Fix wrong ./configure help screen default values
down-root plugin: Replaced system() calls with execve()
down-root: Improve error messages
plugin, down-root: Fix compiler warnings
sockets: Remove the limitation of --tcp-nodelay to be server-only
plugins, down-root: Code style clean-up
David Woodhouse (2):
pkcs11: Load p11-kit-proxy.so module by default
Make 'provider' option to --show-pkcs11-ids optional where p11-kit is present
Felix Janda (1):
Use OPENVPN_ETH_P_* so that <netinet/if_ether.h> is unecessary
Gert Doering (18):
New approach to handle peer-id related changes to link-mtu (2.3 version)
Fix incorrect use of get_ipv6_addr() for iroute options.
Print helpful error message on --mktun/--rmtun if not available.
explain effect of --topology subnet on --ifconfig
Add note about file permissions and --crl-verify to manpage.
repair --dev null breakage caused by db950be85d37
assume res_init() is always there.
Correct note about DNS randomization in openvpn.8
Disallow usage of --server-poll-timeout in --secret key mode.
slightly enhance documentation about --cipher
Enforce "serial-tests" behaviour for tests/Makefile
Revert "Enforce "serial-tests" behaviour for tests/Makefile"
On signal reception, return EAI_SYSTEM from openvpn_getaddrinfo().
Use configure.ac hack to apply serial_test AM option only if supported.
Use EAI_AGAIN instead of EAI_SYSTEM for openvpn_getaddrinfo().
Move res_init() call to inner openvpn_getaddrinfo() loop
Fix FreeBSD ifconfig for topology subnet tunnels.
Preparing for release v2.3.7 (ChangeLog, version.m4)
Guy Yur (1):
Fix --redirect-private in --dev tap mode.
Jan Just Keijser (1):
include ifconfig_ environment variables in --up-restart env set
Jonathan K. Bullard (1):
Fix null pointer dereference in options.c
Lev Stipakov (1):
Fix mssfix default value in connection_list context
Matthias Andree (1):
Manual page update for Re-enabled TLS version negotiation.
Mike Gilbert (1):
Include systemd units in the source tarball (make dist)
Robert Fischer (1):
Updated manpage for --rport and --lport
Samuli Seppänen (2):
Properly escape dashes on the man-page
Improve documentation in --script-security section of the man-page
Steffan Karger (14):
Really fix '--cipher none' regression
Update doxygen (a bit)
Set tls-version-max to 1.1 if cryptoapicert is used
Account for peer-id in frame size calculation
Disable SSL compression
Fix frame size calculation for non-CBC modes.
Allow for CN/username of 64 characters (fixes off-by-one)
Remove unneeded parameter 'first_time' from possibly_become_daemon()
Re-enable TLS version negotiation by default
Remove size limit for files inlined in config
Improve --tls-cipher and --show-tls man page description
Re-read auth-user-pass file on (re)connect if required
Clarify --capath option in manpage
Call daemon() before initializing crypto library
http://openvpn.net/
-
Sicherheitsupdates für die Krypto-Bibliothek stopfen eine Reihe von Löchern. Darunter befindet sich auch die Logjam-Lücke, die Angriffe auf den Diffie-Hellman-Schlüsselaustausch erlaubt.
Die Entwickler der beliebten Krypto-Bibliothek OpenSSL haben mit einem neuen Release insgesamt sieben verschiedene Sicherheitslücken (https://www.openssl.org/news/secadv_20150611.txt) in ihrer Software gestopft. Eine davon ermöglichte einen Logjam-Angriff auf OpenSSL und damit eine Zurückstufung des Diffie-Hellman-Schlüsselaustausches auf ein unsicheres Niveau durch einen Man-in-the-Middle. Die neuen OpenSSL-Versionen verhindern dies, indem sie Diffie-Hellman mit 768 Bit voraussetzen. In einer späteren Version der Software soll dies dann noch einmal auf 1024 Bit erhöht werden, um wirklich auf Nummer Sicher zu gehen.
Die übrigen sechs Lücken sind unkritischer und werden von den Entwicklern als moderates oder niedriges Risiko eingeschätzt. Dabei handelte es sich überwiegend über Speicherverarbeitungsprobleme, die zu einem Absturz der Software führen können – eventuell wäre in einigen Fällen dann auch das Ausführen von Schadcode möglich. Außerdem wurden mehrere Probleme behoben, durch die ein Angreifer den OpenSSL-Prozess blockieren kann, so dass dieser nicht mehr ansprechbar ist.
Die neuen OpenSSL-Versionen können von der Webseite des Projektes (https://www.openssl.org/) heruntergeladen werden. Je nach eingesetztem Entwicklungszweig sollten Admins ihre Systeme auf OpenSSL 1.0.2b, 1.0.1n, 1.0.0s oder 0.9.8zg aktualisieren.
Quelle : www.heise.de
-
Whats new:>>
* New features
- OpenSSL DLLs updated to version 1.0.2c.
* Bugfixes
- Cron thread priority on Win32 platform changed to
THREAD_PRIORITY_LOWEST to improve portability.
- Makefile bugfixes for stunnel 5.18 regressions.
https://www.stunnel.org/index.html
-
Whats new:>>
bug fix: crashes when using ssh tunnels with the ZModem patch KiTTY version
bug fix: remove unwanted characters in CTRL+TAB feature
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new: >>
This new version features a greatly improved CLI (command-line interface) and several stability-related fixes to cope better with parallel password-harvesting attacks.
http://www.extenua.com/silvershield
-
Changelog
* New features
- Service name included in insecure authentication warnings.
- Include debugging symbols in the Win32 installer.
* Bugfixes
- Signal pipe reinitalization added to prevent turning the main
accepting thread into a busy wait loop when an external
condition causes breaks the the signal pipe.
- Generated temporary DH parameters are used for configuration
reload instead of the static defaults.
https://www.stunnel.org/index.html
-
(http://images.six.betanews.com/screenshots/scaled/1357814984-1.jpg)
SmarTTY is an SSH client for Windows that supports multiple tabs, transferring files and entire directories via SCP and on-the-fly tar, automatic public key authentication setup, seamless X11 forwarding any many more features.
Freeware
http://smartty.sysprogs.com/
-
Changelog
New features
Xcode SDK is automatically used on MacOS X if no other locally installed OpenSSL directory is found.
Warnings about insecure authentication were modified to include the name of the affected service section.
A warning was added to stunnel.init if no pid file was specified in the configuration file (thx to Peter Pentchev).
Debugging symbols are included in the Win32 installer.
Bugfixes
Signal pipe reinitialization added to prevent turning the main accepting thread into a busy wait loop when an external condition breaks the signal pipe. This bug was found to surface on Win32, but other platforms may also be affected.
Fixed removing the disabled taskbar icon.
Generated temporary DH parameters are used for configuration reload instead of the static defaults.
LSB compatibility fixes added to the stunnel.init script (thx to Peter Pentchev).
Fixed the manual page headers (thx to Gleydson Soares).
https://www.stunnel.org/index.html
-
Whats new: >>
This will be a bug-fix release: it will not contain the various new cryptographic features in the development snapshots, but it will contain large and small bug fixes over 0.64, including in particular a fix for the recent Vista-specific bug in which the configuration dialog becomes invisible.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Am Donnerstag will das OpenSSL-Team eine Sicherheitslücke beseitigen.
Mit einer kurzen Notiz verkündet Mark J. Cox, dass man Donnerstag, den 9. Juli, ein Sicherheits-Update für OpenSSL (https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html) veröffentlichen wolle. Dies sei der höchsten Sicherheitsstufe (https://www.openssl.org/about/secpolicy.html) zuzurechnen (high). Das bedeutet, dass gängige Konfigurationen betroffen sind und die Lücke sich wahrscheinlich ausnutzen lässt, um Denial-of-Service-Angriffe durchzuführen, Daten zu klauen oder sogar betroffene System zu kapern.
Die Lücke betrifft die OpenSSL-Versionen 1.0.2 und 1.0.1; die ebenfalls noch unterstützten und verbreiteten Vorgänger OpenSSL 0.9.8 und 1.0.0 sind offenbar nicht anfällig. Weitere Angaben zur Natur der Schwachstelle macht das OpenSSL-Team nicht. Allerdings gehören solche Vorab-Warnungen nicht zur normalen Vorgehensweise; in der Vergangenheit bedeuteten sie in der Regel tatsächlich, dass etwas Größeres bevorsteht. Insbesondere Server-Admins sollten sich den Termin also vormerken.
Quelle : www.heise.de
-
Verwundbare Versionen der Kryptobibliothek prüfen die Zertifikatskette nicht richtig, was es Angreifern ermöglicht, eigene Zertifikate für beliebige Domains auszustellen.
Die Entwickler der Kryptobibliothek OpenSSL haben wie angekündigt eine kritische Lücke in ihrer Software geflickt (CVE-2015-1793). OpenSSL prüft demnach das CA-Flag eines Zertifikats unter bestimmten Unständen nicht richtig. Das kann dazu führen, dass ein Angreifer sich als Intermediate-CA ausgeben und eigene Zertifikate für die Webseiten anderer Betreiber signieren kann. Damit kann er sich dann zum Beispiel als die Hausbank des Opfers ausgeben.
Der ganze Artikel (http://www.heise.de/security/meldung/Kritische-OpenSSL-Luecke-erlaubt-gefaelschte-Server-Zertifikate-2747563.html?wt_mc=sm.feed.tw.security)
Quelle : www.heise.de
-
Whats new: >>
This new version resolves an issue with white-list defined at user level, that in certain particular situations may have been skipped in previous versions.
http://www.extenua.com/silvershield
-
Changelog
New features:
Signal names are displayed instead of numbers.
"make check" target was modified to only build Win32 executables when stunnel is built from a git repository
First resolve IPv4 addresses on passive resolver requests. This speeds up stunnel startup on Win32 with slow/defunct DNS service.
Bug fixes:
Fixed a FORK and UCONTEXT threading compilation issues.
Fixed a cron thread scheduling issue.
Fixed "failover=prio" broken since stunnel 5.15.
https://www.stunnel.org/index.html
-
Whats new:>>
Bundles OpenSSL 1.0.1p, which fixes a security vulnerability of high severity.
http://openvpn.net/
-
Whats new: >>
Incoming connections to PuTTY tools (to forwarded ports and to the connection-sharing socket) now log their source address or pid, where facilities exist to do so.
Cryptography speedup on 64-bit Unix platforms by using gcc and clang's __uint128_t built-in type.
Bug fix: the configuration dialog is no longer accidentally invisible in some Windows Vista display themes.
Bug fix: the Windows PuTTY GUI no longer becomes unresponsive if the server sends a continuous flood of data. (Sorry! We fixed that once before, but it came back in 0.64.)
Bug fix: PSFTP now returns a failure exit status if a command fails in a batch-mode script.
Bug fix: ESC [ 13 t can no longer elicit an invalid escape sequence as a response.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Changelog
New features
Signal names are displayed instead of numbers.
First resolve IPv4 addresses on passive resolver requests. This speeds up stunnel startup on Win32 with a slow/defunct DNS service.
The "make check" target was modified to only build Win32 executables when stunnel is built from a git repository (thx to Peter Pentchev).
More elaborate descriptions were added to the warning about using "verify = 2" without "checkHost" or "checkIP".
Performance optimization was performed on the debug code.
Bugfixes
Fixed the FORK and UCONTEXT threading support.
Fixed "failover=prio" (broken since stunnel 5.15).
Added a retry when sleep(3) was interrupted by a signal in the cron thread scheduler.
https://www.stunnel.org/index.html
-
Changelog
New features:
"OCSPaia = yes" added to the configuration file templates.
Improved double free detection.
Bug fixes:
Fixed a number of OCSP bugs. The most severe of those bugs caused stunnel to treat OCSP responses that failed OCSP_basic_verify() checks as if they were successful.
Fixed the passive IPv6 resolver (broken in stunnel 5.21).
https://www.stunnel.org/index.html
-
Whats new:>>
New features:
New service-level option "OCSPnonce". The default value is "OCSPnonce = no".
Inactive ports removed from the PORTS file.
https://www.stunnel.org/index.html
-
Changelog
Contains the following changes:
Report missing endtags of inline files as warnings
Fix commit e473b7c if an inline file happens to have a line break exactly at buffer limit
Produce a meaningful error message if --daemon gets in the way of asking for passwords.
Document --daemon changes and consequences (--askpass, --auth-nocache).
Del ipv6 addr on close of linux tun interface
Fix --askpass not allowing for password input via stdin
write pid file immediately after daemonizing
Make __func__ work with Visual Studio too
fix regression: query password before becoming daemon
Fix using management interface to get passwords.
Fix overflow check in openvpn_decrypt()
Un-break --auth-user-pass on windows
http://openvpn.net/
-
Whats new:>>
* Bugfixes
- Compilation fix for OpenSSL version older than 1.0.0.
https://www.stunnel.org/index.html
-
Changelog
* New features
- Win32 directory structure rearranged. The installer script provides automatic migration for common setups.
- Added Win32 installer option to install stunnel for the current user only. This feature does not deploy the NT
service, but it also does not require aministrative privileges to install and configure stunnel.
- stunnel.cnf was renamed to openssl.cnf in order to to prevent users from mixing it up with stunnel.conf.
- Win32 desktop is automatically refreshed when the icon is created or removed.
- The ca-certs.pem file is now updated on stunnel upgrade.
* Bugfixes
- Compilation fix for mingw.
https://www.stunnel.org/index.html
-
Changelog
New feature:
Patch PRINTCLIPPORT integration (http://ericmason.net/2010/04/putty-ssh-windows-clipboard-integration/).
Port number can be set in log file name.
New icon to mark loss of connection.
New menu item in the main menu to modify font (size and colour), new shortcuts CTRL+SHIFT+UP/DOWN to modify the font size.
Bug fix:
CTRL+TAB and hyperlink patch incompatibility.
Icon was modified when about box exit, even if it should remain unmodified.
No more launcher icon.
Feature improvement:
Automatic reconnection was rewritten.
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Changelog
Installation and upgrade:
This is the first version tested on Windows 10 as part of the development process.
The SSH Client installer now supports the -activationCode parameter. This allows a license code to be applied to the SSH Client during initial installation or an upgrade. The SSH Client will operate with full functionality with or without a license code, but applying it allows users to indicate their licensed status.
On Windows Vista and newer, the installer did not auto-run correctly after the uninstaller prompted for restart during upgrade. Fixed.
Failed and incomplete installations are now detected and displayed, to help the user choose the correct installation directory.
Publisher and version information is now added for display in Add/Remove Programs.
SSH:
SHA-256 public key fingerprints, compatible with the latest OpenSSH versions, are now supported.
The 1024-bit fixed prime Diffie Hellman key exchange method, diffie-hellman-group1-sha1, is now disabled by default, due to doubts about continuing security of Diffie Hellman with a 1024-bit fixed prime. Compatibility with most older servers should be retained via the diffie-hellman-group14-sha1 method, which uses a 2048-bit fixed prime. We recommend migrating older SSH servers to new versions supporting ECDH and ECDSA.
Symmetric encryption algorithms that use CBC mode are now disabled by default. Bitvise SSH Client and Server implement defenses against attacks on CBC mode, but other implementations that still use CBC mode are unlikely to implement such defenses. Most implementations should now support encryption in CTR mode.
In past Bitvise SSH Client 6.xx versions, gssapi-keyex authentication was always unavailable. Fixed.
Graphical client:
The graphical SFTP client now maintains a list of recent locations.
Fixed an issue which prevented use of the -proxyUserName parameter with the graphical SSH Client. Command-line clients were unaffected.
Fixed an issue which caused the graphical SSH Client to send an empty response to all prompts other than the first one in keyboard-interactive authentication. This issue did not affect command-line clients.
Command-line clients:
A new retry utility is now included, which can be used to automatically retry a command based on its exit code. Run retry without parameters for help. The utility can be used with any command line program, but is intended specifically for use with sftpc.
The log utility now supports an additional parameter, -t, which will cause the utility to prefix every line of output with a timestamp. This can be used to log and timestamp the output of any command line program, and is intended specifically for use with sftpc.
The command-line SFTP client, sftpc, now supports tab expansion based on wildcard patterns.
sftpc now reports a full completion timestamp for each transfer.
sftpc now waits a maximum of one second if the server does not respond to SFTP channel close. Previously, a server that did not respond to channel close would cause sftpc to wait indefinitely.
SFTP:
In versions 6.23 - 6.31, a command such as "put directory" would not upload the contents of "directory", but instead only create an empty directory. In addition, a command such as "lrm directory -s" would always fail when the directory being removed was not empty. Fixed.
OpenSSH servers contain a flaw where a noisy shell startup script, such as a .bashrc file, will cause garbage data to be passed to an SFTP client on the SFTP channel. Previously, this would prevent establishing an SFTP session. The client now ignores such invalid data, and looks for a particular byte signature to indicate the start of the server's first packet in the SFTP session.
The Start in last directory feature in the graphical SFTP interface should work again.
Turning off the Start option did not pause new transfers in the graphical SFTP interface when they were initiated via drag-and-drop or a clipboard action. Fixed. The transfers did start paused when using the Upload and Download buttons.
When transferring files in text mode using SFTP version 4 or higher, the ignored offset is now set to an invalid 64-bit value instead of zero. This prevents an unending transfer with servers that do not ignore the offset as required by the textual transfer mode (e.g. older versions of VShell).
Fixed an issue which could cause the SFTP client to send more channel data after sending channel close.
FTP-to-SFTP bridge:
Fixed an issue that could cause the FTP-to-SFTP bridge to freeze while downloading.
When the FTP-to-SFTP Bridge was configured to listen on all interfaces (0.0.0.0), directory listings and file transfers would not work in passive mode. Fixed.
Terminal:
Double-width Chinese characters were not being properly rendered in recent SSH Client versions. This should now work properly in most cases.
Fixed problems with some Ctrl keyboard sequences: Ctrl+[, Ctrl+I, Ctrl+M, Ctrl+H, and Ctrl+J.
Fixed a scrolling problem that could occur if the last line of output was empty (e.g. when using cat).
Fixed an error that would frequently occur on Windows 10 when resizing a bvterm window in a Bitvise SSH Server terminal session. Further improved resizing on Windows 10.
If Auto close window was set to Never, and a terminal session closed successfully, the terminal window would consume 100% of a CPU core until closed. Fixed.
http://www.bitvise.com/tunnelier
-
Whats new:>>
Bug fix: crash when selecting folder in config box.
Bug fix: -auto_store_sshkey option did not work anymore in plink (regression).
Feature modification: in PRINTCLIPPORT it is now possible to save settings.
Reconnection improvement: automatic reconnection on key pressed.
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
New features:
Added a new "protocolDomain" option for the NTLM authentication
Improved compatibility of the NTLM phase 1 message
Added OPENSSL_NO_EGD support
Bugfixes:
Fixed SOCKS5 RESOLVE [F0] TOR extension support.
Fixed the error code reported on the failed bind() requests.
https://www.stunnel.org/index.html
-
Whats new:>>
New features:
Custom CRL verification was replaced with the internal OpenSSL functionality.
FreeBSD and OS X support for "transparent = destination" and client-side "protocol = socks".
VC autodetection added to makew32.bat
Bug fixes:
Fixed the sequential log id with the fork threading.
https://www.stunnel.org/index.html
-
Whats new:>>
bug fix: CTRL+TAB print 7;5;9~ on Putty Tab Manager
New feature: new option -noshortcuts to disable all shortcuts
New feature: new option -noctrltab to disable CTRL+TAB feature
Internal editor modification: CTRL+SHIFT+F2 shortcut to load full clipboard
Internal editor modification: SHIFT+F12 shortcut to send on all KiTTY windows
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Changelog
New features
Custom CRL verification was replaced with the internal OpenSSL functionality.
*BSD support for "transparent = destination" and client-side "protocol = socks". This feature should work at least on FreeBSD, OpenBSD and OS X.
Added a new "protocolDomain" option for the NTLM authentication (thx to Andreas Botsikas).
Improved compatibility of the NTLM phase 1 message (thx to Andreas Botsikas).
"setuid" and "setgid" options are now also available in service sections. They can be used to set owner and group of the Unix socket specified with "accept".
Added support for the new OpenSSL 1.0.2 SSL options.
Added OPENSSL_NO_EGD support (thx to Bernard Spil).
VC autodetection added to makew32.bat (thx to Andreas Botsikas).
Bugfixes
Fixed the RESOLVE [F0] TOR extension support in SOCKS5.
Fixed the error code reported on the failed bind() requests.
Fixed the sequential log id with the FORK threading.
Restored the missing Microsoft.VC90.CRT.manifest file.
https://www.stunnel.org/index.html
-
Whats new:>>
New feature: RuTTY patch activation. This patch allows conditionnal automatic scripts.
New feature: new patch pageant-confirm_with_condition_coded_comment.diff
Bug fix: WINCRYPTPORT patch (Wincap integration to allow certificat loading instead of private key into pageant.exe) does not work anymore since 0.65 version
Bug fix: memory allocation problem into ini file reading function
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Changelog
Improved uninstallation to reduce the likelihood that Windows might need to be restarted to complete a reinstallation or upgrade. If a restart would be required, the user can now choose to abort reinstallation.
In the graphical SFTP interface, file icons are now loaded asynchronously, to avoid the interface blocking due to lengthy antivirus scans.
Fixed an issue that prevented X11 forwarding from working properly in terminal windows other than the first one. This issue was introduced with 6.xx versions.
The GSSAPI DH key exchange method with group exchange is now also de-prioritized when connecting to non-Bitvise servers, along with other methods that use group exchange. (Non-Bitvise servers tend to generate DH parameters that are incompatible with the FIPS cryptographic provider used by FlowSsh; this results in key exchange failures.)
Terminal:
The RIS and DECST instructions to reset terminal and screen buffer are now supported in conjunction with xterm. This allows the Linux reset command to be used to fully reset the terminal.
A copy and paste notification is now displayed also when Shift+Insert is used to paste.
FTP Bridge:
Fixed an issue which caused the SSH Client main window to freeze if an FTP client was not disconnecting the control connection.
Added IPv6 support to the FTP Bridge, implementing support for EPSV and EPRT commands.
http://www.bitvise.com/tunnelier
-
Whats new: >>
bug fixes
send additional command to putty
https://sites.google.com/site/macdsite/utilidades/puttytabmanager
-
Whats new: >>
•Security fix: an escape sequence which used to make PuTTY's terminal code read and potentially write the wrong memory is fixed. See vuln-ech-overflow.
•Bug fix: better Unicode handling in Windows PuTTY keyboard messages, so it should now work better with WinCompose.
•Bug fix: jump lists on Windows 10 should now work.
•There's now a set of command-line options to enable session logging.
•&P in the log file name now substitutes in the port number from the configuration.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Changelog
Proxy settings: Fixed a bug which prevented per-profile proxy settings from functioning reliably.
SFTP GUI: File selection in the local pane should no longer be reset due to icons loading in the background.
stnlc: When in an interactive prompt, failure to add a client-to-server or server-to-client port forwarding rule would incorrectly disconnect the session "on user's request". Fixed.
http://www.bitvise.com/tunnelier
-
Whats new:>>
* 0.66 version integration
* Bug fix: memory leak in function that read configuration file .ini
* Bug fix: memory leak when calculating the encrypted version of the password
* Bug fix: in portable mode, crash when session files are saved as DOS files
* Automatic reconnection improvment
* Hyperlink: new default regex that can manage mailto:// links
* New command-line option: -runagent to start integrated agent
* New command-line option: -keygen to start integrated PuTTYGen
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
Bugfixes
Compilation fixes for OSX, *BSD and Solaris.
https://www.stunnel.org/index.html
-
Changelog
Terminal: In the November update to Windows 10, automatic line re-wrap during window resizing has been enabled in the Windows console by default. This interacts poorly with SSH, where re-wrap causes loss of synchronization between the client and server. The graphical SSH client now disables console line wrap when bvterm is started from the graphical SSH Client. Unfortunately, it is not possible to disable this in an existing console session when using stermc.
Fixed an issue in Client key manager which failed to update its list if the slot was changed for a key stored in profile.
Implemented a workaround for an issue in Windows which prevented the graphical SSH Client in versions 6.4x from running on Windows XP and Windows Server 2003 unless a Windows hotfix was applied.
The FlowSshNet DLLs now correctly target .NET Framework 4.0, instead of 4.5.2.
SFTP GUI:
Overall transfer estimates are now available when file transfer is initiated using drag-and-drop, or via clipboard.
File selection in the local pane will no longer be reset due to icons loading in the background.
Improved performance of Select All (Ctrl+A) in Local and Remote view, and in Download and Upload tabs.
https://www.bitvise.com/ssh-client-download
-
Whats new: >>
Add full screen mode
New hotkeys
Several minor improvements.
Several minor bugs fixed.
https://sites.google.com/site/macdsite/utilidades/puttytabmanager
-
Whats new:>>
New features:
Added reading server certificates from hardware engines. For example: cert = id_45
Only attempt to use potentially harmful compiler or linker options if gcc was detected.
opt/csw added to the OpenSSL directory lookup list.
mingw.mak updates (thx to Jose Alf.).
Bugfixes
https://www.stunnel.org/index.html
-
(http://s26.postimg.org/t6c3wxrfd/screenshot_767.jpg)
Xshell is a powerful terminal emulator that supports SSH, SFTP, TELNET, RLOGIN and SERIAL. It delivers industry leading performance and feature sets that are not available in its free alternatives. Features that enterprise users will find useful include a tabbed environment, dynamic port forwarding, custom key mapping, user defined buttons, VB scripting, and UNICODE terminal for displaying 2 byte characters and international language support.
Xshell offers many user friendly features that are not available in other terminal emulators. These features include Zmodem file uploads by drag and drop, Zmodem file downloads by selecting the file name, simple mode, full screen mode, transparency options, and a custom layout mode. Save time and effort when performing terminal tasks using Xshell.
If you are using Xshell 5 from home or school, you can use it for free. To apply the free license, download and select Free for Home and School license type during installation.
Freeware
Whats new:>>
FIX: Fail to duplicate session
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
New features:
Build matrix (.travis.yml) extended with ./configure options.
mingw.mak updated to build tstunnel.exe
Bugfixes:
Fixed incomplete initialization
Fixed exit codes for information requests (as in "stunnel -version" or "stunnel -help").
https://www.stunnel.org/index.html
-
Changelog
Show extra-certs in current parameters.
Fix commit a3160fc1bd7368395745b9cee6e40fb819f5564c
Do not set the buffer size by default but rely on the operation system default.
Remove --enable-password-save option
Reflect enable-password-save change in documentation
Also remove second instance of enable-password-save in the man page
Detect config lines that are too long and give a warning/error
Log serial number of revoked certificate
Adjust server-ipv6 documentation
Avoid partial authentication state when using --disabled in CCD configs
Make "block-outside-dns" option platform agnostic
Un-break --auth-user-pass on windows
Replace unaligned 16bit access to TCP MSS value with bytewise access
Repair test_local_addr() on WIN32
Fix possible heap overflow on read accessing getaddrinfo() result.
Fix FreeBSD-specific mishandling of gc arena pointer in create_arbitrary_remote()
remove unused gc_arena in FreeBSD close_tun()
Fix isatty() check for good.
Preparing for release v2.3.9 (ChangeLog, version.m4)
put virtual IPv6 addresses into env
Use adapter index instead of name for windows IPv6 interface config
Client-side part for server restart notification
Use adapter index for add/delete_route_ipv6
Pass adapter index to up/down scripts
Fix VS2013 compilation
Fix privilege drop if first connection attempt fails
Support for username-only auth file.
Add CONTRIBUTING.rst
Updates to Changes.rst
Fix termination when windows suspends/sleeps
Do not hard-code windows systemroot in env_block
Handle ctrl-C and ctrl-break events on Windows
Unbreak read username password from management
Replace strdup() calls for string_alloc() calls
Check return value of ms_error_text()
Increase control channel packet size for faster handshakes
hardening: add insurance to exit on a failed ASSERT()
Fix memory leak in auth-pam plugin
Fix (potential) memory leak in init_route_list()
Fix unintialized variable in plugin_vlog()
Add macro to ensure we exit on fatal errors
Fix memory leak in add_option() by simplifying get_ipv6_addr
openssl: properly check return value of RAND_bytes()
Fix rand_bytes return value checking
Add Windows DNS Leak fix using WFP ('block-outside-dns')
Fix "White space before end tags can break the config parser"
http://openvpn.net/
-
Whats new:>>
* hidden 'chat' feature is moved into a separate and dedicated external library
* with klink it is now possible to define a specific configuration file into environment variable KITTY_INI_FILE (like KiTTY)
* bug fix: automatic reconnection occured even if it was disabled
* bug fix: port knocking settings were not exported
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Changelog
Gert Doering:
Prepare for v2.3.10 release, list PolarSSL 1.2 to 1.3 upgrade
Preparing for release v2.3.10 (ChangeLog, version.m4)
Jan Just Keijser:
Make certificate expiry warning patch (091edd8e299686) work on OpenSSL 1.0.1 and earlier.
Lev Stipakov:
Repair IPv6 netsh calls if Win XP is detected
Phillip Smith:
Use bob.example.com and alice.example.com to improve clarity of documentation
Steffan Karger:
Remove unused variables from ssl_verify_polarssl.c's x509_get_serial()
Upgrade OpenVPN 2.3 to PolarSSL 1.3
Warn user if their certificate has expired
Make assert_failed() print the failed condition
cleanup: get rid of httpdigest.c type warnings
Fix regression in setups without a client certificate
Yegor Yefremov:
polarssl: fix unreachable code
http://openvpn.net/
-
Changelog
ADD: Added hmac-sha2-512,hmac-sha2-512-etm@openssh.com MAC Algorithms
ADD: Support for Elliptic curve Diffie-Hellman Key Exchange (ECDHE)
MOD: About dialog box now includes more license information
MOD: Description and email fields show by default when reporting a crash
FIX: After disabling the Scroll bar, new tabs display the Scroll bar
FIX: Crash when using certain IMEs
FIX: Mouse cursor error in the address bar
FIX: Non ASCII character path names are not transferred properly when inititating a new file transfer
FIX: Parts of the UI are not visible when status bar is disabled
FIX: Performance issues when copying large amounts of data
FIX: Quick Command buttons and Compose Bar not displaying properly on high DPI monitors
FIX: Sessions created from the toolbar do not inherit the default sessions properties
FIX: Tab name not visible when tab color is set to white
FIX: Touch screen scrolling of the terminal area not functioning properly
FIX: Unable to initialize an SSH session in certain OS languages
FIX: Xshell's viewer window title bar does not refresh after a session is closed
FIX: Resource clean up
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
New features:
New WIN32 icons.
Performance improvement: rwlocks used for locking with pthreads.
Bug fixes:
Compilation fix for *BSD.
Fixed configuration file reload for relative stunnel.conf path on Unix.
Fixed ignoring CRLfile unless CAfile was also specified (thx to Strukov Petr).
https://www.stunnel.org/index.html
-
Release Notes
Fixed an issue in the command line SFTP client, sftpc; and in the .NET SSH and SFTP library, FlowSshNet; which could cause the process to become unstable and to terminate abruptly on creation of an SFTP channel. The issue appears to have existed in all previous 6.xx versions, but became more visible in FlowSsh 5.37. The graphical SFTP client is not affected. This version continues to include an upgrade amnesty, so that users of previous 6.xx versions can upgrade.
https://www.bitvise.com/ssh-client-download
-
Whats new:>>
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.2f.
https://www.openssl.org/news/secadv_20160128.txt
* New features
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
- Added OpenSSL autodetection for the recent versions of Xcode.
* Bugfixes
- Fixed references to /etc removed from stunnel.init.in.
- Stopped even trying -fstack-protector on unsupported platforms
(thx to Rob Lockhart).
https://www.stunnel.org/index.html
-
Whats new: >>
This new version improves the logging subsystem by adding an easy way to associate usernames with the IP addresses from which their connections are originated.
http://www.extenua.com/silvershield
-
Changelog
MOD: User files now stored in %APPDATA% when Documents folder does not exist
FIX: %d is not parsed correctly in the logging path of a session file.
FIX: Adjusted focused and non-focused tab colors to be more aesthetic
FIX: Crash when deleting multiple sessions from the tree view of the Sessions Dialog Box
FIX: Crash when using the ls command within certain directories while utilizing ftp within Xshell
FIX: German translation errors
FIX: Output is scrolled when no scrolling should occur
FIX: Performance issues when pasting to selected area
FIX: Resource cleanup
FIX: Resource error in exporting User Keys
FIX: SSH security settings not changed when modifying multiple sessions
FIX: lcd command does not function properly at times
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
* Bugfixes
- Only reset the watchdog if some data was actually transferred.
- A workaround implemented for the unexpected exceptfds set by
select() on WinCE 6.0 (thx to Richard Kraemer).
https://www.stunnel.org/index.html
-
(http://www.heise.de/software/screenshots/77652.jpg)
SSH-Server für Windows-Systeme
kostenlos (für privaten Gebrauch)
Whats new: >>
Improvement: Enhanced Windows 10 compatibility
Security fix: Updated OpenSSL 1.0.2f
Security fix: Updated OpenSSH 7.1p2
Improvement: Graphical interface design
http://mobassh.mobatek.net/
-
Whats new:>>
bug fix: in portable mode, new messages on error when trying to create working directories
bug fix: new message on error when creating default kitty.ini file
bug fix: new mapping for {HOME} and {END} keys
bug fix: login script is played again on automatic re-connection
improvement: re-connection on keypress or mouse click is not considered as an automatic re-connection anymore
improvement: new max delay for icon flash in system tray on BELL signal reception
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
Security bugfixes
OpenSSL DLLs updated to version 1.0.2g. https://www.openssl.org/news/secadv_20160301.txt
New features
Added logging the list of client CAs requested by the server.
Improved compatibility with the current OpenSSL 1.1.0-dev tree.
Bugfixes
Only reset the watchdog if some data was actually transferred.
A workaround implemented for the unexpected exceptfds set by select() on WinCE 6.0 (thx to Richard Kraemer).
https://www.stunnel.org/index.html
-
Whats new: >>
•Security fix: a buffer overrun in the old-style SCP protocol when receiving the header of each file downloaded from the server is fixed. See vuln-pscp-sink-sscanf.
•Windows PuTTY now sets its process ACL more restrictively, in an attempt to defend against malicious other processes reading sensitive data out of its memory.
•Assorted other robustness fixes for crashes and memory leaks.
•We have started using Authenticode to sign our Windows executables and installer.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Whats new:>>
FIX: Multibyte characters are not displayed properly in the previous build 0940
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
* merge with the 0.67 PuTTY version
* bug fix: Unexpected message "Unable to create directory ..." with launcher in portable mode
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
Bug fix: unexpected message about sessions directory creation on startup in portable mode.
Improvement: no automatic reconnection on alt, shift, control, tab, function keys, arrows, mouseup, doubleclick.
Improvement: new kitty.ini option autoreconnect=yes|no.
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Release Notes
Bitvise SSH Client can now be used free of charge in all environments. There are no limits on free use in enterprises, businesses, or governments.
Fixed an issue which could cause the SSH Client to crash under rare conditions.
Fixed a small memory leak which could become visible after long periods of use, e.g. if an SSH session remained active for several months.
https://www.bitvise.com/ssh-client-download
-
Whats new:>>
ADD: Close all tabs feature
ADD: Scroll pause feature
MOD: Removed license notification when closing Free Versions
MOD: Restart time changed after changing program language
FIX: Import from CSV file errors
FIX: Hovering over Quick Commands containing long values causes Xshell to freeze
FIX: Strings not copied when using Copy as RTF
http://www.netsarang.com/products/xsh_overview.html
-
Changelog
Gert Doering (2):
Prepare for v2.3.10 release, list PolarSSL 1.2 to 1.3 upgrade
Preparing for release v2.3.10 (ChangeLog, version.m4)
Jan Just Keijser (1):
Make certificate expiry warning patch (091edd8e299686) work on OpenSSL 1.0.1 and earlier.
Lev Stipakov (1):
Repair IPv6 netsh calls if Win XP is detected
Phillip Smith (1):
Use bob.example.com and alice.example.com to improve clarity of documentation
Steffan Karger (6):
Remove unused variables from ssl_verify_polarssl.c's x509_get_serial()
Upgrade OpenVPN 2.3 to PolarSSL 1.3
Warn user if their certificate has expired
Make assert_failed() print the failed condition
cleanup: get rid of httpdigest.c type warnings
Fix regression in setups without a client certificate
Yegor Yefremov (1):
polarssl: fix unreachable code
http://openvpn.net/
-
Whats new:>>
New features
New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6.
Improved compatibility with the current OpenSSL 1.1.0-dev tree.
Bugfixes
Fixed data alignment on 64-bit MSVC (thx to Yuris W. Auzins).
https://www.stunnel.org/index.html
-
Whats new:>>
- Memory leak detection.
https://www.stunnel.org/index.html
-
Whats new:>>
FIX: Crash in Import window
FIX: Unable to parse the password of a URI in local shell
FIX: Crash related to the keep alive message
FIX: Crash related to some IMEs
FIX: Crash when exiting
FIX: Crash when opening properties of multiple sessions from tree view
FIX: Reconnect button is disabled after several failed reconnection attempts
FIX: Unable to copy brace character ({) as RTF
FIX: Unable to use %d, %t env of script log files
http://www.netsarang.com/products/xsh_overview.html
-
Changelog
Security bugfixes:
OpenSSL DLLs updated to version 1.0.2h.
New features:
New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6.
Memory leak detection.
Improved compatibility with the current OpenSSL 1.1.0-dev tree.
Added/fixed Red Hat scripts
Bugfixes:
Workaround for a WinCE sockets quirk
Fixed data alignment on 64-bit MSVC
https://www.stunnel.org/index.html
-
(http://s26.postimg.org/7fek8ixp5/screenshot_41.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Pop-up notifications now more user-friendly
http://winsshterm.blogspot.com/
-
Changelog
Fixed port-share bug with DoS potential
Make intent of utun device name validation clear
Fix buffer overflow by user supplied data
Correctly report TCP connection timeout on windows
Report Windows bitness
Fix undefined signed shift overflow
Fix build with libressl
Improve LZO, PAM and OpenSSL documentation
Ensure input read using systemd-ask-password is null terminated
Support reading the challenge-response from console
openssl: improve logging
polarssl: improve logging
Update manpage: OpenSSL might also need /dev/urandom inside chroot
socks.c: fix check on get_user_pass() return value(s)
Fix OCSP_check.sh
hardening: add safe FD_SET() wrapper openvpn_fd_set()
Fix memory leak in argv_extract_cmd_name()
Replace MSG_TEST() macro for static inline msg_test()
Restrict default TLS cipher list
Various Changes.rst fixes
Clarify mssfix documentation
Clarify --block-outside-dns documentation
Update --block-outside-dns to work on Windows Vista
http://openvpn.net/
-
Changelog
New feature:
Starting ADB implementation from PuTTYTray fork.
Improvements:
New menu option to run port knocking sequence.
New option in ConfigBox section from configuration file in order not to create default session "Default Settings":defaultsettings=no.
Bug fixes:
New command line parameters -keygen and -runagent in portable mode.
SCPORT feature removed.
Password when session was run from config box with empty session name did not work.
In classic mode session with [ in the name can't be deleted.
No reconnection on keypressed with shift control alt win.
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
Changed yellow color in color scheme 'WinSSHTerm'.
http://winsshterm.blogspot.com/
-
Changelog
* New features
- Updated the memory leak detection heuristics.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
- SNI support also enabled on OpenSSL 0.9.8f and later (thx to
Guillermo Rodriguez Garcia).
* Bugfixes
- Fixed a memory leak in the TLS session caching code (thx to
Richard Kraemer).
- Fixed a FORK threading build regression bug.
https://www.stunnel.org/index.html
-
Changelog
Fixes Issue #528 mintty (2.1.4) exiting and throwing exception due to default behavior change in mintty daemonize option.
Fixes Issue #546 Option Added to override and allow -pw command line option to be sent. Defaults to not allow the -pw option.
Updated Readme file to promote our Facebook page
Resolves Issue #423 Support added to define shortcut key that will allow rename tab.
Issue #530 Adds support to persist Command Bar History between sessions
Uses SortableBindingList class as datasource for Command Bar History
Adds new settings in Options for enabling (default) command bar history and for setting aging (default 7 days) of history to persist
Fixes issue #491 Commands now sent to all sessions that are selected.
Some code cleanup:
Issue #558 Adds support to execute SPSL scripts when a session is launched, or restored from auto layout
Better handling when a new session process is unable to start due to command line arguments or other reasons causing process to not start. should fix unhandled exception in Issue #528
Adds new SPSL Scripting Engine as documented in Issue #558
Fixes Issue #551 pscp command line arguments now properly encapsulated in quotation marks to deal with spaces in folder names
Fixes issue #557 and adds better error checking to application update checker fixes Issue #556 check for null object when remote directory is not found due to configuration path error
Add better handling for update checker, possibly Fixes issue #557
Merge pull request #552 from spokorski/master:
pressing shift-enter in the command sender will suppress the trailing enter key in the commands actually sent to the putty sessions. pressing enter by itself will still function as normal.
Merge pull request #553 from simono74/master:
Implements Session Detail Window for a quick view of session properties
Merge pull request #548 from simono74/master:
Fix the way the keys are handled in the open session window
https://code.google.com/p/superputty/
-
(http://securityxploded.com/images/sslcertscanner_mainscreen_big.jpg)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.
You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.
It works on wide range of platforms starting from Windows XP to latest operating system Windows 10.
Freeware
Whats new:>>
Mega 2016 release with support for new Windows 10 version. Also improved GUI interface with new banner and icon.
http://securityxploded.com/sslcertscanner.php
-
(http://securityxploded.com/images/sslcertstoreviewer_report.jpg)
SSLCertStoreViewer is the free Tool to view all the installed SSL certificates from your local system store.
Currently it can automatically scan and display Certificates from following type of stores,
CA Certificate Store
Private Certificate Store
Root Certificate Store
Software Publisher Certificate Store
For each discovered SSL certificate it displays following information
Certificate Store
Certificate Subject Name
Certificate Issuer Name
Issue Date
Expiry Date
It also checks if any of the certificate is expired. If so then it will be displayed in RED color.
Freeware
Whats new:>>
Mega 2016 release with support for new Windows 10 version. Also fixed the resize problem.
http://securityxploded.com/ssl-certificate-store-viewer.php
-
(http://s26.postimg.org/5q298u7fd/screenshot_108.png)
SSL Cert Downloader is a free command-line tool to grab SSL certificate from server remotely.
It can be used to download certificate from any of the SSL enabled services including
HTTPS (443)
LDAPS (636)
SMTPS (465)
POPS (995)
IMAPS (993)
You can either specify IP address or host name of the server. Also you can enter any custom port which makes it useful when SSL service is running on non-standard port.
Once the certificate is downloaded from the server it will be saved to the specified file. Later you can just double click on the saved file to view the SSL certificate.
It is very easy to use and being a command-line tool makes it easy for automation through scripting.
It is fully portable and works on all platforms starting from Windows XP to Windows 10 version.
Whats new:>>
Mega 2016 release with support for new Windows 10 version.
http://securityxploded.com/ssl-certificate-downloader.php
-
(http://s26.postimg.org/7fek8ixp5/screenshot_41.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Bug fix: clicking on tabs could lead to unexpected behaviour under some circumstances
The menu item "Close all disconnected" now only enabled if there is at least one connection marked as disconnected
http://winsshterm.blogspot.com/
-
Whats new:>>
Bug fix: keyboard shortcuts not working correctly under some circumstances
http://winsshterm.blogspot.com/
-
Whats new:>>
New feature:
ADB implementation from PuTTYTray fork.
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
* bug fix: memory allocation issue in error messaging function
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
Bug fix: Opening a new connection in a different window (from the search dialog) could cause focus issues
http://winsshterm.blogspot.com/
-
Whats new:>>
Fixed:
Hyperlink feature was broken after Japanese characters.
-sendcmd command-line option did not work with special characters (ex: \x03).
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(http://s26.postimg.org/t6c3wxrfd/screenshot_767.jpg)
Xshell is a powerful terminal emulator that supports SSH, SFTP, TELNET, RLOGIN and SERIAL. It delivers industry leading performance and feature sets that are not available in its free alternatives. Features that enterprise users will find useful include a tabbed environment, dynamic port forwarding, custom key mapping, user defined buttons, VB scripting, and UNICODE terminal for displaying 2 byte characters and international language support.
Xshell offers many user friendly features that are not available in other terminal emulators. These features include Zmodem file uploads by drag and drop, Zmodem file downloads by selecting the file name, simple mode, full screen mode, transparency options, and a custom layout mode. Save time and effort when performing terminal tasks using Xshell.
If you are using Xshell 5 from home or school, you can use it for free. To apply the free license, download and select Free for Home and School license type during installation.
Freeware
Changelog
ADD: Script function for importing current session name
MOD: Changes to error message shown when installation files unable to be located
FIX: Exit prompt displayed even if mouse click was not on the X (close) button
FIX: Focus remains in Address Bar after connecting via Address Bar
FIX: Special characters rejected during password authentication
FIX: Unable to highlight words preceded by a Tab character
FIX: Unable to paste in prompt mode during an SSH connection
FIX: Unable to use Quick Commands during terminal-based authentication
FIX: Unnecessary Restart Needed prompt during live update
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
- Initial setup is now more user-friendly
- Pop-up notification removed / support button added
http://winsshterm.blogspot.com/
-
Whats new:>>
Recently released. List of changes to be published as soon as ready.
https://www.bitvise.com/ssh-client-download
-
Changelog
* New features
- Improved memory leak detection performance and accuracy.
- Improved compatibility with the current OpenSSL 1.1.0-dev tree.
- SNI support also enabled on OpenSSL 0.9.8f and later (thx to
Guillermo Rodriguez Garcia).
- Added support for PKCS #12 (.p12/.pfx) certificates (thx to
Dmitry Bakshaev).
* Bugfixes
- Fixed a TLS session caching memory leak (thx to Richard Kraemer).
Before stunnel 5.27 this leak only emerged with sessiond enabled.
- Yet another WinCE socket fix (thx to Richard Kraemer).
- Fixed passphrase/pin dialogs in tstunnel.exe.
- Fixed a FORK threading build regression bug.
- OPENSSL_NO_DH compilation fix (thx to Brian Lin).
https://www.stunnel.org/index.html
-
Whats new:>>
- It is now possible to set a few session settings for each connection separately (session logging is currently only available for PuTTY)
http://winsshterm.blogspot.com/
-
Changelog
Security bugfixes:
Fixed malfunctioning "verify = 4"
New features:
Bind sockets with SO_EXCLUSIVEADDRUSE on WIN32
Added three new service-level options: requireCert, verifyChain, and verifyPeer for fine-grained certificate verification control
Improved compatibility with the current OpenSSL 1.1.0-dev tree
https://www.stunnel.org/index.html
-
Whats new:>>
- Improved code for ensuring that only one instance of WinSSHTerm is running
- Fixed problem with Microsoft Security Essentials
http://winsshterm.blogspot.com/
-
Whats new:>>
Bugfixes:
Fixed incorrectly enforced client certificate requests.
Only default to SO_EXCLUSIVEADDRUSE on Vista and later.
Fixed thread safety of the configuration file reopening.
https://www.stunnel.org/index.html
-
Whats new: >>
This new version features only one small change: it ensures that all directories and virtual directories have the “permissions” bits properly set in the “attributes” extension (SFTPv4+).
Warning: if you’re upgrading from a version prior to 6.1.5.135, installing this new version may lead to loss/invalidation of your license. So if you are a licensed customer, please, contact Extenua before applying this update/upgrade.
http://www.extenua.com/silvershield
-
Changelog
Changes since OpenSSH 7.2
=========================
This is primarily a bugfix release.
Security
--------
* sshd(8): Mitigate a potential denial-of-service attack against
the system's crypt(3) function via sshd(8). An attacker could
send very long passwords that would cause excessive CPU use in
crypt(3). sshd(8) now refuses to accept password authentication
requests of length greater than 1024 characters. Independently
reported by Tomas Kuthan (Oracle), Andres Rojas and Javier Nieto.
* sshd(8): Mitigate timing differences in password authentication
that could be used to discern valid from invalid account names
when long passwords were sent and particular password hashing
algorithms are in use on the server. CVE-2016-6210, reported by
EddieEzra.Harari at verint.com
* ssh(1), sshd(8): Fix observable timing weakness in the CBC padding
oracle countermeasures. Reported by Jean Paul Degabriele, Kenny
Paterson, Torben Hansen and Martin Albrecht. Note that CBC ciphers
are disabled by default and only included for legacy compatibility.
* ssh(1), sshd(8): Improve operation ordering of MAC verification for
Encrypt-then-MAC (EtM) mode transport MAC algorithms to verify the
MAC before decrypting any ciphertext. This removes the possibility
of timing differences leaking facts about the plaintext, though no
such leakage has been observed. Reported by Jean Paul Degabriele,
Kenny Paterson, Torben Hansen and Martin Albrecht.
* sshd(8): (portable only) Ignore PAM environment vars when
UseLogin=yes. If PAM is configured to read user-specified
environment variables and UseLogin=yes in sshd_config, then a
hostile local user may attack /bin/login via LD_PRELOAD or
similar environment variables set via PAM. CVE-2015-8325,
found by Shayan Sadigh.
New Features
------------
* ssh(1): Add a ProxyJump option and corresponding -J command-line
flag to allow simplified indirection through a one or more SSH
bastions or "jump hosts".
* ssh(1): Add an IdentityAgent option to allow specifying specific
agent sockets instead of accepting one from the environment.
* ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
optionally overridden when using ssh -W. bz#2577
* ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as
per draft-sgtatham-secsh-iutf8-00.
* ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman
2K, 4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
* ssh-keygen(1), ssh(1), sshd(8): support SHA256 and SHA512 RSA
signatures in certificates;
* ssh(1): Add an Include directive for ssh_config(5) files.
* ssh(1): Permit UTF-8 characters in pre-authentication banners sent
from the server. bz#2058
Bugfixes
--------
* ssh(1), sshd(8): Reduce the syslog level of some relatively common
protocol events from LOG_CRIT. bz#2585
* sshd(8): Refuse AuthenticationMethods="" in configurations and
accept AuthenticationMethods=any for the default behaviour of not
requiring multiple authentication. bz#2398
* sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN
ATTEMPT!" message when forward and reverse DNS don't match. bz#2585
* ssh(1): Close ControlPersist background process stderr except
in debug mode or when logging to syslog. bz#1988
* misc: Make PROTOCOL description for direct-streamlocal@openssh.com
channel open messages match deployed code. bz#2529
* ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
failures when both ExitOnForwardFailure and hostname
canonicalisation are enabled. bz#2562
* sshd(8): Remove fallback from moduli to obsolete "primes" file
that was deprecated in 2001. bz#2559.
* sshd_config(5): Correct description of UseDNS: it affects ssh
hostname processing for authorized_keys, not known_hosts; bz#2554
* ssh(1): Fix authentication using lone certificate keys in an agent
without corresponding private keys on the filesystem. bz#2550
* sshd(8): Send ClientAliveInterval pings when a time-based
RekeyLimit is set; previously keepalive packets were not being
sent. bz#2252
Portability
-----------
* ssh(1), sshd(8): Fix compilation by automatically disabling ciphers
not supported by OpenSSL. bz#2466
* misc: Fix compilation failures on some versions of AIX's compiler
related to the definition of the VA_COPY macro. bz#2589
* sshd(8): Whitelist more architectures to enable the seccomp-bpf
sandbox. bz#2590
* ssh-agent(1), sftp-server(8): Disable process tracing on Solaris
using setpflags(__PROC_PROTECT, ...). bz#2584
* sshd(8): On Solaris, don't call Solaris setproject() with
UsePAM=yes it's PAM's responsibility. bz#2425
http://www.openssh.com/
-
Changelog
SSH implementations have a chance of generating RSA signatures slightly smaller than expected with a small probability (e.g. 1:200). Windows CNG has been found to not validate such signatures as presented. With our software versions 7.12, this has resulted in occasional connection or login attempt failures. Our SSH Server, SSH Client, and FlowSsh now re-encode RSA signatures, so that smaller-than-expected ones can verify correctly.
Windows CNG, as used by our new cryptographic provider in versions 7.xx, has been found to return an incorrect signature size for odd-sized RSA keys (e.g. for 1023-bit or 2047-bit keys). Most SSH implementations do not generate odd-sized RSA keys, but there are old versions of PuTTY which do (e.g. version 0.62). Our SSH Server, SSH Client, and FlowSsh now take steps to support generating and validating signatures using such keys.
Certain implementations (e.g. OpenSSH version 7.2, but not 7.2p2) have been found to encode RSA signatures using the new signature methods rsa-sha2-256 and rsa-sha2-512 in a way that is not compatible with the specification of these methods. For compatibility, our SSH Server, SSH Client, and FlowSsh will now accept these alternate signature encodings.
Our SSH Server, SSH Client, and FlowSsh now have improved Windows error reporting, distinguishing NTSTATUS error messages from those associated with HRESULT.
https://www.bitvise.com/ssh-client-download
-
Whats new:>>
Code cleanup
Minor changes to the GUI:
Removed AutoHide button for now, as it isn't working as expected
Double-clicking the caption of the Connections/Configuration window won't cause an unexpected action any longer
Minor changes to the search dialog:
Enter a search string and press the SPACE-key to find all matching endings
http://winsshterm.blogspot.com/
-
Changelog
ADD: Font size direct input function
MOD: SSH banner message now prints out directly after user ID is entered
FIX: Exiting the session while running a script crashes Xshell
FIX: Issue with JS Script WaitForString function
FIX: Unable to authenticate passwords with Unicode characters
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
Fixed some focus issues which could occur after pressing ALT+TAB
GUI: Window splitter changed for better handling / changed color
Slightly changed red color in default color scheme
http://winsshterm.blogspot.com/
-
Changelog
Complete push-peer-info documentation and allow IV_PLAT_VER for other platforms than Windows if the client UI supplies it.
Move ASSERT so external-key with OpenSSL works again
Only build and run cmocka unit tests if its submodule is initialized
Another fix related to unit test framework
Remove NOP function and callers
Revert "Drop recursively routed packets"
Preparing release of v2.3.12
Add CHACHA20-POLY1305 ciphersuite IANA name translations.
Plug memory leak in mbedTLS backend
Update contrib/pull-resolv-conf/client.up for no DOMAIN
Add unit testing support via cmocka
Add a test for auth-pam searchandreplace
Push an IPv6 CIDR mask used by the server, not the pool's size
Add link to bug tracker
Drop recursively routed packets
Update CONTRIBUTING.rst to allow GitHub PRs for code review purposes
Clarify the fact that build instructions in README are for release tarballs
Make error non-fatal while deleting address using netsh
Make block-outside-dns work with persist-tun
Ignore SIGUSR1/SIGHUP during exit notification
Promptly close the netcmd_semaphore handle after use
Fix polarssl / mbedtls builds
Don't limit max incoming message size based on c2->frame
Fix '--cipher none --cipher' crash
Discourage using 64-bit block ciphers
http://openvpn.net/
-
Whats new:>>
- Added license information in "About" dialog
- Added a "Readme" file
http://winsshterm.blogspot.com/
-
Das OpenSSL-Projekt hat die Version 1.1.0 der OpenSSL-Bibliothek freigegeben. Die neue Version bringt eine Reihe neuer Funktionen, ist aber inkompatibel mit der Vorgängerversion 1.0.x. Alle Anwendungen, die OpenSSL 1.1.x einsetzen wollen, müssen ihre Aufrufe sorgfältig prüfen, um keine neuen Sicherheitslücken zu schaffen.
OpenSSL stellt alle Funktionalität für zeitgemäße Verschlüsselung bereit, von sicheren Zufallsgeneratoren über Hash- und Verschlüsselungs-Funktionen bis zu Schlüsselaustausch- und TLS-Protokollen. Sie ist ein kritischer Bestandteil der meisten freien Distributionen, nicht nur von Linux. Das 1998 gestartete Projekt konnte nämlich auf die schon vorhandene Bibliothek SSLeay von Ben Laurie zurückgreifen, die damals unter anderem für Apache-SSL benötigt wurde. Ben Laurie gehört heute immer noch zum OpenSSL-Projekt-Team.
Fast sechseinhalb Jahre nach OpenSSL 1.0.0 ist jetzt Version 1.1.0 erschienen. Vieles hat sich in dieser Zeit getan. Katastrophale Sicherheitslücken wie »Heartbleed« wurden entdeckt, und im Nachgang dieser Fehler wurde klar, dass die Projektstruktur selbst in einem katastrophalen Zustand war. Unter anderem mit Unterstützung der anlässlich dieser Missstände gegründeten Core Infrastructure Initiative der Linux Foundation wurde begonnen, die Probleme zu beseitigen. Der gesamte Code wurde einem oder sogar mehreren Audits unterzogen, die gefundenen Probleme beseitigt und mit dem Aufräumen des Codes begonnen.
Als Frucht dieser Arbeit bringt OpenSSL 1.1.0 laut der Ankündigung zahlreiche Erweiterungen und Änderungen mit. Neue Algorithmen wie ChaCha20, Poly130 und die CCM-Suites wurden aufgenommen. Diese werden auch dringend benötigt, da mehrere der bisherigen Algorithmen nicht mehr als ausreichend sicher betrachtet werden können und daher teils herabgestuft und teils entfernt wurden. So werden Verschlüsselungen mit 40 oder 56 Bit ebenso wie SSLv2 nicht mehr unterstützt. Das ebenso obsolete SSLv3 bleibt vorerst noch erhalten. Kerberos dagegen wurde entfernt. Es gibt ein neues Thread-API, eine verbesserte Test-Suite, Unterstützung für asynchrone Operationen, ein neues Bausystem, neue Sicherheitsstufen, Unterstützung für X25519, KDF, scrypt, HKDF und Zertifikatstransparenz und einiges mehr.
Viele Datenstrukturen sind nun nicht mehr von außen sichtbar. Diese Umstrukturierung zusammen mit anderen Änderungen an den Schnittstellen machen OpenSSL 1.1.0 inkompatibel mit früheren Versionen. Zahlreiche Programme, die OpenSSL nutzen, lassen sich ohne Änderungen nicht mehr compilieren. Doch mit dem einfachen Anpassen des Codes an die neue Schnittstelle ist es nicht getan. Sämtliche Aufrufe von OpenSSL müssen einer Überprüfung unterzogen werden. Denn teilweise wurden Änderungen an Funktionen vorgenommen, die zwar nicht zu Compilierfehlern führen, aber schwere Probleme aufwerfen können. So gibt die Funktion HMAC_Init_ex jetzt einen Fehlercode zurück und kann somit scheitern, was früher nicht der Fall war. Da existierende Programme dieses Scheitern nicht feststellen können, könnte damit eine neue Sicherheitslücke entstehen. Die Änderungen selbst sind zwar dokumentiert, aber nicht die Fallstricke, die daraus erwachsen. Allerdings war OpenSSL schon immer eine Bibliothek, die es leicht machte, die an sich erstklassigen Kryptografie-Funktionen falsch zu nutzen.
OpenSSL 1.1.0 steht als Quellcode zum Download zur Verfügung und dürfte bald seinen Weg in die Paket-Repositorien der Distributionen finden. Das Paket steht unter der Apache 2.0-Lizenz.
Quelle : www.pro-linux.de
-
Changelog
Updated EULA to make more explicit our licensing and support policies. The policies themselves remain unchanged.
In command line clients (sftpc, stermc, sexec, stnlc, spksc), the parameter -proxyPassword had no effect. Fixed.
https://www.bitvise.com/ssh-client-download
-
Changelog
ADD:
Warning message when wrong or no master password is inputted
FIX:
Issues using Xshell in Windows 10 RS1
Unable to control Xshell after pressing Alt+space keys
Pointless timeout message in VBS
Simple mode turns off regardless of the view setting
Can not save font size changed in editing multiple sessions
http://www.netsarang.com/products/xsh_overview.html
-
(http://s26.postimg.org/7fek8ixp5/screenshot_41.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Changed layout and color of tabs
The font "Courier New" is now selectable to support a wider range of characters
Adjusted colors of default color scheme
Cleaned up code
http://winsshterm.blogspot.com/
-
Whats new:>>
New features:
Removed direct zlib dependency.
Added support for OpenSSL 1.1.0-dev built with "no-deprecated".
Bugfixes
https://www.stunnel.org/index.html
-
Whats new:>>
- It is now possible to alter WinSCP settings globally with command-line parameters
http://winsshterm.blogspot.com/
-
Whats new:>>
- Bug fix: Opening a WinSCP session with "Copy Files" now with proper handling of special characters
http://winsshterm.blogspot.com/
-
Whats new:>>
* Merge with dev 0.67-20160922 PuTTY version
* bug fix: crash in portable mode if Default%20Settings file is empty
* new feature: when the connection is lost the window title is not "PuTTY (inactive)" anymmore. (inactive) is added at the end of the window title
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
- New option "Custom Path" - if set, WinSSHTerm will automatically cd into that path after login
- New option "Cmd-line Args" which e.g. lets you execute a command file or set up SSH port tunneling
http://winsshterm.blogspot.com/
-
Whats new:>>
- New feature: It is now possible to a set the remote path from clipboard when opening a connection
http://winsshterm.blogspot.com/
-
(https://sites.google.com/site/macdsite/_/rsrc/1376686075580/utilidades/puttytabmanager/puttytm.png)
PuTTYTabManager is a handy application that allows you to run multiple PuTTY applications using a single GUI. The application support all the PuTTY protocols, such as SSH, Telnet, Rlogin and Raw.
The tab-based interface makes the application very easy to use, enabling you to manage multiple PuTTY sessions at the same time. Instead of opening multiple PuTTY windows, simply open PuTTYTabManager and initiate every session in a new tab.
Freeware
Whats new: >>
New: supports file transfer (WinSCP)
New: supports X-Server (Xming/VcXsrv)
New option: 'Duplicate tab'
Fixed password problem (SSH session)
Several minor improvements.
Several minor bugs fixed
https://sites.google.com/site/macdsite/utilidades/puttytabmanager
-
(http://s26.postimg.org/a8juwujyx/screenshot_36.png)
SoSSH is an application designed to help you streaming multimedia content via the SSH protocol. SoSSH can connect to a server and creates custom playlists. It comes with an intuitive interface and basic playback functions, which makes it suitable for any type of user, beginner or advanced.
License : GPLv3
https://sourceforge.net/projects/sossh/?source=directory
-
Whats new:>>
- New feature: It is now possible to send TCP Keep Alives for each connection
- Minor improvements to the GUI
http://winsshterm.blogspot.com/
-
Changelog
Arne Schwabe (2):
Use AES ciphers in our sample configuration files and add a few modern 2.4 examples
Incorporate the Debian typo fixes where appropriate and make show_opt default message clearer
David Sommerseth (5):
t_client.sh: Make OpenVPN write PID file to avoid various sudo issues
t_client.sh: Add support for Kerberos/ksu
t_client.sh: Improve detection if the OpenVPN process did start during tests
t_client.sh: Add prepare/cleanup possibilties for each test case
Preparing release of v2.3.13
Gert Doering (5):
Do not abort t_client run if OpenVPN instance does not start.
Fix t_client runs on OpenSolaris
make t_client robust against sudoers misconfiguration
add POSTINIT_CMD_suf to t_client.sh and sample config
Fix --multihome for IPv6 on 64bit BSD systems.
Ilya Shipitsin (1):
skip t_lpback.sh and t_cltsrv.sh if openvpn configured --disable-crypto
Lev Stipakov (2):
Exclude peer-id from pulled options digest
Fix compilation in pedantic mode
Samuli Seppänen (1):
Automatically cache expected IPs for t_client.sh on the first run
Steffan Karger (6):
Fix unittests for out-of-source builds
Make gnu89 support explicit
cleanup: remove code duplication in msg_test()
Update cipher-related man page text
Limit --reneg-bytes to 64MB when using small block ciphers
Add a revoked cert to the sample keys
http://openvpn.net/
-
Whats new:>>
Bugfixes:
OpenSSL DLLs updated to version 1.0.2j (stops crashes).
The default SNI target (not handled by any slave service) is handled by the master service rather than rejected.
Removed thread synchronization in the FORK threading model.
https://www.stunnel.org/index.html
-
Whats new:>>
Upgrade to GNU GCC 5.3.0 compiler (Windows versions before Windows Vista are not supported anymore).
New option in kitty.ini file: PSCPOptions to specify kscp.exe parameters.
Fixed:
Delay (40ms) between two port knocking;
At first launch there is a message to say the host keys directory does not exist.
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
New feature "Multi-Input": It is now possible to send keyboard input or paste clipboard to multiple connections (thanks to Stephane L.)
Bug fix: Opening a connection could fail under some rare circumstances
http://winsshterm.blogspot.com/
-
Changelog
Document that tls-crypt also supports inline
Fix warning that RAND_bytes is undeclared
Remove compat-stdbool.h.
Fix various compiler warnings
Handle DNS6 option on Android
Changes.rst: Fixing wrong formatting
Document the --auth-token option
Remove remaining traces of compat-stdbool.h
Stub implementation of "--dhcp-option DNS6 "
Do not set ipv6 address if '--ip-win32 manual' is used
Handle --dhcp-option DNS6 on Windows using netsh
Set IPv6 DNS servers using interactive service
multi_process_float: revert part of c14c4a9e
tls-crypt fixes
Change cmocka remote to use https in stead of git protocol
generate_key_expansion: make assumption explicit, use C99 features
Poor man's NCP for non-NCP peers
Refactor data channel key generation API
http://openvpn.net/
-
Whats new:>>
- Default tab layout: Changed back to light color; there is a new option to switch to dark colored tabs under Preferences->General
- Display: added one split window for connections
- Multi-Input: It is now possible to select/unselect all tabs from the Multi-Input dialog
- Bug fix: Opening a connection in a new window did not work as expected in some case
http://winsshterm.blogspot.com/
-
Whats new:>>
New features
"sni=" can be used to prevent sending the SNI extension.
The AI_ADDRCONFIG resolver flag is used when available.
Merged Debian 06-lfs.patch (thx Peter Pentchev).
Bugfixes
Fixed a memory allocation bug causing crashes with OpenSSL 1.1.0.
Fixed error handling for mixed IPv4/IPv6 destinations.
Merged Debian 08-typos.patch (thx Peter Pentchev).
https://www.stunnel.org/index.html
-
Changelog
reload CRL only if file was modified
update year in copyright message
Use systemd service manager notification
Refuse to daemonize when running from systemd
Preparing OpenVPN v2.4_rc1 release
Fix windows path in Changes.rst
Mention that OpenVPN 2.4 requires Windows Vista or higher
Map restart signals from event loop to SIGTERM during exit-notification wait
When parsing '--setenv opt xx ..' make sure a third parameter is present
Force 'def1' method when --redirect-gateway is done through service
Do not restart dns client service as a part of --register-dns processing
tls_process: don't set variable that's never read
Unconditionally enable TLS_AGGREGATE_ACK
Clean up format_hex_ex()
Introduce and use secure_memzero() to erase secrets
http://openvpn.net/
-
Whats new:>>
•Fixed a race condition that could result in a crash, under a specific set of conditions, when clients use server-to-client port forwarding.
•Due to the nature of the issue fixed in this release, this version contains an upgrade access amnesty. Any Bitvise SSH Server activation code that could activate a previous 7.xx version will also activate version 7.16.
https://www.bitvise.com/ssh-server
-
Changelog
Christian Hesse (1):
update year in copyright message
David Sommerseth (2):
man: Improve the --keepalive section
Document the --auth-token option
Gert Doering (3):
Repair topology subnet on FreeBSD 11
Repair topology subnet on OpenBSD
Preparing release of v2.3.14
Lev Stipakov (1):
Drop recursively routed packets
Selva Nair (4):
Support --block-outside-dns on multiple tunnels
When parsing '--setenv opt xx ..' make sure a third parameter is present
Map restart signals from event loop to SIGTERM during exit-notification wait
Correctly state the default dhcp server address in man page
Steffan Karger (1):
Clean up format_hex_ex()
http://openvpn.net/
-
Whats new:>>
Multi-Input: Reimplemented and improved
'Copy Files' or select tab for 'Multi-Input' with middle mouse button click on a tab (Preferences->General)
New option to tile windows clockwise under Preferences->General
http://winsshterm.blogspot.com/
-
(http://securityxploded.com/images/sslcertscanner_mainscreen_big.jpg)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.
You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.
It works on wide range of platforms starting from Windows XP to latest operating system Windows 10.
Freeware
Whats new:>>
Major release feauring new GUI enhancements. Also integrated new installer for simple installation & un-installation.
http://securityxploded.com/sslcertscanner.php
-
Whats new:>>
- Bug fix: Opening a new connection could cause multiple entries in the History list under some circumstances
- Fullscreen mode now optionally covers the Windows taskbar
http://winsshterm.blogspot.com/
-
Changelog
Potentially-incompatible changes:
This release includes a number of changes that may affect existing configurations:
This release removes server support for the SSH v.1 protocol.
ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit block ciphers are not safe in 2016 and we don't want to wait until attacks like SWEET32 are extended to SSH. As 3des-cbc was the only mandatory cipher in the SSH RFCs, this may cause problems connecting to older devices using the default configuration, but it's highly likely that such devices already need explicit configuration for key exchange and hostkey algorithms already anyway. sshd(8): Remove support for pre-authentication compression. Doing compression early in the protocol probably seemed reasonable in the 1990s, but today it's clearly a bad idea in terms of both cryptography (cf. multiple compression oracle attacks in TLS) and attack surface. Pre-auth compression support has been disabled by default for >10 years. Support remains in the client. ssh-agent will refuse to load PKCS#11 modules outside a whitelist of trusted paths by default. The path whitelist may be specified at run-time.
sshd(8): When a forced-command appears in both a certificate and an authorized keys/principals command= restriction, sshd will now refuse to accept the certificate unless they are identical. The previous (documented) behaviour of having the certificate forced-command override the other could be a bit confusing and error-prone. sshd(8): Remove the UseLogin configuration directive and support for having /bin/login manage login sessions.
Changes since OpenSSH 7.3:
Security:
ssh-agent(1): Will now refuse to load PKCS#11 modules from paths outside a trusted whitelist (run-time configurable). Requests to load modules could be passed via agent forwarding and an attacker could attempt to load a hostile PKCS#11 module across the forwarded agent channel: PKCS#11 modules are shared libraries, so this would result in code execution on the system running the ssh-agent if the attacker has control of the forwarded agent-socket (on the host running the sshd server) and the ability to write to the filesystem of the host running ssh-agent (usually the host running the ssh client). Reported by Jann Horn of Project Zero.
sshd(8): When privilege separation is disabled, forwarded Unix- domain sockets would be created by sshd(8) with the privileges of 'root' instead of the authenticated user. This release refuses Unix-domain socket forwarding when privilege separation is disabled (Privilege separation has been enabled by default for 14 years). Reported by Jann Horn of Project Zero.
sshd(8): Avoid theoretical leak of host private key material to privilege-separated child processes via realloc() when reading keys. No such leak was observed in practice for normal-sized keys, nor does a leak to the child processes directly expose key material to unprivileged users. Reported by Jann Horn of Project Zero.
sshd(8): The shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimising compilers. Additionally, this memory manager was incorrectly accessible when pre-authentication compression was disabled. This could potentially allow attacks against the privileged monitor process from the sandboxed privilege-separation process (a compromise of the latter would be required first). This release removes support for pre-authentication compression from sshd(8). Reported by Guido Vranken using the Stack unstable optimisation identification tool (http://css.csail.mit.edu/stack/)
sshd(8): Fix denial-of-service condition where an attacker who sends multiple KEXINIT messages may consume up to 128MB per connection. Reported by Shi Lei of Gear Team, Qihoo 360.
sshd(8): Validate address ranges for AllowUser and DenyUsers directives at configuration load time and refuse to accept invalid ones. It was previously possible to specify invalid CIDR address ranges (e.g. user@127.1.2.3/55) and these would always match, possibly resulting in granting access where it was not intended. Reported by Laurence Parry.
New Features:
ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by the version in PuTTY by Simon Tatham. This allows a multiplexing client to communicate with the master process using a subset of the SSH packet and channels protocol over a Unix-domain socket, with the main process acting as a proxy that translates channel IDs, etc. This allows multiplexing mode to run on systems that lack file- descriptor passing (used by current multiplexing code) and potentially, in conjunction with Unix-domain socket forwarding, with the client and multiplexing master process on different machines. Multiplexing proxy mode may be invoked using "ssh -O proxy ..."
sshd(8): Add a sshd_config DisableForwarding option that disables X11, agent, TCP, tunnel and Unix domain socket forwarding, as well as anything else we might implement in the future. Like the 'restrict' authorized_keys flag, this is intended to be a simple and future-proof way of restricting an account.
sshd(8), ssh(1): Support the "curve25519-sha256" key exchange method. This is identical to the currently-supported method named "curve25519-sha256@libssh.org".
sshd(8): Improve handling of SIGHUP by checking to see if sshd is already daemonised at startup and skipping the call to daemon(3) if it is. This ensures that a SIGHUP restart of sshd(8) will retain the same process-ID as the initial execution. sshd(8) will also now unlink the PidFile prior to SIGHUP restart and re-create it after a successful restart, rather than leaving a stale file in the case of a configuration error. bz#2641
sshd(8): Allow ClientAliveInterval and ClientAliveCountMax directives to appear in sshd_config Match blocks.
sshd(8): Add %-escapes to AuthorizedPrincipalsCommand to match those supported by AuthorizedKeysCommand (key, key type, fingerprint, etc.) and a few more to provide access to the contents of the certificate being offered.
Added regression tests for string matching, address matching and string sanitisation functions.
Improved the key exchange fuzzer harness.
Bugfixes:
ssh(1): Allow IdentityFile to successfully load and use certificates that have no corresponding bare public key. bz#2617 certificate id_rsa-cert.pub (and no id_rsa.pub).
ssh(1): Fix public key authentication when multiple authentication is in use and publickey is not just the first method attempted. bz#2642
regress: Allow the PuTTY interop tests to run unattended. bz#2639
ssh-agent(1), ssh(1): improve reporting when attempting to load keys from PKCS#11 tokens with fewer useless log messages and more detail in debug messages. bz#2610
ssh(1): When tearing down ControlMaster connections, don't pollute stderr when LogLevel=quiet.
sftp(1): On ^Z wait for underlying ssh(1) to suspend before suspending sftp(1) to ensure that ssh(1) restores the terminal mode correctly if suspended during a password prompt.
ssh(1): Avoid busy-wait when ssh(1) is suspended during a password prompt.
ssh(1), sshd(8): Correctly report errors during sending of ext- info messages.
sshd(8): fix NULL-deref crash if sshd(8) received an out-of- sequence NEWKEYS message.
sshd(8): Correct list of supported signature algorithms sent in the server-sig-algs extension. bz#2547
sshd(8): Fix sending ext_info message if privsep is disabled.
sshd(8): more strictly enforce the expected ordering of privilege separation monitor calls used for authentication and allow them only when their respective authentication methods are enabled in the configuration
sshd(8): Fix uninitialised optlen in getsockopt() call; harmless on Unix/BSD but potentially crashy on Cygwin.
Fix false positive reports caused by explicit_bzero(3) not being recognised as a memory initialiser when compiled with -fsanitize-memory. sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet for configuration examples.
Portability:
On environments configured with Turkish locales, fall back to the C/POSIX locale to avoid errors in configuration parsing caused by that locale's unique handling of the letters 'i' and 'I'. bz#2643
sftp-server(8), ssh-agent(1): Deny ptrace on OS X using ptrace(PT_DENY_ATTACH, ..)
ssh(1), sshd(8): Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL.
Fix compilation for libcrypto compiled without RIPEMD160 support.
contrib: Add a gnome-ssh-askpass3 with GTK+3 support. bz#2640 sshd(8): Improve PRNG reseeding across privilege separation and force libcrypto to obtain a high-quality seed before chroot or sandboxing.
All: Explicitly test for broken strnvis. NetBSD added an strnvis and unfortunately made it incompatible with the existing one in OpenBSD and Linux's libbsd (the former having existed for over ten years). Try to detect this mess, and assume the only safe option if we're cross compiling.
http://www.openssh.com/
-
Changelog
Changes in OpenVPN:
David Sommerseth (4):
dev-tools: Added script for updating copyright years in files
Update copyrights
docs: Further enhance the documentation related to SWEET32
man: Remove references to no longer present IV_RGI6 peer-info
Gert Doering (1):
Remove IV_RGI6=1 peer-info signalling.
Steffan Karger (2):
Document that RSA_SIGN can also request TLS 1.2 signatures
man: encourage user to read on about --tls-crypt
Changes in Windows installer (openvpn-build):
Samuli Seppänen (3):
Update build parameters to match openvpn-install-2.4_rc2
Merge pull request #63 from selvanair/less-choice-v2
Update build parameters to match openvpn-install-2.4.0
Selva Nair (2):
Simplifiy user choices and always install openvpn, dlls and services
Add missing /o to Section SecService
http://openvpn.net/
-
Whats new:>>
- New feature: It is now possible to reconnect disconnected PuTTY sessions
- New feature: Move tabs to another window
- Improved detection of disconnected PuTTY sessions
- Bug fixes
http://winsshterm.blogspot.com/
-
Whats new:>>
Bug fix: crash when saving password in portable mode under Windows 10.
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Changelog
Cryptography:
On Windows Vista, Windows Server 2008, and newer, our SSH Server, SSH Client, and FlowSsh now support server and client public key authentication using Ed25519, and ECDH key exchange using Curve25519. These algorithms are not available when Windows is running in FIPS mode.
We have updated support for OpenSSH private keys, so that our software is now able to import and export them in their new format as introduced by OpenSSH in December 2013.
Our SSH Server, SSH Client, and FlowSsh now support Diffie Hellman key exchange with 3072-bit and 4096-bit fixed groups, using SHA-512 as the exchange hash; and with the 2048-bit fixed group using SHA-256 as the exchange hash.
On Windows Vista, Windows Server 2008, and newer, our SSH Client and FlowSsh no longer deprioritize key exchange methods that use DH group exchange. On Windows XP and Windows Server 2003, the group exchange methods are still deprioritized by default, because ephemeral DH groups generated by most SSH servers do not pass validation by the Crypto++ cryptographic module we use on these older platforms.
All current and past versions of Bitvise SSH Client support GSSAPI (SSPI) key exchange methods when Kerberos is available. In previous versions, these key exchange methods were enabled all at once by either selecting SSPI/Kerberos 5 key exchange in the graphical SSH Client; or by passing -sspi to command line clients. Now, the GSSAPI key exchange methods can be enabled and disabled individually on the SSH tab of the graphical SSH Client; or using the -kex=... parameter to command line clients.
Most references to "SSPI/Kerberos 5 key exchange" have been renamed to "GSS/Kerberos key exchange". In command line clients, the parameters -sspi and -sspiDlg have been renamed -gkx and -gkxDlg. The previous parameter names continue to be supported as aliases.
Password and keyboard-interactive:
The graphical SSH Client and command line clients now support a new combined initial authentication method: publickey+kbdi. This is intended for easier authentication with servers that require both public key and keyboard-interactive authentication.
The graphical SSH Client and command line clients now also support a separate password/kbdi authentication method (-pwKbdi). This can be used to instruct the client to send the password outright over keyboard-interactive, without trying password.
For consistency with the password authentication method, the initial authentication method publickey+password can now also send the password via keyboard-interactive if the password method fails.
Authentication methods password and publickey+password now support an explicit setting Enable password over kbdi fallback. This is enabled by default, but can be disabled to prevent the SSH Client sending the password over keyboard-interactive if the password method fails.
Graphical SFTP:
A Create link... feature is now available through the context menu on the Local files and Remote files panes.
sftpc:
A number of commands now support new switches -lit and -wild to force either a literal interpretation, or a wildcard interpretation, of a remote path. Commands that currently support this are: get, dir, move, copy, del, chmod, chown, and chgrp.
Port forwarding and FTP Bridge:
Both the graphical SSH Client and stnlc will now automatically retry failed attempts to establish dynamic proxy forwarding; client-to-server or server-to-client port forwarding rules; or to open an FTP bridge.
In the graphical SSH Client, fixed an issue which would cause the Apply link to not show after some types of changes on the Services, C2S, and S2C tabs.
In stnlc, fixed an issue which would cause the command-line client to not disconnect as intended if a client-to-server or server-to-client port forwarding rule configured on the command line could not be established.
Listening sockets created by the SSH Client, such as for client-to-server port forwarding, now use a larger backlog value to reduce the likelihood of connections being refused.
General:
In the graphical SSH Client, the setting Sensitive information accessibility is now on the Options tab.
Improved detection and reporting of incorrect obfuscation settings.
When upgrading, the uninstaller will now automatically retry moving files that are still in use for a brief period before prompting.
www.bitvise.com
-
Whats new:>>
New features
PKCS#11 engine (pkcs11.dll) added to the Win32 build.
Added per-destination client TLS session cache.
New "logId" parameter "process" to log PID.
Support for the TLS options added in OpenSSL 1.1.1-dev.
Several man page updates.
Obsolete SSL references updated to TLS.
Bugfixes
Fixed "logId" parameter to also work in inetd mode.
"delay = yes" properly enforces "failover = prio".
Fixed reloading invalid configuration file on Win32.
https://www.stunnel.org/index.html
-
Whats new:>>
Includes an update to the Bitvise SSH Server Remote Control Panel for SSH Server versions 7.21+ included with the SSH Client.
www.bitvise.com
-
Whats new:>>
bug fix: "font settings" menu was broken
bug fix: revert to GNU GCC 4.4.0, due to stability issue
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(http://s26.postimg.org/7fek8ixp5/screenshot_41.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Bug fixes
Minor changes to the GUI
http://winsshterm.blogspot.com/
-
Changelog
SFTP compatibility improvements for older versions of Cerberus FTP Server:
When downloading a textual file using the file transfer mode Auto Std, the SSH Client will now close the file before reopening it in text mode. This is to avoid issues with servers that do not properly handle two open handles to the same file simultaneously.
The default file transfer mode when connecting to Cerberus FTP Server is now Binary.
When the uninstaller detects that a file is still in use, it can now display the names of applications keeping the file open. (Requires Windows Vista or later.)
www.bitvise.com
-
Whats new:>>
bug fix: merge issue (in ssh.c) with 0.67-20160922 putty version
new feature: new patch "add FreeBSD home and end keyboard handling"
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
Bug fix: The tab colour could change back to white while using the dark tab layout under some circumstances
Bug fix: Copy files wouldn't work as expected under some circumstances
http://winsshterm.blogspot.com/
-
Whats new:>>
Security bugfixes:
OpenSSL DLLs updated to version 1.0.2k. https://www.openssl.org/news/secadv/20170126.txt
New features:
DH ciphersuites are now disabled by default.
The daily server DH parameter regeneration is only performed if DH ciphersuites are enabled in the configuration file.
"checkHost" and "checkEmail" were modified to require either "verifyChain" or "verifyPeer"
Bug fixes:
Fixed setting default ciphers.
https://www.stunnel.org/index.html
-
Whats new:>>
* bug fix: in some cases, save password feature generates crashes under Windows 10
* bug fix: new random function in icons choice to avoid same icon if two sessions are started in the same second
* bug fix: in some cases, uncompressed version can crash
* bug fix: the "print clipboard" menu item is removed in 64 bits system
* improvment: new 0-9 icons
* improvment: many compilation warning are removed
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Changelog
Incorporates an update to the Bitvise SSH Server Remote Control Panel for SSH Server versions 7.21+. The update fixes an issue introduced with version 7.21, where exporting a single server host keypair in Bitvise format, using the "Manage host keys" interface in the SSH Server Control Panel, would result in a corrupted file. (Multiple key export worked fine.)
www.bitvise.com
-
Changelog
Security fix: an integer overflow bug in the agent forwarding code.
Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory (on versions of Windows where they previously were).
Windows PuTTY no longer sets a restrictive process ACL by default, because this turned out to inconvenience too many legitimate applications such as NVDA and TortoiseGit. You can still manually request a restricted ACL using the command-line option -restrict-acl.
The Windows PuTTY tools now come in a 64-bit version.
The Windows PuTTY tools now have Windows's ASLR and DEP security features turned on.
Support for elliptic-curve cryptography (the NIST curves and 25519), for host keys, user authentication keys, and key exchange.
Support for importing and exporting OpenSSH's new private key format.
Host key preference policy change: PuTTY prefers host key formats for which it already knows the key.
Run-time option (from the system menu / Ctrl-right-click menu) to retrieve other host keys from the same server (which cross-certifies them using the session key established using an already-known key) and add them to the known host-keys database.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Whats new:>>
Implemented changes to reduce the incidence of MSI error 1638 during installation of the FlowSshNet component
Fixed positioning of the right-click menu for the SSH Client system tray icon on systems with larger than normal (more than 100%) display DPI settings
www.bitvise.com
-
(https://i.postimg.cc/QdHKYMV2/screenshot-2470.png)
SoSSH is an application designed to help you streaming multimedia content via the SSH protocol. SoSSH can connect to a server and creates custom playlists. It comes with an intuitive interface and basic playback functions, which makes it suitable for any type of user, beginner or advanced.
License : GPLv3
https://sourceforge.net/projects/sossh/?source=directory
-
Whats new:>>
- Fixed download link for PuTTY
http://winsshterm.blogspot.com/
-
Changelog
Security fix: an integer overflow bug in the agent forwarding code. See vuln-agent-fwd-overflow.
Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory (on versions of Windows where they previously were). See vuln-indirect-dll-hijack.
Windows PuTTY no longer sets a restrictive process ACL by default, because this turned out to inconvenience too many legitimate applications such as NVDA and TortoiseGit. You can still manually request a restricted ACL using the command-line option -restrict-acl.
The Windows PuTTY tools now come in a 64-bit version.
The Windows PuTTY tools now have Windows's ASLR and DEP security features turned on.
Support for elliptic-curve cryptography (the NIST curves and 25519), for host keys, user authentication keys, and key exchange.
Support for importing and exporting OpenSSH's new private key format.
Host key preference policy change: PuTTY prefers host key formats for which it already knows the key.
Run-time option (from the system menu / Ctrl-right-click menu) to retrieve other host keys from the same server (which cross-certifies them using the session key established using an already-known key) and add them to the known host-keys database.
The Unix GUI PuTTY tools can now be built against GTK 3.
There is now a Unix version of Pageant.
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
-
Whats new:>>
Merge with the 0.68 PuTTY version.
New menu item "Clear log file".
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
Fixed an issue in BvShell which, under specific conditions, could cause it to become unresponsive in a tight loop with high CPU usage.
This version contains an upgrade amnesty. Any Bitvise SSH Server activation code that could activate a previous 7.xx version will also activate this version. This allows upgrade for users who can use the BvShell fix.
Reimplemented the workaround for older versions of the Renci.SshNet library. This works around another bug in these library versions that was not avoided by the measures introduced in 7.26.
www.bitvise.com
-
Whats new:>>
New version of UPX (Ultimate Packer for eXecutables): 3.93
bug bix: crash in "New session" menu item
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Changelog
OpenSSH 7.5 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Future deprecation notice
=========================
We plan on retiring more legacy cryptography in future releases,
specifically:
* In the next major release (expected June-August), removing remaining
support for the SSH v.1 protocol (currently client-only and compile-
time disabled).
* In the same release, removing support for Blowfish and RC4 ciphers
and the RIPE-MD160 HMAC. (These are currently run-time disabled).
* In the same release, removing the remaining CBC ciphers from being
offered by default in the client (These have not been offered in
sshd by default for several years).
* Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
This list reflects our current intentions, but please check the final
release notes for future releases.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* This release deprecates the sshd_config UsePrivilegeSeparation
option, thereby making privilege separation mandatory. Privilege
separation has been on by default for almost 15 years and
sandboxing has been on by default for almost the last five.
* The format of several log messages emitted by the packet code has
changed to include additional information about the user and
their authentication state. Software that monitors ssh/sshd logs
may need to account for these changes. For example:
Connection closed by user x 1.1.1.1 port 1234 [preauth]
Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]
Affected messages include connection closure, timeout, remote
disconnection, negotiation failure and some other fatal messages
generated by the packet code.
* [Portable OpenSSH only] This version removes support for building
against OpenSSL versions prior to 1.0.1. OpenSSL stopped supporting
versions prior to 1.0.1 over 12 months ago (i.e. they no longer
receive fixes for security bugs).
Changes since OpenSSH 7.4
=========================
This is a bugfix release.
Security
--------
* ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
Note that the OpenSSH client disables CBC ciphers by default, sshd
offers them as lowest-preference options and will remove them by
default entriely in the next release. Reported by Jean Paul
Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of
Royal Holloway, University of London.
* sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
a recursive file transfer could be maniuplated by a hostile server to
perform a path-traversal attack. creating or modifying files outside
of the intended target directory. Reported by Jann Horn of Google
Project Zero.
New Features
------------
* ssh(1), sshd(8): Support "=-" syntax to easily remove methods from
algorithm lists, e.g. Ciphers=-*cbc. bz#2671
Bugfixes
--------
* sshd(1): Fix NULL dereference crash when key exchange start
messages are sent out of sequence.
* ssh(1), sshd(8): Allow form-feed characters to appear in
configuration files.
* sshd(8): Fix regression in OpenSSH 7.4 support for the
server-sig-algs extension, where SHA2 RSA signature methods were
not being correctly advertised. bz#2680
* ssh(1), ssh-keygen(1): Fix a number of case-sensitivity bugs in
known_hosts processing. bz#2591 bz#2685
* ssh(1): Allow ssh to use certificates accompanied by a private key
file but no corresponding plain *.pub public key. bz#2617
* ssh(1): When updating hostkeys using the UpdateHostKeys option,
accept RSA keys if HostkeyAlgorithms contains any RSA keytype.
Previously, ssh could ignore RSA keys when only the ssh-rsa-sha2-*
methods were enabled in HostkeyAlgorithms and not the old ssh-rsa
method. bz#2650
* ssh(1): Detect and report excessively long configuration file
lines. bz#2651
* Merge a number of fixes found by Coverity and reported via Redhat
and FreeBSD. Includes fixes for some memory and file descriptor
leaks in error paths. bz#2687
* ssh-keyscan(1): Correctly hash hosts with a port number. bz#2692
* ssh(1), sshd(8): When logging long messages to stderr, don't truncate
"\r\n" if the length of the message exceeds the buffer. bz#2688
* ssh(1): Fully quote [host]:port in generated ProxyJump/-J command-
line; avoid confusion over IPv6 addresses and shells that treat
square bracket characters specially.
* ssh-keygen(1): Fix corruption of known_hosts when running
"ssh-keygen -H" on a known_hosts containing already-hashed entries.
* Fix various fallout and sharp edges caused by removing SSH protocol
1 support from the server, including the server banner string being
incorrectly terminated with only \n (instead of \r\n), confusing
error messages from ssh-keyscan bz#2583 and a segfault in sshd
if protocol v.1 was enabled for the client and sshd_config
contained references to legacy keys bz#2686.
* ssh(1), sshd(8): Free fd_set on connection timeout. bz#2683
* sshd(8): Fix Unix domain socket forwarding for root (regression in
OpenSSH 7.4).
* sftp(1): Fix division by zero crash in "df" output when server
returns zero total filesystem blocks/inodes.
* ssh(1), ssh-add(1), ssh-keygen(1), sshd(8): Translate OpenSSL errors
encountered during key loading to more meaningful error codes.
bz#2522 bz#2523
* ssh-keygen(1): Sanitise escape sequences in key comments sent to
printf but preserve valid UTF-8 when the locale supports it;
bz#2520
* ssh(1), sshd(8): Return reason for port forwarding failures where
feasible rather than always "administratively prohibited". bz#2674
* sshd(8): Fix deadlock when AuthorizedKeysCommand or
AuthorizedPrincipalsCommand produces a lot of output and a key is
matched early. bz#2655
* Regression tests: several reliability fixes. bz#2654 bz#2658 bz#2659
* ssh(1): Fix typo in ~C error message for bad port forward
cancellation. bz#2672
* ssh(1): Show a useful error message when included config files
can't be opened; bz#2653
* sshd(8): Make sshd set GSSAPIStrictAcceptorCheck=yes as the manual page
(previously incorrectly) advertised. bz#2637
* sshd_config(5): Repair accidentally-deleted mention of %k token
in AuthorizedKeysCommand; bz#2656
* sshd(8): Remove vestiges of previously removed LOGIN_PROGRAM; bz#2665
* ssh-agent(1): Relax PKCS#11 whitelist to include libexec and
common 32-bit compatibility library directories.
* sftp-client(1): Fix non-exploitable integer overflow in SSH2_FXP_NAME
response handling.
* ssh-agent(1): Fix regression in 7.4 of deleting PKCS#11-hosted
keys. It was not possible to delete them except by specifying
their full physical path. bz#2682
Portability
-----------
* sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA
crypto coprocessor.
* sshd(8): Fix non-exploitable weakness in seccomp-bpf sandbox arg
inspection.
* ssh(1): Fix X11 forwarding on OSX where X11 was being started by
launchd. bz#2341
* ssh-keygen(1), ssh(1), sftp(1): Fix output truncation for various that
contain non-printable characters where the codeset in use is ASCII.
* build: Fix builds that attempt to link a kerberised libldns. bz#2603
* build: Fix compilation problems caused by unconditionally defining
_XOPEN_SOURCE in wide character detection.
* sshd(8): Fix sandbox violations for clock_gettime VSDO syscall
fallback on some Linux/X32 kernels. bz#2142
Checksums:
==========
- SHA1 (openssh-7.5.tar.gz) = 81384df377e38551f7659a4c250383d0bbd25341
- SHA1 (openssh-7.5p1.tar.gz) = 5e8f185d00afb4f4f89801e9b0f8b9cee9d87ebd
- SHA256 (openssh-7.5.tar.gz) = Gmk8jOdGdKa7NixUN5J+bTMfeum5Vx8Nv+leAdQNq3U=
- SHA256 (openssh-7.5p1.tar.gz) = mEbjxfq58FR0ALTSwBeZL5FCIrP9H47ubH3GvF5Z+fA=
Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available as RELEASE_KEY.asc from
the mirror sites.
Reporting Bugs:
===============
- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.
http://www.openssh.com/
-
Changelog
attempt to add IPv6 route even when no IPv6 address was configured
fix redirect-gateway behaviour when an IPv4 default route does not exist
CRL: use time_t instead of struct timespec to store last mtime
ignore remote-random-hostname if a numeric host is provided
man: fix formatting for alternative option
systemd: Use automake tools to install unit files
systemd: Do not race on RuntimeDirectory
systemd: Add more security feature for systemd units
Clean up plugin path handling
plugin: Remove GNUism in openvpn-plugin.h generation
fix typo in notification message
management: >REMOTE operation would overwrite ce change indicator
management: Remove a redundant #ifdef block
git: Merge .gitignore files into a single file
systemd: Move the READY=1 signalling to an earlier point
plugin: Improve the handling of default plug-in directory
cleanup: Remove faulty env processing functions
OpenSSL: check for the SSL reason, not the full error
OpenSSL: don't use direct access to the internal of X509_STORE_CTX
OpenSSL: don't use direct access to the internal of SSL_CTX
OpenSSL: don't use direct access to the internal of X509_STORE
OpenSSL: don't use direct access to the internal of X509_OBJECT
OpenSSL: don't use direct access to the internal of RSA_METHOD
OpenSSL: SSLeay symbols are no longer available in OpenSSL 1.1
OpenSSL: use EVP_CipherInit_ex() instead of EVP_CipherInit()
Fix Building Using MSVC
Add openssl_compat.h to openvpn_SOURCES
Fix '--dev null'
Fix installation of IPv6 host route to VPN server when using iservice.
Make ENABLE_OCC no longer depend on !ENABLE_SMALL
Preparing for release v2.4.1 (ChangeLog, version.m4)
Crash in options.c
Resolve several travis-ci issues
travis-ci: remove unused files
Fix building with LibreSSL 2.5.1 by cleaning a hack.
Fix push options digest update
Always release dhcp address in close_tun() on Windows.
Add a check for -Wl, --wrap support in linker
Fix user's group membership check in interactive service to work with domains
Fix segfault when using crypto lib without AES-256-CTR or SHA256
More broadly enforce Allman style and braces-around-conditionals
Use SHA256 for the internal digest, instead of MD5
OpenSSL: 1.1 fallout - fix configure on old autoconf
Fix types in WIN32 socket_listen_accept()
Remove duplicate X509 env variables
Fix non-C99-compliant builds: don't use const size_t as array length
Deprecate --ns-cert-type
Be less picky about keyUsage extensions
http://openvpn.net/
-
Whats new:>>
Fixed a rarely occurring race condition which could cause the SSH Client to terminate when closing an SFTP channel.
www.bitvise.com
-
Version 5.41, 2017.04.01, urgency: MEDIUM
* New features
- PKCS#11 engine DLL updated to version 0.4.5.
- Default engine UI set with ENGINE_CTRL_SET_USER_INTERFACE.
- Key file name added into the passphrase console prompt.
- Performance optimization in memory leak detection.
* Bugfixes
- Fixed crashes with the OpenSSL 1.1.0 branch.
- Fixed certificate verification with "verifyPeer = yes"
and "verifyChain = no" (the default), while the peer
only returns a single certificate.
https://www.stunnel.org/index.html
-
Changelog
Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory, even the names we missed when we thought we'd fixed this in 0.68. See vuln-indirect-dll-hijack-2.
Windows PuTTY should work with MIT Kerberos again, after our DLL hijacking defences broke it.
Jump lists should now appear again on the PuTTY shortcut in the Windows Start Menu.
You can now explicitly configure SSH terminal mode settings not to be sent to the server, if your server objects to them.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Changelog
This is not a new feature release, but a successor to 7.29 with continued maintenance updates. (We skip over versions containing zeros to avoid ambiguities. For example, 7.03 and 7.30 might both be referred to as "7.3".)
Small changes in key places improve CPU efficiency on the order of 30% (impact may depend on the system). This improves transfer speeds where CPU is the bottleneck – or maintaining same performance, allows for a greater number of simultaneous connections. Users who were previously maxing out a single core and seeing transfer speeds of e.g. 150 MB/s, may now see e.g. 200 MB/s.
Fixed VT-100 keyboard mappings. Function keys will now be sent correctly over VT-100 and xterm when VT-100 mode is enabled. Adapted navigation keys for VT-100, including: Insert, Delete, Home, End, Page Up, and Page Down.
Removed unnecessary input length limitations in user authentication input boxes by permitting scrolling. This should allow the use of long YubiKey two-factor authentication strings using the method keyboard-interactive.
Diffie-Hellman key exchange algorithms that use group exchange are once again deprioritized, regardless of which cryptographic provider is in use. This means other key exchange algorithms will again be preferred. In version 7.21, we stopped deprioritizing these algorithms because our Windows CNG cryptographic provider can handle dynamic DH group parameters generated by servers like OpenSSH. However, there remain older servers, such as SunSSH, which generate DH groups which are not acceptable to any of our cryptographic providers.
www.bitvise.com
-
Changelog
Bugfixes
Fix memory leak introduced in 2.4.1: if --remote-cert-tls is used, we leaked some memory on each TLS (re)negotiation.
Security
Fix a pre-authentication denial-of-service attack on both clients and servers. By sending a too-large control packet, OpenVPN 2.4.0 or 2.4.1 can be forced to hit an ASSERT() and stop the process. If --tls-auth or --tls-crypt is used, only attackers that have the --tls-auth or --tls-crypt key can mount an attack. (OSTIF/Quarkslab audit finding 5.1, CVE-2017-7478)
Fix an authenticated remote DoS vulnerability that could be triggered by causing a packet id roll over. An attack is rather inefficient; a peer would need to get us to send at least about 196 GB of data. (OSTIF/Quarkslab audit finding 5.2, CVE-2017-7479)
http://openvpn.net/
-
Whats new:>>
- New feature: Run multiple instances of WinSSHTerm
- New feature: Master password (File->Master Password)
- Minor changes
http://winsshterm.blogspot.com/
-
Whats new:>>
* merge with PuTTY 0.69
* new feature: new option to disable winrol
* bug fix: launcher - in case of explorer crash and restart, icon in system tray did not redraw
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Changelog
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
platform rather than 'mingw'.
[Richard Levitte]
*) Remove the VMS-specific reimplementation of gmtime from crypto/o_times.c.
VMS C's RTL has a fully up to date gmtime() and gmtime_r() since V7.1,
which is the minimum version we support.
[Richard Levitte]
http://www.openssl.org/
-
Whats new:>>
- Bug fix: While setting a master password the contents of the two text fields were not properly compared
- Minor improvements to the Multi-Input feature
- Minor changes
http://winsshterm.blogspot.com/
-
Whats new:>>
- Fixed a small GUI bug which accidently entered in version 1.11.1
http://winsshterm.blogspot.com/
-
(http://s26.postimg.org/7fek8ixp5/screenshot_41.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
- Bug fix: Key combinations in the "Config" window are possible again
http://winsshterm.blogspot.com/
-
Whats new:>>
New features:
"redirect" also supports "exec" and not only "connect".
Bugfixes:
Fixed a hang on shutdown.
Fixed "verifyPeer = yes" on OpenSSL <= 1.0.1.
https://www.stunnel.org/index.html
-
(https://i.postimg.cc/FzGm8z2v/screenshot-1417.png)
PuTTYTabManager is a handy application that allows you to run multiple PuTTY applications using a single GUI. The application support all the PuTTY protocols, such as SSH, Telnet, Rlogin and Raw.
The tab-based interface makes the application very easy to use, enabling you to manage multiple PuTTY sessions at the same time. Instead of opening multiple PuTTY windows, simply open PuTTYTabManager and initiate every session in a new tab.
Freeware
Whats new: >>
Several minor improvements
Several minor bugs fixed
https://sites.google.com/site/macdsite/utilidades/puttytabmanager
-
Changelog
Antonio Quartulli (1):
Ignore auth-nocache for auth-user-pass if auth-token is pushed
David Sommerseth (3):
crypto: Enable SHA256 fingerprint checking in --verify-hash
copyright: Update GPLv2 license texts
auth-token with auth-nocache fix broke --disable-crypto builds
Emmanuel Deloget (8):
OpenSSL: don't use direct access to the internal of X509
OpenSSL: don't use direct access to the internal of EVP_PKEY
OpenSSL: don't use direct access to the internal of RSA
OpenSSL: don't use direct access to the internal of DSA
OpenSSL: force meth->name as non-const when we free() it
OpenSSL: don't use direct access to the internal of EVP_MD_CTX
OpenSSL: don't use direct access to the internal of EVP_CIPHER_CTX
OpenSSL: don't use direct access to the internal of HMAC_CTX
Gert Doering (6):
Fix NCP behaviour on TLS reconnect.
Remove erroneous limitation on max number of args for --plugin
Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
Fix potential 1-byte overread in TCP option parsing.
Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)
Guido Vranken (6):
refactor my_strupr
Fix 2 memory leaks in proxy authentication routine
Fix memory leak in add_option() for option 'connection'
Ensure option array p[] is always NULL-terminated
Fix a null-pointer dereference in establish_http_proxy_passthru()
Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
Jérémie Courrèges-Anglas (2):
Fix an unaligned access on OpenBSD/sparc64
Missing include for socket-flags TCP_NODELAY on OpenBSD
Matthias Andree (1):
Make openvpn-plugin.h self-contained again.
Selva Nair (1):
Pass correct buffer size to GetModuleFileNameW()
Steffan Karger (11):
Log the negotiated (NCP) cipher
Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
Skip tls-crypt unit tests if required crypto mode not supported
openssl: fix overflow check for long --tls-cipher option
Add a DSA test key/cert pair to sample-keys
Fix mbedtls fingerprint calculation
mbedtls: fix --x509-track post-authentication remote DoS (CVE-2017-7522)
mbedtls: require C-string compatible types for --x509-username-field
Fix remote-triggerable memory leaks (CVE-2017-7521)
Restrict --x509-alt-username extension types
Fix potential double-free in --x509-alt-username (CVE-2017-7521)
Steven McDonald (1):
Fix gateway detection with OpenBSD routing domains
http://openvpn.net/
-
Whats new:>>
- New feature: Configure shell commands that will be automatically executed after opening a connection (Configuration->Connection->Login Cmds)
- Renamed "Custom Path" to "Login Dir"
http://winsshterm.blogspot.com/
-
(http://s26.postimg.org/7reb536s9/screenshot_433.png)
Create secure virtual private networks (VPNs) for your friends or family with the help of this useful, open-source, and lightweight app.
License : GPLv3 (Donationware)
Changelog
Implemented version 3 of the FreeLAN Secure Channel Protocol (breaks compatibility with FreeLAN 1.1).
Added support for TUN adapters.
Fixed IPv6 support.
Added support for passphrase-based authentication.
Added auto-generation of certificates.
Added IP routing support.
Added IP routes advertisement.
Added DNS servers advertisement.
Added IPv6 neighbor discovery emulation.
Added a Maximum Segment Size (MSS) override switch to avoid UDP fragmentation of wrapped TCP connections.
Refactored reactor code for reduced latency and better throughput (performance improvement).
Added native support for Perfect Forward Secrecy using ECDHE.
Added support for colored log output (on Linux and Mac OS X).
Improved overall logging information.
Added native HTTP(S) client-server mechanism for distributed username/password-based authentication.
https://www.freelan.org/
-
(http://securityxploded.com/images/sslcertscanner_mainscreen_big.jpg)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.
You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.
It works on wide range of platforms starting from Windows XP to latest operating system Windows 10.
Freeware
Whats new:>>
Mega 2017 edition supporting 130+ Cipher Suites
http://securityxploded.com/sslcertscanner.php
-
Changelog
* Nouvelle feature: proxy managment into WinSCP integration
* Patch update: PuTTYWinCrypt (https://sourceforge.net/projects/puttywincrypt/?source=typ_redirect)
* Patch update: pageant-confirm_with_condition_coded_comment_20150805.diff (http://people.mpi-klsb.mpg.de/~pcernko/pageant.html)
* Bug fix: -cygterm option generate crash when cygterm flag is set to no in kitty.ini configuration file
* New option in kitty.ini configuration file: "messageonkeyusage" in "Agent" section to send notification on private key usage
* New option in kitty.ini configuration file: "askconfirmation" in "Agent" section to manage confirmation on private key usage (on=always; off=never; auto=based on "comment")
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Changelog
In Windows 10, there appears to be an undocumented change in the GetConsoleTitle function. In previous versions, this would prevent our command line clients (such as sftpc, stermc, sexec, stnlc) from starting when a long command line was used.
In response to attacks on SHA-1, a number of server administrators appear to be reducing supported key exchange algorithms to only diffie-hellman-group-exchange-sha256. This algorithm involves compatibility issues arising from the dynamic generation of DH group parameters, and was disabled in recent SSH Client versions unless enabled explicitly on the SSH tab. Because some servers support only this algorithm, it is now enabled again by default, but algorithms without group exchange will be preferred, if available.
www.bitvise.com
-
Whats new:>>
Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory, even a name we missed when we thought we'd fixed this in 0.69. See vuln-indirect-dll-hijack-3.
Windows PuTTY should be able to print again, after our DLL hijacking defences broke that functionality.
Windows PuTTY should be able to accept keyboard input outside the current code page, after our DLL hijacking defences broke that too.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://securityxploded.com/images/sslcertdownloader_mainscreen.jpg)
SSL Cert Downloader is a free command-line tool to grab SSL certificate from server remotely.
It can be used to download certificate from any of the SSL enabled services including
HTTPS (443)
LDAPS (636)
SMTPS (465)
POPS (995)
IMAPS (993)
You can either specify IP address or host name of the server. Also you can enter any custom port which makes it useful when SSL service is running on non-standard port.
Once the certificate is downloaded from the server it will be saved to the specified file. Later you can just double click on the saved file to view the SSL certificate.
It is very easy to use and being a command-line tool makes it easy for automation through scripting.
It is fully portable and works on all platforms starting from Windows XP to Windows 10 version.
Whats new:>>
Mega 2017 edition supporting 130+ Cipher Suites for downloading SSL Certificates
http://securityxploded.com/ssl-certificate-downloader.php
-
Changelog
New features:
"redirect" also supports "exec" and not only "connect".
PKCS#11 engine DLL updated to version 0.4.7.
Bug fixes:
Fixed premature cron thread initialization causing hangs.
Fixed "verifyPeer = yes" on OpenSSL <= 1.0.1.
Fixed pthreads support on OpenSolaris.
https://www.stunnel.org/index.html
-
Whats new:>>
Moved from .NET Framework 3.5 to 4.0
Bug fix: Some bash shortcuts did not work properly in Multi-Input mode (e.g. CTRL-E to jump to the end of line)
http://winsshterm.blogspot.com/
-
Whats new:>>
WinSSHTerm won't ask for donations any longer
http://winsshterm.blogspot.com/
-
(https://s26.postimg.org/ticjsijyx/screenshot_1102.jpg)
Terminals is a secure, multi tab terminal services/remote desktop client. It uses Terminal Services ActiveX Client (mstscax.dll). The project started from the need of controlling multiple connections simultaneously. It is a complete replacement for the mstsc.exe (Terminal Services) client
License: MS-PL
Whats new:>>
App crash on Export menu
Possible to cancel master password
Bad check for new version
https://github.com/Terminals-Origin/Terminals
-
Whats new:>>
This version fixes a memory leak introduced in version 7.31.
www.bitvise.com
-
Whats new:>>
New feature:
Trigger 'Copy Files' by clicking on a node in the connections tree with the middle mouse button
Work around:
Added smaller terminal font sizes, which you will need if you use a high dpi monitor with activated scaling on Windows 10 (thanks to Patrik L.)
http://winsshterm.blogspot.com/
-
Whats new:>>
New option to always allow to reconnect in the tab context menu under Preferences->General (thanks to Jeff G.)
New option to globally enable TCP Keepalives (Preferences->Terminal) which can improve the detection of disconnected sessions
http://winsshterm.blogspot.com/
-
(http://s26.postimg.org/t6c3wxrfd/screenshot_767.jpg)
Xshell is a powerful terminal emulator that supports SSH, SFTP, TELNET, RLOGIN and SERIAL. It delivers industry leading performance and feature sets that are not available in its free alternatives. Features that enterprise users will find useful include a tabbed environment, dynamic port forwarding, custom key mapping, user defined buttons, VB scripting, and UNICODE terminal for displaying 2 byte characters and international language support.
Xshell offers many user friendly features that are not available in other terminal emulators. These features include Zmodem file uploads by drag and drop, Zmodem file downloads by selecting the file name, simple mode, full screen mode, transparency options, and a custom layout mode. Save time and effort when performing terminal tasks using Xshell.
If you are using Xshell 5 from home or school, you can use it for free. To apply the free license, download and select Free for Home and School license type during installation.
Freeware
Changelog
Xshell 5 Build 1326
FIX: Unnecessary SSH channel trace messages
FIX: Patched an exploit related to nssock2.dll
Xshell 5 Build 1322
MOD: Enhanced encryption of session information (Anti BothanSpy)
MOD: Xftp sessions initiated from Xshell open in a new tab, not window
FIX: Only VBS files displayed when selecting script
FIX: MessageBox popups displayed behind main window
FIX: At times unable to import session files from previous versions
FIX: localhost forced to use IPv6
FIX: Wrapped lines not properly logged
FIX: Enhanced tracing capabilities
http://www.netsarang.com/products/xsh_overview.html
-
Changelog
MOD: [Common] Modified and upgraded session file's password encryption
MOD: [Common] Seperated packages by license type
FIX: [Xshell/Xftp] Unable to import sessions from Xshell 4 and Xftp 4
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
Bug fix: After updating to version 1.12.4 the settings for the jump server were not loaded
1.12.4
New option to change the scrollbar behaviour on display activity under Preferences -> Terminal
http://winsshterm.blogspot.com/
-
Whats new:>>
* 0.70 PuTTY version merge
* Re-activation of the menu item "print clipboard" on 64 bits machines
* Start button improvment
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Whats new:>>
Added a shortcut for cloning a connection in the connection tree (thanks to Serge S.)
http://winsshterm.blogspot.com/
-
Changelog
SFTP GUI:
Fixed an issue which would cause a crash when all files are removed from the download or upload queue.
Fixed visual artifacts that would arise while resizing in the SFTP Download or Upload window.
SFTP compatibility:
We have identified two compatibility issues in current and past versions of mod_sftp for ProFTPD:
When using SFTP versions 4-6, when a client requests attributes not supported by mod_sftp, the server returns an incorrectly encoded response. With past Bitvise SSH Client and FlowSsh versions, this would result in a disconnect.
When using SFTP version 6, mod_sftp indicates support for the check-file extensions, but disconnects if the client requests the server to hash a larger file block by block. This prevents Bitvise SSH Client and FlowSsh from performing hash-based synchronization of file content, which would normally be used instead of Resume or Overwrite if check-file extensions can be used.
We expect these issues to be resolved in future mod_sftp versions. However, mod_sftp now comes configured by default to not send its version in the SSH version string. A client therefore cannot distinguish between a newer version that will contain these fixes, and an older version which does not.
At this time, Bitvise SSH Client and FlowSsh will avoid the known compatibility issues by restricting SFTP protocol version to 3 when mod_sftp is detected. We would like to lift this restriction in the future if there arises a way to detect the mod_sftp version early enough.
We have identifed a compatibility issue with Van Dyke VShell:
When using SFTP version 6, the VShell server indicates support for the check-file extensions, but does not support block-by-block hashing. This prevents Bitvise SSH Client and FlowSsh from performing hash-based synchronization of file content, which would normally be used instead of Resume or Overwrite if check-file extensions can be used.
At this time, hash-based synchronization will be avoided when connecting to VShell, and Resume and Overwrite will be used instead.
If VShell chooses to implement support for block-by-block hashing, Bitvise SSH Client and FlowSsh will once more use this functionality if the server advertises the extension name check-file-blocks in its supported2 packet.
Bitvise SSH Client and FlowSsh will now recognize the check-file extension indicator in the supported2 packet as required by the SFTP extensions draft, in addition to check-file-name and check-file-handle.
Bitvise SSH Client and FlowSsh will now recognize a check-file-blocks extension sent by servers. We suggest that future SFTP server implementations advertise support for check-file-blocks if all of the following are true:
The server supports block-by-block file hashing.
Any reasonable block size requested by the client is supported.
A file can be hashed block-by-block starting from an arbitrary offset.
Fixed an issue which would cause available public keys to be displayed incorrectly on the Login tab, under Authentication, after a profile was closed.
Fixed issues involving the launch shortcut icons on the left side of the main SSH Client window. One issue would cause the SSH Client to crash if an icon was dragged out of the shortcut bar in the up direction.
www.bitvise.com
-
Changelog
Antonio Quartulli (23):
crypto: correct typ0 in error message
use M_ERRNO instead of explicitly printing errno
don’t print errno twice
ntlm: avoid useless cast
ntlm: unwrap multiple function calls
route: improve error message
management: preserve wait_for_push field when asking for user/pass
tls-crypt: avoid warnings when –disable-crypto is used
ntlm: convert binary buffers to uint8_t *
ntlm: restyle compressed multiple function calls
ntlm: improve code style and readability
OpenSSL: remove unreachable call to SSL_CTX_get0_privatekey()
make function declarations C99 compliant
remove unused functions
use NULL instead of 0 when assigning pointers
add missing static attribute to functions
ntlm: avoid breaking anti-aliasing rules
remove the –disable-multi config switch
rename mroute_extract_addr_ipv4 to mroute_extract_addr_ip
route: avoid definition of unused variables in certain configurations
fix a couple of typ0s in comments and strings
fragment.c: simplify boolean expression
tcp-server: ensure AF family is propagated to child context
Arne Schwabe (2):
Set tls-cipher restriction before loading certificates
Print ec bit details, refuse management-external-key if key is not RSA
Conrad Hoffmann (2):
Use provided env vars in up/down script.
Document down-root plugin usage in client.down
David Sommerseth (12):
doc: The CRL processing is not a deprecated feature
cleanup: Move write_pid() to where it is being used
contrib: Remove keychain-mcd code
cleanup: Move init_random_seed() to where it is being used
sample-plugins: fix ASN1_STRING_to_UTF8 return value checks
Highlight deprecated features
Use consistent version references
docs: Replace all PolarSSL references to mbed TLS
systemd: Ensure systemd shuts down OpenVPN in a proper way
systemd: Enable systemd’s auto-restart feature for server profiles
lz4: Move towards a newer LZ4 API
Prepare the release of OpenVPN 2.4.4
Emmanuel Deloget (3):
OpenSSL: remove pre-1.1 function from the OpenSSL compat interface
OpenSSL: remove EVP_CIPHER_CTX_new() from the compat layer
OpenSSL: remove EVP_CIPHER_CTX_free() from the compat layer
Gert van Dijk (1):
Warn that DH config option is only meaningful in a tls-server context
Ilya Shipitsin (3):
travis-ci: add 3 missing patches from master to release/2.4
travis-ci: update openssl to 1.0.2l, update mbedtls to 2.5.1
travis-ci: update pkcs11-helper to 1.22
Richard Bonhomme (1):
man: Corrections to doc/openvpn.8
Steffan Karger (17):
Fix typo in extract_x509_extension() debug message
Move adjust_power_of_2() to integer.h
Undo cipher push in client options state if cipher is rejected
Remove strerror_ts()
Move openvpn_sleep() to manage.c
fixup: also change missed openvpn_sleep() occurrences
Always use default keysize for NCP’d ciphers
Move create_temp_file() out of #ifdef ENABLE_CRYPTO
Deprecate –keysize
Deprecate –no-replay
Move run_up_down() to init.c
tls-crypt: introduce tls_crypt_kt()
crypto: create function to initialize encrypt and decrypt key
Add coverity static analysis to Travis CI config
tls-crypt: don’t leak memory for incorrect tls-crypt messages
travis: reorder matrix to speed up build
Fix bounds check in read_key()
Szilárd Pfeiffer (1):
OpenSSL: Always set SSL_OP_CIPHER_SERVER_PREFERENCE flag
Thomas Veerman via Openvpn-devel (1):
Fix socks_proxy_port pointing to invalid data
OpenVPN 2.4.3
Antonio Quartulli (1):
Ignore auth-nocache for auth-user-pass if auth-token is pushed
David Sommerseth (3):
crypto: Enable SHA256 fingerprint checking in –verify-hash
copyright: Update GPLv2 license texts
auth-token with auth-nocache fix broke –disable-crypto builds
Emmanuel Deloget (8):
OpenSSL: don’t use direct access to the internal of X509
OpenSSL: don’t use direct access to the internal of EVP_PKEY
OpenSSL: don’t use direct access to the internal of RSA
OpenSSL: don’t use direct access to the internal of DSA
OpenSSL: force meth->name as non-const when we free() it
OpenSSL: don’t use direct access to the internal of EVP_MD_CTX
OpenSSL: don’t use direct access to the internal of EVP_CIPHER_CTX
OpenSSL: don’t use direct access to the internal of HMAC_CTX
Gert Doering (6):
Fix NCP behaviour on TLS reconnect.
Remove erroneous limitation on max number of args for –plugin
Fix edge case with clients failing to set up cipher on empty PUSH_REPLY.
Fix potential 1-byte overread in TCP option parsing.
Fix remotely-triggerable ASSERT() on malformed IPv6 packet.
Preparing for release v2.4.3 (ChangeLog, version.m4, Changes.rst)
Guido Vranken (6):
refactor my_strupr
Fix 2 memory leaks in proxy authentication routine
Fix memory leak in add_option() for option ‘connection’
Ensure option array p[] is always NULL-terminated
Fix a null-pointer dereference in establish_http_proxy_passthru()
Prevent two kinds of stack buffer OOB reads and a crash for invalid input data
Jérémie Courrèges-Anglas (2):
Fix an unaligned access on OpenBSD/sparc64
Missing include for socket-flags TCP_NODELAY on OpenBSD
Matthias Andree (1):
Make openvpn-plugin.h self-contained again.
Selva Nair (1):
Pass correct buffer size to GetModuleFileNameW()
Steffan Karger (11):
Log the negotiated (NCP) cipher
Avoid a 1 byte overcopy in x509_get_subject (ssl_verify_openssl.c)
Skip tls-crypt unit tests if required crypto mode not supported
openssl: fix overflow check for long –tls-cipher option
Add a DSA test key/cert pair to sample-keys
Fix mbedtls fingerprint calculation
mbedtls: fix –x509-track post-authentication remote DoS (CVE-2017-7522)
mbedtls: require C-string compatible types for –x509-username-field
Fix remote-triggerable memory leaks (CVE-2017-7521)
Restrict –x509-alt-username extension types
Fix potential double-free in –x509-alt-username (CVE-2017-7521)
Steven McDonald (1):
Fix gateway detection with OpenBSD routing domains
http://openvpn.net/
-
Whats new:>>
Fixed crash on some tunnels present in PuTTY.
https://github.com/kostapc/Putty-Tunnel-Manager
-
Whats new:>>
New feature: Open multiple connections quickly with 'File->Connection Groups'
http://winsshterm.blogspot.com/
-
(http://s26.postimg.org/7fek8ixp5/screenshot_41.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Bug fix: In some cases the connections were not correctly displayed in the Connection Groups form
Changed implementation for displaying pop-ups
Minor changes to the GUI
Applied code changes from v1
http://winsshterm.blogspot.com/
-
Changelog
OpenSSH 7.6 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* ssh(1): delete SSH protocol version 1 support, associated
configuration options and documentation.
* ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.
* ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
ciphers.
* Refuse RSA keys <1024 bits in length and improve reporting for keys
that do not meet this requirement.
* ssh(1): do not offer CBC ciphers by default.
Changes since OpenSSH 7.5
=========================
This is primarily a bugfix release. It also contains substantial
internal refactoring.
Security
--------
* sftp-server(8): in read-only mode, sftp-server was incorrectly
permitting creation of zero-length files. Reported by Michal
Zalewski.
New Features
------------
* ssh(1): add RemoteCommand option to specify a command in the ssh
config file instead of giving it on the client's command line. This
allows the configuration file to specify the command that will be
executed on the remote host.
* sshd(8): add ExposeAuthInfo option that enables writing details of
the authentication methods used (including public keys where
applicable) to a file that is exposed via a $SSH_USER_AUTH
environment variable in the subsequent session.
* ssh(1): add support for reverse dynamic forwarding. In this mode,
ssh will act as a SOCKS4/5 proxy and forward connections
to destinations requested by the remote SOCKS client. This mode
is requested using extended syntax for the -R and RemoteForward
options and, because it is implemented solely at the client,
does not require the server be updated to be supported.
* sshd(8): allow LogLevel directive in sshd_config Match blocks;
bz#2717
* ssh-keygen(1): allow inclusion of arbitrary string or flag
certificate extensions and critical options.
* ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
a CA when signing certificates. bz#2377
* ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
ToS/DSCP value and just use the operating system default.
* ssh-add(1): added -q option to make ssh-add quiet on success.
* ssh(1): expand the StrictHostKeyChecking option with two new
settings. The first "accept-new" will automatically accept
hitherto-unseen keys but will refuse connections for changed or
invalid hostkeys. This is a safer subset of the current behaviour
of StrictHostKeyChecking=no. The second setting "off", is a synonym
for the current behaviour of StrictHostKeyChecking=no: accept new
host keys, and continue connection for hosts with incorrect
hostkeys. A future release will change the meaning of
StrictHostKeyChecking=no to the behaviour of "accept-new". bz#2400
* ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
option in sshd(8). bz#2705
Bugfixes
--------
* ssh(1): use HostKeyAlias if specified instead of hostname for
matching host certificate principal names; bz#2728
* sftp(1): implement sorting for globbed ls; bz#2649
* ssh(1): add a user@host prefix to client's "Permission denied"
messages, useful in particular when using "stacked" connections
(e.g. ssh -J) where it's not clear which host is denying. bz#2720
* ssh(1): accept unknown EXT_INFO extension values that contain \0
characters. These are legal, but would previously cause fatal
connection errors if received.
* ssh(1)/sshd(8): repair compression statistics printed at
connection exit
* sftp(1): print '?' instead of incorrect link count (that the
protocol doesn't provide) for remote listings. bz#2710
* ssh(1): return failure rather than fatal() for more cases during
session multiplexing negotiations. Causes the session to fall back
to a non-mux connection if they occur. bz#2707
* ssh(1): mention that the server may send debug messages to explain
public key authentication problems under some circumstances; bz#2709
* Translate OpenSSL error codes to better report incorrect passphrase
errors when loading private keys; bz#2699
* sshd(8): adjust compatibility patterns for WinSCP to correctly
identify versions that implement only the legacy DH group exchange
scheme. bz#2748
* ssh(1): print the "Killed by signal 1" message only at LogLevel
verbose so that it is not shown at the default level; prevents it
from appearing during ssh -J and equivalent ProxyCommand configs.
bz#1906, bz#2744
* ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
existing keys if they exist but are zero length. zero-length keys
could previously be made if ssh-keygen failed or was interrupted part
way through generating them. bz#2561
* ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
place the current session in the background.
* ssh-keyscan(1): avoid double-close() on file descriptors; bz#2734
* sshd(8): avoid reliance on shared use of pointers shared between
monitor and child sshd processes. bz#2704
* sshd_config(8): document available AuthenticationMethods; bz#2453
* ssh(1): avoid truncation in some login prompts; bz#2768
* sshd(8): Fix various compilations failures, inc bz#2767
* ssh(1): make "--" before the hostname terminate argument processing
after the hostname too.
* ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
new-style private keys. Fixes problems related to private key
handling for no-OpenSSL builds. bz#2754
* ssh(1): warn and do not attempt to use keys when the public and
private halves do not match. bz#2737
* sftp(1): don't print verbose error message when ssh disconnects
from under sftp. bz#2750
* sshd(8): fix keepalive scheduling problem: activity on a forwarded
port from preventing the keepalive from being sent; bz#2756
* sshd(8): when started without root privileges, don't require the
privilege separation user or path to exist. Makes running the
regression tests easier without touching the filesystem.
* Make integrity.sh regression tests more robust against timeouts.
bz#2658
* ssh(1)/sshd(8): correctness fix for channels implementation: accept
channel IDs greater than 0x7FFFFFFF.
Portability
-----------
* sshd(9): drop two more privileges in the Solaris sandbox:
PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO; bz#2723
* sshd(8): expose list of completed authentication methods to PAM
via the SSH_AUTH_INFO_0 PAM environment variable. bz#2408
* ssh(1)/sshd(8): fix several problems in the tun/tap forwarding code,
mostly to do with host/network byte order confusion. bz#2735
* Add --with-cflags-after and --with-ldflags-after configure flags to
allow setting CFLAGS/LDFLAGS after configure has completed. These
are useful for setting sanitiser/fuzzing options that may interfere
with configure's operation.
* sshd(8): avoid Linux seccomp violations on ppc64le over the
socketcall syscall.
* Fix use of ldns when using ldns-config; bz#2697
* configure: set cache variables when cross-compiling. The cross-
compiling fallback message was saying it assumed the test passed,
but it wasn't actually set the cache variables and this would
cause later tests to fail.
* Add clang libFuzzer harnesses for public key parsing and signature
verification.
Checksums:
==========
- SHA1 (openssh-7.6.tar.gz) = 157fe3989a245c58fcdb34d9fe722a3c4e14c008
- SHA1 (openssh-7.6p1.tar.gz) = a6984bc2c72192bed015c8b879b35dd9f5350b3b
- SHA256 (openssh-7.6.tar.gz) = Xu3bdpCcu65vM2FnW7b6IKLgd4Kvf2P3WBTMw+I7Bao=
- SHA256 (openssh-7.6p1.tar.gz) = oyPK7t3+FFuqoNsW6Y14Sx+8fdQ2pr8fR539XNHSFyM=
Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available as RELEASE_KEY.asc from
the mirror sites.
Reporting Bugs:
===============
- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.
www.openssh.com/
-
Changelog
* New features
- Allow for multiple "accept" ports per section.
- Self-test framework (make check).
- Added config load before OpenSSL init (thx to Dmitrii Pichulin).
- OpenSSL 1.1.0 support for Travis CI.
- OpenSSL 1.1.1-dev compilation fixes.
* Bugfixes
- Fixed a memory fault on Solaris.
- Fixed round-robin failover in the FORK threading model.
- Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown().
- Minor fixes of the logging subsystem.
https://www.stunnel.org/index.html
-
Whats new:>>
Minor improvements to the GUI (tab title text, connection groups form)
http://winsshterm.blogspot.com/
-
Changelog
FIX: Auto-update incorrectly states user is using the latest version
FIX: Cursor is not reset when terminal is reset
FIX: Renaming a tab sometimes applies the name to a different tab
FIX: Reverse video terminal escape sequence ignored
FIX: When open in a New Window is selected, a new tab name from the -newtab option is applied to an existing tab
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
New feature: Save scripts/commands and assign them to buttons (Multi-Input->Scripts)
New option to activate Multi-Input at startup (Preferences->General)
Minor improvements to the GUI
Minor code improvements
http://winsshterm.blogspot.com/
-
Changelog
New features:
OpenSSL DLLs updated to version 1.0.2m.
Android build updated to OpenSSL 1.1.0g.
Allow for multiple "accept" ports per section.
Self-test framework (make check).
Added config load before OpenSSL init (thx to Dmitrii Pichulin).
OpenSSL 1.1.0 support for Travis CI.
OpenSSL 1.1.1-dev compilation fixes.
Bugfixes:
Fixed a memory fault on Solaris.
Fixed round-robin failover in the FORK threading model.
Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown().
Minor fixes of the logging subsystem.
https://www.stunnel.org/index.html
-
(http://s26.postimg.org/7fek8ixp5/screenshot_41.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Minor code improvements (applied from v2)
http://winsshterm.blogspot.com/
-
(https://puttytray.goeswhere.com/g/logo.png)
PuTTY is a free implementation of SSH and Telnet for both Win32 and Unix platforms, along with an xterm terminal emulator. PuTTY Tray is an improved version of PuTTY (Win32). It features some cosmetic changes, and a number of addons to make it more usefull and much more fun to use.
Freeware
Whats new: >>
Fixed: Code signing certificate, and timestamping, valid again; no more certificate errors
Upgraded to PuTTY 0.67 (2016-03-05), which contains some security hardening, but no relevant security fixes.
Fixed: #247: Crash if file configuration had been munged by git
Fixed: #249: Command line length issues with cygcommand and cygterm
Note: Automatic reconnection is deprecated. It doesn't work. Please disable it.
https://puttytray.goeswhere.com/
-
Changelog
Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory, even a name we missed when we thought we'd fixed this in 0.69. See vuln-indirect-dll-hijack-3.
Windows PuTTY should be able to print again, after our DLL hijacking defences broke that functionality.
Windows PuTTY should be able to accept keyboard input outside the current code page, after our DLL hijacking defences broke that too.
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
-
Whats new:>>
Bug fix: In some rare cases installation of WinSCP/VcXsrv did not work
http://winsshterm.blogspot.com/
-
Changelog
New features:
Signed Win32 executables, libraries, and installer.
Bugfixes:
Default accept address restored to INADDR_ANY.
Fixed a race condition in "make check".
Fixed removing the pid file after configuration reload.
https://www.stunnel.org/index.html
-
Changelog
Development, licensing, and US export control:
This is the first version of Bitvise SSH Server, SSH Client, and FlowSsh published from the United States.
All assets, operations, relationships, and agreements related to Bitvise software development and licensing; including license agreements for use of Bitvise software by users; have been transferred from Bitvise Limited incorporated in Gibraltar, to Bitvise Limited now incorporated in Texas.
Final builds are now performed in Texas. Our software development continues in Slovenia, Germany, and Hungary, and may include developers elsewhere in the future.
This move is an administrative change. Our development, ownership, pricing, support, terms and policies and relationship to customers generally remain the same.
For the purpose of export from the United States, our SSH Server, SSH Client and FlowSsh are self-classified as Mass-Market products using the ECCN 5D992, with the encryption authorization type identifier MMKT. These denote eligibility under License Exception ENC § 740.17(b)(1) of the Export Administration Regulations (EAR).
Bitvise SSH Server, SSH Client, and FlowSsh now come with new license agreements. Users must review the new EULAs, even though the terms remain substantially the same. We apologize for this inconvenience, and have attempted to draft the agreements in a way that this might not be necessary very often.
SSH:
Windows 10 version 1709, OS build 17046.1000, changed internal Windows structures in a way that prevented Bitvise SSH Server, SSH Client, and FlowSsh from obtaining the agreed value in DH or ECDH key exchange. This prevented successful SSH connections using this new Windows build. Fixed.
There exist SSH implementations based on WeOnlyDo, e.g. freeSSHd, which might not send failure description and language tag fields when sending an SSH_MSG_CHANNEL_OPEN_FAILURE message. Bitvise SSH Server, SSH Client and FlowSsh will now behave as though these fields were sent as empty strings, instead of disconnecting due to an unexpected packet format.
sexec:
Now supports the command line parameter -git, which is shorthand for the new parameters -cmdQuoted and -exitZero. This allows sexec to be more easily configured for use with Git.
Now supports the command line parameter -cmdQuoted. This can be used when the remote command to execute is provided outside of the -cmd=... parameter, but is enclosed in single or double quotes.
Now supports the command line parameter -exitZero. If the remote command executes and returns exit code 0, this will cause sexec to return exit code 0 as well.
Now supports the command line parameter -p <portNr>. This can be used to specify the port number instead of -port=<portNr>.
Fixed an issue which would cause sexec to interpret as its own parameter a port number passed as part of the remote command to be executed. This could cause sexec to fail, or to connect to the SSH server on an unintended port.
www.bitvise.com
-
(http://images.six.betanews.com/screenshots/scaled/1357814984-1.jpg)
SmarTTY is an SSH client for Windows that supports multiple tabs, transferring files and entire directories via SCP and on-the-fly tar, automatic public key authentication setup, seamless X11 forwarding any many more features.
Freeware
http://smartty.sysprogs.com/
-
Whats new:>>
New feature "Script Runner": Runs a script on remote systems without opening up a terminal window and merges the output of all systems into a single text box. Useful for e.g. quickly gathering information of a group of systems. (Tools -> Script Runner)
http://winsshterm.blogspot.com/
-
Whats new:>>
Bug fixes and minor improvements to the feature "script runner"
http://winsshterm.blogspot.com/
-
Changelog
MOD: Last used password remains available for additional Keyboard Interactive authentications
FIX: Address bar session connection changes the session file
FIX: An X11 tunneling attempt occurs before Xmanger starts
FIX: Format string bug in a session file(KVE-2017-0761)
FIX: Overflow vulnerbility in a session file(KVE-2017-0889)
FIX: Terminal based SFTP connections cannot be established
FIX: Xftp window called by Xshell does not open
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
Permanent pop-ups have been disabled. The new features now require a donation (freemium software). All old donation certificates are valid again.
http://winsshterm.blogspot.com/
-
Whats new:>>
Minor changes and improvements to the GUI
Install dialogs now recall the last opened directory (thanks to Midas)
http://winsshterm.blogspot.com/
-
Whats new:>>
FIX: GSSAPI delegation not functioning
FIX: xsh.screen.get function error related to multibyte characters
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
Bug fix: Running multiple instances of WinSSHTerm could cause an app crash
2.1.4
Bug fix: Fixed a memory leak which could cause an app crash
http://winsshterm.blogspot.com/
-
Whats new:>>
Template variables (e.g. {{MY_USER}}) can also be used in the configuration of local connections. Minor changes to the GUI under "Preferences->Connections".
Changed link to WinSCP download page
http://winsshterm.blogspot.com/
-
Changelog
SFTP: In past 7.xx versions, Bitvise SSH Client and FlowSsh would perform a Resume check regardless of the type of server if Overwrite was enabled for upload. We suspect this could cause creation of an empty file with the same name on servers that support creation of multiple files with the same name.
The Resume check will no longer be performed when connected to a server that does not support SFTP v6 check-file and check-file-blocks extensions. With a server that supports these extensions, the Resume check will continue to be performed for Overwrite, since in this case Resume and Overwrite are the same operation.
www.bitvise.com
-
(http://securityxploded.com/images/sslcertscanner_mainscreen_big.jpg)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.
You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.
It works on wide range of platforms starting from Windows XP to latest operating system Windows 10.
Freeware
Whats new:>>
Major 2018 Release with mega features like SSL Certificate Threat Analysis, Color based Display, Addition of Host Name, Issuer Name, Signature etc to List, Right click context menu, Improved SSL Scan Report.
http://securityxploded.com/sslcertscanner.php
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
New feature: There is now a more convenient way to copy&paste by using a context menu, which opens up on right mouse button click (Preferences-> Terminal-> Copy&Paste). Requires PuTTY >= 0.71
Added an option "Prevent Windows from entering sleep mode" under Preferences -> General (thanks to Serge S.)
http://winsshterm.blogspot.com/
-
Whats new:>>
Bug fix: Starting Pageant with private keys that contain whitespaces in their path is now possible (thanks to Giuseppe)
http://winsshterm.blogspot.com/
-
Whats new:>>
Minor improvements: Reset terminal and close tab on middle mouse button now possible (thanks to Matt)
http://winsshterm.blogspot.com/
-
Changelog
MOD: Added option to save and delete Compose Pane History
MOD: Disabled ZMODEM downloads from the Smart Select Button of the Local Shell and local sessions
FIX: Anything following a comma(,) is ignored in a highlight keyword
FIX: Changed key mappings not taking effect immediately
FIX: Cycling through authentication methods in the session properties with the mouse wheel causes a crash
FIX: Focus of multiple sessions changes incorrect in the Session Manager
FIX: Incorrectly able to save session file name with invalid characters
FIX: Newly mapped keys not applied to a new window
FIX: Sessions created with the new command added to the parent folder instead of the current path
FIX: When logging begins, saved trace messages are truncated
http://www.netsarang.com/products/xsh_overview.html
-
Changelog
Antonio Quartulli (4):
reload HTTP proxy credentials when moving to the next connection profile
Allow learning iroutes with network made up of all 0s (only if netbits < 8)
mbedtls: fix typ0 in comment
manpage: fix simple typ0
Arne Schwabe (2):
Treat dhcp-option DNS6 and DNS identical
show the right string for key-direction
Bertrand Bonnefoy-Claudet (1):
Fix typo in error message: "optione" -> "option"
David Sommerseth (8):
lz4: Fix confused version check
lz4: Fix broken builds when pkg-config is not present but system library is
Remove references to keychain-mcd in Changes.rst
lz4: Rebase compat-lz4 against upstream v1.7.5
systemd: Add and ship README.systemd
Update copyright to include 2018 plus company name change
man: Add .TQ groff support macro
man: Reword --management to prefer unix sockets over TCP
Emmanuel Deloget (1):
OpenSSL: check EVP_PKEY key types before returning the pkey
Gert Doering (3):
Remove warning on pushed tun-ipv6 option.
Fix removal of on-link prefix on windows with netsh
Preparing for release v2.4.5 (ChangeLog, version.m4, Changes.rst)
Ilya Shipitsin (2):
travis-ci: add brew cache, remove ccache
travis-ci: modify openssl build script to support openssl-1.1.0
James Bottomley (1):
autoconf: Fix engine checks for openssl 1.1
Jeremie Courreges-Anglas (2):
Cast time_t to long long in order to print it.
Fix build with LibreSSL
Selva Nair (14):
Check whether in pull_mode before warning about previous connection blocks
Avoid illegal memory access when malformed data is read from the pipe
Fix missing check for return value of malloc'd buffer
Return NULL if GetAdaptersInfo fails
Use RSA_meth_free instead of free
Bring cryptoapi.c upto speed with openssl 1.1
Add SSL_CTX_get_max_proto_version() not in openssl 1.0
TLS v1.2 support for cryptoapicert -- RSA only
Refactor get_interface_metric to return metric and auto flag separately
Ensure strings read from registry are null-terminated
Make most registry values optional
Use lowest metric interface when multiple interfaces match a route
Adapt to RegGetValue brokenness in Windows 7
Fix format spec errors in Windows builds
Simon Rozman (11):
Local functions are not supported in MSVC. Bummer.
Mixing wide and regular strings in concatenations is not allowed in MSVC.
RtlIpv6AddressToStringW() and RtlIpv4AddressToStringW() require mstcpip.h
Simplify iphlpapi.dll API calls
Fix local #include to use quoted form
Document ">PASSWORD:Auth-Token" real-time message
Fix typo in "verb" command examples
Uniform swprintf() across MinGW and MSVC compilers
MSVC meta files added to .gitignore list
openvpnserv: Add support for multi-instances
Document missing OpenVPN states
Steffan Karger (21):
make struct key * argument of init_key_ctx const
buffer_list_aggregate_separator(): add unit tests
Add --tls-cert-profile option.
Use P_DATA_V2 for server->client packets too
Fix memory leak in buffer unit tests
buffer_list_aggregate_separator(): update list size after aggregating
buffer_list_aggregate_separator(): don't exceed max_len
buffer_list_aggregate_separator(): prevent 0-byte malloc
Fix types around buffer_list_push(_data)
ssl_openssl: fix compiler warning by removing getbio() wrapper
travis: use clang's -fsanitize=address to catch more bugs
Fix --tls-version-min and --tls-version-max for OpenSSL 1.1+
Add support for TLS 1.3 in --tls-version-{min, max}
Plug memory leak if push is interrupted
Fix format errors when cross-compiling for Windows
Log pre-handshake packet drops using D_MULTI_DROPPED
Enable stricter compiler warnings by default
Get rid of ax_check_compile_flag.m4
mbedtls: don't use API deprecated in mbed 2.7
Warn if tls-version-max < tls-version-min
Don't throw fatal errors from create_temp_file()
hashiz (1):
Fix '--bind ipv6only'
http://openvpn.net/
-
Changelog
New features
Implemented try-restart in the SysV init script (thx to Peter Pentchev).
Bugfixes
A service no longer refuses to start if binding fails for some (but not all) addresses:ports.
Fixed compression handling with OpenSSL 1.1.0 and later.
https://www.stunnel.org/index.html
-
Whats new:>>
New feature: Added color scheme "WinSSHTerm light" (replaces PuTTY color scheme)
New feature: Set up up to 5 custom color schemes (Preferences->Terminal->Color Scheme->Edit), including tab colors
New feature: Added option "Env Color" to be able to set a different background color to distinguish between PROD/DEV/... sessions (e.g. "125,0,0")
http://winsshterm.blogspot.com/
-
Changelog
OpenSSL Security Advisory [27 Mar 2018]
========================================
Constructed ASN.1 types with a recursive definition could exceed the stack (CVE-2018-0739)
==========================================================================================
Severity: Moderate
Constructed ASN.1 types with a recursive definition (such as can be found in
PKCS7) could eventually exceed the stack given malicious input with
excessive recursion. This could result in a Denial Of Service attack. There are
no such structures used within SSL/TLS that come from untrusted sources so this
is considered safe.
OpenSSL 1.1.0 users should upgrade to 1.1.0h
OpenSSL 1.0.2 users should upgrade to 1.0.2o
This issue was reported to OpenSSL on 4th January 2018 by the OSS-fuzz project.
The fix was developed by Matt Caswell of the OpenSSL development team.
Incorrect CRYPTO_memcmp on HP-UX PA-RISC (CVE-2018-0733)
========================================================
Severity: Moderate
Because of an implementation bug the PA-RISC CRYPTO_memcmp function is
effectively reduced to only comparing the least significant bit of each byte.
This allows an attacker to forge messages that would be considered as
authenticated in an amount of tries lower than that guaranteed by the security
claims of the scheme. The module can only be compiled by the HP-UX assembler, so
that only HP-UX PA-RISC targets are affected.
OpenSSL 1.1.0 users should upgrade to 1.1.0h
This issue was reported to OpenSSL on 2nd March 2018 by Peter Waltenberg (IBM).
The fix was developed by Andy Polyakov of the OpenSSL development team.
rsaz_1024_mul_avx2 overflow bug on x86_64 (CVE-2017-3738)
=========================================================
Severity: Low
This issue has been reported in a previous OpenSSL security advisory and a fix
was provided for OpenSSL 1.0.2. Due to the low severity no fix was released at
that time for OpenSSL 1.1.0. The fix is now available in OpenSSL 1.1.0h.
There is an overflow bug in the AVX2 Montgomery multiplication procedure
used in exponentiation with 1024-bit moduli. No EC algorithms are affected.
Analysis suggests that attacks against RSA and DSA as a result of this defect
would be very difficult to perform and are not believed likely. Attacks
against DH1024 are considered just feasible, because most of the work
necessary to deduce information about a private key may be performed offline.
The amount of resources required for such an attack would be significant.
However, for an attack on TLS to be meaningful, the server would have to share
the DH1024 private key among multiple clients, which is no longer an option
since CVE-2016-0701.
This only affects processors that support the AVX2 but not ADX extensions
like Intel Haswell (4th generation).
Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732
and CVE-2015-3193.
OpenSSL 1.1.0 users should upgrade to 1.1.0h
OpenSSL 1.0.2 users should upgrade to 1.0.2n
This issue was reported to OpenSSL on 22nd November 2017 by David Benjamin
(Google). The issue was originally found via the OSS-Fuzz project. The fix was
developed by Andy Polyakov of the OpenSSL development team.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20180327.txt
Note: the online version of the advisory may be updated with additional details
over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/policies/secpolicy.html
http://www.openssl.org/
-
Whats new:>>
New feature (only for donors): Added an option to open a connection from the menu bar (Preferences->Connections->Show connections in menu bar)
Minor improvements
http://winsshterm.blogspot.com/
-
Changelog
OpenSSH 7.7 was released on 2018-04-02. It is available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* ssh(1)/sshd(8): Drop compatibility support for some very old SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These
versions were all released in or before 2001 and predate the final
SSH RFCs. The support in question isn't necessary for RFC-compliant
SSH implementations.
Changes since OpenSSH 7.6
=========================
This is primarily a bugfix release.
New Features
------------
* All: Add experimental support for PQC XMSS keys (Extended Hash-
Based Signatures) based on the algorithm described in
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
The XMSS signature code is experimental and not compiled in by
default.
* sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword
to allow conditional configuration that depends on which routing
domain a connection was received on (currently supported on OpenBSD
and Linux).
* sshd_config(5): Add an optional rdomain qualifier to the
ListenAddress directive to allow listening on different routing
domains. This is supported only on OpenBSD and Linux at present.
* sshd_config(5): Add RDomain directive to allow the authenticated
session to be placed in an explicit routing domain. This is only
supported on OpenBSD at present.
* sshd(8): Add "expiry-time" option for authorized_keys files to
allow for expiring keys.
* ssh(1): Add a BindInterface option to allow binding the outgoing
connection to an interface's address (basically a more usable
BindAddress)
* ssh(1): Expose device allocated for tun/tap forwarding via a new
%T expansion for LocalCommand. This allows LocalCommand to be used
to prepare the interface.
* sshd(8): Expose the device allocated for tun/tap forwarding via a
new SSH_TUNNEL environment variable. This allows automatic setup of
the interface and surrounding network configuration automatically on
the server.
* ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp, e.g.
ssh://user@host or sftp://user@host/path. Additional connection
parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not
implemented since the ssh fingerprint format in the draft uses the
deprecated MD5 hash with no way to specify the any other algorithm.
* ssh-keygen(1): Allow certificate validity intervals that specify
only a start or stop time (instead of both or neither).
* sftp(1): Allow "cd" and "lcd" commands with no explicit path
argument. lcd will change to the local user's home directory as
usual. cd will change to the starting directory for session (because
the protocol offers no way to obtain the remote user's home
directory). bz#2760
* sshd(8): When doing a config test with sshd -T, only require the
attributes that are actually used in Match criteria rather than (an
incomplete list of) all criteria.
Bugfixes
--------
* ssh(1)/sshd(8): More strictly check signature types during key
exchange against what was negotiated. Prevents downgrade of RSA
signatures made with SHA-256/512 to SHA-1.
* sshd(8): Fix support for client that advertise a protocol version
of "1.99" (indicating that they are prepared to accept both SSHv1 and
SSHv2). This was broken in OpenSSH 7.6 during the removal of SSHv1
support. bz#2810
* ssh(1): Warn when the agent returns a ssh-rsa (SHA1) signature when
a rsa-sha2-256/512 signature was requested. This condition is possible
when an old or non-OpenSSH agent is in use. bz#2799
* ssh-agent(1): Fix regression introduced in 7.6 that caused ssh-agent
to fatally exit if presented an invalid signature request message.
* sshd_config(5): Accept yes/no flag options case-insensitively, as
has been the case in ssh_config(5) for a long time. bz#2664
* ssh(1): Improve error reporting for failures during connection.
Under some circumstances misleading errors were being shown. bz#2814
* ssh-keyscan(1): Add -D option to allow printing of results directly
in SSHFP format. bz#2821
* regress tests: fix PuTTY interop test broken in last release's SSHv1
removal. bz#2823
* ssh(1): Compatibility fix for some servers that erroneously drop the
connection when the IUTF8 (RFC8160) option is sent.
* scp(1): Disable RemoteCommand and RequestTTY in the ssh session
started by scp (sftp was already doing this.)
* ssh-keygen(1): Refuse to create a certificate with an unusable
number of principals.
* ssh-keygen(1): Fatally exit if ssh-keygen is unable to write all the
public key during key generation. Previously it would silently
ignore errors writing the comment and terminating newline.
* ssh(1): Do not modify hostname arguments that are addresses by
automatically forcing them to lower-case. Instead canonicalise them
to resolve ambiguities (e.g. ::0001 => ::1) before they are matched
against known_hosts. bz#2763
* ssh(1): Don't accept junk after "yes" or "no" responses to hostkey
prompts. bz#2803
* sftp(1): Have sftp print a warning about shell cleanliness when
decoding the first packet fails, which is usually caused by shells
polluting stdout of non-interactive startups. bz#2800
* ssh(1)/sshd(8): Switch timers in packet code from using wall-clock
time to monotonic time, allowing the packet layer to better function
over a clock step and avoiding possible integer overflows during
steps.
* Numerous manual page fixes and improvements.
Portability
-----------
* sshd(8): Correctly detect MIPS ABI in use at configure time. Fixes
sandbox violations on some environments.
* sshd(8): Remove UNICOS support. The hardware and software are literal
museum pieces and support in sshd is too intrusive to justify
maintaining.
* All: Build and link with "retpoline" flags when available to mitigate
the "branch target injection" style (variant 2) of the Spectre
branch-prediction vulnerability.
* All: Add auto-generated dependency information to Makefile.
* Numerous fixed to the RPM spec files.
Checksums:
==========
- SHA1 (openssh-7.7.tar.gz) = 24812e05fa233014c847c7775748316e7f8a836c
- SHA256 (openssh-7.7.tar.gz) = T4ua1L/vgAYqwB0muRahvnm5ZUr3PLY9nPljaG8egvo=
- SHA1 (openssh-7.7p1.tar.gz) = 446fe9ed171f289f0d62197dffdbfdaaf21c49f2
- SHA256 (openssh-7.7p1.tar.gz) = 1zvn5oTpnvzQJL4Vowv/y+QbASsvezyQhK7WIXdea48=
Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available as RELEASE_KEY.asc from
the mirror sites.
Reporting Bugs:
===============
- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com
www.openssh.com/
-
Whats new:>>
Bug fix: The features 'Jump Server' and 'Script Runner' can now be used with KiTTY
Bug fix: Logging with KiTTY now possible
http://winsshterm.blogspot.com/
-
Changelog
David Sommerseth (1):
Management: Warn if TCP port is used without password
Gert Doering (3):
Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4
Fix potential double-free() in Interactive Service (CVE-2018-9336)
Preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)
Gert van Dijk (1):
Manpage: improve description of --status and --status-version
Joost Rijneveld (1):
Make return code external tls key match docs
Selva Nair (3):
Delete the IPv6 route to the "connected" network on tun close
Management: warn about password only when the option is in use
Avoid overflow in wakeup time computation
Simon Matter (1):
Add missing #ifdef SSL_OP_NO_TLSv1_1/2
Steffan Karger (1):
Check for more data in control channel
http://openvpn.net/
-
Whats new:>>
Bug fix: Script Runner now supports connections which hop over a jump server (bastion host)
Minor changes
http://winsshterm.blogspot.com/
-
Changelog
This is not a new feature release, but a successor to 7.39 with continued maintenance updates. (We skip over versions containing zeros to avoid ambiguities. For example, 7.04 and 7.40 might both be referred to as "7.4".)
This version continues an upgrade amnesty. Any Bitvise SSH Client activation code that could activate a previous 7.xx version will also activate this version.
SSH:
Fixed an issue in zlib compression provided by the Crypto++ library. There existed a race condition which could cause data to be decompressed incorrectly in specific circumstances. (The circumstances required for this to happen do not appear to exist in the graphical Bitvise SSH Client or its command line clients.)
Fixed a denial of service attack vector. This remains to be described in more detail.
File transfer:
When performing unattended file transfers, the command line client sftpc would previously send a fire-and-forget SSH_FXP_CLOSE message followed by immediately closing the SFTP channel and the SSH session. Depending on circumstances such as network latency, Bitvise SSH Server versions up to and including 7.39 could fail to process the SSH_FXP_CLOSE request and incorrectly log that the final transfer may not have completed as intended. This has been fixed in the SSH Server with version 7.41. But also, sftpc will no longer send a fire-and-forget SSH_FXP_CLOSE before exiting.
In the SFTP interface of the graphical SSH Client, in the Move to... dialog, removed a limit that incorrectly prevented entering more than a fixed number of characters. This prevented use of the Move to feature with long paths and file names.
www.bitvise.com
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Added alternative shortcuts / disable shortcuts (Navigate->Shortcuts)
SSH debug logging now possible (Session->Logging->SSH packets)
Using a custom PuTTY/KiTTY session now possible (Session->Custom) - only available to donors
http://winsshterm.blogspot.com/
-
Whats new:>>
Bugfix: Fixed problem with new shortcuts (Navigate->Shortcuts)
http://winsshterm.blogspot.com/
-
Changelog
The End User License Agreement has been updated to try to bring it closer to the requirements of states and their contractors. Terms are otherwise unchanged. Situations in which licenses can be transferred are now laid out so that no permission will be needed in most cases.
The SSH Client now includes a new build of the SSH Server Remote Control Panel (WRC) for use with SSH Server versions 7.21 and above. The new build incorporates improvements to the SSH Server Control Panel since version 7.26.
The SSH Client continues to include older versions of the Remote Control Panel for use with older SSH Server versions. Those remain unchanged.
The graphical SSH Client will no longer mark a profile as changed when a password is changed, but the password is not configured to be saved in the profile.
www.bitvise.com
-
Changelog
ADD: Special characters such Ctrl+C can now be sent from the Compose Bar and Compose Pane.
ADD: The mouse can now be used to move the terminal cursor back and forth, up and down
MOD: Modified EULA
FIX: Activation fails when the response file has space characters
FIX: Channel-duplicated session tabs are closed when the session disconnects regardless of how global options are set
FIX: Crash when a session is dragged to a different Xshell window's Session Manager
FIX: Crash when dragging the Session Manager's properties window
FIX: Detached tabs are not locked when Lock Screen is activated
FIX: Dragging a session from a different Xshell window's Session Manager connects to an unintended session
FIX: Enabled Python script
FIX: Local file sizes are displayed incorrectly in SFTP connections
FIX: Mouse focus behavior issue in the Session Manager
FIX: Refresh issue when copying and pasting session files in the Session Manager
FIX: Refresh issue when deleting folders in the session manager
FIX: Refresh issue when moving Session Manager folders from one folder to another
FIX: Refresh issue when resizing the xsh.Dialog.Prompt dialog
FIX: Session appears duplicated in the Session Manager when a Links Bar session is first created
FIX: The session name of the Local Shell's automatic logging file is always set to 'default'
FIX: Unable to open a hidden Session Manager using shortcut keys
FIX: When an Xshell session using Keyboard Interactive authentication is called Xftp, authentication of no need is requested.
http://www.netsarang.com/products/xsh_overview.html
-
Changelog
New features:
Implemented try-restart in the SysV init script (thx to Peter Pentchev).
Bug fixes:
A service no longer refuses to start if binding fails for some (but not all) addresses:ports.
Fixed compression handling with OpenSSL 1.1.0 and later.
_beginthread() replaced with safer _beginthreadex().
https://www.stunnel.org/index.html
-
Whats new:>>
Bug fix: Removed ssh command line parameters when using a custom session
Protocol "sftp" now supported for Copy Files
New option to hide cluster mode window after opening connections
Replaced a cryptographic service provider with a FIPS compliant algorithm
http://winsshterm.blogspot.com/
-
(https://s26.postimg.cc/lyhrumpi1/screenshot_43.png)
KiTTY is a Telnet, SSH and Rlogin client forked from PuTTY. In addition to adding portability, it supports many new features, including session filters, automatic login, session icon, pre-defined saved command shortcuts, terminal protection feature, automatic login and ability to run commands on startup.
Interface improvements include transparency, roll-up and more.
License: MIT
Changelog
bug fix: crash in portable mode when trying to remove a session already deleted (with windows explorer)
bug fix: pscp/plink integration with -2 parameter forced (SSH-2 Only)
bug fix: in portable mode Default%20Settings session, is created on configuration box start only
bug fix: parameter -auto_store_sshkey is modified to -auto-store-sshkey
bug fix: -nofiles option shows error message when no kitty.ini file present
bug fix: shortcuts CTRL+SHIFT+ PLUS/MINUS works only once
new feature: new shortcut CTRL+SHIFT+0 to restore initial font size
new feature: new "-edit filename" option to open a file into the embedded editor
new feature: new readonly parameter to prevent any configuration file modification
new compiler: MinGW 6.3
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
Changelog
New features:
The default cipher list was updated to a safer value: "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK".
Bugfixes:
Default accept address restored to INADDR_ANY.
https://www.stunnel.org/index.html
-
Whats new:>>
Bug fix: shortcuts replacement for Font changes (CTRL+SHIFT to CTRL only)
New feature: new shortcut CTRL+ALT+t to duplicate session
http://www.9bis.net/kitty/?page=Welcome&zone=en
-
(https://s26.postimg.cc/nq6nio2m1/screenshot_103.png)
A reliable and straightforward application that allows to manage, organize and connect to different SSH servers with ease, as well as generate PuTTY login keys.
Freeware
http://www.delight.ch/de/sshtunnelclient
-
Changelog
ADD: Can specify UI language regardless of the PC's OS language
MOD: Compose pane command history increased to 50
MOD: Easier to distinguish whether the "Send keystrokes to all session" option is on/off
MOD: Log files can now be opened with the user defined editor
MOD: Mapped a default shorcut key for the Find function (Ctrl+Shift+F)
MOD: One time message during first initialization of free liceses
MOD: Session files now have the X11 forwarding option turned on by default
FIX: At times host information not saved during session file creation
FIX: Authentication is attempted even after exiting to the Local Shell during terminal based authentication
FIX: Completed string not displaying completely when using command auto completion in an internal sftp session
FIX: Console programs initialized from the Local Shell not terminating properly
FIX: Double click delimiter not functioning in ViM's mouse mode
FIX: Duplicate rules are registered when editing a port forwarding rule
FIX: Focus switches to a hidden group of tabs when in full screen mode
FIX: GSSAPI authentication fails at times
FIX: Middleware path is reset when incorrect password is inputted during pkcs#11 authentication
FIX: Mistranslated language resources
FIX: Multi-step authentication fails when using keyboard interactive with Google 2FA
FIX: Multiple windows appear during activation
FIX: Scrolling not functioning properly in touch screen devices
FIX: Session manager opens when switching to a layout with a different name
FIX: Session tabs are hidden when switching from simple view to multiple window full screen mode
FIX: Simple view is mistakenly applied to other tab groups
FIX: Unable to close a tab when it status icon is turned off
FIX: Unable to delete previous command when using command auto completion
FIX: Unable to open a session or its properties appear corrupted when the session or folder name is too long
FIX: Unable to rename the session tab in sessions newly opened from the Local Shell
FIX: Unable to transfer files over 4G when using an internal FTP/SFTP session
FIX: Unable to use Ctrl+A to select the public key characters in the User Key Generation Wizard
FIX: Unable to use x/ymodem transfers from the menu
FIX: When exiting simple mode the user's view status is not reinitialized
FIX: When populating the compose pane from its history with the direction keys, the cursor is placed in the front
FIX: Resource cleanup
http://www.netsarang.com/products/xsh_overview.html
-
Changelog
File transfer: Fixed issues in past Bitvise software versions that resulted in incorrect file times when using subsecond times with SFTP protocol versions 4 and 6. This would result in incorrect last modified times after a file transfer which affected, on average, about one in several hundred files. Affected files would receive a last modified timestamp incorrect by up to 7+ minutes.
Authentication: Fixed issues in password change dialog behavior if the original password was modified.
Installation: Updated installer and uninstaller manifests to reduce the likelihood that Windows will incorrectly run the Program Compatibility Assistant during or after installation. This mainly affects older Windows versions such as Windows 7.
www.bitvise.com
-
Changelog
New features:
Fast add_lock_callback for OpenSSL < 1.1.0. This largely improves performance on heavy load.
Automatic detection of Homebrew OpenSSL.
Clarified port binding error logs.
Various "make test" improvements.
Bugfixes:
Fixed a crash on switching to SNI slave sections.
https://www.stunnel.org/index.html
-
Changelog
Cryptography: Implemented support for changes in Windows internal cryptographic structures in Windows Insider Preview Build 17704. This build was released to Windows Insiders in the Fast ring on June 27, 2018.
Users who need to use earlier versions of our software on new Windows builds that change internal structures can work around compatibility issues by using the following key exchange algorithms: Curve25519, ECDH over nistp256k1. These key exchange methods do not rely on Windows cryptography; however, our software does not provide them if FIPS mode is enabled in Windows. Other key exchange methods require upgrading our software to a version that supports the new Windows build.
www.bitvise.com
-
Changelog
Security bugfixes:
Fixed requesting client certificate when specified as a global option.
New features:
Certificate subject checks modified to accept certificates if at least one of the specified checks matches.
https://www.stunnel.org/index.html
-
Changelog
ADD: Automatic saving of host key option
ADD: Powershell initialized from the Local Shell now includes tab auto-completion
ADD: Shortcut keys and Quick commands can be used during authentication
ADD: User data folder path can now be changed directly from within UI
ADD: Users have the option to delete previous data after data folder path has been changed
MOD: Option to prevent accidental hyperlink clicks (Mouse Click + Ctrl)
MOD: Terminal speed improvement when using the terminal highlight feature (Option)
FIX: Auto completion for SFTP sessions not functioning
FIX: Blue screen when closing Xshell
FIX: Crash when using an incorrect type of WaitForStrings
FIX: ESC key unable to initialize multiple lines of the command prompt
FIX: Edits made to the Quick Command pane of one window not applied to another
FIX: Exit button not functioning in a tabless window
FIX: Focus issue when selecting multiple sessions in the Session Manager
FIX: Hidden scrollbar appears in Full screen mode
FIX: Local shell unable to handle paths with spaces
FIX: Mouse scrolling functioning abnormally in newer Vim mouse modes
FIX: Not visible tabs able to obtain focus in Full Screen Mode
FIX: Password authentication not cycling to other auth types when using terminal based authentication
FIX: Shift+Home key not functioning in the Compose Pane
FIX: Tab limitation option remains checked when free licenses are migrated to a paid license
FIX: Terminal characters displaying incorrectly after returning from the Local Shell
FIX: Terminal print resource cleanup
FIX: Unable to designate Baud Rate when editing multiple sessions
FIX: Unable to handle URLs with '+' characters when executing from the command line
FIX: Unintended hyperlink handling
FIX: WaitForStrings not functioning with Unicode characters
http://www.netsarang.com/products/xsh_overview.html
-
Changelog
ADD: Return value of xsh.Dialog.Prompt when Cancel is pressed (More...)
FIX: Certain menus opening incorrect Help pages
FIX: Crash after running Xshell after a Windows 10 update
FIX: Log and temp folders not changing after user changes user data folder
FIX: Mistakenly able to open folder properties from the Session Manager
FIX: Shift + direction keys in the Compose Pane incorrectly applied to the terminal
FIX: The heigh of the Compose Pane and Quick Command Pane changes automatically
FIX: When editing multiple sessions with different Ignore Bell settings, the changes are not saved
FIX: xsh.Screen.Send function related to certain language strings not functioning
FIX: Resource cleanup
http://www.netsarang.com/products/xsh_overview.html
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Bug fix: By default, if both password and private key were configured for a connection, the password would be treated as the private key's passphrase when starting WinSCP with Copy Files.
Added an option to use the password as passphrase for WinSCP under File->Preferences->Copy Files (which was the default behaviour in versions < 2.2.7)
http://winsshterm.blogspot.com/
-
Whats new:>>
Improved find feature in the connection window
Added a button to trigger "Copy Files" in the search window
http://winsshterm.blogspot.com/
-
(https://s26.postimg.cc/h1obsfzqx/screenshot_417.png)
Connect to various devices or servers in your network by turning to this lightweight software solution that lets you manage several sessions.
Freeware
https://www.solarwinds.com/free-tools/solar-putty
-
Whats new:>>
Bug fix: Find feature in the connection window now correctly finds all matching results
Connections in menu bar: added menu item "Refresh" for better performance (the refresh action was previously done every time the menu item "Cons" was clicked)
Search window: minor improvements
http://winsshterm.blogspot.com/
-
Changelog
Bitvise SSH Server, SSH Client, and FlowSsh previously did not implement strict size limits or sanitization of content before displaying or logging strings received from a remote party. Much stricter size limits and sanitization are now implemented.
Bitvise SSH Server, SSH Client, and FlowSsh now report the size of the Diffie Hellman group actually used in DH key exchange. This is useful with key exchange methods that use DH group exchange, where there was previously no straightforward way to know what size group was used.
Importing an empty public key file would cause the SSH Client's Host key manager to hang indefinitely. Fixed.
When loading an SSH Client profile, the SSH Client's Remote Desktop tab failed to update the Remote Desktop width and/or height if the new value was 0 (the default value). Fixed.
www.bitvise.com
-
Changelog
Changes between 1.1.0h and 1.1.0i [xx XXX xxxx]
*) Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack.
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
(CVE-2018-0732)
[Guido Vranken]
*) Cache timing vulnerability in RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
a cache timing side channel attack. An attacker with sufficient access to
mount cache timing attacks during the RSA key generation process could
recover the private key.
This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
(CVE-2018-0737)
[Billy Brumley]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
[Richard Levitte]
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
*) Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
For larger primes this will result in more rounds of Miller-Rabin.
The maximal error rate for primes with more than 1080 bits is lowered
to 2^-128.
[Kurt Roeckx, Annie Yousar]
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
[Kurt Roeckx]
*) Add blinding to ECDSA and DSA signatures to protect against side channel
attacks discovered by Keegan Ryan (NCC Group).
[Matt Caswell]
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
[Richard Levitte]
*) Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
[Emilia Käsper]
*) Fixed a text canonicalisation bug in CMS
Where a CMS detached signature is used with text content the text goes
through a canonicalisation process first prior to signing or verifying a
signature. This process strips trailing space at the end of lines, converts
line terminators to CRLF and removes additional trailing line terminators
at the end of a file. A bug in the canonicalisation process meant that
some characters, such as form-feed, were incorrectly treated as whitespace
and removed. This is contrary to the specification (RFC5485). This fix
could mean that detached text data signed with an earlier version of
OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
signed with a fixed OpenSSL may fail to verify with an earlier version of
OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data
and use the "-binary" flag (for the "cms" command line application) or set
the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()).
[Matt Caswell]
http://www.openssl.org/
-
Verschiedene Software und Geräte mit OpenSSH sind verwundbar. Die Schwachstelle gilt aber nicht als kritisch.
In dem 1999 erschienen Fernzugriffs- und Dateiübertragungstool OpenSSH klafft seit Anbeginn eine Sicherheitslücke (CVE-2018-15473), die Sicherheitsforscher von Qualys nun entdeckt haben. Mittlerweile haben die Entwickler die Schwachstelle in den Versionen 1:6.7p1-1, 1:7.7p1-1 und 1:7.7p1-4 geschlossen, berichtet Qualys in einer Mailingliste.
OpenSSH ist weit verbreitet und kommt auf beispielsweise unzähligen Hosting-Servern und IoT-Geräten zum Einsatz. Flächendeckende Updates sind utopisch. Glücklicherweise gilt die Lücke nicht als kritisch. Verschiedener Proof-of-Concept-Code ist bereits im Umlauf. Ist eine Update-Installation nicht möglich, kann man alternativ die Public-Key-Authentication-Methode abschalten.
Auswirkungen
Durch das Ausnutzen der Lücke kann ein Angreifer aus der Ferne gültige Nutzernamen erraten. Dafür muss er lediglich präparierte Pakete an die verwundbare Public-Key-Authentication-Methode schicken. Existiert ein abgefragter Nutzer nicht, erhält der Angreifer eine Fehlermeldung. Gibt es den Account, schließt ein anfälliger OpenSSH-Server die Verbindung.
Mit gültigen Nutzernamen ausgerüstet könnte ein Angreifer versuchen, Passwörter via Brute-Force-Attacken zu erraten, um sich so Zugang zu verschaffen.
Quelle : www.heise.de
-
Changelog
OpenSSH 7.8 was released on 2018-08-24. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* ssh-keygen(1): write OpenSSH format private keys by default
instead of using OpenSSL's PEM format. The OpenSSH format,
supported in OpenSSH releases since 2014 and described in the
PROTOCOL.key file in the source distribution, offers substantially
better protection against offline password guessing and supports
key comments in private keys. If necessary, it is possible to write
old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
when generating or updating a key.
* sshd(8): remove internal support for S/Key multiple factor
authentication. S/Key may still be used via PAM or BSD auth.
* ssh(1): remove vestigal support for running ssh(1) as setuid. This
used to be required for hostbased authentication and the (long
gone) rhosts-style authentication, but has not been necessary for
a long time. Attempting to execute ssh as a setuid binary, or with
uid != effective uid will now yield a fatal error at runtime.
* sshd(8): the semantics of PubkeyAcceptedKeyTypes and the similar
HostbasedAcceptedKeyTypes options have changed. These now specify
signature algorithms that are accepted for their respective
authentication mechanism, where previously they specified accepted
key types. This distinction matters when using the RSA/SHA2
signature algorithms "rsa-sha2-256", "rsa-sha2-512" and their
certificate counterparts. Configurations that override these
options but omit these algorithm names may cause unexpected
authentication failures (no action is required for configurations
that accept the default for these options).
* sshd(8): the precedence of session environment variables has
changed. ~/.ssh/environment and environment="..." options in
authorized_keys files can no longer override SSH_* variables set
implicitly by sshd.
* ssh(1)/sshd(8): the default IPQoS used by ssh/sshd has changed.
They will now use DSCP AF21 for interactive traffic and CS1 for
bulk. For a detailed rationale, please see the commit message:
https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284
https://www.openssh.com
-
(https://s26.postimg.cc/lm2sdcvpl/screenshot_533.png)
mRemoteNG is a fork of mRemote: an open source, tabbed, multi-protocol, remote connections manager. mRemoteNG adds bug fixes and new features to mRemote.
It allows you to view all of your remote connections in a simple yet powerful tabbed interface.
mRemoteNG supports the following protocols:
RDP (Remote Desktop/Terminal Server)
VNC (Virtual Network Computing)
ICA (Citrix Independent Computing Architecture)
SSH (Secure Shell)
Telnet (TELecommunication NETwork)
HTTP/HTTPS (Hypertext Transfer Protocol)
rlogin (Remote Login)
Raw Socket Connections
License: GPLv2
Changelog
Fixes:
#1088: Delete and Launch buttons are not disabled when last external tool deleted
#1087: 'Save connections after every edit' setting not honored
#1082: Connections not given GUID if Id is empty in connection xml
https://mremoteng.org/
-
Changelog
New features:
Performance optimizations.
Logging of negotiated or resumed TLS session IDs (thx to ANSSI - National Cybersecurity Agency of France).
Merged Debian 10-enabled.patch and 11-killproc.patch (thx to Peter Pentchev).
OpenSSL DLLs updated to version 1.0.2p.
PKCS#11 engine DLL updated to version 0.4.9.
Bugfixes:
Fixed a crash in the session persistence implementation.
Fixed syslog identifier after configuration file reload.
Fixed non-interactive "make check" invocations.
Fixed reloading syslog configuration.
stunnel.pem created with SHA-256 instead of SHA-1.
SHA-256 "make check" certificates.
https://www.stunnel.org/index.html
-
(http://securityxploded.com/images/sslcertstoreviewer_report.jpg)
SSLCertStoreViewer is the free Tool to view all the installed SSL certificates from your local system store.
Currently it can automatically scan and display Certificates from following type of stores,
CA Certificate Store
Private Certificate Store
Root Certificate Store
Software Publisher Certificate Store
For each discovered SSL certificate it displays following information
Certificate Store
Certificate Subject Name
Certificate Issuer Name
Issue Date
Expiry Date
It also checks if any of the certificate is expired. If so then it will be displayed in RED color.
Freeware
Whats new:>>
Major 2018 version with improved SSL Certificate store features
https://securityxploded.com/ssl-certificate-store-viewer.php
-
(https://securityxploded.com/images/sslcertdownloader_mainscreen.jpg)
SSL Cert Downloader is a free command-line tool to grab SSL certificate from server remotely.
It can be used to download certificate from any of the SSL enabled services including
HTTPS (443)
LDAPS (636)
SMTPS (465)
POPS (995)
IMAPS (993)
You can either specify IP address or host name of the server. Also you can enter any custom port which makes it useful when SSL service is running on non-standard port.
Once the certificate is downloaded from the server it will be saved to the specified file. Later you can just double click on the saved file to view the SSL certificate.
It is very easy to use and being a command-line tool makes it easy for automation through scripting.
It is fully portable and works on all platforms starting from Windows XP to Windows 10 version.
Whats new:>>
Major 2018 release with improved & faster SSL Certificate downloading features
https://securityxploded.com/ssl-certificate-downloader.php
-
(http://securityxploded.com/images/sslcertscanner_mainscreen_big.jpg)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.
You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.
It works on wide range of platforms starting from Windows XP to latest operating system Windows 10.
Freeware
Whats new:>>
Release includes SSL Scanning performance & GUI improvements.
https://securityxploded.com/sslcertscanner.php
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
New feature: Detach a terminal window from WinSSHTerm (Tab->Detach Terminal)
http://winsshterm.blogspot.com/
-
Changelog
ADD: Ability to expand and collapse all folders in Session Manager
ADD: Added $USERNAME, $HOSTNAME, $PATH as script environment variables
ADD: Support 460800/921600 baud rate in SERIAL communications
MOD: Ability to change the order of startup sessions
MOD: Horizontal scroll bar fixed regardless of terminal output
MOD: More specific error messages related to authentication
FIX: Changes in highlight colors not displaying immediately in the preview
FIX: Crash when a logging enabled session contains its name in the logging field
FIX: Crash when opening a session file from outside the program and the session window is detached
FIX: Crash when refreshing the Session Manager
FIX: Creating a session file in the Session Manager during a search displays incorrect search results
FIX: Master Password dialog goes back to another window
FIX: Master Password level miscalculation
FIX: Multiple scripts mistakenly running in a single session
FIX: Transfer progress displays awkwardly when the terminal size is narrow
FIX: Transfer progress of large files not displaying correctly
FIX: Xshell freezes when opening the context menu of a session tab
http://www.netsarang.com/products/xsh_overview.html
-
Changelog
Changes between 1.1.0i and 1.1.1
*) Add a new ClientHello callback. Provides a callback interface that gives
the application the ability to adjust the nascent SSL object at the
earliest stage of ClientHello processing, immediately after extensions have
been collected but before they have been processed. In particular, this
callback can adjust the supported TLS versions in response to the contents
of the ClientHello
[Benjamin Kaduk]
*) Add SM2 base algorithm support.
[Jack Lloyd]
*) s390x assembly pack: add (improved) hardware-support for the following
cryptographic primitives: sha3, shake, aes-gcm, aes-ccm, aes-ctr, aes-ofb,
aes-cfb/cfb8, aes-ecb.
[Patrick Steuer]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
[Richard Levitte]
*) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder
step for prime curves. The new implementation is based on formulae from
differential addition-and-doubling in homogeneous projective coordinates
from Izu-Takagi "A fast parallel elliptic curve multiplication resistant
against side channel attacks" and Brier-Joye "Weierstrass Elliptic Curves
and Side-Channel Attacks" Eq. (8) for y-coordinate recovery, modified
to work in projective coordinates.
[Billy Bob Brumley, Nicola Tuveri]
*) Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
For larger primes this will result in more rounds of Miller-Rabin.
The maximal error rate for primes with more than 1080 bits is lowered
to 2^-128.
[Kurt Roeckx, Annie Yousar]
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
[Kurt Roeckx]
*) The 'tsget' script is renamed to 'tsget.pl', to avoid confusion when
moving between systems, and to avoid confusion when a Windows build is
done with mingw vs with MSVC. For POSIX installs, there's still a
symlink or copy named 'tsget' to avoid that confusion as well.
[Richard Levitte]
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
*) Use the new ec_scalar_mul_ladder scaffold to implement a specialized ladder
step for binary curves. The new implementation is based on formulae from
differential addition-and-doubling in mixed Lopez-Dahab projective
coordinates, modified to independently blind the operands.
[Billy Bob Brumley, Sohaib ul Hassan, Nicola Tuveri]
*) Add a scaffold to optionally enhance the Montgomery ladder implementation
for `ec_scalar_mul_ladder` (formerly `ec_mul_consttime`) allowing
EC_METHODs to implement their own specialized "ladder step", to take
advantage of more favorable coordinate systems or more efficient
differential addition-and-doubling algorithms.
[Billy Bob Brumley, Sohaib ul Hassan, Nicola Tuveri]
*) Modified the random device based seed sources to keep the relevant
file descriptors open rather than reopening them on each access.
This allows such sources to operate in a chroot() jail without
the associated device nodes being available. This behaviour can be
controlled using RAND_keep_random_devices_open().
[Paul Dale]
*) Numerous side-channel attack mitigations have been applied. This may have
performance impacts for some algorithms for the benefit of improved
security. Specific changes are noted in this change log by their respective
authors.
[Matt Caswell]
*) AIX shared library support overhaul. Switch to AIX "natural" way of
handling shared libraries, which means collecting shared objects of
different versions and bitnesses in one common archive. This allows to
mitigate conflict between 1.0 and 1.1 side-by-side installations. It
doesn't affect the way 3rd party applications are linked, only how
multi-version installation is managed.
[Andy Polyakov]
*) Make ec_group_do_inverse_ord() more robust and available to other
EC cryptosystems, so that irrespective of BN_FLG_CONSTTIME, SCA
mitigations are applied to the fallback BN_mod_inverse().
When using this function rather than BN_mod_inverse() directly, new
EC cryptosystem implementations are then safer-by-default.
[Billy Bob Brumley]
*) Add coordinate blinding for EC_POINT and implement projective
coordinate blinding for generic prime curves as a countermeasure to
chosen point SCA attacks.
[Sohaib ul Hassan, Nicola Tuveri, Billy Bob Brumley]
*) Add blinding to ECDSA and DSA signatures to protect against side channel
attacks discovered by Keegan Ryan (NCC Group).
[Matt Caswell]
*) Enforce checking in the pkeyutl command line app to ensure that the input
length does not exceed the maximum supported digest length when performing
a sign, verify or verifyrecover operation.
[Matt Caswell]
*) SSL_MODE_AUTO_RETRY is enabled by default. Applications that use blocking
I/O in combination with something like select() or poll() will hang. This
can be turned off again using SSL_CTX_clear_mode().
Many applications do not properly handle non-application data records, and
TLS 1.3 sends more of such records. Setting SSL_MODE_AUTO_RETRY works
around the problems in those applications, but can also break some.
It's recommended to read the manpages about SSL_read(), SSL_write(),
SSL_get_error(), SSL_shutdown(), SSL_CTX_set_mode() and
SSL_CTX_set_read_ahead() again.
[Kurt Roeckx]
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
[Richard Levitte]
*) Apply blinding to binary field modular inversion and remove patent
pending (OPENSSL_SUN_GF2M_DIV) BN_GF2m_mod_div implementation.
[Billy Bob Brumley]
*) Deprecate ec2_mult.c and unify scalar multiplication code paths for
binary and prime elliptic curves.
[Billy Bob Brumley]
*) Remove ECDSA nonce padding: EC_POINT_mul is now responsible for
constant time fixed point multiplication.
[Billy Bob Brumley]
*) Revise elliptic curve scalar multiplication with timing attack
defenses: ec_wNAF_mul redirects to a constant time implementation
when computing fixed point and variable point multiplication (which
in OpenSSL are mostly used with secret scalars in keygen, sign,
ECDH derive operations).
[Billy Bob Brumley, Nicola Tuveri, Cesar Pereida García,
Sohaib ul Hassan]
*) Updated CONTRIBUTING
[Rich Salz]
*) Updated DRBG / RAND to request nonce and additional low entropy
randomness from the system.
[Matthias St. Pierre]
*) Updated 'openssl rehash' to use OpenSSL consistent default.
[Richard Levitte]
*) Moved the load of the ssl_conf module to libcrypto, which helps
loading engines that libssl uses before libssl is initialised.
[Matt Caswell]
*) Added EVP_PKEY_sign() and EVP_PKEY_verify() for EdDSA
[Matt Caswell]
*) Fixed X509_NAME_ENTRY_set to get multi-valued RDNs right in all cases.
[Ingo Schwarze, Rich Salz]
*) Added output of accepting IP address and port for 'openssl s_server'
[Richard Levitte]
*) Added a new API for TLSv1.3 ciphersuites:
SSL_CTX_set_ciphersuites()
SSL_set_ciphersuites()
[Matt Caswell]
*) Memory allocation failures consistenly add an error to the error
stack.
[Rich Salz]
*) Don't use OPENSSL_ENGINES and OPENSSL_CONF environment values
in libcrypto when run as setuid/setgid.
[Bernd Edlinger]
*) Load any config file by default when libssl is used.
[Matt Caswell]
*) Added new public header file <openssl/rand_drbg.h> and documentation
for the RAND_DRBG API. See manual page RAND_DRBG(7) for an overview.
[Matthias St. Pierre]
*) QNX support removed (cannot find contributors to get their approval
for the license change).
[Rich Salz]
*) TLSv1.3 replay protection for early data has been implemented. See the
SSL_read_early_data() man page for further details.
[Matt Caswell]
*) Separated TLSv1.3 ciphersuite configuration out from TLSv1.2 ciphersuite
configuration. TLSv1.3 ciphersuites are not compatible with TLSv1.2 and
below. Similarly TLSv1.2 ciphersuites are not compatible with TLSv1.3.
In order to avoid issues where legacy TLSv1.2 ciphersuite configuration
would otherwise inadvertently disable all TLSv1.3 ciphersuites the
configuration has been separated out. See the ciphers man page or the
SSL_CTX_set_ciphersuites() man page for more information.
[Matt Caswell]
*) On POSIX (BSD, Linux, ...) systems the ocsp(1) command running
in responder mode now supports the new "-multi" option, which
spawns the specified number of child processes to handle OCSP
requests. The "-timeout" option now also limits the OCSP
responder's patience to wait to receive the full client request
on a newly accepted connection. Child processes are respawned
as needed, and the CA index file is automatically reloaded
when changed. This makes it possible to run the "ocsp" responder
as a long-running service, making the OpenSSL CA somewhat more
feature-complete. In this mode, most diagnostic messages logged
after entering the event loop are logged via syslog(3) rather than
written to stderr.
[Viktor Dukhovni]
*) Added support for X448 and Ed448. Heavily based on original work by
Mike Hamburg.
[Matt Caswell]
*) Extend OSSL_STORE with capabilities to search and to narrow the set of
objects loaded. This adds the functions OSSL_STORE_expect() and
OSSL_STORE_find() as well as needed tools to construct searches and
get the search data out of them.
[Richard Levitte]
*) Support for TLSv1.3 added. Note that users upgrading from an earlier
version of OpenSSL should review their configuration settings to ensure
that they are still appropriate for TLSv1.3. For further information see:
https://wiki.openssl.org/index.php/TLS1.3
[Matt Caswell]
*) Grand redesign of the OpenSSL random generator
The default RAND method now utilizes an AES-CTR DRBG according to
NIST standard SP 800-90Ar1. The new random generator is essentially
a port of the default random generator from the OpenSSL FIPS 2.0
object module. It is a hybrid deterministic random bit generator
using an AES-CTR bit stream and which seeds and reseeds itself
automatically using trusted system entropy sources.
Some of its new features are:
o Support for multiple DRBG instances with seed chaining.
o The default RAND method makes use of a DRBG.
o There is a public and private DRBG instance.
o The DRBG instances are fork-safe.
o Keep all global DRBG instances on the secure heap if it is enabled.
o The public and private DRBG instance are per thread for lock free
operation
[Paul Dale, Benjamin Kaduk, Kurt Roeckx, Rich Salz, Matthias St. Pierre]
*) Changed Configure so it only says what it does and doesn't dump
so much data. Instead, ./configdata.pm should be used as a script
to display all sorts of configuration data.
[Richard Levitte]
*) Added processing of "make variables" to Configure.
[Richard Levitte]
*) Added SHA512/224 and SHA512/256 algorithm support.
[Paul Dale]
*) The last traces of Netware support, first removed in 1.1.0, have
now been removed.
[Rich Salz]
*) Get rid of Makefile.shared, and in the process, make the processing
of certain files (rc.obj, or the .def/.map/.opt files produced from
the ordinal files) more visible and hopefully easier to trace and
debug (or make silent).
[Richard Levitte]
*) Make it possible to have environment variable assignments as
arguments to config / Configure.
[Richard Levitte]
*) Add multi-prime RSA (RFC 8017) support.
[Paul Yang]
*) Add SM3 implemented according to GB/T 32905-2016
[ Jack Lloyd <jack.lloyd@ribose.com>,
Ronald Tse <ronald.tse@ribose.com>,
Erick Borsboom <erick.borsboom@ribose.com> ]
*) Add 'Maximum Fragment Length' TLS extension negotiation and support
as documented in RFC6066.
Based on a patch from Tomasz Moń
[Filipe Raimundo da Silva]
*) Add SM4 implemented according to GB/T 32907-2016.
[ Jack Lloyd <jack.lloyd@ribose.com>,
Ronald Tse <ronald.tse@ribose.com>,
Erick Borsboom <erick.borsboom@ribose.com> ]
*) Reimplement -newreq-nodes and ERR_error_string_n; the
original author does not agree with the license change.
[Rich Salz]
*) Add ARIA AEAD TLS support.
[Jon Spillett]
*) Some macro definitions to support VS6 have been removed. Visual
Studio 6 has not worked since 1.1.0
[Rich Salz]
*) Add ERR_clear_last_mark(), to allow callers to clear the last mark
without clearing the errors.
[Richard Levitte]
*) Add "atfork" functions. If building on a system that without
pthreads, see doc/man3/OPENSSL_fork_prepare.pod for application
requirements. The RAND facility now uses/requires this.
[Rich Salz]
*) Add SHA3.
[Andy Polyakov]
*) The UI API becomes a permanent and integral part of libcrypto, i.e.
not possible to disable entirely. However, it's still possible to
disable the console reading UI method, UI_OpenSSL() (use UI_null()
as a fallback).
To disable, configure with 'no-ui-console'. 'no-ui' is still
possible to use as an alias. Check at compile time with the
macro OPENSSL_NO_UI_CONSOLE. The macro OPENSSL_NO_UI is still
possible to check and is an alias for OPENSSL_NO_UI_CONSOLE.
[Richard Levitte]
*) Add a STORE module, which implements a uniform and URI based reader of
stores that can contain keys, certificates, CRLs and numerous other
objects. The main API is loosely based on a few stdio functions,
and includes OSSL_STORE_open, OSSL_STORE_load, OSSL_STORE_eof,
OSSL_STORE_error and OSSL_STORE_close.
The implementation uses backends called "loaders" to implement arbitrary
URI schemes. There is one built in "loader" for the 'file' scheme.
[Richard Levitte]
*) Add devcrypto engine. This has been implemented against cryptodev-linux,
then adjusted to work on FreeBSD 8.4 as well.
Enable by configuring with 'enable-devcryptoeng'. This is done by default
on BSD implementations, as cryptodev.h is assumed to exist on all of them.
[Richard Levitte]
*) Module names can prefixed with OSSL_ or OPENSSL_. This affects
util/mkerr.pl, which is adapted to allow those prefixes, leading to
error code calls like this:
OSSL_FOOerr(OSSL_FOO_F_SOMETHING, OSSL_FOO_R_WHATEVER);
With this change, we claim the namespaces OSSL and OPENSSL in a manner
that can be encoded in C. For the foreseeable future, this will only
affect new modules.
[Richard Levitte and Tim Hudson]
*) Removed BSD cryptodev engine.
[Rich Salz]
*) Add a build target 'build_all_generated', to build all generated files
and only that. This can be used to prepare everything that requires
things like perl for a system that lacks perl and then move everything
to that system and do the rest of the build there.
[Richard Levitte]
*) In the UI interface, make it possible to duplicate the user data. This
can be used by engines that need to retain the data for a longer time
than just the call where this user data is passed.
[Richard Levitte]
*) Ignore the '-named_curve auto' value for compatibility of applications
with OpenSSL 1.0.2.
[Tomas Mraz <tmraz@fedoraproject.org>]
*) Fragmented SSL/TLS alerts are no longer accepted. An alert message is 2
bytes long. In theory it is permissible in SSLv3 - TLSv1.2 to fragment such
alerts across multiple records (some of which could be empty). In practice
it make no sense to send an empty alert record, or to fragment one. TLSv1.3
prohibts this altogether and other libraries (BoringSSL, NSS) do not
support this at all. Supporting it adds significant complexity to the
record layer, and its removal is unlikely to cause inter-operability
issues.
[Matt Caswell]
*) Add the ASN.1 types INT32, UINT32, INT64, UINT64 and variants prefixed
with Z. These are meant to replace LONG and ZLONG and to be size safe.
The use of LONG and ZLONG is discouraged and scheduled for deprecation
in OpenSSL 1.2.0.
[Richard Levitte]
*) Add the 'z' and 'j' modifiers to BIO_printf() et al formatting string,
'z' is to be used for [s]size_t and 'j' - with [u]int64_t [Richard Levitte, Andy Polyakov]
*) Add EC_KEY_get0_engine(), which does for EC_KEY what RSA_get0_engine()
does for RSA, etc.
[Richard Levitte]
*) Have 'config' recognise 64-bit mingw and choose 'mingw64' as the target
platform rather than 'mingw'.
[Richard Levitte]
*) The functions X509_STORE_add_cert and X509_STORE_add_crl return
success if they are asked to add an object which already exists
in the store. This change cascades to other functions which load
certificates and CRLs.
[Paul Dale]
*) x86_64 assembly pack: annotate code with DWARF CFI directives to
facilitate stack unwinding even from assembly subroutines.
[Andy Polyakov]
*) Remove VAX C specific definitions of OPENSSL_EXPORT, OPENSSL_EXTERN.
Also remove OPENSSL_GLOBAL entirely, as it became a no-op.
[Richard Levitte]
*) Remove the VMS-specific reimplementation of gmtime from crypto/o_times.c.
VMS C's RTL has a fully up to date gmtime() and gmtime_r() since V7.1,
which is the minimum version we support.
[Richard Levitte]
*) Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
[Emilia Käsper]
*) Add support for ARIA
[Paul Dale]
*) s_client will now send the Server Name Indication (SNI) extension by
default unless the new "-noservername" option is used. The server name is
based on the host provided to the "-connect" option unless overridden by
using "-servername".
[Matt Caswell]
*) Add support for SipHash
[Todd Short]
*) OpenSSL now fails if it receives an unrecognised record type in TLS1.0
or TLS1.1. Previously this only happened in SSLv3 and TLS1.2. This is to
prevent issues where no progress is being made and the peer continually
sends unrecognised record types, using up resources processing them.
[Matt Caswell]
*) 'openssl passwd' can now produce SHA256 and SHA512 based output,
using the algorithm defined in
https://www.akkadia.org/drepper/SHA-crypt.txt
[Richard Levitte]
*) Heartbeat support has been removed; the ABI is changed for now.
[Richard Levitte, Rich Salz]
*) Support for SSL_OP_NO_ENCRYPT_THEN_MAC in SSL_CONF_cmd.
[Emilia Käsper]
*) The RSA "null" method, which was partially supported to avoid patent
issues, has been replaced to always returns NULL.
[Rich Salz]
http://www.openssl.org/
-
Changelog
Fixes several bugs and feature updates since 1.4.0.8 See 1.4.0.8...master for all 79 commits
https://github.com/jimradford/superputty
-
Whats new:>>
Fixed few minor bugs.
https://securityxploded.com/sslcertscanner.php
-
Changelog
After the SSH session has been terminated by receiving EOF or sending SSH_MSG_DISCONNECT, FlowSsh will now discard any further outgoing SSH packets. This helps avoid a stall in processing and further improves the odds that all previously received data will be processed.
File transfer: Fixed an issue where, if the connection was lost during a download while synchronization was being performed, the local file size would be reset to zero.
stermc: Improved handling of default colors configured in -profile or using the -colors parameter when using non-bvterm terminals such as xterm or vt100. The screen is now cleared using the configured colors.
www.bitvise.com
-
Changelog
ADD: Script APIs of Information for currently connected sessions
MOD: ANSI 256 colors appear in monochrome color schemes
MOD: Keyboard Interactive authentication saves only the first inputted value
FIX: 'Clear All Histories on Exit' not being applied upon exits
FIX: Description field input disappears when editing a tunneling rule
FIX: Issues when mapping + and = keys
FIX: Name of session files created from the Session Manager not being saved
FIX: Residual images appear when using the Tunneling pane's horizontal scroll
FIX: Results of an export containing a large number of files not being recorded properly
FIX: Tunneling pane view not displaying properly
FIX: UI error during product activation
FIX: Unable to cancel a running Python script
FIX: Unable to connect to the SSH server of Windows 10 for developers
http://www.netsarang.com/products/xsh_overview.html
-
Changelog
OpenSSH 7.9 was released on 2018-10-19. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* ssh(1), sshd(8): the setting of the new CASignatureAlgorithms
option (see below) bans the use of DSA keys as certificate
authorities.
* sshd(8): the authentication success/failure log message has
changed format slightly. It now includes the certificate
fingerprint (previously it included only key ID and CA key
fingerprint).
Changes since OpenSSH 7.8
=========================
This is primarily a bugfix release.
New Features
------------
* ssh(1), sshd(8): allow most port numbers to be specified using
service names from getservbyname(3) (typically /etc/services).
* ssh(1): allow the IdentityAgent configuration directive to accept
environment variable names. This supports the use of multiple
agent sockets without needing to use fixed paths.
* sshd(8): support signalling sessions via the SSH protocol.
A limited subset of signals is supported and only for login or
command sessions (i.e. not subsystems) that were not subject to
a forced command via authorized_keys or sshd_config. bz#1424
* ssh(1): support "ssh -Q sig" to list supported signature options.
Also "ssh -Q help" to show the full set of supported queries.
* ssh(1), sshd(8): add a CASignatureAlgorithms option for the
client and server configs to allow control over which signature
formats are allowed for CAs to sign certificates. For example,
this allows banning CAs that sign certificates using the RSA-SHA1
signature algorithm.
* sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to
revoke keys specified by SHA256 hash.
* ssh-keygen(1): allow creation of key revocation lists directly
from base64-encoded SHA256 fingerprints. This supports revoking
keys using only the information contained in sshd(8)
authentication log messages.
Bugfixes
--------
* ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when
attempting to load PEM private keys while using an incorrect
passphrase. bz#2901
* sshd(8): when a channel closed message is received from a client,
close the stderr file descriptor at the same time stdout is
closed. This avoids stuck processes if they were waiting for
stderr to close and were insensitive to stdin/out closing. bz#2863
* ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
forwarding timeout and support X11 forwarding indefinitely.
Previously the behaviour of ForwardX11Timeout=0 was undefined.
* sshd(8): when compiled with GSSAPI support, cache supported method
OIDs regardless of whether GSSAPI authentication is enabled in the
main section of sshd_config. This avoids sandbox violations if
GSSAPI authentication was later enabled in a Match block. bz#2107
* sshd(8): do not fail closed when configured with a text key
revocation list that contains a too-short key. bz#2897
* ssh(1): treat connections with ProxyJump specified the same as
ones with a ProxyCommand set with regards to hostname
canonicalisation (i.e. don't try to canonicalise the hostname
unless CanonicalizeHostname is set to 'always'). bz#2896
* ssh(1): fix regression in OpenSSH 7.8 that could prevent public-
key authentication using certificates hosted in a ssh-agent(1)
or against sshd(8) from OpenSSH <7.8.
Portability
-----------
* All: support building against the openssl-1.1 API (releases 1.1.0g
and later). The openssl-1.0 API will remain supported at least
until OpenSSL terminates security patch support for that API version.
* sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;
apparently required by some glibc/OpenSSL combinations.
* sshd(8): handle getgrouplist(3) returning more than
_SC_NGROUPS_MAX groups. Some platforms consider this limit more
as a guideline.
Checksums:
==========
- SHA1 (openssh-7.9.tar.gz) = 7c50a86b8f591decd172ed7f5527abc533098dec
- SHA256 (openssh-7.9.tar.gz) = nSVigtHGn3+xKXRqpSnp4YOyEPPAb+pCHdWS9Eh/IPY=
- SHA1 (openssh-7.9p1.tar.gz) = 993aceedea8ecabb1d0dd7293508a361891c4eaa
- SHA256 (openssh-7.9p1.tar.gz) = a0s7oiU9hO03ccgFByjVl8kc/OiYcTvre2SjBbbxGq0=
Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available as RELEASE_KEY.asc from
the mirror sites.
Reporting Bugs:
===============
- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh@openssh.com
https://www.openssh.com
-
Changelog
* New features
- 32-bit Windows builds replaced with 64-bit builds.
- OpenSSL DLLs updated to version 1.1.1.
- Check whether "output" is not a relative file name.
- Major code cleanup in the configuration file parser.
- Added sslVersion, sslVersionMin and sslVersionMax
for OpenSSL 1.1.0 and later.
* Bugfixes
- Fixed a memory leak in WIN32 logging subsystem.
- Allow for zero (ignored) TLS options.
* Caveats
- We removed FIPS support from our standard builds.
FIPS will still be available with bespoke builds.
https://www.stunnel.org/index.html
-
(https://i.postimg.cc/Z53FJnnR/screenshot-754.png)
Bitvise SSH Client (formerly Tunnelier) is a fast, secure FTP and terminal client with a variety of "tunnel" options to create secure connections, similar to a VPN. The program can forward Windows file shares over SSH, an FTP-to-SFTP protocol bridge, port forwarding and more. See forum discussion for adding secure FTP to existing portable software.
Includes support for single-click remote desktop forwarding for graphical server access, vt100, strong auto-reconnect and a scriptable console-mode SFTP client. Integrated SOCKS and HTTP proxy are available for dynamic forwarding. Security measures include wide encryption protocol support including public key exchange and optional integrated compression. Supports profiles and optional encryption of local passwords.
Functional in 64-bit.
Changelog
Highlights:
The SSH Client now supports automatic updates. An administrator can configure the SSH Client to automatically apply all updates; only recommended updates; only strongly recommended updates; to apply updates only manually; or to never check for updates.
Currently, the SSH Client does not install an update service. It needs to be started from time to time by an administrative user in order to apply updates.
The graphical SSH Client and sftpc now support recursive directory mirroring. A directory and all of its subdirectories and files can be synchronized either in the upload or download direction. The SSH Client can synchronize updated files and detect and automatically remove files and directories from the target location that are not present in the source.
The graphical SSH Client and sftpc can now display hashes (cryptographic digests) of local and remote files if the server supports the SFTP v6 check-file extension.
Bitvise SSH Client and SSH Server now implement automatic host key rotation. The SSH Client will synchronize keys from the SSH Server and any other servers that support the OpenSSH mechanism "hostkey update and rotation". The SSH Server will announce to clients all configured host keys, including those not employed, to facilitate host key rotation. The SSH Client will automatically trust new keys announced by a trusted server and remove any keys the server has removed, as long as they were added automatically.
The SSH Client now supports high resolutions and will display crisp text on high-DPI displays such as retina or 4K. The SSH Client now comes with new, higher resolution icons.
SSH Client profiles downloaded from the internet will now be considered unsafe. If a profile is marked by a browser using which it was downloaded as originating from an unsafe zone, the SSH Client will now load safe parts only. When loading a profile interactively in the graphical SSH Client, a prompt will be displayed, allowing the user to mark the profile as safe. If the user confirms, the profile can be fully loaded.
Cryptography:
Bitvise SSH Server, SSH Client and FlowSsh once again support non-standard DSA keys larger than 1024 bits. We do not recommend using these keys, and new keys of this type cannot be generated. Also, these keys cannot be used when FIPS mode cryptography is enabled in Windows. Re-adding support for these keys is intended to resolve an obstacle that may still be preventing some users of 6.xx versions from upgrading.
When using Windows cryptography, Bitvise SSH Server, SSH Client and FlowSsh now implement a backup strategy for DH and ECDH key exchange. Windows implements key exchange, but it does not expose the agreed value in a form suitable for SSH. Bitvise software must retrieve the value by carefully traversing undocumented Windows structures. In versions 7.xx, this required our software to be upgraded to continue working after the Windows 10 1803 update. Our software will now log a warning and fall back to Crypto++ if it cannot perform key exchange because Windows internal structures have changed. However: if FIPS mode is enabled in Windows, this backup strategy is not used, and the software must be updated.
When importing keys, such as from files, the stage at which an import failed is now described in more detail.
SSH session:
Bitvise SSH Server and Client now support the elevation extension. In previous versions, if a Windows account with administrative rights connected to the SSH Server, the server would always elevate the session if possible. Otherwise, the user would not be able to get an elevated session because there was no way to convey the user's preference. With the elevation extension, the user can request a non-administrative security context by requesting no elevation (elevation is still applied by default). In command line clients including stermc, sexec and sftpc, this is controlled using the switch -elevation=n.
Bitvise SSH Server and Client now support the no-flow-control extension. This disables SSH flow control for clients that only support opening one channel. No flow control is now preferred by sftpc, stermc, sexec and spksc, which only need to open one channel in the SSH session. The graphical SSH Client does not support no-flow-control because it requires multiple channels.
Bitvise SSH Server and Client now support the ext-auth-info extension. This allows the server to respond to user authentication failures with more detailed information in situations where this is safe. For example, if the client attempts to perform a password change but the new password does not meet complexity requirements, the server can communicate this instead of making the user guess.
Bitvise SSH Server and Client now support the delay-compression extension. Delayed compression reduces attack surface for unauthenticated clients by delaying availability of compression until after a user is authenticated. The delay-compression extension is an improvement over previously supported alternatives: the zlib@openssh.com method contains a by-design race condition, while the approach of invoking a second key exchange doubles the overhead of establishing an SSH session.
Terminal:
Settings for the graphical xterm/vt100 terminal console window (totermw) are now stored in the SSH Client profile instead of in the Windows registry.
SFTP:
In the graphical SFTP interface, the Open and Edit commands will now be much more responsive if a transfer is already in progress. The in-progress transfer will be paused and the file associated with the Open or Edit command will be transferred as a priority.
Both the graphical SFTP interface and sftpc can now work with local paths longer than 259 characters, as well as unsafe paths not permitted by Windows in some contexts (e.g. "C:\Com1\file").
A new file transfer mode, TextLf, is now supported. This works the same as AutoLf, but forces newline conversions without relying on file type detection.
Tunneling:
The SSH Client now displays the country (if available) of remote IP addresses. The SSH Client uses the MaxMind GeoLite2 Country database (under license). The country database comes with the SSH Client installation and is not automatically updated, other than by updating the SSH Client itself.
Command line clients:
It is now easier to connect to SSH servers that accept connections on non-default ports. If no port is specified on the command line, but the SSH Client knows a host key for the destination server, the SSH Client will automatically connect to the port associated with the server in the host key database. If there are multiple port associations, however, the port still needs to be specified, unless one of them is 22.
It is now easier to enable and disable individual algorithms with our command-line clients. Previously, to use non-default algorithms, either a -profile needed to be used, or a complete algorithm list had to be supplied using -hkey, -kex, -encr or -mac. It is now still possible to pass a whole list using the same parameters, or using their new aliases -hkeyAlgs, -kexAlgs, -encrAlgs or -macAlgs. In addition, it is possible to modify the default algorithm lists using -hkeyMod, -kexMod, -encrMod or -macMod. When using the "Mod" versions, provide a comma-separated list of algorithm names with optional prefixes. Names prefixed with "+" are added to the front of the list; names without a prefix are appended to the end; and names prefixed with "!" are removed. Example: -encrMod=+aes256-gcm,!3des-ctr
Utilities:
The log utility now supports filesystem paths in Unicode.
Known issues
LastPass for Applications achieves some of its functions by injecting a DLL with foreign code into other applications. As of February 2018, the DLL injected by LastPass has been observed to cause a crash in Bitvise SSH Client when connecting to a server.
Windows XP: All versions of our software that we recommend using are built using Visual Studio 2015. The C++ run-time library used by this Visual Studio version has a known issue where 1-2 kB of memory are leaked each time a new thread is created. This issue does not occur on later Windows versions; it does not occur e.g. on Windows Server 2003. Microsoft has stated they do not intend to fix this issue. Bitvise's view is that the impacts on our SSH Client and FlowSsh are manageable; whereas our SSH Server is rarely used on Windows XP. We therefore do not plan to work around this; but we warn that this can be a potential denial of service vector on Windows XP.
https://www.bitvise.com/ssh-client
-
Whats new:>>
Bug Fix: Jump Server: Allow white spaces in the private key file's path
http://winsshterm.blogspot.com/
-
Changelog
In version 8.15, loading a profile which was last saved by a previous version would cause the SSH Client to send an invalid elevation extension value to the server. This caused SSH Server versions 8.xx to disconnect. The SSH Client will now send a valid elevation extension value in this circumstance.
The Remote Desktop forwarding feature Use SSH login credentials would previously work only if the password authentication method was used for client authentication, but it did not work for password authentication over keyboard-interactive. This will now also work with password over keyboard-interactive.
In the graphical SSH Client, on the Login tab, setting Initial method to password could result in unintuitive behavior. Password change was not easily discoverable, and setting Initial method to password without entering a password caused the SSH Client to send an empty password at start of connection, incurring an authentication penalty.
This has been redesigned so that Initial method can be set to password without entering a password. In this case, a password dialog will dependably appear when connecting. As part of this change, it is no longer possible to enter a password on the Login tab without enabling Store encrypted password in profile.
In version 8.15, in command line clients, the -keypairFile parameter did not override a public key configured as an initial authentication method in a profile specified using -profile. The -keypairFile parameter will now once again override any public key configured in the profile.
https://www.bitvise.com/ssh-client
-
Changelog
In previous 8.xx versions, if the system clock was moved back after a check for updates (in UTC, not time zone specific), an automatic check would be repeated with high frequency. This could consume 80 kbps in bandwidth while the graphical SSH Client was running until the clock caught up. Fixed.
In previous 8.xx versions, an automatic check for updates would be performed if the graphical SSH Client was run with -noRegistry. An automatic check is no longer performed in this situation, but can be performed manually.
https://www.bitvise.com/ssh-client
-
(https://s26.postimg.cc/h1obsfzqx/screenshot_417.png)
Connect to various devices or servers in your network by turning to this lightweight software solution that lets you manage several sessions.
Freeware
https://www.solarwinds.com/free-tools/solar-putty
-
Changelog
ADD: Ability to change font size with key mappings and quick commands
ADD: Option to only select characters (no empty spaces) when selecting terminal strings
ADD: Portuguese language added (Acknowledgments to Alex Silva)
ADD: Russian language added (Acknowledgments to Andrey Kolbasenko)
ADD: Script API for passing messages to the status bar
ADD: Support for log file timestamps in milliseconds
ADD: Tooltips added for Quick Command Buttons
ADD: Window and taskbar blinks via bell options even if focus is on the window
FIX: 'Failed to Initialize FunctionList' Error during PKCS#11 authentication
FIX: Activation related resource cleanup
FIX: Crash when closing a tab with the middle mouse button
FIX: Crash when importing sessions
FIX: Edits in keyword highlights not being reflected immediately
FIX: Freeze when attempting to close any tab after auto alignment
FIX: Highlight previews displaying incorrectly
FIX: Highlighting not working on certain character combinations
FIX: Incorrect installation path for Xshell Plus packages
FIX: Incorrect scroll bar positions
FIX: Session and folder context menu related resource cleanup
FIX: Terminal code used for clearing the scroll buffer not functioning
FIX: WaitForStrings error in loops
FIX: Web page for new downloads not opening properly from expired evaluation packages
http://www.netsarang.com/products/xsh_overview.html
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Changelog
Template variables are now additionally available in 'Script Runner' and custom command-line arguments for 'Copy Files'
Added built-in connection variables {{CON.USER}}, {{CON.HOST}}, {{CON.NAME}} and {{CON.PORT}} which can be used like template variables
New buttons to set the default color schemes (File->Preferences->Terminal->Color Scheme->Edit)
Improved implementation for cleaning up WinSSHTerm's temporary files
Feature 'Port Knocking' now available under File->Preferences->Terminal (only KiTTY)
Added a new data grid view for hidden template variables (File->Preferences->Connections)
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/Z53FJnnR/screenshot-754.png)
Bitvise SSH Client (formerly Tunnelier) is a fast, secure FTP and terminal client with a variety of "tunnel" options to create secure connections, similar to a VPN. The program can forward Windows file shares over SSH, an FTP-to-SFTP protocol bridge, port forwarding and more. See forum discussion for adding secure FTP to existing portable software.
Includes support for single-click remote desktop forwarding for graphical server access, vt100, strong auto-reconnect and a scriptable console-mode SFTP client. Integrated SOCKS and HTTP proxy are available for dynamic forwarding. Security measures include wide encryption protocol support including public key exchange and optional integrated compression. Supports profiles and optional encryption of local passwords.
Functional in 64-bit.
Release Notes
In previous 8.xx versions, the icons for the New terminal console, New SFTP window and New Remote Desktop actions were too similar. The SSH Client now sports updated icons that are easier to distinguish.
In previous 8.xx versions, when the SSH Client reconnected after losing a connection, it failed to continue ongoing transfers. Fixed.
SFTP interface: When connecting to SFTP servers that support synchronization using the SFTP v6 extensions check-file-name, check-file-handle and check-file-blocks, the resume and overwrite modes are now more clearly overridden by synchronize in the SFTP user interface.
sftpc: When connecting to SFTP servers that support synchronization, the -r and -o options for get and put commands now both act as aliases for synchronize. Previously, only -o acted as an alias for synchronize, and -r was unavailable.
https://www.bitvise.com/ssh-client
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
new feature: add italic font support
http://kitty.9bis.net/
-
Whats new:>>
Bug Fix: Jump Server: Allow white spaces in the private key file's path also when using Script Runner and Copy Files
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/NFKpVjhz/screenshot-872.png)
TCP Over SSL Tunnel is a free SSL tool with SNI Host (Spoof Host) support.
Features:
TCP Over SSL Tunnel
SNI Host Support (Spoof Host)
Protocols SSLv23, TLSv1, TLSv1.1, TLSv1.2
Payload Support
Most Payload TAGS Supported, included [split] and [delay_split]
Direct Connection Support
Proxy Support
Internal SSH
Hide to Windows Try Icon System.
Show Logs
Black and White Font Text Color Change.
License: Open Source
https://sourceforge.net/projects/tcpoverssltunnel/
-
(http://securityxploded.com/images/sslcertscanner_mainscreen_big.jpg)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.
You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.
It works on wide range of platforms starting from Windows XP to latest operating system Windows 10.
Freeware
Whats new:>>
Mega 2019 Edition with support for 200+ new SSL certificates, Scan Domain with SNI feature, perform online SSL analysis & many more enhancements.
https://securityxploded.com/sslcertscanner.php
-
Changelog
New features:
32-bit Windows builds replaced with 64-bit builds.
OpenSSL DLLs updated to version 1.1.1.
Check whether "output" is not a relative file name.
Major code cleanup in the configuration file parser.
Added sslVersion, sslVersionMin and sslVersionMax for OpenSSL 1.1.0 and later.
Bugfixes:
Fixed PSK session resumption with TLS 1.3.
Fixed a memory leak in WIN32 logging subsystem.
Allow for zero value (ignored) TLS options.
Partially refactored configuration file parsing and logging subsystems for clearer code and minor bugfixes.
Caveats:
We removed FIPS support from our standard builds. FIPS will still be available with bespoke builds.
https://www.stunnel.org/index.html
-
Changelog
ADD: New SSH parameters available in the Local Shell. '-p' (password authentication), '-a' (use Xagent). Able to overide session property settings.
ADD: Support for ANSI 90~97 (light foreground), 100-107 (light background) values
ADD: Visual confirmations of host key (Randomart) in the host key confirmation dialog box
FIX: Creating a new session in the Session Manager while in the search state causes the session list to not refresh immediately
FIX: Default language is set to English in Portuguese and French using countries
FIX: Deleted login scripts and forwarding rules remain in the session file
FIX: Incorrect server selection if a proxy server with a similar name exists
FIX: Login not possible if server account name is multibyte UTF8
FIX: No terminal focus when immediately opening a session which was edited from the Session Manager
FIX: Some Compose Pane icons are not visible in the German resources
FIX: Terminal becomes unresponsive if some highlight keywords are entered twice
FIX: The enter key's value for creating a newline character is different between the terminal and compose bar
FIX: Timestamp in logs use the default format even if format field is left emtpy
FIX: Underlines from hovering over a hyperlink remain even after ceasing hover
http://www.netsarang.com/products/xsh_overview.html
-
Release Notes
The graphical SSH Client's terminal window for xterm (and other non-bvterm terminals) implements a Select mode intended to behave like the Windows console's QuickEdit mode. A difference was catching users off-guard: canceling a mouse text selection with an arbitrary key press would not send the key to the server. For users who began a selection without noticing, it appeared as though the terminal window was eating a key press for no reason. Consistently with the Windows console, the SSH Client will now send key presses that cancel a selection to the server.
In previous versions, if the graphical SSH Client failed to load a profile specified on the command line, it would fall back to the last used profile and still act on the -loginOnStartup parameter if also provided. This would result in bewildering behavior. If a profile specified on the command line fails to load, the SSH Client now loads the default profile (stored in the Windows registry) and ignores -loginOnStartup.
In previous 8.xx versions, loading an SSH Client profile from a network share would fail when the ZoneId alternative data stream could not be opened. If the ZoneId ADS cannot be opened, a profile will now be loaded as if its origin is the local computer.
We have identified niche situations where one-click Remote Desktop forwarding might fail to start when an SSH Client DLL is not found. To resolve this, this version makes changes to how the Remote Desktop client is started.
There exist SSH clients which, in violation of RFC 4254, disconnect if a server sends a global request after successful authentication. A server might send a global request for purposes such as host key synchronization or disconnect detection. If the server supports RFC 8308, then to indicate it supports global requests, the SSH Client will include the extension global-requests-ok in its SSH_MSG_EXT_INFO.
In previous 8.xx versions, the SSH Client would not import RSA private and public keys larger than 8192 bits. This limit is once again 16384 bits.
The SSH Client installer will now offer to wait instead of exiting when another Bitvise installation is already in progress.
Slightly improved the user friendliness of the installer and uninstaller for command-line installations.
https://www.bitvise.com/ssh-client
-
Changelog
A proportion of users are closing the main SSH Client window when connected so that it minimizes into the Windows notification area (the system tray). Users forget about that SSH Client instance and launch new instances for new sessions. Forgotten sessions stay online indefinitely and terminal window settings do not appear to save because the SSH Client is never closed.
To fix this, the SSH Client will now restore its main window if it's still hidden in the notification area after closing a related window such as terminal or SFTP. This behavior can be configured with a new setting found under Closing and minimization.
Since the changes related to password authentication in 8.17, the graphical client's command line parameter -password=... did not take effect if the SSH Client profile was configured to use password authentication but the checkbox Store encrypted password in profile was disabled. Fixed.
sftpc: Updated help text for get and put commands to clarify how the -r and -o parameters control when hash-based synchronization, heuristic resume or overwrite is used.
https://www.bitvise.com/ssh-client
-
Whats new:>>
Fixed an issue in previous 8.xx versions which would prevent Bitvise SSH Client and FlowSsh from connecting to a server that supports host key synchronization and employs a key type the client does not support. This affected connections from Windows XP and Windows Server 2003, where our cryptographic provider does not support Ed25519; and use under FIPS mode, where Ed25519 and ECDSA/secp256k1 are not supported.
https://www.bitvise.com/ssh-client
-
Whats new:>>
Bug fix: issue in roll-up kitty.ini declaration
http://kitty.9bis.net/
-
(https://i.postimg.cc/TYQVdZv0/Quip.png)
Generate the files and parameters that are necessary for an OpenVPN server and client to run properly with commands using this app.
Freeware
Whats new:>>
Adds Ubuntu 18.04 version
Updates OpenSSL to version 1.0.2q
Expands DNS options to easily configure with popular public DNS providers
Use correct protocol name in TCP server configuration
OpenSSL is now statically linked to Ubuntu binaries
Removes route-delay command from configs
Various bug fixes and enhancements
https://www.sparklabs.com/blog/openvpn-configuration-generator/
-
(https://s26.postimg.cc/lm2sdcvpl/screenshot_533.png)
mRemoteNG is a fork of mRemote: an open source, tabbed, multi-protocol, remote connections manager. mRemoteNG adds bug fixes and new features to mRemote.
It allows you to view all of your remote connections in a simple yet powerful tabbed interface.
mRemoteNG supports the following protocols:
RDP (Remote Desktop/Terminal Server)
VNC (Virtual Network Computing)
ICA (Citrix Independent Computing Architecture)
SSH (Secure Shell)
Telnet (TELecommunication NETwork)
HTTP/HTTPS (Hypertext Transfer Protocol)
rlogin (Remote Login)
Raw Socket Connections
License: GPLv2
Whats new:>>
Pre-Release Test build for running on systems with FIPS Enabled
https://mremoteng.org/
-
(https://i.postimg.cc/jSDXwrNs/screenshot-1068.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
https://client.pritunl.com
-
Whats new:>>
Interface improvements
https://client.pritunl.com
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
bug fix: crash in user command menu
http://kitty.9bis.net/
-
Changelog
ADD Support for ChaCha20-Poly1305 cipher
ADD Ability to synchronize session and host name when creating or editing a session
ADD Added key mappings to enable/disable "Send Key Input to All Sessions" for the current tab
MOD Can choose whether or not to save when creating instant tunneling
FIX A session's command prompt string is displayed after exiting to the Local Shell
FIX Background color of highlights being applied incorrectly
FIX CLS (Clear Screen) command not working in the Local Shell
FIX Calling Xshell from the Local Shell initializes a previous version
FIX Changes to the VT mode option not sticking when editing multiple sessions
FIX Crash when closing multiple tabs in a Russian environment
FIX Crash when printing host key's RandomArt
FIX Error messages related to failed authentications
FIX Highlight previews not displaying properly in certain languages
FIX Local Shell Prompt apeears when using the reconnect command to reconnect to a SERIAL session
FIX Name validation not occurring when adding a search engine or when saving a layout
FIX Not connecting to the default port when the Adress Bar's protocol is set to FTP
FIX Offline activation explanation resources
FIX Resource cleanup related to CSV imports
FIX Session file disappears from the Session Manager when changing the file name's capitalization
FIX Some sessions open in different windows when opening multiple sessions simultaneously
FIX Unable to run software after upgrading from a free/evaluation license to a paid license
FIX Unable to send a new line character(n) with a Quick Button.
FIX When ending a Named Pipe Serial connection, the dialog box prompt does not display the session name
http://www.netsarang.com/products/xsh_overview.html
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Changelog
Bug fix: Leaving full screen mode could cause WinSSHTerm to be completely off screen when using multiple monitors
Bug fix: Installing/Updating WinSCP now does not delete plink.exe/klink.exe
Right mouse button is now the default button for copy&paste
Added terminal font sizes
http://winsshterm.blogspot.com/
-
(https://s26.postimg.cc/lm2sdcvpl/screenshot_533.png)
mRemoteNG is a fork of mRemote: an open source, tabbed, multi-protocol, remote connections manager. mRemoteNG adds bug fixes and new features to mRemote.
It allows you to view all of your remote connections in a simple yet powerful tabbed interface.
mRemoteNG supports the following protocols:
RDP (Remote Desktop/Terminal Server)
VNC (Virtual Network Computing)
ICA (Citrix Independent Computing Architecture)
SSH (Secure Shell)
Telnet (TELecommunication NETwork)
HTTP/HTTPS (Hypertext Transfer Protocol)
rlogin (Remote Login)
Raw Socket Connections
License: GPLv2
Whats new:>>
Proper (one time only, if desired) popup for Overriding the FIPS check. Reference #222
https://mremoteng.org/
-
(https://i.postimg.cc/TYtd4jmP/screenshot-1245.png)
Conveniently manage the hierarchy of SSH sessions and tunnels that are created during the port forwarding using this straightforward app.
License: GPLv2
https://sourceforge.net/projects/doffensshtunnel/
-
(https://i.postimg.cc/Z53FJnnR/screenshot-754.png)
Bitvise SSH Client (formerly Tunnelier) is a fast, secure FTP and terminal client with a variety of "tunnel" options to create secure connections, similar to a VPN. The program can forward Windows file shares over SSH, an FTP-to-SFTP protocol bridge, port forwarding and more. See forum discussion for adding secure FTP to existing portable software.
Includes support for single-click remote desktop forwarding for graphical server access, vt100, strong auto-reconnect and a scriptable console-mode SFTP client. Integrated SOCKS and HTTP proxy are available for dynamic forwarding. Security measures include wide encryption protocol support including public key exchange and optional integrated compression. Supports profiles and optional encryption of local passwords.
Functional in 64-bit.
Whats new:>>
Graphical SFTP:
Auto-completion improvements:
Regular files are no longer shown for auto completion of directory paths.
Tab and Shift+Tab now behave consistently with auto-completion in other apps.
File transfer events no longer cancel the auto-completion drop-down.
To improve UI responsiveness, directory listings are now performed in a background thread.
https://www.bitvise.com/ssh-client
-
Changelog
Adam Ciarciński (1):
Fix subnet topology on NetBSD (2.4).
Antonio Quartulli (3):
add support for %lu in argv_printf and prevent ASSERT
buffer_list: add functions documentation
ifconfig-ipv6(-push): allow using hostnames
Arne Schwabe (7):
Properly free tuntap struct on android when emulating persist-tun
Add OpenSSL compat definition for RSA_meth_set_sign
Add support for tls-ciphersuites for TLS 1.3
Add better support for showing TLS 1.3 ciphersuites in --show-tls
Use right function to set TLS1.3 restrictions in show-tls
Add message explaining early TLS client hello failure
Fallback to password authentication when auth-token fails
Christian Ehrhardt (1):
systemd: extend CapabilityBoundingSet for auth_pam
David Sommerseth (1):
plugin: Export base64 encode and decode functions
Gert Doering (4):
Add %d, %u and %lu tests to test_argv unit tests.
Fix combination of --dev tap and --topology subnet across multiple platforms.
Add 'printing of port number' to mroute_addr_print_ex() for v4-mapped v6.
preparing release v2.4.7 (ChangeLog, version.m4, Changes.rst)
Gert van Dijk (1):
Minor reliability layer documentation fixes
James Bekkema (1):
Resolves small IV_GUI_VER typo in the documentation.
Jonathan K. Bullard (1):
Clarify and expand management interface documentation
Lev Stipakov (5):
Refactor NCP-negotiable options handling
init.c: refine functions names and description
interactive.c: fix usage of potentially uninitialized variable
options.c: fix broken unary minus usage
Remove extra token after #endif
Richard van den Berg via Openvpn-devel (1):
Fix error message when using RHEL init script
Samy Mahmoudi (1):
man: correct a --redirection-gateway option flag
Selva Nair (7):
Replace M_DEBUG with D_LOW as the former is too verbose
Correct the declaration of handle in 'struct openvpn_plugin_args_open_return'
Bump version of openvpn plugin argument structs to 5
Move get system directory to a separate function
Enable dhcp on tap adapter using interactive service
Pass the hash without the DigestInfo header to NCryptSignHash()
White-list pull-filter and script-security in interactive service
Simon Rozman (2):
Add Interactive Service developer documentation
Detect TAP interfaces with root-enumerated hardware ID
Steffan Karger (7):
man: add security considerations to --compress section
mbedtls: print warning if random personalisation fails
Fix memory leak after sighup
travis: add OpenSSL 1.1 Windows build
Fix --disable-crypto build
Don't print OCC warnings about 'key-method', 'keydir' and 'tls-auth'
buffer_list_aggregate_separator(): simplify code
https://openvpn.net/community/
-
(http://securityxploded.com/images/sslcertscanner_mainscreen_big.jpg)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.
You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.
It works on wide range of platforms starting from Windows XP to latest operating system Windows 10.
Freeware
Whats new:>>
Major release with support for SSL certificate retrieval from older TLS 1.0 or 1.1 based SSL servers.
https://securityxploded.com/sslcertscanner.php
-
Whats new:>>
Fixed issue introduced in version 8.25 where the recent locations drop-down in the graphical SFTP interface would no longer function correctly.
Fixed issue introduced in version 8.24 where the SSH Server Remote Control Panel could no longer be launched when connected to SSH Server versions 7.xx and earlier.
https://www.bitvise.com/ssh-client
-
Whats new:>>
In the graphical SFTP interface, the new directory auto-completion feature could cause the SSH Client to crash when entering a remote path. Fixed.
When using the GSSAPI key exchange method gssapi-keyex, the SSH Client could incorrectly log a warning about failing to save the server's host key. Fixed.
https://www.bitvise.com/ssh-client
-
Whats new:>>
#1303: Exception on first connection with new SQL server database
#1304: Resolved several issues with importing multiple RDP Manager v2.7 files
https://mremoteng.org/
-
Changelog
Security fixes found by an EU-funded bug bounty programme:
a remotely triggerable memory overwrite in RSA key exchange, which can occur before host key verification
potential recycling of random numbers used in cryptography
on Windows, hijacking by a malicious help file in the same directory as the executable
on Unix, remotely triggerable buffer overflow in any kind of server-to-client forwarding
multiple denial-of-service attacks that can be triggered by writing to the terminal
Other security enhancements: major rewrite of the crypto code to remove cache and timing side channels.
We now provide pre-built binaries for Windows on Arm.
Hardware-accelerated versions of the most common cryptographic primitives: AES, SHA-256, SHA-1.
GTK PuTTY now supports non-X11 displays (e.g. Wayland) and high-DPI configurations.
Type-ahead now works as soon as a PuTTY window is opened: keystrokes typed before authentication has finished will be buffered instead of being dropped.
Support for GSSAPI key exchange: an alternative to the older GSSAPI authentication system which can keep your forwarded Kerberos credentials updated during a long session.
More choices of user interface for clipboard handling.
New terminal features: support the REP escape sequence (fixing an ncurses screen redraw failure), true colour, and SGR 2 dim text.
Pressing Ctrl+Shift+PgUp or Ctrl+Shift+PgDn now takes you straight to the top or bottom of the terminal scrollback.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://i.postimg.cc/t4GXCgrk/screenshot-1371.png)
PuTTY Key Generator, also known by the PuTTYgen moniker, is a small yet efficient program that can generate RSA and DSA keys for use with the OpenSSH authorized_keys file. It is a component of PuTTY and can be installed automatically with the Telnet client, but the chances are you would also see it incorporated in other third-party software.
MIT License
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Changelog
Set a custom location for all tools
Share a SSH connection (Session->Connection->share)
No need for a separate plink/klink binary for PuTTY/KiTTY and WinSCP any more
Bug fix: Using a jump server with public key authentication could fail under some circumstances
http://winsshterm.blogspot.com/
-
(https://s26.postimg.cc/lm2sdcvpl/screenshot_533.png)
mRemoteNG is a fork of mRemote: an open source, tabbed, multi-protocol, remote connections manager. mRemoteNG adds bug fixes and new features to mRemote.
It allows you to view all of your remote connections in a simple yet powerful tabbed interface.
mRemoteNG supports the following protocols:
RDP (Remote Desktop/Terminal Server)
VNC (Virtual Network Computing)
ICA (Citrix Independent Computing Architecture)
SSH (Secure Shell)
Telnet (TELecommunication NETwork)
HTTP/HTTPS (Hypertext Transfer Protocol)
rlogin (Remote Login)
Raw Socket Connections
License: GPLv2
Whats new:>>
#1365: PuTTY window not centered after 0.71 update
https://mremoteng.org/
-
Whats new:>>
Bug fix: selecting a KiTTY binary containing the version string now possible
Bug fix: no error message was shown when opening a session and the PuTTY/KiTTY binary was not found
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/Z53FJnnR/screenshot-754.png)
Bitvise SSH Client (formerly Tunnelier) is a fast, secure FTP and terminal client with a variety of "tunnel" options to create secure connections, similar to a VPN. The program can forward Windows file shares over SSH, an FTP-to-SFTP protocol bridge, port forwarding and more. See forum discussion for adding secure FTP to existing portable software.
Includes support for single-click remote desktop forwarding for graphical server access, vt100, strong auto-reconnect and a scriptable console-mode SFTP client. Integrated SOCKS and HTTP proxy are available for dynamic forwarding. Security measures include wide encryption protocol support including public key exchange and optional integrated compression. Supports profiles and optional encryption of local passwords.
Functional in 64-bit.
Whats new:>>
Fixed an issue in previous 8.xx versions where, if the SSH Client had not been updated to a new version for longer than 42 days, trying to apply an update would fail due to a Windows registry Access denied error.
Users experiencing this problem can use one of the following workarounds:
Run the SSH Client elevated (right click > Run as administrator) before attempting to update.
Download the installer for the latest version from the SSH Client download page and run it manually.
https://www.bitvise.com/ssh-client
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
New patch http://scnr.net/blog/index.php/archives/61
Classname managment in launcher
Autocommand loading in configbox (same button as login script)
Port knocking on restart
LF(n) to CRLF(rn) auto conversion in hidden editor when paste
http://kitty.9bis.net/
-
(https://i.postimg.cc/FzGm8z2v/screenshot-1417.png)
PuTTYTabManager is a handy application that allows you to run multiple PuTTY applications using a single GUI. The application support all the PuTTY protocols, such as SSH, Telnet, Rlogin and Raw.
The tab-based interface makes the application very easy to use, enabling you to manage multiple PuTTY sessions at the same time. Instead of opening multiple PuTTY windows, simply open PuTTYTabManager and initiate every session in a new tab.
Freeware
https://sites.google.com/site/macdsite/utilidades/puttytabmanager
-
Whats new:>>
Showing PuTTY's context menu on right click instead of a custom menu (if File->Preferences->Terminal->Copy&Paste->"display context menu" is selected)
Bug fix: Wrong error message was shown in some cases if plink/klink binary was not found
http://winsshterm.blogspot.com/
-
Whats new:>>
#1374: Vertical Scroll Bar missing in PuTTYNG after 0.70.0.1 & 0.71 updates
#1366: PuTTYNG crash when using MIT KfW and user-specified GSS DLLs. (Not listed in change log, but included in this release)
https://mremoteng.org/
-
Changelog
New features:
Hexadecimal PSK keys are automatically converted to binary.
Session ticket support (requires OpenSSL 1.1.1 or later). "connect" address persistence is currently unsupported with session tickets.
SMTP HELO before authentication (thx to Jacopo Giudici).
New "curves" option to control the list of elliptic curves in OpenSSL 1.1.0 and later.
New "ciphersuites" option to control the list of permitted TLS 1.3 ciphersuites.
Include file name and line number in OpenSSL errors.
Compatibility with the current OpenSSL 3.0.0-dev branch.
Better performance with SSL_set_read_ahead()/SSL_pending().
Bugfixes:
Fixed PSKsecrets as a global option (thx to Teodor Robas).
Fixed a memory allocation bug (thx to matanfih).
https://www.stunnel.org/index.html
-
Whats new:>>
Bugfixes
Fixed a transfer() loop bug introduced in stunnel 5.51.
https://www.stunnel.org/index.html
-
Whats new:>>
New features
- Build scripts updated to support Android 4.x.
https://www.stunnel.org/index.html
-
Whats new:>>
Bugfixes:
Fixed data transfer stalls introduced in stunnel 5.51.
https://www.stunnel.org/index.html
-
Whats new:>>
Fixed:
Connections corrupted when importing RDC Manager files that are missing certain fields
https://mremoteng.org/
-
Whats new:>>
* New features
- Added logging the list of active connections on SIGUSR2
or with Windows GUI.
* Bugfixes
- Service threads are terminated before OpenSSL cleanup
to prevent occasional stunnel crashes at shutdown.
https://www.stunnel.org/index.html
-
Whats new:>>
This is not a new feature release, but a successor to 8.29 with continued maintenance updates. We skip versions containing zeros to avoid misunderstandings. For example, 8.03 and 8.30 might both be called "8.3". Added error descriptions for Windows error codes related to checking for new versions and downloading updates. Fixed a memory safety issue which appears to be, but might not be, benign in most circumstances.
https://www.bitvise.com/ssh-client
-
Changelog
This release contains mitigation for a weakness in the scp(1) tool and protocol (CVE-2019-6111): when copying files from a remote system to a local directory, scp(1) did not verify that the filenames that the server sent matched those requested by the client. This could allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.
This release adds client-side checking that the filenames sent from the server match the command-line request,
The scp protocol is outdated, inflexible and not readily fixed. We recommend the use of more modern protocols like sftp and rsync for file transfer instead.
https://www.openssh.com
-
(https://i.postimg.cc/TYtd4jmP/screenshot-1245.png)
Conveniently manage the hierarchy of SSH sessions and tunnels that are created during the port forwarding using this straightforward app.
License: GPLv2
Whats new:>>
New: Column Args in Variable Settings -> Executable Applications
Update (macos): Updated from Qt 5.11.0 to 5.12.1
Fixed (ticket 55): Not prompting for password properly. Thanks to Anthony Vitale for reporting.
https://sourceforge.net/projects/doffensshtunnel/
-
(https://i.postimg.cc/NFKpVjhz/screenshot-872.png)
TCP Over SSL Tunnel is a free SSL tool with SNI Host (Spoof Host) support.
Features:
TCP Over SSL Tunnel
SNI Host Support (Spoof Host)
Protocols SSLv23, TLSv1, TLSv1.1, TLSv1.2
Payload Support
Most Payload TAGS Supported, included [split] and [delay_split]
Direct Connection Support
Proxy Support
Internal SSH
Hide to Windows Try Icon System.
Show Logs
Black and White Font Text Color Change.
License: Open Source
https://sourceforge.net/projects/tcpoverssltunnel/
-
Whats new:>>
Support for new TRA SSH Gateway in Telenor Norway
https://sourceforge.net/projects/doffensshtunnel/
-
Changelog
Fixed an issue in how command line clients (sftpc, sexec, stermc, stnlc, spksc) were initializing the default key exchange algorithm list. This caused the following issues
If the -gkx parameter (or its -sspi alias) was passed to enable GSSAPI (Kerberos) key exchange, the requisite GSS key exchange algorithms had to be additionally enabled via -profile=..., -kexAlgs=... or -kexMod=.... The -gkx and -sspi parameters will now again correctly enable GSS key exchange algorithms as intended.
Outdated key exchange algorithms, such as diffie-hellman-group1-sha1, were enabled by default when they should not be. With this change, backward compatibility may be broken for users connecting to servers that require outdated key exchange algorithms. If you are connecting to such a server using one of our command line clients, you will need to enable the outdated algorithm using either -profile=..., specifying a profile where the algorithm is enabled; or via -kexMod=..., as in the following examples
sftpc -profile=CPathProfile.tlp ...
sftpc user@host -kexMod=diffie-hellman-group1-sha1 ...
https://www.bitvise.com/ssh-client
-
(https://i.postimg.cc/KvfQX8hL/screenshot-1548.png)
Create secure virtual private networks (VPNs) for your friends or family with the help of this useful, open-source, and lightweight app.
License : GPLv3 (Donationware)
Changelog
- Fixes memory leaks;
- Fixes compilation on recent gcc/clang.
- Uses vcpkg to build Windows dependencies;
- Updates TAP-9 adapter in Windows installer.
https://www.freelan.org/
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Changelog
New feature "Quick-Connect"
New shortcuts (Navigation->Shortcuts)
Bug fix: Allow whitespaces in passwords (jump server)
http://winsshterm.blogspot.com/
-
Changelog
* New features
- New "ticketKeySecret" and "ticketMacSecret" options
to control confidentiality and integrity protection
of the issued session tickets. These options allow
for session resumption on other nodes in a cluster.
- Added logging the list of active connections on
SIGUSR2 or with Windows GUI.
- Logging of the assigned bind address instead of the
requested bind address.
* Bugfixes
- Service threads are terminated before OpenSSL cleanup
to prevent occasional stunnel crashes at shutdown.
https://www.stunnel.org/index.html
-
Whats new:>>
Bug fixes
Minor changes to the GUI
The features 'connections in menu bar' and 'use a custom PuTTY/KiTTY session' are now free
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
* Merge with 0.71 PuTTY version
* Unfortunately those patches are now broken:
** Cygterm port (https://code.google.com/archive/p/puttycyg/)
** Wincrypt port (https://github.com/ufrisk/puttywincrypt)
** Background image port (https://www.9bis.net/kitty/?page=covidimus&zone=en)
** ZModem port (http://leputty.sourceforge.net/)
http://kitty.9bis.net/
-
Changelog
ADD: Ability to use XFTP as the protocol for drag/dropping of files
ADD: Experimental Features
ADD: OpenSSH CA Support (Experimental Feature)
ADD: Real Windows CMD Support (Experimental Feature)
ADD: Recent Sessions List (Experimental Feature)
ADD: Remote command of the SSH protocol
MOD: Improvements to the Local Shell's ssh command's parameter values (help ssh)
MOD: Removed character limit for Keyboard Interactive fields
MOD: Xshell checks for write permissions when changing data folder path
FIX: Added Ctrl+U(=Ctrl+Home) key values as kill signals
FIX: Highlights of regular expressions no applying to certain strings
FIX: Host name not recognized when connecting from the Local Shell
FIX: Program does not recognize educational product numbers
FIX: Quick commands are mistakenly shown in simple view mode
FIX: Reconnect feature not functioning after disconnecting from a SERIAL connection.
FIX: The Tab Menu's Show Status Icon option does not remain checked
FIX: The user key option (-i) is only applied when opening a new window
FIX: Unable to re-add forwarding rules that were once removed from the Tunneling Pane
http://www.netsarang.com/products/xsh_overview.html
-
Changelog
bugfix: unable to load boolean value with -kload option
bugfix: wrong startup message with automatic password
0.71.0.2
New window size calculus
bug fix: fix the ssh version claim
bug fix: automatic re-connection without pop-up
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Changelog
Security bugfixes
Fixed a Windows local privilege escalation vulnerability caused insecure OpenSSL cross-compilation defaults. Successful exploitation requires stunnel to be deployed as a Windows service, and user-writable C:\ folder. This vulnerability was discovered and reported by Rich Mirch.
OpenSSL DLLs updated to version 1.1.1c.
Bugfixes
Implemented a workaround for Windows hangs caused by its inability to the monitor the same socket descriptor from multiple threads.
Windows configuration (including cryptographic keys) is now completely removed at uninstall.
A number of testing framework fixes and improvements.
https://www.stunnel.org/index.html
-
Whats new:>>
bugfix: logevent function was broken
bugfix: automatic reconnection (thanks to Leo)
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Changelog
When creating a new profile or when using the SSH Client's command line clients (sftpc, sexec, stermc, stnlc, spksc) without the -profile=... parameter, the SSH Client will now by default prefer Curve25519 and ECDH key exchange over traditional Diffie Hellman. Classic DH is significantly slower and more computationally expensive, while there continues to be no known reason to de-prefer Elliptic Curve cryptography. Existing profiles are unaffected and will keep their algorithm preference order.
SFTP GUI:
In Windows 10 version 1903, when using the Open action or when double-clicking a file whose extension has no file association, Windows may no longer offer to select a program with which to open the file, but may instead fail the action. The SSH Client will now automatically use Open with if the Open action fails in this manner.
The SFTP GUI now supports mouse button 4 to trigger the Back action and mouse button 5 to trigger Forward, in a manner consistent with common browsers.
There exist interim, but deployed versions of SSH implementations including SmartFTP which implement the no-flow-control extension based on a previous, non-final draft where the extension value was empty. Bitvise SSH Server, SSH Client and FlowSsh will now no longer disconnect when receiving an unrecognized no-flow-control extension value, but will attempt to continue; and will now treat an empty value as if the remote party sent "p" (for "preferred").
Polished a few issues in BvSshUpdate, the SSH Client's command-line version update utility.
https://www.bitvise.com/ssh-client
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
new: new menu item: Restart session
new: new shotcut to enable/disable logging: SHIFT+F5
bugfix: font resizing does not work
bugfix: "negative" and "black and white" does not work
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
bugfix: special menu BREAK, had same id as font up. Remap all menu ids.
bugfix: registry copy between KiTTY and PuTTY at session saving instead of session exit
bugfix: impossibility to enter a private key pasphrase on automatic reconnection
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Changelog
Script Runner: New button "Trust host keys", that automatically adds the host keys to the registry and outputs the fingerprints of all added host keys
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/qBP6j5tb/screenshot-1802.png)
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator.
Freeware
Changelog
Security fixes found by the EU-funded bug bounty:
two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking
a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant
Bug fix: crash in GSSAPI / Kerberos key exchange affecting third-party GSSAPI providers on Windows (such as MIT Kerberos for Windows)
Bug fix: crash in GSSAPI / Kerberos key exchange triggered if the server provided an ordinary SSH host key as part of the exchange
Bug fix: trust sigils were never turned off in SSH-1 or Rlogin
Bug fix: trust sigils were never turned back on if you used Restart Session
Bug fix: PSCP in SCP download mode could create files with a spurious newline at the end of their names
Bug fix: PSCP in SCP download mode with the -p option would generate spurious complaints about illegal file renaming
Bug fix: the initial instruction message was never printed during SSH keyboard-interactive authentication
Bug fix: pasting very long lines through connection sharing could crash the downstream PuTTY window
Bug fix: in keyboard layouts with a ',' key on the numeric keypad (e.g. German), Windows PuTTY would generate '.' instead for that key
Bug fix: PuTTYgen could generate RSA keys with a modulus one bit shorter than requested
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://i.postimg.cc/t4GXCgrk/screenshot-1371.png)
PuTTY Key Generator, also known by the PuTTYgen moniker, is a small yet efficient program that can generate RSA and DSA keys for use with the OpenSSH authorized_keys file. It is a component of PuTTY and can be installed automatically with the Telnet client, but the chances are you would also see it incorporated in other third-party software.
MIT License
Changelog
Security fixes found by the EU-funded bug bounty:
two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking
a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant
Bug fix: crash in GSSAPI / Kerberos key exchange affecting third-party GSSAPI providers on Windows (such as MIT Kerberos for Windows)
Bug fix: crash in GSSAPI / Kerberos key exchange triggered if the server provided an ordinary SSH host key as part of the exchange
Bug fix: trust sigils were never turned off in SSH-1 or Rlogin
Bug fix: trust sigils were never turned back on if you used Restart Session
Bug fix: PSCP in SCP download mode could create files with a spurious newline at the end of their names
Bug fix: PSCP in SCP download mode with the -p option would generate spurious complaints about illegal file renaming
Bug fix: the initial instruction message was never printed during SSH keyboard-interactive authentication
Bug fix: pasting very long lines through connection sharing could crash the downstream PuTTY window
Bug fix: in keyboard layouts with a ',' key on the numeric keypad (e.g. German), Windows PuTTY would generate '.' instead for that key
Bug fix: PuTTYgen could generate RSA keys with a modulus one bit shorter than requested
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Whats new:>>
X-Server: added a possibility to manipulate the arguments, which are passed to the VcXsrv binary (e.g. to add fonts) under File->Preferences->X-Server it is now possible to temporarily rename the tab of an open session
http://winsshterm.blogspot.com/
-
Whats new:>>
bugfix: auto-reconnect with password
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(http://securityxploded.com/images/sslcertscanner_mainscreen_big.jpg)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.
You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.
It works on wide range of platforms starting from Windows XP to latest operating system Windows 10.
Freeware
Whats new:>>
Release includes major improvements in SSL certificate scanning features and enhanced HTML report
https://securityxploded.com/sslcertscanner.php
-
Whats new:>>
FIX: Crash when designating the user data folder to Google Drive
FIX: The "Restore the Last used Tab group layout" option not functioning as intended
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
WinSSHTerm is now freeware!
Added support for HTTP/SOCKS proxy
Variables are now globally supported (Script Runner, Cluster Mode, Script Buttons)
http://winsshterm.blogspot.com/
-
Whats new:>>
improved error handling when the custom location for PuTTY/KiTTY is not set to the original binary
http://winsshterm.blogspot.com/
-
Whats new:>>
With version 8.17, the profile settings RDP > Authentication > Password and Store encrypted password in profile were changed to take effect the same way as similar settings under Login > Authentication, but their UI layout was not updated. Fixed.
https://www.bitvise.com/ssh-client
-
(https://s26.postimg.cc/lm2sdcvpl/screenshot_533.png)
mRemoteNG is a fork of mRemote: an open source, tabbed, multi-protocol, remote connections manager. mRemoteNG adds bug fixes and new features to mRemote.
It allows you to view all of your remote connections in a simple yet powerful tabbed interface.
mRemoteNG supports the following protocols:
RDP (Remote Desktop/Terminal Server)
VNC (Virtual Network Computing)
ICA (Citrix Independent Computing Architecture)
SSH (Secure Shell)
Telnet (TELecommunication NETwork)
HTTP/HTTPS (Hypertext Transfer Protocol)
rlogin (Remote Login)
Raw Socket Connections
License: GPLv2
Changelog
Added:
1512: Added option to close panel from right click menu
1434: Revised sort button in connection tree to be able to sort in both orders
1400: Added file download handling to HTTP(S) connections using Gecko
1385: Added option to start mRemoteNG minimized
826: Allow selecting RDP version to use when connecting
Changed:
1544: Improved Polish translations
1518: Inheritance is no longer automatically enabled when importing nodes from Active Directory
1468: Improved mRemoteNG startup time
1443: Chinese (simplified) translation improvements
1437: Norwegian translation improvements
1378: Hyperlinks embedded within mRemoteNG now open in the system default browser
1239: Increased default key derivation function (KDF) iterations from 1000 to 10000
718: Moved port property from 'protocol' to 'connection' section
Moved most RDP enums outside of the RDP protocol class. Scripts which reference these enums will need to be updated.
Removed the "Automatically get session info" from the advanced options screen since it is no longer used.
Fixed:
1505: About screen now better follows theme colors
1493: Updated database setup scripts for MSSQL and MySQL
1470: The "Favorite" setting is now properly saved in the local connection settings file (not saved in database)
1447: Exception occurs when resetting layout
1439: Searching in hosts tree loses first keystroke
1428: Fixed a rare error when checking for FIPS
1426: Tabbing is reversed in config window
1425: Connections didn't always respect the panel property
841: Allow for sorting in port scan results
617: Added missing description for password protect field in root node
553: Browser language not set when using Gecko rendering engine
323: Wallpaper always shows in RDP connections, even when turned off
https://mremoteng.org/
-
Whats new:>>
Merge with PuTTY 0.72
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Changelog
Changes between 1.1.1c and 1.1.1d [10 Sep 2019]
*) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
number generator (RNG). This was intended to include protection in the
event of a fork() system call in order to ensure that the parent and child
processes did not share the same RNG state. However this protection was not
being used in the default case.
A partial mitigation for this issue is that the output from a high
precision timer is mixed into the RNG state so the likelihood of a parent
and child process sharing state is significantly reduced.
If an application already calls OPENSSL_init_crypto() explicitly using
OPENSSL_INIT_ATFORK then this problem does not occur at all.
(CVE-2019-1549)
[Matthias St. Pierre]
*) For built-in EC curves, ensure an EC_GROUP built from the curve name is
used even when parsing explicit parameters, when loading a serialized key
or calling `EC_GROUP_new_from_ecpkparameters()`/
`EC_GROUP_new_from_ecparameters()`.
This prevents bypass of security hardening and performance gains,
especially for curves with specialized EC_METHODs.
By default, if a key encoded with explicit parameters is loaded and later
serialized, the output is still encoded with explicit parameters, even if
internally a "named" EC_GROUP is used for computation.
[Nicola Tuveri]
*) Compute ECC cofactors if not provided during EC_GROUP construction. Before
this change, EC_GROUP_set_generator would accept order and/or cofactor as
NULL. After this change, only the cofactor parameter can be NULL. It also
does some minimal sanity checks on the passed order.
(CVE-2019-1547)
[Billy Bob Brumley]
*) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
An attack is simple, if the first CMS_recipientInfo is valid but the
second CMS_recipientInfo is chosen ciphertext. If the second
recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
encryption key will be replaced by garbage, and the message cannot be
decoded, but if the RSA decryption fails, the correct encryption key is
used and the recipient will not notice the attack.
As a work around for this potential attack the length of the decrypted
key must be equal to the cipher default key length, in case the
certifiate is not given and all recipientInfo are tried out.
The old behaviour can be re-enabled in the CMS code by setting the
CMS_DEBUG_DECRYPT flag.
(CVE-2019-1563)
[Bernd Edlinger]
*) Early start up entropy quality from the DEVRANDOM seed source has been
improved for older Linux systems. The RAND subsystem will wait for
/dev/random to be producing output before seeding from /dev/urandom.
The seeded state is stored for future library initialisations using
a system global shared memory segment. The shared memory identifier
can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to
the desired value. The default identifier is 114.
[Paul Dale]
*) Correct the extended master secret constant on EBCDIC systems. Without this
fix TLS connections between an EBCDIC system and a non-EBCDIC system that
negotiate EMS will fail. Unfortunately this also means that TLS connections
between EBCDIC systems with this fix, and EBCDIC systems without this
fix will fail if they negotiate EMS.
[Matt Caswell]
*) Use Windows installation paths in the mingw builds
Mingw isn't a POSIX environment per se, which means that Windows
paths should be used for installation.
(CVE-2019-1552)
[Richard Levitte]
*) Changed DH_check to accept parameters with order q and 2q subgroups.
With order 2q subgroups the bit 0 of the private key is not secret
but DH_generate_key works around that by clearing bit 0 of the
private key for those. This avoids leaking bit 0 of the private key.
[Bernd Edlinger]
*) Significantly reduce secure memory usage by the randomness pools.
[Paul Dale]
*) Revert the DEVRANDOM_WAIT feature for Linux systems
The DEVRANDOM_WAIT feature added a select() call to wait for the
/dev/random device to become readable before reading from the
/dev/urandom device.
It turned out that this change had negative side effects on
performance which were not acceptable. After some discussion it
was decided to revert this feature and leave it up to the OS
resp. the platform maintainer to ensure a proper initialization
during early boot time.
[Matthias St. Pierre]
https://www.openssl.org/
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
bugfix: automatic password saving
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(https://i.postimg.cc/TYtd4jmP/screenshot-1245.png)
Conveniently manage the hierarchy of SSH sessions and tunnels that are created during the port forwarding using this straightforward app.
License: GPLv2
Whats new:>>
New: If you have a child tunnel and a parent tunnel where you have added more tunnels then you can now select one of these in the child tunnel. Previously, you could only select the main tunnel that was in the parent tunnel. Thanks to biece who suggested this in https://sourceforge.net/p/doffensshtunnel/tickets/56/
Update: Updated bundled plink.exe from 0.70 to 0.72
Update: Updated bundled putty.exe from 0.70 to 0.72
Update Windows: Updated bundled winscp.exe from 5.13.7 to 5.13.9 portable
https://sourceforge.net/projects/doffensshtunnel/
-
(https://i.postimg.cc/qBP6j5tb/screenshot-1802.png)
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator.
Freeware
Changelog
Security fix: on Windows, other applications were able to bind to the same TCP port as a PuTTY local port forwarding.
Security fix: in bracketed paste mode, the terminal escape sequences that should delimit the pasted data were appearing together on one side of it, making it possible to misidentify pasted data as manual keyboard input.
Bug fix (possibly security-related): an SSH-1 server sending a disconnection message could cause an access to freed memory.
Bug fix: Windows Plink would crash on startup if it was acting as a connection-sharing downstream.
Bug fix: Windows PuTTY now updates its terminal window size correctly if the screen resolution changes while it's maximised.
Bug fix: tweaked terminal handling to prevent lost characters at the ends of lines in gcc's coloured error messages.
Bug fix: removed a bad interaction between the 'clear scrollback' operation and mouse selection that could give rise to the dreaded "line==NULL" assertion box.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://i.postimg.cc/t4GXCgrk/screenshot-1371.png)
PuTTY Key Generator, also known by the PuTTYgen moniker, is a small yet efficient program that can generate RSA and DSA keys for use with the OpenSSH authorized_keys file. It is a component of PuTTY and can be installed automatically with the Telnet client, but the chances are you would also see it incorporated in other third-party software.
MIT License
Changelog
Security fix: on Windows, other applications were able to bind to the same TCP port as a PuTTY local port forwarding.
Security fix: in bracketed paste mode, the terminal escape sequences that should delimit the pasted data were appearing together on one side of it, making it possible to misidentify pasted data as manual keyboard input.
Bug fix (possibly security-related): an SSH-1 server sending a disconnection message could cause an access to freed memory.
Bug fix: Windows Plink would crash on startup if it was acting as a connection-sharing downstream.
Bug fix: Windows PuTTY now updates its terminal window size correctly if the screen resolution changes while it's maximised.
Bug fix: tweaked terminal handling to prevent lost characters at the ends of lines in gcc's coloured error messages.
Bug fix: removed a bad interaction between the 'clear scrollback' operation and mouse selection that could give rise to the dreaded "line==NULL" assertion box.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Whats new:>>
bugfix: wrong localtime in imestamp for logging file
bugfix: portable mode crash when "Default Settings" file is missing
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Changelog
ADD: API function to locate running script files (xsh.session.ScriptFolderPath)
ADD: Added a session converter into Xshell (ZOC, Putty, SecureCRT)
ADD: diffie-hellman-group14-sha256 KeX algorithm added
ADD: ecdsa-sha2-nistp384, ecdsa-sha2-nistp521 HostKeyAlgorithms added
MOD: Updated OpenSSL 1.0.2I to 1.0.2s
MOD: Xshell log file extensions limited to .log and .txt (KVE-2019-1204 vulnerability)
FIX: Comma in the session properties terminal size values
FIX: Connect button in properties dialog box not functioning when using the edit command from the Local Shell
FIX: Unusually large authentication log file sizes
FIX: Xagent options not functioning when running ssh via Local Shell commands
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
Fix: Child ssh host list select host would reset when changing settings in parent https://sourceforge.net/p/doffensshtunnel/tickets/56/
https://sourceforge.net/projects/doffensshtunnel/
-
Changelog
New Features:
ssh(1): Allow %n to be expanded in ProxyCommand strings
ssh(1), sshd(8): Allow prepending a list of algorithms to the default set by starting the list with the '^' character, E.g. "HostKeyAlgorithms ^ssh-ed25519"
ssh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email).
ssh-keygen(1): print key comment when extracting public key from a private key. bz#3052
ssh-keygen(1): accept the verbose flag when searching for host keys in known hosts (i.e. "ssh-keygen -vF host") to print the matching host's random-art signature too. bz#3003
All: support PKCS8 as an optional format for storage of private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less insecure key derivation function than PEM's.
https://www.openssh.com
-
(https://i.postimg.cc/FzGm8z2v/screenshot-1417.png)
PuTTYTabManager is a handy application that allows you to run multiple PuTTY applications using a single GUI. The application support all the PuTTY protocols, such as SSH, Telnet, Rlogin and Raw.
The tab-based interface makes the application very easy to use, enabling you to manage multiple PuTTY sessions at the same time. Instead of opening multiple PuTTY windows, simply open PuTTYTabManager and initiate every session in a new tab.
Freeware
https://sites.google.com/site/macdsite/utilidades/puttytabmanager
-
Whats new:>>
bugfix: Anti idle does not work anymore from 0.71
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(https://i.postimg.cc/jSDXwrNs/screenshot-1068.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Fix unquoted service path in Windows service.
https://client.pritunl.com
-
(http://securityxploded.com/images/sslcertscanner_mainscreen_big.jpg)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.
You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.
It works on wide range of platforms starting from Windows XP to latest operating system Windows 10.
Freeware
Whats new:>>
Fixed issue with longer SSL certificate expiry date.
https://securityxploded.com/sslcertscanner.php
-
Whats new:>>
New: New built-in variable $datadir that points to the directory for where data files are stored.
Update Windows: From now on the executable is signed
Update macOS: Add quotes to execucatble var
https://sourceforge.net/projects/doffensshtunnel/
-
Changelog
* New features
* Bugfixes
- Support for realpath(3) implementations incompatible
with POSIX.1-2008, such as 4.4BSD or Solaris.
- Support for engines without PRNG seeding methods (thx to
Petr Mikhalitsyn).
- Retry unsuccessful port binding on configuration
file reload.
- Thread safety fixes in SSL_SESSION object handling.
https://www.stunnel.org/index.html
-
Whats new:>>
new feature: 0.73 PuTTY merge
bugfix: print clipboard menu was disabled on 64bits system (I don't remember why)
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Changelog
Implemented mitigations for the Minerva attack as discussed in the security notification:
On Windows 10, Windows Server 2016 and 2019, the algorithms ECDSA/secp256k1 and ECDH/secp256k1 now use Windows cryptography. As a result, these algorithms are now also available when FIPS mode is enabled in Windows.
On Windows Vista to 8.1, and Windows Server 2008 to 2012 R2, the algorithms ECDSA/secp256k1 and ECDH/secp256k1 now use OpenSSL instead of Crypto++. As a side effect, use of these algorithms on Windows Vista now requires at least Service Pack 1 (OpenSSL will fail to initialize on Vista without service packs).
On Windows XP and Windows Server 2003, our software continues to use Crypto++ for all algorithms, but implements mitigations to make it harder or impossible to observe signature timing remotely. Continuing support for these Windows versions is increasingly impractical for multiple reasons including cryptography. Like Microsoft and other software vendors have done, we will need to stop supporting these platforms eventually, but we still support them right now.
When using single-click Remote Desktop forwarding, the SSH Client now runs mstsc.exe using its full system path. Previously, if the SSH Client was run by double-clicking a profile, and there was a copy of mstsc.exe or an impostor executable in the same directory, the potentially unintended executable would be run.
The SSH Client can now import OpenSSH private keys encrypted using CTR mode algorithms.
https://www.bitvise.com/ssh-client
-
Changelog
2019.10.30 -- Version 2.4.8
Antonio Quartulli (1):
mbedtls: fix segfault by calling mbedtls_cipher_free() in cipher_ctx_free()
Arne Schwabe (1):
Remove -no-cpp-precomp flag from Darwin builds
David Sommerseth (3):
cleanup: Remove RPM openvpn.spec build approach
docs: Update INSTALL
build: Package missing mock_msg.h
Gert Doering (4):
repair windows builds (2.4)
Increase listen() backlog queue to 32
Force combinationation of --socks-proxy and --proto UDP to use IPv4.
Fix IPv6 routes on tap interfaces on OpenSolaris/OpenIndiana
Gisle Vanem (1):
Wrong FILETYPE in .rc files
Hilko Bengen (1):
Do not set pkcs11-helper 'safe fork mode'
Ilya Shipitsin (2):
travis-ci: add "linux-ppc64le" to build matrix, change trusty image to xenial, update osx to xcode9.4 and modernize brew management
travis-ci: fix osx builds
Kyle Evans (1):
tests/t_lpback.sh: Switch sed(1) to POSIX-compatible regex.
Lev Stipakov (1):
Fix various compiler warnings
Matthias Andree (1):
Fix regression, reinstate LibreSSL support.
Michal Soltys (1):
man: correct the description of --capath and --crl-verify regarding CRLs
Mykola Baibuz (1):
Fix typo in NTLM proxy debug message
Richard Bonhomme (1):
Ignore --pull-filter for --mode server
Rosen Penev (1):
openssl: Fix compilation without deprecated OpenSSL 1.1 APIs
Selva Nair (3):
Better error message when script fails due to script-security setting
Correct the return value of cryptoapi RSA signature callbacks
Handle PSS padding in cryptoapicert
Steffan Karger (1):
cmocka: use relative paths
Thomas Quinot (1):
Fix documentation of tls-verify script argument
https://openvpn.net/community/
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Changelog
New options for manipulating the shared connections file (File->Export shared)
Copy Files: New default custom arguments (display correct session name / open up each WinSCP session in a new window)
Minor changes to the GUI
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
new feature: force CRLF on Enter key (see https://github.com/gniemirowski/putty-crlf)
bug fix: automatic generation of version.h file
bug fix: save position on exit did not allow negative values (dual monitors)
cleaning: ACS patch completely removed
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
New feature: Easy private key conversion from OpenSSH to PuTTY format by using the keygen feature of WinSCP.com (Tools->Convert OpenSSH key)
Copy Files: session names with white spaces now correctly shown / added user and host to session name (File->Preferences->Copy Files->Set default)
Bug fix: Loading shared connections from local cache could cause an app crash
http://winsshterm.blogspot.com/
-
Changelog
New features:
Various text files converted to Markdown format.
Bug fixes:
Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris.
Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn).
Retry unsuccessful port binding on configuration file reload.
Thread safety fixes in SSL_SESSION object handling.
Terminate clients on exit in the FORK threading model.
https://www.stunnel.org/index.html
-
Changelog
When connecting through a proxy, if the setting Resolve DNS names locally was enabled, the SSH Client would often resolve DNS names remotely (via the proxy) anyway. Fixed.
https://www.bitvise.com/ssh-client
-
(https://i.postimg.cc/TYQVdZv0/Quip.png)
Generate the files and parameters that are necessary for an OpenVPN server and client to run properly with commands using this app.
Freeware
Whats new:>>
Adds support for ECDSA keys
Adds support for EdDSA keys
Adds option to suffix server file names
List of available curves can be shown
Updates OpenSSL to version 1.1.1d
Various bug fixes and enhancements
https://www.sparklabs.com/blog/openvpn-configuration-generator/
-
Changelog
This version contains a minor upgrade access amnesty so that users who would otherwise upgrade to version 8.36 can instead upgrade to the latest version with more fixes. The minimum upgrade access to use this version is October 27, 2019.
Reliability issue: In SSH Server version 8.21, we introduced difference comparisons to reduce an overwhelming amount of logging that would previously occur when large SSH Server settings were changed. We recently discovered the difference comparison algorithm had corner cases which could cause it to run out of stack and cause the SSH Server to crash. Fixed by using a new difference comparison algorithm which is non-recursive and has better and more consistent performance.
We received multiple reports indicating that the SSH.com Tectia client, when connecting from a mainframe, intermittently reports an error consistent with the client incorrectly handling global requests during a channel open. Until further news, the SSH Server now treats all versions of the SSH.com Tectia client as incapable of receiving global requests.
When a proxy profile is configured for client-to-server port forwarding, if the setting Resolve locally was enabled, the SSH Server would often resolve DNS names remotely (via the proxy) anyway. Fixed.
Terminal:
In a terminal console, Shift+Tab will now cycle items in reverse direction (opposite of Tab), as expected.
In BvShell, the command mkdir -p now succeeds if the directory already exists. This brings its behavior in line with mkdir in bash, improving compatibility with SCP clients that send commands like "mkdir -p .", expecting them to succeed.
FTPS:
Self-signed certificates for FTPS, as well as certificate signing requests, were previously incorrectly generated using RSA + SHA-1 signing instead of RSA + SHA-256. Fixed (on Windows Vista and newer; limited to SHA-1 on Windows XP and 2003).
Self-signed certificates for FTPS were previously generated without certificate signing enabled in encoded key usage. This prevented self-signed certificates from working with e.g. curl --cacert. Fixed.
Re-categorized a type of FTPS disconnect event as an Info which was previously incorrectly a Warning.
https://www.bitvise.com/ssh-server-version-history
-
(https://i.postimg.cc/FzGm8z2v/screenshot-1417.png)
PuTTYTabManager is a handy application that allows you to run multiple PuTTY applications using a single GUI. The application support all the PuTTY protocols, such as SSH, Telnet, Rlogin and Raw.
The tab-based interface makes the application very easy to use, enabling you to manage multiple PuTTY sessions at the same time. Instead of opening multiple PuTTY windows, simply open PuTTYTabManager and initiate every session in a new tab.
Freeware
Whats new:>>
Several minor bugs fixed
https://sites.google.com/site/macdsite/utilidades/puttytabmanager
-
Changelog
ADD: Ability to send input `To Visible Tabs` from the compose bar/pane
ADD: New MAC algorithms (umac-64@openssh.com,umac-128@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com)
ADD: New host key algorithm (rsa-sha2-256,rsa-sha2-512)
ADD: True-colored terminal
MOD: Ctrl+Double click changed to channel duplication
MOD: Improved Find result visibility
MOD: Improved product key recognition during installation
MOD: Users can further classify Xagent`s role: authentication or agent forwarding
FIX: Color selection window gets smaller on high DPI monitors
FIX: Crash when opening many sessions in separate windows
FIX: Incorrect shortcut key in context menu (Ctrl+Pause)
FIX: Missing information from the "set" command`s help
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
New feature: Integrated PuTTY's feature "Restart session" (Tab->Reconnect gracefully)
When PuTTY/KiTTY detects a connection loss, the fatal error popup will now automatically be closed
New shortcuts for reconnecting and closing sessions (Navigate->Shortcuts)
http://winsshterm.blogspot.com/
-
Whats new:>>
bug fix: at auto-reconnection automatic command was not sent
bug fix: add source files for personal dependencies
new feature: preparing for automatic cross compile (make -e TOOLPATH=/usr/bin/i686-w64-mingw32- -f MAKEFILE.MINGW cross)
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
New feature: In case there are problems when opening a connection you can now get more verbose output by clicking on "Check connection" in the connections window
Bug fix: Adding a shared connection/folder when a top level node is selected
Bug fix: When reconnecting there was a possibility that the tab didn't get marked with "!!"
http://winsshterm.blogspot.com/
-
Whats new:>>
bugfix: reading buffer size error
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Added support for all available SSL/TLS protocols when downloading a shared connection file via https
Added options to skip certificate validation and to output error details when downloading a shared connection file via https (File->Preferences->Connections->Options)
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
new feature: new -localproxy command-line parameter to implement new Cygwin feature
bugfix[#79]: Default log name is putty.log
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Changelog
The SSH Client now supports machine-wide automatic update settings which can override user-specific settings. The SSH Client installer also supports command line parameters to configure automatic update settings.
Changes in Bitvise SSH Server's terminal subsystem in versions 8.xx have made the bvterm protocol unreasonably slow with certain console applications. Bitvise SSH Server and SSH Client versions 8.38 implement optimizations in both the server and client to address these issues.
sftpc: Pressing Esc on an empty line would incorrectly re-issue the last command. Fixed.
When public key or private key import fails, a more accurate error message will now be displayed in certain cases.
https://www.bitvise.com/ssh-client
-
Changelog
Automatic updates:
The SSH Server installer now supports more convenient command line parameters to configure automatic updates (including to disable them) without having to accompany the installer with an additional instance settings file.
Any error that may have occurred during the last check for updates will now be cleared and no longer shown after disabling checking for updates.
General:
Since versions 8.xx, the SSH Server now uses multiple heaps to reduce contention for memory allocation and freeing. Among other things, this dramatically reduces time to shutdown when handling many simultaneous connections.
In previous 8.xx versions, on computers with many CPU cores, the SSH Server could use too many heaps. In certain usage scenarios, this could cause very excessive memory consumption. The SSH Server will now use a radically smaller number of heaps on computers with many cores.
When public key or private key import fails, a more accurate error message will now be displayed in certain cases.
In 7.xx and earlier versions, automatic IP blocking could be disabled by setting any of the three main IP blocking settings to 0. When upgrading to 8.xx, if the setting IP blocking - threshold was set to 0, but the other two settings were non-zero, then IP blocking would be incorrectly enabled after the upgrade. Fixed.
Authentication:
Thanks to user feedback, we identified a circumstance where looking up a Windows account in a different domain, where the relationship is an external trust, may cause Windows to return a malformed account name such as domain\user@domain. The SSH Server is now able to handle this, so that such accounts can still log in.
Terminal:
Changes in the SSH Server's terminal subsystem in versions 8.xx have made the bvterm protocol unreasonably slow with certain console applications. Bitvise SSH Server and SSH Client versions 8.38 implement optimizations in both the server and client to address these issues.
BvShell:
For improved compatibility with clients such as the vCenter Server Appliance which expect an SCP server to support chmod, BvShell now supports a chmod command which always succeeds and does nothing.
FTPS:
Re-categorized another type of event related to FTPS disconnect as an Info which was previously incorrectly a Warning.
https://www.bitvise.com/ssh-server-version-history
-
Whats new:>>
Bug fix: 'Check Connection' (reworded in 'Check Access') now correctly reverts PuTTY's proxy settings
Added 'Check Access' to tab context menu, search form and quick connect form
Added a PuTTY/KiTTY binary architecture check in the preferences menu and a warning, if an unsupported 64-bit binary is configured
Changed the position of the command line windows from 'Check Access' and 'Convert OpenSSH Key'
http://winsshterm.blogspot.com/
-
Changelog
FIX: IPv6 address not being properly recognized
FIX: Delay in displaying tab names
FIX: Activation related resource cleanup
http://www.netsarang.com/products/xsh_overview.html
-
(https://i.postimg.cc/TYtd4jmP/screenshot-1245.png)
Conveniently manage the hierarchy of SSH sessions and tunnels that are created during the port forwarding using this straightforward app.
License: GPLv2
Whats new:>>
Update Windows: New developement environment
Moved from Win7 (vmware) to Win10 (Hyper-V)
Visual Studio 2017 Express Desktop
Qt 5.12.6 libraries for MSVC 2017 32-bit
Qt Creator 4.11.0
https://sourceforge.net/projects/doffensshtunnel/
-
Whats new:>>
Maintenance update that has new versions of 3'part sw.
Windows
Updated bundled plink.exe from 0.72 to 0.73
Updated bundled putty.exe from 0.72 to 0.73
Updated bundled winscp.exe from 5.13.9 to 5.15.9
Fix for wrong version of bundled msvc redistributable
removed msvcp120.dll and msvcr120.dll
added msvcp140.dll and vcruntime140.dll
https://sourceforge.net/projects/doffensshtunnel/
-
(http://securityxploded.com/images/sslcertscanner_mainscreen_big.jpg)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.
You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.
It works on wide range of platforms starting from Windows XP to latest operating system Windows 10.
Freeware
Whats new:>>
Mega 2020 edition with display of certificate organization, improved SSL scan report and few bug fixes.
https://securityxploded.com/sslcertscanner.php
-
Whats new:>>
Bug fix: When closing a connection the terminal now gets actually closed (instead of getting killed)
Unencrypted shared connections files are now also accepted - in order to support their automated creation
http://winsshterm.blogspot.com/
-
Whats new:>>
New: You can now configure auto reconnect in preferences:
The number of times to retry and the number of seconds to wait between each retry.
Windows: Updated Qt libraries from 5.12.6 to 5.14.0:
There should now be better support for High DPI screens as well as better support for Windows 150% zoom on such screens.
https://sourceforge.net/projects/doffensshtunnel/
-
(https://i.postimg.cc/vmQ0B4Y1/screenshot-2322.png)
Get around working on networks with SSH protocols by using this graphical client that offers a file browser, terminal emulator, text editor, and much more useful features.
GPLv3
Whats new:>>
Added context menu for text fields.
https://github.com/subhra74/snowflake
-
Whats new:>>
new feature[#35]: Multimon support enabled
new feature[#93]: Prevent bracketed paste from being cancelled during paste
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Update: Auto reconnect max attempts in preferences have been increased from 99 to 9999999
Thanks to biece who suggested this in https://sourceforge.net/p/doffensshtunnel/tickets/58/
Fixed: Auto reconnect interval in seconds set in preferences is now actually used. It was previously hard-coded to 10 seconds.
https://sourceforge.net/projects/doffensshtunnel/
-
Changelog
bugfix: issue with the new term_keyinputw funtion usage. Replaced by term_keyinput for one-character sending
new feature: window tilte indicate ONTOP when setting "Ensure window is always on top" is selected
new feature: menu shortcuts refactoring
Here is the complete shortcuts definition:
# Shortcuts: definition for the menu shortcuts keys
[shortcuts]
; (re)send automatic command (default is SHIFT+F12)
autocommand=
; Change settings ...
changesettings=
; Clear scrollback
clearscrollback=
; Close and restart current session
closerestart=
; run a local command (default is CONTROL+F5)
command=
; Copy all window buffer to clipboard
copyall=
; Open a duplicate window (with same session settings)
duplicate=
; open text editor connected to the main window (default is SHIFT+F2)
editor=
; open text editor with clipboard content, connected to the main window (default is CONTROL+SHIFT+F2)
editorclipboard=
; Show event log
eventlog=
; Switch font to black on white colors
fontblackandwhite=
; Decrease font size
fontdown=
; Switch font to negative colors
fontnegative=
; Increase fonr size
fontup=
; Switch to full screen
fullscreen=
; receive a remote file with pscp.exe: the full path must be selected in clipboard (default is CONTROL+F4)
getfile=
; change the background image (default is CONTROL+F11)
imagechange=
; special command box (default is CONTROL+F8)
input=
; special command with multi-line editor (default is SHIFT+F8)
inputm=
; Repeat key exchange
keyexchange=
; New session ...
opennew=
; Print current clipboard content (default if SHIFT+F7)
print=
; Print all window buffer content (default is F7)
printall=
; Protect the window, disable keyboard and mouse input (default is CONTROL+F9)
protect=
; Reset terminal
resetterminal=
; Roll-up the window into the title bar (default is CONTROL+F12)
rollup=
; Load a local script and run it remotely (default is CONTROL+F2)
script=
; Send a local file with pscp.exe (default is CONTROL+F3)
sendfile=
; Show current port forwarding definition (default is SHIFT+F6)
showportforward=
; Enable or disable logging (default is SHIFT+F5)
switchlogmode=
; Send the window to the system tray (default is CONTROL+F6)
tray=
; Switch to embedded image viewer (default SHIFT+F11)
viewer=
; Switch to always visible (default is CONTROL+F7)
visible=
; Start WinSCP (default is SHIFT+F3)
winscp=
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Changelog
This is not a new feature release, but a successor to 8.39 with continued maintenance updates.
We skip versions containing zeros to avoid misunderstandings. For example, 8.04 and 8.40 might both be called "8.4".
This version contains a minor upgrade access amnesty so that users who would otherwise upgrade to version 8.36 for a security fix can instead upgrade to the latest version with more fixes. The minimum upgrade access to use minor versions since 8.36, including this one, is October 27, 2019.
Settings:
The CSV list import feature which is accessible from list views in graphical settings is now able to import plaintext passwords. This is useful, for example, when importing a list of Windows file shares or virtual accounts.
To reliably import a plaintext password, prefix it with "p:". Plaintext passwords that are not prefixed with "p:" will also import, as long as the content of the password does not start with "p:" or "h:". Then it may cause an error or import incorrectly.
The "h:" prefix is for a hexadecimal representation of an internal format which exists so that round-trip export and import preserves settings. The "h:" format is not meant to be generated by users, but will be generated when exporting settings in CSV format, and can be re-imported as-is.
In version 8.35, we made a change where newly created mount points for file transfer are now configured by default to allow other processes to share files for Read and Delete access, and no longer for Write access. Previous versions would use a default that also permits sharing for Write access.
Due to the changed default setting value, users who upgraded from a previous version to 8.35 or higher would find that Easy settings no longer shows their accounts with a single mount point configured as Limit to root directory, but now shows them as Configure multiple mount points. The single mount point would still be properly configured and work as before. We have relaxed this logic so that such accounts will once again show as Limit to root directory, as the user expects.
SSH:
We received a report indicating that WS_FTP can intermittently fail to correctly handle a global request, disconnecting with a protocol error. Until further news, our SSH Server now treats all versions of the WS_FTP client as incapable of receiving global requests.
A number of clients, including PuTTY and OpenSSH, are now likely to try GSSAPI authentication always when connecting, by default. In previous versions, this could cause the following message to be frequently logged in the SSH Server's textual log files, as well as displayed on the Activity tab:
None of the GSSAPI mechanisms advertised by the client are supported or enabled.
This would cause some users to think that if a connection has a problem, this must be the cause of the problem. This message is never the cause of a problem, unless your problem is specifically with GSSAPI.
This is therefore now a Trace-level log message and is no longer displayed in the Activity tab.
BvShell:
For improved compatibility with clients such as the vCenter Server Appliance which expect an SCP server to support chmod, BvShell now supports a chmod command which always succeeds and does nothing.
https://www.bitvise.com/ssh-server-version-history
-
Release Notes -> https://www.openssh.com/txt/release-8.2
https://www.openssh.com
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
bugfix: auto-command does not not work on sessions without login
bugxfix: pull request #112 from issue #110
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Changelog
feat: Pull request [#124]
feat: Pull request [#125] (already included in 0.73.2.5 but not merged in github)
feat: Pull request [#126]
feat: Pull request [#127]
feat: Pull request [#128]
0.73.2.5
bugfix: auto-reconnect does not work (it hangs) when connecting with private key without agent
feat: key passphrase saving
feat: add CTRL+HOME and CTRL+END mapping
feat: adding KiTTY specific manifest
bugfix: removing 64bits version (not ready yet)
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Feat: Pull request [#130]
Feat: new default configuration file
Bugfix: System menu always appear with alt+space even if the setting (window/behaviour) is not checked
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(https://i.postimg.cc/TYtd4jmP/screenshot-1245.png)
Conveniently manage the hierarchy of SSH sessions and tunnels that are created during the port forwarding using this straightforward app.
License: GPLv2
Whats new:>>
Update: Keep tree node 'lock' icon colored red when reconnection timer is active
https://sourceforge.net/projects/doffensshtunnel/
-
Whats new:>>
feat: Pull request [#134]
feat: Pull request [#139]
feat: complete default configuration file (kitty.ini)
bugfix: focus reporting disable by default
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
FIXEscape character issues with Quick Command Button strings
FIXGSSAPI authentication issues in Build 0183
FIXVerify CA key Error message when using OpenSSH CA(Certificate Authority) & the terminal based authentication
http://www.netsarang.com/products/xsh_overview.html
-
(http://images.six.betanews.com/screenshots/scaled/1314194663-1.jpg)
MTPuTTY (Multi-tabbed PuTTY) helps you to manage different PuTTY connections in one tabbed GUI interface. Every PuTTY connection runs in a separate tab and you can switch between PuTTYs as easy as you switch between opened pages in web browsers. When you need, you can detach PuTTY window from tab and convert it back into normal PuTTY application.
Freeware
Latest Changes
New option to save sessions (See Options/Advanced)
New option to save layouts (See Options/Advanced)
New feature to send keys without opening send script dialog
Added Sessions box for easier navigation between sessions
New feature to search for server name
Minor bugs fixed
http://www.ttyplus.com/multi-tabbed-putty/
-
Whats new:>>
bugfix: Close+Restart doesn't work [#140]
bugfix: Crash while viewing file contents [#148]
feat: New session file based on file extension (.ktx) and mask directories that start with dot [#143]
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Bugfix: Ctrl-Tab and Ctrl-Shift-Tab functionality broken [#152]
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
[bug fix] Fix terminal log open issue (#1652)
[bug fix] Fix no history cause app crash (#1651)
[bug fix] Fix runScript UI in bookmark form (#1648)
https://github.com/electerm/electerm
-
(https://i.postimg.cc/pTKsLpr4/GrafX2.png)
NetMod is a lightweight utility that can act as a proxy server with advanced capabilities, namely the ability to modify requests and access blocked websites behind the firewall. As you probably hinted, the application comes with a built-in SSH client, OpenVPN and SSL/TLS tunneling, so you are able to access everything blocked for your system or geographic area.
Freeware
https://sourceforge.net/projects/netmodhttp/
-
(https://i.postimg.cc/qRLvWShS/screenshot-2465.png)
Improve the way you handle your SSH connections by relying on this Electron-based, modern-looking, and user-friendly client for SSHFS-Win.
MIT License
Whats new:>>
Now supports key-based authentication!
https://github.com/evsar3/sshfs-win-manager
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
Features:
Add edit language file link in settings (#1656)
Fixes:
Fix ecnode support
Fix theme background setting (#1660)
https://github.com/electerm/electerm
-
Changelog
New features:
Allow unicode search string in --cryptoapicert option (Windows)
User visible changes:
Skip expired certificates in Windows certificate store (Windows) (trac #966)
OpenSSL: Fix --crl-verify not loading multiple CRLs in one file (trac #623)
When using "--auth-user-pass file" with just a username and no password in the file, OpenVPN now queries the management interface (if active) for the credentials. Previously it would query the console for the password, and fail if no console available (normal case on Windows) (trac #757)
Swap the order of checks for validating interactive service user (Windows: check config location before querying domain controller for group membership, which can be slow)
Bug fixes:
fix condition where a client's session could "float" to a new IP address that is not authorized ("fix illegal client float")
This can be used to disrupt service to a freshly connected client (no session keys negotiated yet). It can not be used to inject or steal VPN traffic. CVE-2020-11810, trac #1272)
fix combination of async push (deferred auth) and NCP (trac #1259)
Fix OpenSSL 1.1.1 not using auto elliptic curve selection (trac #1228)
Fix OpenSSL error stack handling of tls_ctx_add_extra_certs
mbedTLS: Make sure TLS session survives move (trac #880)
Fix OpenSSL private key passphrase notices
Fix building with --enable-async-push in FreeBSD (trac #1256)
Fix broken fragmentation logic when using NCP (trac #1140)
https://openvpn.net/community/
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
feat: new configuration option: dblclick. If value is start, double click on session start the session rather than opening it.
bugfix: [Crash] Crashing calling ‘Change Setting’ from system menu [#113]: trying to solve with two new gcc paramters: -mms-bitfields -march=i386
bugfix: wrong filename for Default Settings session file in portable mode with file extention enabled
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(https://i.postimg.cc/QdHKYMV2/screenshot-2470.png)
SoSSH is an application designed to help you streaming multimedia content via the SSH protocol. SoSSH can connect to a server and creates custom playlists. It comes with an intuitive interface and basic playback functions, which makes it suitable for any type of user, beginner or advanced.
License : GPLv3
https://sourceforge.net/projects/sossh/?source=directory
-
Whats new:>>
Security Advisory: one high severity fix in SSL_check_chain()
OpenSSL 1.1.1g is now available, including a security fix
https://www.openssl.org/
-
(https://i.postimg.cc/j2gdKt9B/screenshot-2490.png)
Connect to various devices or servers in your network by turning to this lightweight software solution that lets you manage several sessions.
Features
* Manage multiple sessions from one console with a tabbed interface
* Save credentials or private keys to any session for easy login
* Automate all scripts youre using when connection is established
* Find your saved session easily thanks to Windows Search integration
* No installation is needed
+ Support of SCP, SSH, Telnet, SFTP
+ Saving credentials (including private key) for auto-login
+ Support of multiple sessions in tabbed interface
+ Quick access to the most used sessions
+ Auto-reconnecting capability
+ Graphical SFTP file transfer
+ Support of post-connections scripts
+ Integration of Windows Search
Freeware
https://www.solarwinds.com/free-tools/solar-putty
-
Whats new:>>
bugfix: remove -mms-bitfields -march=i386, does not improve AMD situation.
bugfix: BUG: When selecting a session inside a subfolder, the selection changes [#155]
bugfix: In portable mode, Default Settings session file is created even is the flag defaultsettings is set to no
feat: add local proxy command managment in winscp integration
feat: new dynamic settings for PSCP and WinSCP intégration [#161]
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
fix #1657 [feat] Support show ssh server info(network, file system and more)
fix #1644 [feat] Add start directory option for ssh/sftp (#1664)
https://github.com/electerm/electerm
-
(https://i.postimg.cc/pTKsLpr4/GrafX2.png)
NetMod is a lightweight utility that can act as a proxy server with advanced capabilities, namely the ability to modify requests and access blocked websites behind the firewall. As you probably hinted, the application comes with a built-in SSH client, OpenVPN and SSL/TLS tunneling, so you are able to access everything blocked for your system or geographic area.
Freeware
Changelog
-Bug Fix: OpenVPN cfg editor sometimes doesn't show
-Limit port value to 65535
-Improvements in OpenVPN settings
-Added OpenVPN sndbuf/rcvbuf size option in settings (OpenVPN Buffer Size)
-Added OpenVPN DNS Customization (See in settings and set DNS to system DNS)
-Added UDPGW Buffer size option in settings (SSH Options)
-Downgraded TAP-Driver to 9.21.2 (previous version still causes 1 GB limit in x86 OS, x64 OS no issue)
Now should not limit to 1 GB tested in different OS (WIN 10 x86/x64 and WIN 7 x86)
https://sourceforge.net/projects/netmodhttp/
-
Whats new:>>
feat: new dynamic settings for PSCP and WinSCP intégration [#161], add remote directory
bugfix: complete refactoring of session selector in portable mode
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Changelog
Installation:
The SSH Client no longer supports installation on Windows 10 versions 1507 and 1511. These versions contain a flawed cryptographic implementation which prevents a number of SSH algorithms from working correctly. The lowest Windows 10 version supported is 1607.
During an initial, interactive installation; when installing into a non-default directory (e.g. outside of C:\Program Files (x86)\); the SSH Client installer will attempt to detect if any parent of the installation directory grants insecure permissions for non-administrative users. The installer will display a warning about installing into such insecure directories.
When updating an installation in such a directory, the update will succeed, but the graphical SSH Client will display a warning.
Graphical client:
Some versions of Nvidia Surround modify Windows behavior in a way such that the window manager doesn't respect the SSH Client's fixed window width setting. The graphical SSH Client now works around this issue.
In the Host key manager interface, a host key could be incorrectly placed into the wrong recognized vs. unrecognized category if there were keys in both categories. Fixed.
Command-line clients:
The command-line clients sftpc, sexec, stermc, stnlc and spksc now support the command-line parameter -sendExtInfo=n so that the user can disable sending of the client-side SSH_MSG_EXT_INFO message to a server which advertises support, but does not actually support it.
Command-line clients will no longer display unnecessary warnings about failing to load update settings if the SSH Client was installed in an unattended manner and the graphical SSH Client has not yet been run.
SSH:
In rare circumstances, an SSH session could terminate in such a way that the SSH Client would crash. Fixed.
The CrushFTP server, and other servers based on the J2SSH Maverick implementation, may advertise support for SSH_MSG_EXT_INFO (RFC 8308), but have a bug where the server disconnects if the client sends this message. Bitvise SSH Client and FlowSsh now attempt to detect these servers based on their SSH version strings, and disable sending of the client-side SSH_MSG_EXT_INFO if detected.
OpenSSH 6.2 and 6.3 can be configured to enable AES GCM, but crash if it is used. Bitvise software versions 8.42 and higher will now disable AES GCM if the remote version string indicates an affected OpenSSH version.
SFTP:
The SFTP server which identifies itself as "SSH-2.0-SFTP Server" has a flawed SFTP v4+ text mode implementation. The default transfer mode with this server will now be Binary instead of AutoStd.
The dialog interface for the Mirror feature could require multiple clicks on the OK button. Fixed.
Remote Desktop forwarding:
The SSH Client now delays deletion of the Remote Desktop profile that mstsc is launched with. This is intended to improve compatibility with Windows on ARM64.
Terminal:
The SSH Client's graphical terminal window implementation for classical terminals (xterm and other non-bvterm terminals) now implements improved mouse wheel scrolling, properly accumulating mouse wheel deltas.
Some versions of Cmder have an issue which causes the Windows function ScrollConsoleScreenBuffer to fail unexpectedly. The bvterm client now works around this issue.
https://www.bitvise.com/ssh-client
-
Changelog
Version information:
This version continues a minor upgrade access amnesty so that users who would otherwise upgrade to version 8.36 for a security fix can instead upgrade to the latest version with more fixes. The minimum upgrade access to use minor versions since 8.36 is October 27, 2019.
Installation:
The SSH Server no longer supports installation on Windows 10 versions 1507 and 1511. These versions contain a flawed cryptographic implementation which prevents a number of SSH algorithms from working correctly. The lowest Windows 10 version supported is 1607.
During an initial, interactive installation; when installing into a non-default directory (e.g. outside of C:\Program Files\); the SSH Server installer will attempt to detect if any parent of the installation directory grants insecure permissions for non-administrative users. The installer will display a warning about installing into such insecure directories.
When updating an installation in such a directory, the update will succeed, but the SSH Server Control Panel will display a warning.
Control Panel and settings:
The FTPS passive port is now configurable in Easy settings and has a default fixed value 20020. The previous default value, 0, would cause the passive port for data connections to be randomly selected each time the SSH Server was started. This required using Advanced settings to configure FTPS access from the internet when a router or firewall needed to be manually configured.
The Log Folder Viewer now starts faster when the log directory contains many log files.
The SSH Server Control Panel could crash when interacting with the Host keys and fingerprints interface in instance type settings for slaves and secondary masters. Fixed.
During CSV import, boolean values are now recognized regardless of character case. Boolean values had to be lowercase previously.
Reliability:
The difference comparison algorithm used for logging settings changes had a rare corner case which would cause the SSH Server to stop in a controlled but definitely unintended way. Fixed.
SSH:
In rare circumstances, an SSH session could terminate in such a way that the SSH Server would crash. Fixed.
OpenSSH 6.2 and 6.3 can be configured to enable AES GCM, but crash if it is used. Bitvise software versions 8.42 and higher will now disable AES GCM if the remote version string indicates an affected OpenSSH version.
The SSH Server will now log the host key algorithm negotiated by a client in the message I_SESSION_KEY_EXCHANGE_ALGORITHMS.
Authentication:
In specific circumstances, a logon attempt could get stuck waiting for serialization due to the Penalty login attempt delay setting. The session would not be released until the next login attempt initiated by another session. Fixed.
The log message I_LOGON_AUTH_DISCARDED has been changed from info-level to more appropriate trace-level.
Subsystems:
Improved protections on SSH Server subsystems for file transfer, terminal shell and exec requests. The improvements protect against SSH clients with non-administrative access which are nevertheless granted the ability to run arbitrary code, such as through unrestricted Command Prompt or PowerShell access. The improvements are not effective on Windows 7 and Windows Server 2008 R2 due to limitations in those Windows versions.
BvShell:
Fixed an issue where BvShell would log superfluous, non-informative info-level messages for each entry in a directory listing.
BvShell now supports the command sh to enter a simulated sh-like shell. This is to improve compatibility with the SCP implementation in the IBM Workload Scheduler on AIX, which supports SCP but not SFTP, and expects to invoke an sh shell. These are some poor design decisions on behalf of IBM, so that further accommodations may still be needed.
https://www.bitvise.com/ssh-server-version-history
-
Whats new:>>
bugfix: remove automatic file association: bug with McAfee
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
[feat] Support local start directory (#1689)
[feat] Support custom baudRate for serial port (#1688)
[security] Add token verify for requests (#1687)
[fix] Fix Drag file/folder to terminal support (#1681)
https://github.com/electerm/electerm
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
New feature: Send connection info to quick connect window
Cluster Mode: Tabs don't close so that the session can be reconnected
New error handling when embedding PuTTY/KiTTY into a tab
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features.
Whats new:>>
Feat: new kitty.ini option hostkeyextension to define an extension for server host key files
Feat: Adjust lines scrolled per mouse wheel turn [#166]
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
[fix] Fix npm install script (#1696)
[fix] Quit properly kill child process (#1693)
Update window menu UI by @hoan277 (#1691)
https://github.com/electerm/electerm
-
Whats new:>>
bugfix: Configuration session box not filtering on folder selection in portable mode without directory browsing [#178]
feat: new product name
feat: add new icons
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Update zh_cn locale file by @xiaoluhong
[UI] Improve terminal info panel UI (#1706)
[fix] Fix test connection function (#1705)
[fix] Fix ssh-config support (#1704)
[feat] Support opacity for Linux (#1703)
https://github.com/electerm/electerm
-
Changelog
Installation:
The SSH Client adds its installation directory to the system PATH environment variable when installing, but did not remove it when uninstalling. The SSH Client installation directory is now removed from PATH when uninstalling. Reinstallations or upgrades from version 8.43 will briefly remove and then re-add the SSH Client installation directory to PATH.
SSH:
Certain versions of the Pragma Fortress SSH server - including the most recent version when testing - can send a corrupted SSH authentication banner where an inexact, duplicate copy of the banner message is included before the language tag. SSH Client versions 7.xx and earlier could connect because they ignored the language tag, but SSH Client 8.xx versions would not because they check that the language tag does not exceed an unreasonable length.
The SSH Client now allows an exception for this server where the incorrect encoding is ignored. If the server cannot be identified as "Pragma FortressSSH", the language tag length check remains enforced.
Command-line clients:
Previously, an implied command such as the following:
sexec user@host dir /?
... would incorrectly cause command line clients including sftpc, stermc and sexec to display their own help text instead of invoking the remote command as specified. Fixed.
Graphical client:
The graphical SSH Client now detects and warns about an insecure installation directory in an expanded, more thorough set of circumstances.
In version 8.42, the -sendExtInfo=... parameter was added to command line clients. An equivalent setting, Send EXT_INFO, is now also available in the graphical client, on the SSH tab.
SFTP:
Fixed an issue with auto-completion which could cause the SFTP graphical interface to dead-lock.
https://www.bitvise.com/ssh-client
-
Whats new:>>
[feat] Remve session restore function (#1714)
[UI] Use message module to show copied msg (#1713)
https://github.com/electerm/electerm
-
Whats new:>>
Remove session recovery module.
https://github.com/electerm/electerm
-
Changelog
Version information:
This version extends the SSH Server's upgrade access amnesty so that all users of previous 8.xx version can update to the latest version with accumulated fixes. The minimum upgrade access to use this version is October 23, 2018.
We are at this point highly confident in the security, stability and compatibility of our latest 8.xx versions. We are aware of users still relying on versions 7.xx and 6.xx, and sometimes even 5.xx and 4.xx. The SSH Server is security-sensitive, network-facing software. We suggest all users to update.
Reliability:
Previous SSH Server 8.xx versions had a race condition which could cause the SSH Server to crash on startup. The crash did not cause a vulnerability or loss of data, but it did require the service to be restarted. In our testing, a crash occurred in 1 out of 200 - 300 startups. The chance of crash could be higher on certain computers or in certain situations, such as when a new version was started immediately after an update. Fixed.
Installation:
When the SSH Server is first installed, it will now configure Windows service failure actions (Recovery options) to automatically restart the service if it crashes, up to two times in a day. The SSH Server is never intended to crash, and we want it to be noticeable if it does, so that the issue is reported. However, we also do not want users to suffer unnecessary outages if a crash does occur.
In most cases, this change will not affect users upgrading from previous versions. During an upgrade, configured service failure actions – or lack of them – will be preserved, except in situations that require the previously existing service to be unregistered.
On completion of an update, a spurious warning would be logged in the Windows Event Log about failing to restart the SSH Server Control Panel. Fixed.
On Windows XP, when an update was started automatically or through the SSH Server Control Panel, the installation console window would stay open indefinitely until the log process was forcibly closed, such as by using the Windows Task Manager or Process Explorer. Fixed.
On Windows 10, the installer would create a shortcut to the SSH Server Control Panel in the Start Menu. However, Windows would detect this as a duplicate of the shortcut in Administrative Tools, and would hide the shortcut from the user. Fixed.
https://www.bitvise.com/ssh-server
-
Whats new:>>
Fix crash on tray icon click.
https://github.com/electerm/electerm
-
(https://i.postimg.cc/nrbYqRY7/screenshot-2584.png)
PuTTY Tunnel Manager allows you to easily open tunnels, that are defined in a PuTTY session, from the system tray. You can also move the tunnels from PuTTY to PuTTY Tunnel Manager. This allows you to use PuTTY just for SSH shell sessions (without opening tunnels), and use PuTTY Tunnel Manager just for tunneling.
MIT License
Whats new:>>
.NET 4.6
auto connect session
fix sessions termination
fix port input field
https://github.com/kostapc/Putty-Tunnel-Manager
-
Whats new:>>
bugfix: In portable mode, default protocol is raw
bugfix: WinSCP integration: Do not add Proxy settings if SFTP Connect is defined
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
[fix] Improve maximize function
[feat] Add diable sftp option in bookmark form -> setting (#1738)
https://github.com/electerm/electerm
-
Whats new:>>
[feat] Add custom background image opacity/light/blur (#1744) by @renxia and gflizhiwen
[fix] Update window control icon event listerner element (#1744) by @renxia and gflizhiwen
[fix] Fix theme export error (#1747) by @renxia and gflizhiwen
https://github.com/electerm/electerm
-
Changelog
* New features
- FIPS support for RHEL-based distributions.
- Support for modern PostgreSQL clients (thx to Bram Geron).
* Bugfixes
- Fixed a transfer() loop bug.
https://www.stunnel.org/index.html
-
Whats new:>>
bugfix: No more icon change in About box
feat: new -icon and -iconfile command-line options
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(https://i.postimg.cc/qBP6j5tb/screenshot-1802.png)
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator.
Freeware
Changelog
Security fix: if an SSH server accepted an offer of a public key and then rejected the signature, PuTTY could access freed memory, if the key had come from an SSH agent.
Security feature: new config option to disable PuTTY's dynamic host key preference policy, if you prefer to avoid giving away to eavesdroppers which hosts you have stored keys for.
Bug fix: the installer UI was illegible in Windows high-contrast mode.
Bug fix: console password input failed on Windows 7.
Bug fixes in the terminal: one instance of the dreaded "line==NULL" error box, and two other assertion failures.
Bug fix: potential memory-consuming loop in bug-compatible padding of an RSA signature from an agent.
Bug fix: PSFTP's buffer handling worked badly with some servers (particularly proftpd's mod_sftp).
Bug fix: cursor could be wrongly positioned when restoring from the alternate terminal screen. (A bug of this type was fixed in 0.59; this is a case that that fix missed.)
Bug fix: character cell height could be a pixel too small when running GTK PuTTY on Ubuntu 20.04 (or any other system with a similarly up-to-date version of Pango).
Bug fix: old-style (low resolution) scroll wheel events did not work in GTK 3 PuTTY. This could stop the scroll wheel working at all in VNC.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://i.postimg.cc/t4GXCgrk/screenshot-1371.png)
PuTTY Key Generator, also known by the PuTTYgen moniker, is a small yet efficient program that can generate RSA and DSA keys for use with the OpenSSH authorized_keys file. It is a component of PuTTY and can be installed automatically with the Telnet client, but the chances are you would also see it incorporated in other third-party software.
MIT License
Changelog
Security fix: if an SSH server accepted an offer of a public key and then rejected the signature, PuTTY could access freed memory, if the key had come from an SSH agent.
Security feature: new config option to disable PuTTY's dynamic host key preference policy, if you prefer to avoid giving away to eavesdroppers which hosts you have stored keys for.
Bug fix: the installer UI was illegible in Windows high-contrast mode.
Bug fix: console password input failed on Windows 7.
Bug fixes in the terminal: one instance of the dreaded "line==NULL" error box, and two other assertion failures.
Bug fix: potential memory-consuming loop in bug-compatible padding of an RSA signature from an agent.
Bug fix: PSFTP's buffer handling worked badly with some servers (particularly proftpd's mod_sftp).
Bug fix: cursor could be wrongly positioned when restoring from the alternate terminal screen. (A bug of this type was fixed in 0.59; this is a case that that fix missed.)
Bug fix: character cell height could be a pixel too small when running GTK PuTTY on Ubuntu 20.04 (or any other system with a similarly up-to-date version of Pango).
Bug fix: old-style (low resolution) scroll wheel events did not work in GTK 3 PuTTY. This could stop the scroll wheel working at all in VNC.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
New field "Custom Id" in the connection configuration. Its value will be found by the search tool (Navigate->Search)
Added support for the XML attribute "Expanded" in the shared connection file
Minor improvements to the error handling for shared connections files
Minor improvements to the code that sends messages to the PuTTY/KiTTY terminals
Bug Fix: Changing the protocol for Copy Files resets the connection SSH port to 22
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
[fix] Handle readfile error in sftp(ignore bad link) (#1756)
Change linux category to Development;System;TerminalEmulaor (#1752)
https://github.com/electerm/electerm
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
bugfix: Saving hostname to "Default Settings" causes kitty_portable to crash [#195]
v0.74.0.1
merge with PuTTY 0.74
remove MOD_WINCRYPT patch and wincrypt directory
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Fix click new bookmark function
Add bookmark form update success message
Fix env:LANG form UI
https://github.com/electerm/electerm
-
Whats new:>>
[fix] Fix maximize function (#1779)
Update DMG release UI (#1769)
Use human readable file size
[fix] Fix quick command list not showing error
https://github.com/electerm/electerm
-
Whats new:>>
New field "Custom Id" in the connection configuration. Its value will be found by the search tool Bug Fix: In some rare cases the WinSSHTerm window could disappear when un-maximizing it
Fixed some focus issues
New feature: Collect and display some useful infos (Help->Info)
http://winsshterm.blogspot.com/
-
Whats new:>>
Fix window release(Mac, Linux users do not need to upgrade)
https://github.com/electerm/electerm
-
Whats new:>>
fix: Add edit icon for simple bookmark list(Only have default category) (#1795)
fix: Fix serial port support (#1800)
feat: Add check upgrade on start switch in settings (#1801)
https://github.com/electerm/electerm
-
Whats new:>>
bugfix: conflict with ctrl+left click, between icon change and hyperlink features. revealed by [#184]
feat: new shortcut Shift+Left button to start config box with current settings [#156]
feat: try again button on network connection error (first time) [#199]
feat: pscp.exe port Knocking fail [#210]
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Bugfix: Reconnect hangs on password entry [#197]
Bugfix: change mouse shortcut Shift+Left to keyboard shortcut
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Fix maximize function (#1806)
Upgrade to Electron v9
https://github.com/electerm/electerm
-
Changelog
Now 64-bit builds available
Master Password: Security improvements
Master Password: New drop down button in connection password fields to show password in plain text
Improved detection of read-only instances
Improvements to the Help->Info dialog
Improvements detecting running processes like Pageant when running on a multi-user system
Added global option to set the X11 Display Location (File->Preferences->Terminal)
New PuTTY/KiTTY session "WinSSHTerm_ScriptRunner", which is used exclusively by the Script Runner
Bug Fix: unhandled exception in the DockPanel Suite
Bug fix: Quick-Connect throws an error when upgrading from older version
Bug fix: Password field for Jump Server in Quick-Connect dialog was shown in plain text
http://winsshterm.blogspot.com/
-
(http://securityxploded.com/images/sslcertscanner_mainscreen_big.jpg)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.
You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.
It works on wide range of platforms starting from Windows XP to latest operating system Windows 10.
Freeware
Whats new:>>
Major release with important update for SSL certificate retrieval from TLS v1.2 server. Also enhanced and enlarged GUI interface.
https://securityxploded.com/sslcertscanner.php
-
Whats new:>>
Bugfix: "Default Settings" is created in subfolders [#207]
Feat: Not all kinds of "ssh://" URLs are supported, crash sometimes [#216]
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
Add SetFocus at startup
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(http://images.six.betanews.com/screenshots/scaled/1314194663-1.jpg)
MTPuTTY (Multi-tabbed PuTTY) helps you to manage different PuTTY connections in one tabbed GUI interface. Every PuTTY connection runs in a separate tab and you can switch between PuTTYs as easy as you switch between opened pages in web browsers. When you need, you can detach PuTTY window from tab and convert it back into normal PuTTY application.
Freeware
Latest Changes
Mass password update added
Special keys in script added (including the Escape key)
Fixed high DPI issues
Option to autoreconnect after unexpected disconnect added
Minor bugs fixed
http://www.ttyplus.com/multi-tabbed-putty/
-
(https://i.postimg.cc/pTKsLpr4/GrafX2.png)
NetMod is a lightweight utility that can act as a proxy server with advanced capabilities, namely the ability to modify requests and access blocked websites behind the firewall. As you probably hinted, the application comes with a built-in SSH client, OpenVPN and SSL/TLS tunneling, so you are able to access everything blocked for your system or geographic area.
Freeware
Whats new:>>
-Bug fix VPN Services
https://sourceforge.net/projects/netmodhttp/
-
Whats new:>>
Bugfix: replace http links to https [#214]
Bugfix: crash when saving password (with start button only)
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
feat: new Kageant option -pass, to store automatically private SSH key without prompting for passphrase
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Feat: automatically select first item in ConfigBox [#165]
Feat: IDEA: Title window with SOCKS port [#209]
Feat: add automatic sftpconnect (create a local port dynamically)
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
eat: add -defini option to create a new default configuration file
Fix: kageant "Saved Sessions" opens PuTTY instead of KiTTY [#97]
Fix: issue with ssh:// handler management
Debug: working on [#113]: [Crash] Crashing calling ‘Change Setting’ from system menu
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
-Bug fix VPN Service startup
-Bug fix proxy/ssh/openvpn listview's scrollbar
-Bug fix: Payload's keyword "[rotate]" can't be used more than once
-Bug fix ssh reconnect's balloon
-Improve load configuration performance
-Add requested host after result (Host Checker)
https://sourceforge.net/projects/netmodhttp/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
Rewrite sftp module, now it use async process to handle file transfer
Add zh_tw language support
https://github.com/electerm/electerm
-
Whats new:>>
Fix: [Crash] Crashing calling ‘Change Setting’ from system menu [#113]
Fix: Auto-login password is denied randomly [#59]
Build: updgrade building chain to gcc-9.2
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
feat: Add blink icon animation for transporting tab (#1832)
feat: Support batch input for terminal (#1831)
feat: Support root folder for Windows OS (#1829)
https://github.com/electerm/electerm
-
Whats new:>>
fix: Fix empty batch input crash app
fix: Fix number input direct edit function in settings (#1836)
https://github.com/electerm/electerm
-
(https://i.postimg.cc/qRLvWShS/screenshot-2465.png)
Improve the way you handle your SSH connections by relying on this Electron-based, modern-looking, and user-friendly client for SSHFS-Win.
MIT License
Whats new:>>
Support for advanced params
Easily duplicate connections
Order connection list
Debug connection log
https://github.com/evsar3/sshfs-win-manager
-
Changelog
Version information:
The SSH Server's upgrade access amnesty continues, so that all users of previous 8.xx version can update to the latest version with accumulated fixes. The minimum upgrade access to use this version is October 23, 2018.
We are at this point highly confident in the security, stability and compatibility of our latest 8.xx versions. We are aware of users still relying on versions 7.xx and 6.xx, and sometimes even older. The SSH Server is security-sensitive, network-facing software, and updating is the only way to receive the latest security and reliability fixes. We suggest all users update.
Automatic updates:
If an update is available and settings are configured to automatically apply it, then when the SSH Server Control Panel is started, it will no longer initiate the update immediately, but will instead wait for some time (currently 5 minutes). This offers the administrator a window in which to change automatic update settings, in case the administrator wants to modify them.
SSH:
When using the authentication method keyboard-interactive, an implementation that identifies itself as "SSH-2.0-libssh-0.6.5" sends the message SSH_MSG_USERAUTH_REQUEST without encoding fields for the language tag and submethods. These fields are required, but since they are not critical, the SSH Server will now treat them as empty if they are missing.
Terminal:
Improved stability of the new Windows 10 terminal console when resizing. The new Windows 10 console has a bug where it will crash if the cursor lands outside of the screen buffer after a resize. The SSH Server now detects this situation and works around it.
FTPS:
In previous versions, each FTPS connection would cause a small file to be created, and never deleted, in the directory C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18. Fixed.
File transfer:
Changed the behavior of the Maximum wait time setting for the On-upload command. Previously, it was a mistake to set this to a value other than 0 seconds (the default). However, when this value was set to 0 seconds, and Execute as service was disabled (also the default), the last On-upload command in a session could be terminated prematurely if it did not complete quickly when a session disconnected.
The SSH Server now no longer waits for an On-upload command to complete, except optionally after a session has disconnected. The Maximum wait time now applies only in this situation, and it causes the SSH Server to wait for this amount of time before forcefully terminating the command. If set to zero, the SSH Server will not wait with session cleanup, and will also not forcefully terminate the command.
https://www.bitvise.com/ssh-server
-
Changelog
SSH:
Bitvise SSH Client and FlowSsh will now recognize servers with "Maverick_SSHD" and "GoAnywhere" in their SSH version strings as variants of "J2SSH_Maverick". This means Bitvise SSH Client and FlowSsh will no longer send SSH_MSG_EXT_INFO by default to such servers. See the previous compatibility change for J2SSH_Maverick, in version history for Bitvise SSH Client and FlowSsh versions 8.42.
If a client authentication key has been accepted by the server for authentication, the SSH Client will no longer prevent its use due to the server's server-sig-algs extension. In addition, the SSH Client will now log if a key is not used due to this extension.
Graphical client:
A new or reset profile will no longer open a terminal and SFTP window automatically, by default. This improves behavior when connecting to servers that limit SSH sessions to a single concurrent channel. Automatic opening of these windows can still be enabled using the same settings on the Options tab.
The SSH Client's buttons would be hidden under Windows UI elements in Windows 10 Tablet mode. Fixed.
The SSH Client will now display clearer information when an update is available but cannot be started.
Terminal:
When using xterm and other non-bvterm protocols, the graphical SSH Client and stermc now support the sending of the following Alt + key combinations: Alt + Left Arrow, Right Arrow, Up Arrow, Down Arrow, Backspace, Page Up and Page Down. In addition, the graphical client also supports Alt + Enter. Alt + Enter is not supported in stermc because it is used by the Windows console to enter or exit full-screen mode.
When using xterm and other non-bvterm protocols, the speed of screen painting in the graphical SSH Client is now significantly improved.
The graphical SSH Client and stermc now support a terminal window resize initiated by an escape sequence from the server.
The graphical SSH Client and stermc will now accept xterm's 16-color and 256-color sequences even when regular xterm is in use (as opposed to xterm-16color or xterm-256color). This better supports programs such as byobu that send these sequences under plain xterm.
When switching between normal and alternate screens, the SSH Client would fail to clear the alternate screen. Fixed.
When using xterm and other protocols except bvterm and ANSI, the SSH Client would previously start set to use "application" cursor keys. To start with "standard" cursor keys, the setting Alt. cursor keys had to be enabled, or in stermc the parameter -altCurs had to be used.
The SSH Client will now start by default using "standard" cursor keys. The relevant setting has been replaced with App. cursor keys, and stermc now supports the parameter -appCurs to start instead with "application" cursor keys.
Changed Unicode character widths for about 6% of assigned Unicode code points from 0 to 1, and for another ~8% of code points from 2 to 1. This aligns more closely with character widths used by servers and avoids unintended discrepancies in rendering.
On the Terminal tab, the SSH Client's Default colors dialog now provides both the "Old Windows" and "New Windows" palette options. To match use of colors in other terminals, the New Windows palette is now the default choice. Previously, it was xterm.
The command line terminal client, stermc, now also supports the new palette choices using the -palette parameter.
When using bvterm, the new Windows 10 console produces cursor artifacts when the cursor is moved outside the viewport. The SSH Client now takes steps to avoid this.
SSH Server Remote Control Panel:
When using the CSV export feature in the SSH Server Remote Control Panel for SSH Server versions 8.xx, the CSV export would fail if the data contained a reversibly encrypted password or secret key. Fixed.
https://www.bitvise.com/ssh-client
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
Fix: Ctrl-click with hyperlink=yes doesn't do anything [#184]
Fix: Hyperlink URL parser does not include closing parenthesis [#213]
Fix: Auto-login password is denied randomly [#59]
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(https://i.postimg.cc/pTKsLpr4/GrafX2.png)
NetMod is a lightweight utility that can act as a proxy server with advanced capabilities, namely the ability to modify requests and access blocked websites behind the firewall. As you probably hinted, the application comes with a built-in SSH client, OpenVPN and SSL/TLS tunneling, so you are able to access everything blocked for your system or geographic area.
Freeware
Whats new:>>
-Add new feature: UDP support checker after vpn service started (experimental)
-Add TLS Type: force TLSv1.3
-Add Save Dialog after exiting
-Small fix: TAP Manager
https://sourceforge.net/projects/netmodhttp/
-
Whats new:>>
fix: wrong 0.74 merge in terminal.c and terminal.h files
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Fix: Mouse support broken
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
-Add new feature: What's My IP in (Tools)
-Improve Self-Updater
-Fix known bug
https://sourceforge.net/projects/netmodhttp/
-
Changelog
Security bugfixes:
The "redirect" option was fixed to properly handle "verifyChain = yes" (thx to Rob Hoes).
OpenSSL DLLs updated to version 1.1.1h.
New features:
New securityLevel configuration file option.
FIPS support for RHEL-based distributions.
Support for modern PostgreSQL clients (thx to Bram Geron).
Windows tooltip texts updated to mention "stunnel".
TLS 1.3 configuration updated for better compatibility.
Bugfixes:
Fixed a transfer() loop bug.
Fixed memory leaks on configuration reloading errors.
DH/ECDH initialization restored for client sections.
Delay startup with systemd until network is online.
binlibssp-0.dll removed when uninstalling.
A number of testing framework fixes and improvements.
https://www.stunnel.org/index.html
-
Whats new:>>
fix: remove remaining debug file
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
feat: add Left and Top parameters for Configuration position
feat: add shell parameter for pscp integration
fix: When reconnecting the kitty window (which is being hidden in the tray) will cause the active window to lose focus [#238]
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
Ui: Upgrade to antd v4 (#1867)
Feat: Support colorful file icon (#1868)
Feat: Support UI theme, add default bright theme
Fix: Use 127.0.0.1 as default server addr (#1877)
Fix: Fix gitee setting sync (#1878)
Test: Add upgrade check test (#1879)
Fix: Fix default theme config check (#1880)
Fix: Fix non English language input support
https://github.com/electerm/electerm
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
New feature: Reload the shared connections file at runtime (File->Reload shared)
Cluster Mode: New option to restore the old behaviour when closing the sessions (File->Preferences->Cluster Mode)
New pop-up dialog to inform the user about the new 64 bit builds when upgrading
Minor changes to the GUI
http://winsshterm.blogspot.com/
-
Whats new:>>
Feat: Show quick commands when mouseover
Code: Rewrite upgrade check module
Ui: Fix file manager selected item color
Feat: Add notification for rz upload size limit
Ui: Improve sftp transfer UI
Ui: Add transfer animation for tab ui
https://github.com/electerm/electerm
-
Whats new:>>
ui: Fix close split icon
https://github.com/electerm/electerm
-
Whats new:>>
ui: Scrollbar width increase to 7px
ui: Back to click to open quick commands
code: Use webpack 5 (#1900)
security: Use ipc, disable remote module (#1897)
security: Use preload, disable nodeIntegration (#1895)
https://github.com/electerm/electerm
-
Whats new:>>
Perf: Accelerate app start (#1904)
https://github.com/electerm/electerm
-
Whats new:>>
Fix: Fix context menu when disable sftp (#1914)
Fix #1909 fix: Fix cancel single transfer function
Build: Remove happyPack
Build: fix hot reload
Fix: Fix reload support
Feat: Support reload to make language change take effect
https://github.com/electerm/electerm
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
feat: Update window maximize status when window move
feat: Support maximize in all displays
fix #1915 fix: Copy remain terminal focus
code: Partial code refractor
https://github.com/electerm/electerm
-
Whats new:>>
fix: Fix side bookmark/history list not update issue
https://github.com/electerm/electerm
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
New option to remember the last triggered connection in the search window (File->Preferences->Misc->Search)
New option to automatically follow the tabs in the connection window (File->Preferences->General)
Bug fix: Search window not preselecting any window in some cases
GUI: Enabled double buffering for some child windows where drawing performance is not critical to prevent flicker
GUI: Changed background color of dock panes when using the dark tab mode to reduce flicker
Minor changes to the GUI
http://winsshterm.blogspot.com/
-
Whats new:>>
Fix #1919 fix: Show terminal search icon
Feat: Support keyboard interactive (#1921)
Fix #1916 feat: Download upgrade with global proxy (#1918)
https://github.com/electerm/electerm
-
Whats new:>>
fix #1924 fix: Fix get current display function
test: Add switch to history test
fix #1920 fix #1874 fix: Fix open folder in root bug for windows
fix #1926 fix: Fix no history switch to history tab crash app
feat: Show ssh keyboard interactive instructions in promote
https://github.com/electerm/electerm
-
Whats new:>>
Fix #1923 fix: Fix bookmark quick command not working issue
Feat: Add ignore button in terminal keyboard interactive
Fix #1929 feat: Add sftp traffic icon and terminal activity icon to session tab UI
https://github.com/electerm/electerm
-
Whats new:>>
Feat: Show normal buffer text when press cmd + ArrowUp in alt buffer (like vi) (#1934)
Feat: Add index number to default terminal title
Feat: Add ignore keyboard interactive option in bookmark setting
Fix: Fix 1.5.3 upgrade script
https://github.com/electerm/electerm
-
(https://i.postimg.cc/nrbYqRY7/screenshot-2584.png)
PuTTY Tunnel Manager allows you to easily open tunnels, that are defined in a PuTTY session, from the system tray. You can also move the tunnels from PuTTY to PuTTY Tunnel Manager. This allows you to use PuTTY just for SSH shell sessions (without opening tunnels), and use PuTTY Tunnel Manager just for tunneling.
MIT License
Whats new:>>
Logging to windows logs on crashes (#32)
Show forwarded ports in tray icon menu (#33)
https://github.com/kostapc/Putty-Tunnel-Manager
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
Fix: There seems to be no "help" command on command line #138
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
fix: A2F problem without using Autopassword #243
fix: When using 2FA credentials, the command set to be auto-executed is sent as password #245
fix: Minor UI bug – Load button loads current selection but then moves to the next saved session #256
feat: add more debug informations
web: pages update
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Fix #1951 fix: Fix transfer speed in windows
Fix #1953 ui: Fix setting menu UI
Fix #1955 feat: Support encrypt bookmarks
Fix #1785 feat: Remove reload shortcut(cmd/ctrl + R)
Fix #1954 feat: Add download empty sync gist warning
Feat: Support bookmark local session (#1947)
Fix #1945 fix: Fix ctrl + tab switch tabs
Code refractor: setting-modal
UI: New setting modal UI (#1944)
https://github.com/electerm/electerm
-
Whats new:>>
fix #1965 fix: Fix IME support in search Component
fix: Avoid create gist when gist id already set
fix #1956 fix: Start port from 30975
fix #1962 fix: Fix setting tab unclickable issue (#1964)
https://github.com/electerm/electerm
-
Whats new:>>
Feat: new "New duplicated session..." menu item
Feat: [Feature Request]: "__nw:" command #158
Fix: in potable mode, remove "fake" session that starts with "__"
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Fix: Fix setting tabs can not click issue
https://github.com/electerm/electerm
-
Whats new:>>
feat: add a proxy list choice in the main configuration window
fix: BUGs in v0.74.3.5 #255
fix: Explain recent changes in PuTTY source code with cryptographic functionality #234
fix: -help option: add menu option to resize font
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Changelog
Version information:
The SSH Server's upgrade access amnesty continues, so that all users of previous 8.xx version can update to the latest version with accumulated fixes. The minimum upgrade access to use this version is October 23, 2018.
We are at this point highly confident in the security, stability and compatibility of our latest 8.xx versions. We are aware of users still relying on versions 7.xx and 6.xx, and sometimes even older. The SSH Server is security-sensitive, network-facing software, and updating is the only way to receive the latest security and reliability fixes. We suggest all users update.
Automatic updates:
If the automatic update process encountered an error while downloading a new version installer from the primary download location, resulting in a partial executable being stored; and if download was then successful from the secondary download location; the resulting executable would be corrupted. Fixed.
Improved the automatic update locking mechanisms.
Control Panel and settings:
When the SSH Server Control Panel was started hidden in the system notification area, it would cause a phantom Alt-Tab menu entry to appear. Fixed.
Generating a new employed certificate for FTPS did not immediately update certificate information on the Server tab. Fixed.
When monitoring session activity on busy servers, the Activity tab could experience repeated overflows of events from the SSH Server. Buffering flexibility has been improved to reduce this problem.
Fixed a GDI leak that could lead to resource exhaustion in the SSH Server Control Panel (not the main SSH Server process). This could happen, for example, if UI elements were opened and closed a very large number of times that is not usually experienced by users.
General:
Previous SSH Server versions came configured by default to limit the number of sessions with processes to 60. This can be easily changed, but requires finding the setting in Advanced settings, under Session. The default limit accommodated an OS desktop heap limitation in Windows XP and Windows Server 2003, which are now rarely used. For new settings, the default limit is now 500 sessions, and applies to all sessions (not only sessions with processes).
The SSH Server process could stop unexpectedly if settings in Advanced settings, under Logging, were first configured so that the settings description event would not be logged, and then changed so that it's logged. Fixed.
BvShell:
Improved compatibility of BvShell with virtual filesystem settings configured as blind drops. BvShell will no longer fail to start if the initial directory cannot be opened for listing.
https://www.bitvise.com/ssh-server
-
Changelog
Automatic updates:
If the automatic update process encountered an error while downloading a new version installer from the primary download location, resulting in a partial executable being stored; and if download was then successful from the secondary download location; the resulting executable would be corrupted. Fixed.
Improved the automatic update locking mechanisms.
SSH:
When displaying the host key received from the server, the SSH Client will now display the signature algorithm (e.g. RSA over SHA-256) rather than just the host key algorithm (e.g. RSA).
Graphical client:
When the SSH Client was started hidden in the system notification area, it would cause a phantom Alt-Tab menu entry to appear. Fixed.
SFTP:
When uploading files using SFTP v6; and if the server advertises support for either the block flag SSH_FXF_BLOCK_WRITE or the combination SSH_FXF_BLOCK_WRITE | SSH_FXF_BLOCK_ADVISORY; then the SSH Client will request one of these block flags when opening the file. This is to prevent premature actions by other server-side processes or file transfer clients that can modify or corrupt the file before the upload is complete.
Uploading to a blind drop location that does not permit a directory listing could crash the SFTP window or the SSH Client process. Fixed.
For improved compatibility with blind drops, it is now possible to navigate the Local and Remote panes to any location, even one that results in an error or does not allow a directory listing. An error dialog will be displayed when attempting to list such a directory, but it is now possible to try transferring files to or from such locations regardless.
Command-line clients:
The log utility would output its own newlines as CRLF, but would record newlines from child processes as they were written by the process. If the child process used LF newlines (without CR), the output newline convention would be inconsistent. The log utility now consistently outputs newlines as CRLF.
https://www.bitvise.com/ssh-client
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
Fix #1974 ui: Remove tabs as system drag area to avoid some menu tab unable to be clicked issue
Fix #1971 feat: Support pin bookmark and history panel (#1981)
Fix #1986 feat: Send check info request with delay to reduce cpu usage in terminal info modal
Fix #1985 ui: make transfer control icon bigger
Ui: Remove drag-to-select function (#1988)
Perf: Reduce transfer UI cpu load
Fix: Fix delete folder in windows
Fix: Fix context menu in local file manager
Feat: Remove serialport support for windows (#1994)
Code: Use dayjs to reduce bundle size (#1993)
https://github.com/electerm/electerm
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
fix: Deleting [..] one folder deep, deletes all saved sessions and folders, and reverts "Default Settings" file #263
feat: [Feature request] Confirm long text paste (as in ConEmu) #261
feat: IDEA: Title window with SOCKS port #209
feat: new proxy definition is available for plink too
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
[perf] Use web worker to increase performance (#2001)
[perf] Improve terminal UI performance
[perf] Improve sftp transfer performance (#1998)
https://github.com/electerm/electerm
-
Whats new:>>
Fix #2004 [fix] Fix communication with websocket in web worker (#2005)
Make batch input auto expand to full width
https://github.com/electerm/electerm
-
Whats new:>>
fix: Configdir parameter must be an absolute path #265
feat: [Feature request] New Duplicate Session... with selected Host Name #259
feat: [Feature Request]: "User proxy" and "__nw:" command #158
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
[experimental] Support mac arm64(Download the mac-arm.dmg)
[feat] Upgrade to electron 11 (#2012)
[feat] fix #2008 Remove serialport support(can not get it built, if you need it, please try the old release < 1.10.14)
[ui] Auto expand batch input when mouse over
[feat] Provide password auto complete for bookmark form(Select from other bookmark's password list) (#2006)
https://github.com/electerm/electerm
-
Whats new:>>
[fix] Fix build for mac-arm64 (#2015)
[perf] Increase startup speed(Use ipc to verify server start) (#2014)
https://github.com/electerm/electerm
-
Whats new:>>
merge request: fix ipv4 port forwards window #270
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Fix #2018 [fix] Fix run cmd in windows (#2024)
https://github.com/electerm/electerm
-
Whats new:>>
[fix] Fix worker may not load in time issue
[chor] Fix brew install guide by @kawarimidoll
[warn] The mac-arm64 build may still not work
https://github.com/electerm/electerm
-
Changelog
SFTP:
Since version 8.45, the SSH Client now uses SFTP v6 file open block flags SSH_FXF_BLOCK_WRITE and SSH_FXF_BLOCK_ADVISORY if the server advertises support for them. This helps avoid corruption of files while they are being transferred. We have received a report of a server that advertises support for these flags, but fails an open request if the flags are used. The SSH Client will now repeat an open request that fails this way, without the flags.
Command-line clients:
When using Bitvise SSH Client command line clients sftpc, stermc, sexec, stnlc or spksc using a -keypairFile parameter that points to an encrypted keypair in non-Bitvise format, but without a -keypairPassphrase parameter that would provide a decryption passphrase, the SSH Client would display a cryptic error. The error is now less cryptic.
https://www.bitvise.com/ssh-client
-
Whats new:>>
Feat: IDEA: Title window with SOCKS port #209
Fix: "Close+Restart" when "inactive" #273
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Fix: fix worker websocket memory leak
Feat: Instantly switch terminal encoding (#2043) by @mmagi
https://github.com/electerm/electerm
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
Fix: clear button does not reset selected session name
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Fix the problem that some requests remain pending after long time use (H2 connection retention time is reduced to 30s)
https://github.com/electerm/electerm
-
Whats new:>>
Fix: Fix local exec param support.
https://github.com/electerm/electerm
-
Changelog
Security bugfixes:
The "redirect" option was fixed to properly handle unauthenticated requests (thx to Martin Stein).
Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr Strukov).
OpenSSL DLLs updated to version 1.1.1j.
New features:
New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers).
'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value.
Initial FIPS 3.0 support.
Bugfixes:
X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates.
Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning).
Merged Debian 05-typos.patch (thx to Peter Pentchev).
Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev).
Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev).
Fixed tests on the WSL2 platform.
NSIS installer updated to version 3.06 to fix a multiuser installation bug on some platforms, including 64-bit XP.
Fixed engine initialization (thx to Petr Strukov).
FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available.
https://www.stunnel.org/index.html
-
Changelog
2021.02.24 -- Version 2.5.1
Arne Schwabe (5):
Fix auth-token not being updated if auth-nocache is set
Remove auth_user_pass.wait_for_push variable
Fix port-share option with TLS-Crypt v2
Zero initialise msghdr prior to calling sendmesg
Fix tls-auth mismatch OCC message when tls-cryptv2 is used.
David Sommerseth (1):
build: Fix missing install of man page in certain environments
Domagoj Pensa (3):
Fix too early argv freeing when registering DNS
Remove 1 second delay before running netsh
Skip DHCP renew with Wintun adapter
Gert Doering (6):
Change travis build scripts to use https when fetching prerequisites.
Fix line number reporting on config file errors after <inline> segments
Clarify --block-ipv6 intent and direction.
Document common uses of 'echo' directive, re-enable logging for 'echo'.
Make OPENVPN_PLUGIN_ENABLE_PF failures FATAL
clean up / rewrite sample-plugins/defer/simple.c
Greg Cox (5):
Fix naming error in sample-plugins/defer/simple.c
Documentation fixes around openvpn_plugin_func_v3 in openvpn-plugin.h.in
Update openvpn_plugin_func_v2 to _v3 in sample-plugins/defer/simple.c
More explicit versioning compatibility in sample-plugins/defer/simple.c
Explain structver usage in sample defer plugin.
Richard Bonhomme (1):
Man page sections corrections
Selva Nair (1):
Quote the domain name argument passed to the wmic command
Steffan Karger (2):
tls-crypt-v2: fix server memory leak
tls-crypt-v2: also preload tls-crypt-v2 keys (if --persist-key)
2020.10.27 -- Version 2.5.0
(no changes relative to v2.5_rc3)
2020.10.15 -- Version 2.5_rc3
Arne Schwabe (2):
Allow 'none' cipher being specified in --data-ciphers
Add function for common env setting of verify user/pass calls
David Sommerseth (1):
compat/lz4: Update to v1.9.2
Gert Doering (2):
Fix redirecting of IPv4 default gateway if connecting over IPv6.
Avoid passing NULL to argv_printf_cat() in temp_file error case.
Jan Seeger (1):
Added 'route_ipv6_metric_NN' environment variable for IPv6 route metric.
Richard Bonhomme (1):
Improve error msg when all TAP adapters are in use 'or disabled'
Steffan Karger (1):
networking_iproute2: fix memory leak in net_iface_mtu_set()
Vladislav Grishenko (2):
Selectively reformat too long lines
Speedup TCP remote hosts connections
https://openvpn.net/
-
Whats new:>>
Fix: Fix failed connection breaks app issue
UI: Set list title tooltip postion to top
Lang: Add Japanese language support by @hououinkami
https://github.com/electerm/electerm
-
Whats new:>>
Fix: [Suggestion] In Kageant add to the menu "Open KiTTY": #275
Fix: "Assertion failed" fatal error when clicking on "Clear" button #278
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Fix #2074 fix: Fix support for electron command line params
https://github.com/electerm/electerm
-
Whats new:>>
[feat] Use standalone exec params input
[fix] Term type default setting will be default bookmark term type
[fix] Fix close file conflict modal function
[chor] Add the way of installing with scoop in windows to README by @Bennett-Yang (#2080)
[fix] Fix batch input UI issue
https://github.com/electerm/electerm
-
Whats new:>>
fix: Fix exec config in settings
https://github.com/electerm/electerm
-
Whats new:>>
feat: Support show owner and group info in file list(For mac and linux)
fix: Fix read windows drives (#2094)
https://github.com/electerm/electerm
-
Changelog
Version information:
The SSH Server's upgrade access amnesty continues, so that all users of previous 8.xx version can update to the latest version with accumulated fixes. The minimum upgrade access to use this version is October 23, 2018.
We are at this point highly confident in the security, stability and compatibility of our latest 8.xx versions. We are aware of users still relying on versions 7.xx and 6.xx, and sometimes even older. The SSH Server is security-sensitive, network-facing software, and updating is the only way to receive the latest security and reliability fixes. We suggest all users update.
Control Panel and settings:
Newly created virtual groups no longer have a default mount point that maps the virtual root directory to C:\SftpRoot. Users of Advanced settings who were unaware of this default mount point found the behavior confusing if they did not create a mount point for the virtual root in individual account settings.
When a new virtual account is created using Advanced settings, it will now by default have no mount points at all. Virtual accounts created using Easy settings will continue to have a default Limit to root directory setting that restricts the user to C:\SftpRoot.
Fixed a situation where settings scrolling could behave incorrectly after expanding and collapsing certain help texts.
General:
Added optional trace log events for unsuccessful UPnP NAT forwarding add/remove actions.
Terminal:
When using the bvterm terminal on earlier versions of Windows, if the user pressed Ctrl+S, this could cause the terminal server to stop accepting input. Fixed.
https://www.bitvise.com/ssh-server
-
Changelog
SSH:
The SSH Client will now recognize a server with "MFT" in its SSH version string as a variant of "J2SSH_Maverick". This means the SSH Client will no longer send SSH_MSG_EXT_INFO by default to such servers. See the previous compatibility change for J2SSH_Maverick, in version history for SSH Client version 8.42.
Authentication:
When the -keypairFile parameter is used to specify a password-protected keypair in a non-Bitvise format, and no valid passphrase is provided, the log message will now be more useful.
Remote Desktop:
When using the single-click Remote Desktop forwarding feature on an ARM version of Windows, the SSH Client will now disable hooking of the Remote Desktop client (MSTSC). The SSH Client normally does this on Windows x86 and x64 so that the Remote Desktop window title can reflect the destination of the Remote Desktop connection. However, this prevented single-click Remote Desktop forwarding from functioning on ARM versions of Windows.
https://www.bitvise.com/ssh-client
-
Changelog
Security bugfixes:
OpenSSL DLLs updated to version 1.1.1k.
New features:
Client-side "protocol = ldap" support (thx to Bart Dopheide and Seth Grover).
Bugfixes:
The test suite fixed not to require external connectivity.
Fixed paths in generated manuals (thx to Tatsuki Makino).
Fixed configuration reload when compression is used.
Fixed compilation with early releases of OpenSSL 1.1.1.
https://www.stunnel.org/index.html
-
Whats new:>>
Feature: Ignore case for file manager sort
Feature: Add cursor blink option in settings (#2106)
Bug fix: Fix check update option in settings
Ui: Support hide menu, only show terminal
https://github.com/electerm/electerm
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Whats new:>>
Fix: KiTTY is not accepting keyboard input when reconnecting.
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
partial fix: in portable mode, Kageant read sessions list in registry, not on disk
Unfortunately kageant can't be present in this release.
Please use the embedded version of the agent with the command kitty.exe -runagent.
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
Fix: Unable to open file in editor with CTRL+SHFT_F2 #289
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Changelog
Arne Schwabe (10):
Avoid generating unecessary mbed debug messages
Restore also ping related options on a reconnect
Cleanup print_details and add signature/ED certificate print
Always disable TLS renegotiations
Also restore/save route-gateway options on SIGUSR1 reconnects
Move context_auth from context_2 to tls_multi and name it multi_state
Fix condition to generate session keys
Move auth_token_state from multi to key_state
Ensure auth-token is only sent on a fully authenticated session
Ensure key state is authenticated before sending push reply
Gert Doering (2):
Fix potential NULL ptr crash if compiled with DMALLOC
Preparing release 2.5.2
Max Fillinger (2):
In init_ssl, open the correct CRL path pre-chroot
Abort if CRL file can't be stat-ed in ssl_init
Richard Bonhomme (1):
Do not print Diffie Hellman parameters file to log file
Simon Rozman (1):
openvpnserv: Cache last error before it is overridden
Vladislav Grishenko (1):
Fix IPv4 default gateway with multiple route tables
https://openvpn.net/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
fix: Fix fullscreen function
feature: Add open all bookmarks icon for category
fix: Fix quick command running(new line behavior) in windows
feature: Add disable ssh option in bookmark setting
https://github.com/electerm/electerm
-
(https://i.postimg.cc/3R7fx8jK/screenshot-3050.png)
Improve the way you handle your SSH connections by relying on this Electron-based, modern-looking, and user-friendly client for SSHFS-Win.
MIT License
Changelog
Allow browsing for private key file PR #79; Thank you to @nadimz
Add drive D: to the list of available drive letters; #66
Sort command line params list; PR #81; Thank you @MatrixDJ96
Fix limited UI custom params list; #87
Option to try reconnecting on connection lost; #64 and #89
Support for automatic drive letter assignment; #85
Others fixes and improviments
https://github.com/evsar3/sshfs-win-manager
-
Whats new:>>
Fix: in portable mode, Kageant read sessions list in registry, not on disk
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
fix: issue with configuration file in portable mode
Quelle : https://github.com/cyd01/KiTTY/releases
http://kitty.9bis.net/
-
Whats new:>>
bug fix: Fix promotes UI which cause long promote not showing properly
ui: Display terminal background image in cover mode (#2125) by @swgloomy
https://github.com/electerm/electerm
-
(https://i.postimg.cc/qBP6j5tb/screenshot-1802.png)
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator.
Freeware
Changelog
Security fix: on Windows, a server could DoS the whole Windows GUI by telling the PuTTY window to change its title repeatedly at high speed.
Pageant now supports loading a key still encrypted, and decrypting it later by prompting for the passphrase on first use.
Upgraded default SSH key fingerprint format to OpenSSH-style SHA-256.
Upgraded private key file format to PPK3, with improved passphrase hashing and no use of SHA-1.
Terminal now supports ESC [ 9 m for strikethrough text.
New protocols: bare ssh-connection layer for use over already-secure IPC channels, and SUPDUP for talking to very old systems such as PDP-10s.
PuTTYgen now supports alternative provable-prime generation algorithm for RSA and DSA.
The Unix tools can now connect directly to a Unix-domain socket.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://i.postimg.cc/t4GXCgrk/screenshot-1371.png)
PuTTY Key Generator, also known by the PuTTYgen moniker, is a small yet efficient program that can generate RSA and DSA keys for use with the OpenSSH authorized_keys file. It is a component of PuTTY and can be installed automatically with the Telnet client, but the chances are you would also see it incorporated in other third-party software.
MIT License
Changelog
Security fix: on Windows, a server could DoS the whole Windows GUI by telling the PuTTY window to change its title repeatedly at high speed.
Pageant now supports loading a key still encrypted, and decrypting it later by prompting for the passphrase on first use.
Upgraded default SSH key fingerprint format to OpenSSH-style SHA-256.
Upgraded private key file format to PPK3, with improved passphrase hashing and no use of SHA-1.
Terminal now supports ESC [ 9 m for strikethrough text.
New protocols: bare ssh-connection layer for use over already-secure IPC channels, and SUPDUP for talking to very old systems such as PDP-10s.
PuTTYgen now supports alternative provable-prime generation algorithm for RSA and DSA.
The Unix tools can now connect directly to a Unix-domain socket.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Whats new:>>
bug fix: Fix transparent support
update: Use host name as terminal log name (#2141)
feature: Store encrypted password in db file(#2131)
https://github.com/electerm/electerm
-
Changelog
General:
The Notes tab is now scrollable and may contain much more text.
SFTP:
SSH Client version 8.46 introduced an issue where text file uploads would not work when using the file transfer modes Auto Std or Text, which are available in SFTP protocol versions 4 and 6. Fixed.
When downloading a file using the Auto Std file transfer mode, which is available in SFTP protocol versions 4 and 6, the SSH Client first opens the file in binary mode. If the client detects that the file is textual, it closes and reopens the file using the flag SSH_FXF_TEXT_MODE.
Some servers do not handle this scenario gracefully and do not allow the file to be reopened. With these servers, the Auto Std mode cannot work. In this case, the SSH Client will now display a more useful error to suggest changing the file transfer mode.
The SFTP v4 draft specification from 2002 contains a typo in the definition of SSH_FILEXFER_ATTR_PERMISSIONS. This flag is defined with incorrect value 0x40 instead of the correct value, 0x04. This conflicts with previous and subsequent SFTP versions, as well as SSH_FILEXFER_ATTR_ACL defined in the same draft. Implementations should use the correct value, 0x04.
There exist implementations of SFTP v4 that do not identify this error, and do not use the correct value. To aid compatibility with such servers, the SSH Client will no longer request SSH_FILEXFER_ATTR_PERMISSIONS as part of SSH_FXP_LSTAT if the Permissions column is not enabled on the Remote pane of the Browse tab.
https://www.bitvise.com/ssh-client
-
Whats new:>>
Fix build for Linux
Upgrade to electron 12
https://github.com/electerm/electerm
-
Changelog
SCP:
When uploading files using the SCP protocol, if an attempt to write file data or set the file time failed, the SSH Server's file transfer subsystem would abort (abruptly ending the SCP exchange) instead of properly reporting the error. The SSH Server will now more properly report such errors.
https://www.bitvise.com/ssh-server
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Re-attaching the terminal window now possible (new Option under File->Preferences->General)
Cluster Mode: new option to set another SSH user (Cluster Mode->Open as user)
Search Window: Adjusting width of drop down box to fully display the search results
Feature 'Convert OpenSSH Key': improved implementation
KiTTY: after resizing the terminal font with CTRL+Mousewheel the terminal window size now gets correctly adjusted
Minor changes to the GUI
Build environment: Upgrade to Visual Studio 2019
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
update: Click setting/theme/sync button again will trigger hide panel
feature: Add use system title bar option in settings
https://github.com/electerm/electerm
-
Whats new:>>
Add privacy notice link and build appx and nsis release for windows (no need to upgrade)
https://github.com/electerm/electerm
-
(https://i.postimg.cc/TYQVdZv0/Quip.png)
Generate the files and parameters that are necessary for an OpenVPN server and client to run properly with commands using this app.
Freeware
Whats new:>>
Updates OpenSSL to 1.1.1k
Fixes a bug where client creation could delete required folders
Various bug fixes and enhancements
https://www.sparklabs.com/blog/openvpn-configuration-generator/
-
(https://s26.postimg.cc/lm2sdcvpl/screenshot_533.png)
mRemoteNG is a fork of mRemote: an open source, tabbed, multi-protocol, remote connections manager. mRemoteNG adds bug fixes and new features to mRemote.
It allows you to view all of your remote connections in a simple yet powerful tabbed interface.
mRemoteNG supports the following protocols:
RDP (Remote Desktop/Terminal Server)
VNC (Virtual Network Computing)
ICA (Citrix Independent Computing Architecture)
SSH (Secure Shell)
Telnet (TELecommunication NETwork)
HTTP/HTTPS (Hypertext Transfer Protocol)
rlogin (Remote Login)
Raw Socket Connections
License: GPLv2
Changelog
ADDED:
#1512: Added option to close panel from right click menu
#1434: Revised sort button in connection tree to be able to sort in both orders
#1400: Added file download handling to HTTP(S) connections using Gecko
#1385: Added option to start mRemoteNG minimized
#826: Allow selecting RDP version to use when connecting
CHANGED:
#1544: Improved Polish translations
#1518: Inheritance is no longer automatically enabled when importing nodes from Active Directory
#1468: Improved mRemoteNG startup time
#1443: Chinese (simplified) translation improvements
#1437: Norwegian translation improvements
#1378: Hyperlinks embedded within mRemoteNG now open in the system default browser
#1239: Increased default key derivation function (KDF) iterations from 1000 to 10000
#718: Moved port property from 'protocol' to 'connection' section
Moved most RDP enums outside of the RDP protocol class. Scripts which reference these enums will need to be updated.
Removed the "Automatically get session info" from the advanced options screen since it is no longer used.
FIXED:
#1505: About screen now better follows theme colors
#1493: Updated database setup scripts for MSSQL and MySQL
#1470: The "Favorite" setting is now properly saved in the local connection settings file (not saved in database)
#1447: Exception occurs when resetting layout
#1439: Searching in hosts tree loses first keystroke
#1428: Fixed a rare error when checking for FIPS
#1426: Tabbing is reversed in config window
#1425: Connections didn't always respect the panel property
#841: Allow for sorting in port scan results
#617: Added missing description for password protect field in root node
#553: Browser language not set when using Gecko rendering engine
#323: Wallpaper always shows in RDP connections, even when turned off
https://mremoteng.org/
-
(https://i.postimg.cc/pTKsLpr4/GrafX2.png)
NetMod is a lightweight utility that can act as a proxy server with advanced capabilities, namely the ability to modify requests and access blocked websites behind the firewall. As you probably hinted, the application comes with a built-in SSH client, OpenVPN and SSL/TLS tunneling, so you are able to access everything blocked for your system or geographic area.
Freeware
Whats new:>>
Bug fix SSL Socket terminate wait
Bug fix V2Ray TCP's header type
https://sourceforge.net/projects/netmodhttp/
-
(https://i.postimg.cc/qBP6j5tb/screenshot-1802.png)
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator.
Freeware
Changelog
New option to abandon an SSH connection if the server allows you to authenticate in a trivial manner.
Bug fix: Windows PuTTY crashed when the 'Use system colours' option was used.
Bug fix: crash on Windows when using MIT Kerberos together with 'Restart Session'.
Bug fix: Windows PuTTY leaked named pipes after contacting Pageant.
Bug fix: Windows PuTTY didn't update the window while you held down the scrollbar arrow buttons long enough to 'key-repeat'.
Bug fix: user colour-palette reconfiguration via 'Change Settings' were delayed-action.
Bug fix: server colour-palette reconfigurations were sometimes lost.
Bug fix: a tight loop could occur on reading a truncated private key file.
Bug fix: the Windows Pageant GUI key list didn't display key lengths.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://i.postimg.cc/t4GXCgrk/screenshot-1371.png)
PuTTY Key Generator, also known by the PuTTYgen moniker, is a small yet efficient program that can generate RSA and DSA keys for use with the OpenSSH authorized_keys file. It is a component of PuTTY and can be installed automatically with the Telnet client, but the chances are you would also see it incorporated in other third-party software.
MIT License
Changelog
New option to abandon an SSH connection if the server allows you to authenticate in a trivial manner.
Bug fix: Windows PuTTY crashed when the 'Use system colours' option was used.
Bug fix: crash on Windows when using MIT Kerberos together with 'Restart Session'.
Bug fix: Windows PuTTY leaked named pipes after contacting Pageant.
Bug fix: Windows PuTTY didn't update the window while you held down the scrollbar arrow buttons long enough to 'key-repeat'.
Bug fix: user colour-palette reconfiguration via 'Change Settings' were delayed-action.
Bug fix: server colour-palette reconfigurations were sometimes lost.
Bug fix: a tight loop could occur on reading a truncated private key file.
Bug fix: the Windows Pageant GUI key list didn't display key lengths.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Whats new:>>
[feature]: Support compress and transfer folder in sftp(auto uncompress)
[feature] Preview font style in font setting
[feature]: Add clear sync setting button
https://github.com/electerm/electerm
-
Changelog
SFTP:
When used under Parallels for Mac, the SSH Client was unable to list folders shared by the Mac (for example, \MacHomeDesktop). This arose because the SSH Client used an advanced Windows filesystem API which the Mac does not implement. The SSH Client now uses a simpler version of this API, allowing the listing of Mac folders.
Sftpc:
The get command now supports a -wait switch. This causes the get command to wait for the server's confirmation that the file has been closed before continuing any further actions. When used with conjunction with -del, this causes sftpc to wait for the server's confirmation that the file has been closed before attempting to delete the file.
Sftpc now supports a new wait command. This causes sftpc to wait until it receives from the server any pending confirmations for file and directory close requests, before proceeding with any other actions. If there are no outstanding close requests pending confirmations, the wait command does nothing.
Stermc:
When using the stermc terminal shell command-line client, if the remote shell exited with a non-zero exit code, the SSH Client's totermc or bvtermc terminal client process would continue to run after stermc exits. These processes would potentially interfere with console input. Fixed.
Command-line clients:
When input or output is redirected, then by default, the SSH Client's command-line clients (including sftpc, sexec, stnlc, stermc and spksc) will now use the input/output code page associated with the console in which they run (Windows functions GetConsoleCP and GetConsoleOutputCP), instead of the system-wide ANSI code page (Windows function GetACP). This causes output from Bitvise command-line clients to respect the code page set using chcp. For example, when chcp has been used, sftpc >> file.txt will now use the same code page as echo xxxx >> file.txt.
Improved BOM handling when output is redirected with code pages UTF-8, UTF-16, and UTF-16BE. The BOM will now be consistently emitted when redirecting into an empty file, but not when redirecting into a non-empty file or a stream.
https://www.bitvise.com/ssh-client
-
Whats new:>>
New features:
fix #2185 Add keepalive interval setting
fix #2200 Add open bookmarks on app start setting (#2208)
Bug fixes:
fix #2204 Fix wrong focus when have multi split terminal
fix #2201 Remove path validate
Fix compress and download function
https://github.com/electerm/electerm
-
Whats new:>>
UI:
Make close setting icon bigger
Remove tooltip for list title
New Quick command UI
New features:
Support export/import quick commands
https://github.com/electerm/electerm
-
Changelog
New features:
New 'sessionResume' service-level option to allow or disallow session resumption
Added support for the new SSL_set_options() values.
Download fresh ca-certs.pem for each new release.
Bugfixes:
Fixed 'redirect' with 'protocol'. This combination is not supported by 'smtp', 'pop3' and 'imap' protocols.
Enforced minimum WIN32 log window size.
Fixed support for password-protected private keys with OpenSSL 3.0 (thx to Dmitry Belyavskiy).
Added missing TLS options supported in OpenSSL 1.1.1k.
https://www.stunnel.org/index.html
-
Whats new:>>
New feature: Quick command labels
Remove serial port support
Bug fix: Fix crash when open settings
For snap user, please reinstall with snap install electerm --classic since electerm has been granted classic confinement to resolve permission issue like can not use sudo or can not get font list
https://github.com/electerm/electerm
-
Whats new:>>
Quick bug fix: Fix create quick command function
https://github.com/electerm/electerm
-
(https://i.postimg.cc/TYtd4jmP/screenshot-1245.png)
Conveniently manage the hierarchy of SSH sessions and tunnels that are created during the port forwarding using this straightforward app.
License: GPLv2
Whats new:>>
Fixed: Able to use the same port number for both -L and -R like Cygwin and Linux allows
https://sourceforge.net/projects/doffensshtunnel/
-
(https://i.postimg.cc/FHhm9FGC/debian.png)
A stylish and free of cost SSH client that allows secure connections to any of your regular or SQL servers, and helps you generate public-private key sets.
Freemium
Whats new:>>
User interface patch for Mac OS Big Sur
https://www.sshdesk.com/en/index.html
-
Changelog
For OpenSSL 3.0 a Migration guide has been added, so the CHANGES entries listed here are only a brief description. The migration guide contains more detailed information related to new features, breaking changes, and mappings for the large list of deprecated functions.
Changes between 1.1.1 and 3.0 [xx XXX xxxx]
TLS_MAX_VERSION, DTLS_MAX_VERSION and DTLS_MIN_VERSION constants are now deprecated.
Matt Caswell
The OPENSSL_s390xcap environment variable can be used to set bits in the S390X capability vector to zero. This simplifies testing of different code paths on S390X architecture.
Patrick Steuer
Encrypting more than 2^64 TLS records with AES-GCM is disallowed as per FIPS 140-2 IG A.5 "Key/IV Pair Uniqueness Requirements from SP 800-38D". The communication will fail at this point.
Paul Dale
The EC_GROUP_clear_free() function is deprecated as there is nothing confidential in EC_GROUP data.
Nicola Tuveri
The byte order mark (BOM) character is ignored if encountered at the beginning of a PEM-formatted file.
Dmitry Belyavskiy
Added CMS support for the Russian GOST algorithms.
Dmitry Belyavskiy
Due to move of the implementation of cryptographic operations to the providers, validation of various operation parameters can be postponed until the actual operation is executed where previously it happened immediately when an operation parameter was set.
For example when setting an unsupported curve with EVP_PKEY_CTX_set_ec_paramgen_curve_nid() this function call will not fail but later keygen operations with the EVP_PKEY_CTX will fail.
OpenSSL team members and many third party contributors
The EVP_get_cipherbyname() function will return NULL for algorithms such as "AES-128-SIV", "AES-128-CBC-CTS" and "CAMELLIA-128-CBC-CTS" which were previously only accessible via low level interfaces. Use EVP_CIPHER_fetch() instead to retrieve these algorithms from a provider.
Shane Lontis
On build targets where the multilib postfix is set in the build configuration the libdir directory was changing based on whether the lib directory with the multilib postfix exists on the system or not. This unpredictable behavior was removed and eventual multilib postfix is now always added to the default libdir. Use --libdir=lib to override the libdir if adding the postfix is undesirable.
Jan Lána
The triple DES key wrap functionality now conforms to RFC 3217 but is no longer interoperable with OpenSSL 1.1.1.
Paul Dale
The ERR_GET_FUNC() function was removed. With the loss of meaningful function codes, this function can only cause problems for calling applications.
Paul Dale
Add a configurable flag to output date formats as ISO 8601. Does not change the default date format.
William Edmisten
Version of MSVC earlier than 1300 could get link warnings, which could be suppressed if the undocumented -DI_CAN_LIVE_WITH_LNK4049 was set. Support for this flag has been removed.
Rich Salz
Rework and make DEBUG macros consistent. Remove unused -DCONF_DEBUG, -DBN_CTX_DEBUG, and REF_PRINT. Add a new tracing category and use it for printing reference counts. Rename -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG Fix BN_DEBUG_RAND so it compiles and, when set, force DEBUG_RAND to be set also. Rename engine_debug_ref to be ENGINE_REF_PRINT also for consistency.
Rich Salz
The signatures of the functions to get and set options on SSL and SSL_CTX objects changed from "unsigned long" to "uint64_t" type. Some source code changes may be required.
Rich Salz
The public definitions of conf_method_st and conf_st have been deprecated. They will be made opaque in a future release.
Rich Salz and Tomáš Mráz
Client-initiated renegotiation is disabled by default. To allow it, use the -client_renegotiation option, the SSL_OP_ALLOW_CLIENT_RENEGOTIATION flag, or the "ClientRenegotiation" config parameter as appropriate.
Rich Salz
Add "abspath" and "includedir" pragma's to config files, to prevent, or modify relative pathname inclusion.
Rich Salz
OpenSSL includes a cryptographic module that is intended to be FIPS 140-2 validated. Please consult the README-FIPS and README-PROVIDERS files, as well as the migration guide.
OpenSSL team members and many third party contributors
For the key types DH and DHX the allowed settable parameters are now different.
Shane Lontis
The openssl commands that read keys, certificates, and CRLs now automatically detect the PEM or DER format of the input files.
David von Oheimb, Richard Levitte, and Tomáš Mráz
Added enhanced PKCS#12 APIs which accept a library context.
Jon Spillett
The default manual page suffix ($MANSUFFIX) has been changed to "ossl"
Matt Caswell
Added support for Kernel TLS (KTLS).
Boris Pismenny, John Baldwin and Andrew Gallatin
Support for RFC 5746 secure renegotiation is now required by default for SSL or TLS connections to succeed.
Benjamin Kaduk
The signature of the copy functional parameter of the EVP_PKEY_meth_set_copy() function has changed so its src argument is now const EVP_PKEY_CTX * instead of EVP_PKEY_CTX *. Similarly the signature of the pub_decode functional parameter of the EVP_PKEY_asn1_set_public() function has changed so its pub argument is now const X509_PUBKEY * instead of X509_PUBKEY *.
David von Oheimb
The error return values from some control calls (ctrl) have changed.
Paul Dale
A public key check is now performed during EVP_PKEY_derive_set_peer().
Shane Lontis
Many functions in the EVP_ namespace that are getters of values from implementations or contexts were renamed to include get or get0 in their names. Old names are provided as macro aliases for compatibility and are not deprecated.
Tomáš Mráz
The EVP_PKEY_CTRL_PKCS7_ENCRYPT, EVP_PKEY_CTRL_PKCS7_DECRYPT, EVP_PKEY_CTRL_PKCS7_SIGN, EVP_PKEY_CTRL_CMS_ENCRYPT, EVP_PKEY_CTRL_CMS_DECRYPT, and EVP_PKEY_CTRL_CMS_SIGN control operations are deprecated.
Tomáš Mráz
The EVP_PKEY_public_check() and EVP_PKEY_param_check() functions now work for more key types.
The output from the command line applications may have minor changes.
Paul Dale
The output from numerous "printing" may have minor changes.
David von Oheimb
Windows thread synchronization uses read/write primitives (SRWLock) when supported by the OS, otherwise CriticalSection continues to be used.
Vincent Drake
Add filter BIO BIO_f_readbuffer() that allows BIO_tell() and BIO_seek() to work on read only BIO source/sinks that do not support these functions. This allows piping or redirection of a file BIO using stdin to be buffered into memory. This is used internally in OSSL_DECODER_from_bio().
Shane Lontis
OSSL_STORE_INFO_get_type() may now return an additional value. In 1.1.1 this function would return one of the values OSSL_STORE_INFO_NAME, OSSL_STORE_INFO_PKEY, OSSL_STORE_INFO_PARAMS, OSSL_STORE_INFO_CERT or OSSL_STORE_INFO_CRL. Decoded public keys would previously have been reported as type OSSL_STORE_INFO_PKEY in 1.1.1. In 3.0 decoded public keys are now reported as having the new type OSSL_STORE_INFO_PUBKEY. Applications using this function should be amended to handle the changed return value.
Richard Levitte
Improved adherence to Enhanced Security Services (ESS, RFC 2634 and RFC 5035) for the TSP and CMS Advanced Electronic Signatures (CAdES) implementations. As required by RFC 5035 check both ESSCertID and ESSCertIDv2 if both present. Correct the semantics of checking the validation chain in case ESSCertID{,v2} contains more than one certificate identifier: This means that all certificates referenced there MUST be part of the validation chain.
David von Oheimb
The implementation of older EVP ciphers related to CAST, IDEA, SEED, RC2, RC4, RC5, DESX and DES have been moved to the legacy provider.
Matt Caswell
The implementation of the EVP digests MD2, MD4, MDC2, WHIRLPOOL and RIPEMD-160 have been moved to the legacy provider.
Matt Caswell
The deprecated function EVP_PKEY_get0() now returns NULL being called for a provided key.
Dmitry Belyavskiy
The deprecated functions EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_DH(), EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and EVP_PKEY_get0_siphash() as well as the similarly named "get1" functions behave differently in OpenSSL 3.0.
Matt Caswell
A number of functions handling low-level keys or engines were deprecated including EVP_PKEY_set1_engine(), EVP_PKEY_get0_engine(), EVP_PKEY_assign(), EVP_PKEY_get0(), EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305() and EVP_PKEY_get0_siphash().
Matt Caswell
PKCS#5 PBKDF1 key derivation has been moved from PKCS5_PBE_keyivgen() into the legacy crypto provider as an EVP_KDF. Applications requiring this KDF will need to load the legacy crypto provider. This includes these PBE algorithms which use this KDF:
NID_pbeWithMD2AndDES_CBC
NID_pbeWithMD5AndDES_CBC
NID_pbeWithSHA1AndRC2_CBC
NID_pbeWithMD2AndRC2_CBC
NID_pbeWithMD5AndRC2_CBC
NID_pbeWithSHA1AndDES_CBC
Jon Spillett
Deprecated obsolete BIO_set_callback(), BIO_get_callback(), and BIO_debug_callback() functions.
Tomáš Mráz
Deprecated obsolete EVP_PKEY_CTX_get0_dh_kdf_ukm() and EVP_PKEY_CTX_get0_ecdh_kdf_ukm() functions.
Tomáš Mráz
The RAND_METHOD APIs have been deprecated.
Paul Dale
The SRP APIs have been deprecated.
Matt Caswell
Add a compile time option to prevent the caching of provider fetched algorithms. This is enabled by including the no-cached-fetch option at configuration time.
Paul Dale
pkcs12 now uses defaults of PBKDF2, AES and SHA-256, with a MAC iteration count of PKCS12_DEFAULT_ITER.
Tomáš Mráz and Sahana Prasad
The openssl speed command does not use low-level API calls anymore.
Tomáš Mráz
Parallel dual-prime 1024-bit modular exponentiation for AVX512_IFMA capable processors.
Ilya Albrekht, Sergey Kirillov, Andrey Matyukov (Intel Corp)
Combining the Configure options no-ec and no-dh no longer disables TLSv1.3.
Matt Caswell
Implemented support for fully "pluggable" TLSv1.3 groups. This means that providers may supply their own group implementations (using either the "key exchange" or the "key encapsulation" methods) which will automatically be detected and used by libssl.
Matt Caswell, Nicola Tuveri
The undocumented function X509_certificate_type() has been deprecated;
Rich Salz
Deprecated the obsolete BN_pseudo_rand() and BN_pseudo_rand_range().
Tomáš Mráz
Removed RSA padding mode for SSLv23 (which was only used for SSLv2). This includes the functions RSA_padding_check_SSLv23() and RSA_padding_add_SSLv23() and the -ssl option in the deprecated rsautl command.
Rich Salz
Deprecated the obsolete X9.31 RSA key generation related functions.
While a callback function set via SSL_CTX_set_cert_verify_callback() is not allowed to return a value > 1, this is no more taken as failure.
Viktor Dukhovni and David von Oheimb
Deprecated the obsolete X9.31 RSA key generation related functions BN_X931_generate_Xpq(), BN_X931_derive_prime_ex(), and BN_X931_generate_prime_ex().
Tomáš Mráz
The default key generation method for the regular 2-prime RSA keys was changed to the FIPS 186-4 B.3.6 method.
Shane Lontis
Deprecated the BN_is_prime_ex() and BN_is_prime_fasttest_ex() functions.
Kurt Roeckx
Deprecated EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn().
Rich Salz
Deprecated the type OCSP_REQ_CTX and the functions OCSP_REQ_CTX_() and replaced with OSSL_HTTP_REQ_CTX and the functions OSSL_HTTP_REQ_CTX_().
Rich Salz, Richard Levitte, and David von Oheimb
Deprecated X509_http_nbio() and X509_CRL_http_nbio().
David von Oheimb
Deprecated OCSP_parse_url().
David von Oheimb
Validation of SM2 keys has been separated from the validation of regular EC keys.
Nicola Tuveri
Behavior of the pkey app is changed, when using the -check or -pubcheck switches: a validation failure triggers an early exit, returning a failure exit status to the parent process.
Nicola Tuveri
Changed behavior of SSL_CTX_set_ciphersuites() and SSL_set_ciphersuites() to ignore unknown ciphers.
Otto Hollmann
The -cipher-commands and -digest-commands options of the command line utility list have been deprecated. Instead use the -cipher-algorithms and -digest-algorithms options.
Dmitry Belyavskiy
Added convenience functions for generating asymmetric key pairs: The 'quick' one-shot (yet somewhat limited) function L<EVP_PKEY_Q_keygen(3)> and macros for the most common cases: <EVP_RSA_gen(3)> and L<EVP_EC_gen(3)>.
David von Oheimb
All of the low level EC_KEY functions have been deprecated.
Shane Lontis, Paul Dale, Richard Levitte, and Tomáš Mráz
Deprecated all the libcrypto and libssl error string loading functions.
Richard Levitte
The functions SSL_CTX_set_tmp_dh_callback and SSL_set_tmp_dh_callback, as well as the macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() have been deprecated.
Matt Caswell
The -crypt option to the passwd command line tool has been removed.
Paul Dale
The -C option to the x509, dhparam, dsaparam, and ecparam commands were removed.
Rich Salz
Add support for AES Key Wrap inverse ciphers to the EVP layer.
Shane Lontis
Deprecated EVP_PKEY_set1_tls_encodedpoint() and EVP_PKEY_get1_tls_encodedpoint().
Matt Caswell
The security callback, which can be customised by application code, supports the security operation SSL_SECOP_TMP_DH. One location of the "other" parameter was incorrectly passing a DH object. It now passed an EVP_PKEY in all cases.
Matt Caswell
Add PKCS7_get_octet_string() and PKCS7_type_is_other() to the public interface. Their functionality remains unchanged.
Jordan Montgomery
Added new option for 'openssl list', '-providers', which will display the list of loaded providers, their names, version and status. It optionally displays their gettable parameters.
Paul Dale
Removed EVP_PKEY_set_alias_type().
Richard Levitte
Deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() and introduced EVP_PKEY_CTX_set1_rsa_keygen_pubexp(), which is now preferred.
Jeremy Walch
Changed all "STACK" functions to be macros instead of inline functions. Macro parameters are still checked for type safety at compile time via helper inline functions.
Matt Caswell
Remove the RAND_DRBG API
Paul Dale and Matthias St. Pierre
Allow SSL_set1_host() and SSL_add1_host() to take IP literal addresses as well as actual hostnames.
David Woodhouse
The 'MinProtocol' and 'MaxProtocol' configuration commands now silently ignore TLS protocol version bounds when configuring DTLS-based contexts, and conversely, silently ignore DTLS protocol version bounds when configuring TLS-based contexts. The commands can be repeated to set bounds of both types. The same applies with the corresponding "min_protocol" and "max_protocol" command-line switches, in case some application uses both TLS and DTLS.
SSL_CTX instances that are created for a fixed protocol version (e.g. TLSv1_server_method()) also silently ignore version bounds. Previously attempts to apply bounds to these protocol versions would result in an error. Now only the "version-flexible" SSL_CTX instances are subject to limits in configuration files in command-line options.
Viktor Dukhovni
Deprecated the ENGINE API. Engines should be replaced with providers going forward.
Paul Dale
Reworked the recorded ERR codes to make better space for system errors. To distinguish them, the macro ERR_SYSTEM_ERROR() indicates if the given code is a system error (true) or an OpenSSL error (false).
Richard Levitte
Reworked the test perl framework to better allow parallel testing.
Nicola Tuveri and David von Oheimb
Added ciphertext stealing algorithms AES-128-CBC-CTS, AES-192-CBC-CTS and AES-256-CBC-CTS to the providers. CS1, CS2 and CS3 variants are supported.
Shane Lontis
'Configure' has been changed to figure out the configuration target if none is given on the command line. Consequently, the 'config' script is now only a mere wrapper. All documentation is changed to only mention 'Configure'.
Rich Salz and Richard Levitte
Added a library context OSSL_LIB_CTX that applications as well as other libraries can use to form a separate context within which libcrypto operations are performed.
Richard Levitte
Added various _ex functions to the OpenSSL API that support using a non-default OSSL_LIB_CTX.
OpenSSL team
Handshake now fails if Extended Master Secret extension is dropped on renegotiation.
Tomáš Mráz
Dropped interactive mode from the openssl program.
Richard Levitte
Deprecated EVP_PKEY_cmp() and EVP_PKEY_cmp_parameters().
David von Oheimb and Shane Lontis
Deprecated EC_METHOD_get_field_type().
Billy Bob Brumley
Deprecated EC_GFp_simple_method(), EC_GFp_mont_method(), EC_GF2m_simple_method(), EC_GFp_nist_method(), EC_GFp_nistp224_method() EC_GFp_nistp256_method(), and EC_GFp_nistp521_method().
Billy Bob Brumley
Deprecated EC_GROUP_new(), EC_GROUP_method_of(), and EC_POINT_method_of().
Billy Bob Brumley
Add CAdES-BES signature verification support, mostly derived from ESSCertIDv2 TS (RFC 5816) contribution by Marek Klein.
Filipe Raimundo da Silva
Add CAdES-BES signature scheme and attributes support (RFC 5126) to CMS API.
Antonio Iacono
Added the AuthEnvelopedData content type structure (RFC 5083) with AES-GCM parameter (RFC 5084) for the Cryptographic Message Syntax (CMS).
Jakub Zelenka
Deprecated EC_POINT_make_affine() and EC_POINTs_make_affine().
Billy Bob Brumley
Deprecated EC_GROUP_precompute_mult(), EC_GROUP_have_precompute_mult(), and EC_KEY_precompute_mult().
Billy Bob Brumley
Deprecated EC_POINTs_mul().
Billy Bob Brumley
Removed FIPS_mode() and FIPS_mode_set().
Shane Lontis
The SSL option SSL_OP_IGNORE_UNEXPECTED_EOF is introduced.
Dmitry Belyavskiy
Deprecated EC_POINT_set_Jprojective_coordinates_GFp() and EC_POINT_get_Jprojective_coordinates_GFp().
Billy Bob Brumley
Added OSSL_PARAM_BLD to the public interface. This allows OSSL_PARAM arrays to be more easily constructed via a series of utility functions. Create a parameter builder using OSSL_PARAM_BLD_new(), add parameters using the various push functions and finally convert to a passable OSSL_PARAM array using OSSL_PARAM_BLD_to_param().
Paul Dale
The security strength of SHA1 and MD5 based signatures in TLS has been reduced.
Kurt Roeckx
Added EVP_PKEY_set_type_by_keymgmt(), to initialise an EVP_PKEY to contain a provider side internal key.
Richard Levitte
ASN1_verify(), ASN1_digest() and ASN1_sign() have been deprecated.
Richard Levitte
Project text documents not yet having a proper file name extension (HACKING, LICENSE, NOTES*, README*, VERSION) have been renamed to *.md as far as reasonable, else *.txt, for better use with file managers.
David von Oheimb
The main project documents (README, NEWS, CHANGES, INSTALL, SUPPORT) have been converted to Markdown with the goal to produce documents which not only look pretty when viewed online in the browser, but remain well readable inside a plain text editor.
To achieve this goal, a 'minimalistic' Markdown style has been applied which avoids formatting elements that interfere too much with the reading flow in the text file. For example, it
avoids ATX headings and uses setext headings instead (which works for <h1> and <h2> headings only).
avoids inline links and uses reference links instead.
avoids fenced code blocks and uses indented code blocks instead.
Matthias St. Pierre
The test suite is changed to preserve results of each test recipe. A new directory test-runs/ with subdirectories named like the test recipes are created in the build tree for this purpose.
Richard Levitte
Added an implementation of CMP and CRMF (RFC 4210, RFC 4211 RFC 6712). This adds crypto/cmp/, crpyto/crmf/, apps/cmp.c, and test/cmp_*. See L<openssl-cmp(1)> and L<OSSL_CMP_exec_IR_ses(3)> as starting points.
David von Oheimb, Martin Peylo
Generalized the HTTP client code from crypto/ocsp/ into crpyto/http/. It supports arbitrary request and response content types, GET redirection, TLS, connections via HTTP(S) proxies, connections and exchange via user-defined BIOs (allowing implicit connections), persistent connections, and timeout checks. See L<OSSL_HTTP_transfer(3)> etc. for details. The legacy OCSP-focused (and only partly documented) API is retained for backward compatibility, while most of it is deprecated.
David von Oheimb
Added util/check-format.pl, a tool for checking adherence to the OpenSSL coding style https://www.openssl.org/policies/codingstyle.html. The checks performed are incomplete and yield some false positives. Still the tool should be useful for detecting most typical glitches.
David von Oheimb
BIO_do_connect() and BIO_do_handshake() have been extended: If domain name resolution yields multiple IP addresses all of them are tried after connect() failures.
David von Oheimb
All of the low level RSA functions have been deprecated.
Paul Dale
X509 certificates signed using SHA1 are no longer allowed at security level 1 and above.
Kurt Roeckx
The command line utilities dhparam, dsa, gendsa and dsaparam have been modified to use PKEY APIs. These commands are now in maintenance mode and no new features will be added to them.
Paul Dale
The command line utility rsautl has been deprecated.
Paul Dale
The command line utilities genrsa and rsa have been modified to use PKEY APIs. They now write PKCS#8 keys by default. These commands are now in maintenance mode and no new features will be added to them.
Paul Dale
All of the low level DH functions have been deprecated.
Paul Dale and Matt Caswell
All of the low level DSA functions have been deprecated.
Paul Dale
Reworked the treatment of EC EVP_PKEYs with the SM2 curve to automatically become EVP_PKEY_SM2 rather than EVP_PKEY_EC.
Richard Levitte
Deprecated low level ECDH and ECDSA functions.
Paul Dale
Deprecated EVP_PKEY_decrypt_old() and EVP_PKEY_encrypt_old().
Richard Levitte
Enhanced the documentation of EVP_PKEY_get_size(), EVP_PKEY_get_bits() and EVP_PKEY_get_security_bits(). Especially EVP_PKEY_get_size() needed a new formulation to include all the things it can be used for, as well as words of caution.
Richard Levitte
The SSL_CTX_set_tlsext_ticket_key_cb(3) function has been deprecated.
Paul Dale
All of the low level HMAC functions have been deprecated.
Paul Dale and David von Oheimb
Over two thousand fixes were made to the documentation, including:
Common options (such as -rand/-writerand, TLS version control, etc) were refactored and point to newly-enhanced descriptions in openssl.pod.
Added style conformance for all options (with help from Richard Levitte), documented all reported missing options, added a CI build to check that all options are documented and that no unimplemented options are documented.
Documented some internals, such as all use of environment variables.
Addressed all internal broken L<> references.
Rich Salz
All of the low level CMAC functions have been deprecated.
Paul Dale
The low-level MD2, MD4, MD5, MDC2, RIPEMD160 and Whirlpool digest functions have been deprecated.
Paul Dale and David von Oheimb
Corrected the documentation of the return values from the EVP_DigestSign* set of functions. The documentation mentioned negative values for some errors, but this was never the case, so the mention of negative values was removed.
Code that followed the documentation and thereby check with something like EVP_DigestSignInit(...) <= 0 will continue to work undisturbed.
Richard Levitte
All of the low level cipher functions have been deprecated.
Matt Caswell and Paul Dale
Removed include/openssl/opensslconf.h.in and replaced it with include/openssl/configuration.h.in, which differs in not including <openssl/macros.h>. A short header include/openssl/opensslconf.h was added to include both.
This allows internal hacks where one might need to modify the set of configured macros, for example this if deprecated symbols are still supposed to be available internally:
#include <openssl/configuration.h>
#undef OPENSSL_NO_DEPRECATED
#define OPENSSL_SUPPRESS_DEPRECATED
#include <openssl/macros.h>
This should not be used by applications that use the exported symbols, as that will lead to linking errors.
Richard Levitte
Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low-level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. (CVE-2019-1551)
Andy Polyakov
Most memory-debug features have been deprecated, and the functionality replaced with no-ops.
Rich Salz
Added documentation for the STACK API.
Rich Salz
Introduced a new method type and API, OSSL_ENCODER, to represent generic encoders. These do the same sort of job that PEM writers and d2i functions do, but with support for methods supplied by providers, and the possibility for providers to support other formats as well.
Richard Levitte
Introduced a new method type and API, OSSL_DECODER, to represent generic decoders. These do the same sort of job that PEM readers and i2d functions do, but with support for methods supplied by providers, and the possibility for providers to support other formats as well.
Richard Levitte
Added a .pragma directive to the syntax of configuration files, to allow varying behavior in a supported and predictable manner. Currently added pragma:
.pragma dollarid:on
This allows dollar signs to be a keyword character unless it's followed by a opening brace or parenthesis. This is useful for platforms where dollar signs are commonly used in names, such as volume names and system directory names on VMS.
Richard Levitte
Added functionality to create an EVP_PKEY from user data.
Richard Levitte
Change the interpretation of the '--api' configuration option to mean that this is a desired API compatibility level with no further meaning. The previous interpretation, that this would also mean to remove all deprecated symbols up to and including the given version, no requires that 'no-deprecated' is also used in the configuration.
When building applications, the desired API compatibility level can be set with the OPENSSL_API_COMPAT macro like before. For API compatibility version below 3.0, the old style numerical value is valid as before, such as -DOPENSSL_API_COMPAT=0x10100000L. For version 3.0 and on, the value is expected to be the decimal value calculated from the major and minor version like this:
MAJOR * 10000 + MINOR * 100
Examples:
-DOPENSSL_API_COMPAT=30000 For 3.0
-DOPENSSL_API_COMPAT=30200 For 3.2
To hide declarations that are deprecated up to and including the given API compatibility level, -DOPENSSL_NO_DEPRECATED must be given when building the application as well.
Richard Levitte
Added the X509_LOOKUP_METHOD called X509_LOOKUP_store, to allow access to certificate and CRL stores via URIs and OSSL_STORE loaders.
This adds the following functions:
X509_LOOKUP_store()
X509_STORE_load_file()
X509_STORE_load_path()
X509_STORE_load_store()
SSL_add_store_cert_subjects_to_stack()
SSL_CTX_set_default_verify_store()
SSL_CTX_load_verify_file()
SSL_CTX_load_verify_dir()
SSL_CTX_load_verify_store()
Richard Levitte
Added a new method to gather entropy on VMS, based on SYS$GET_ENTROPY. The presence of this system service is determined at run-time.
Richard Levitte
Added functionality to create an EVP_PKEY context based on data for methods from providers. This takes an algorithm name and a property query string and simply stores them, with the intent that any operation that uses this context will use those strings to fetch the needed methods implicitly, thereby making the port of application written for pre-3.0 OpenSSL easier.
Richard Levitte
The undocumented function NCONF_WIN32() has been deprecated; for conversion details see the HISTORY section of doc/man5/config.pod
Rich Salz
Introduced the new functions EVP_DigestSignInit_ex() and EVP_DigestVerifyInit_ex(). The macros EVP_DigestSignUpdate() and EVP_DigestVerifyUpdate() have been converted to functions. See the man pages for further details.
Matt Caswell
Over two thousand fixes were made to the documentation, including: adding missing command flags, better style conformance, documentation of internals, etc.
Rich Salz, Richard Levitte
s390x assembly pack: add hardware-support for P-256, P-384, P-521, X25519, X448, Ed25519 and Ed448.
Patrick Steuer
Print all values for a PKCS#12 attribute with 'openssl pkcs12', not just the first value.
Jon Spillett
Deprecated the public definition of ERR_STATE as well as the function ERR_get_state(). This is done in preparation of making ERR_STATE an opaque type.
Richard Levitte
Added ERR functionality to give callers access to the stored function names that have replaced the older function code based functions.
New functions are ERR_peek_error_func(), ERR_peek_last_error_func(), ERR_peek_error_data(), ERR_peek_last_error_data(), ERR_get_error_all(), ERR_peek_error_all() and ERR_peek_last_error_all().
Deprecate ERR functions ERR_get_error_line(), ERR_get_error_line_data(), ERR_peek_error_line_data(), ERR_peek_last_error_line_data() and ERR_func_error_string().
Richard Levitte
Extended testing to be verbose for failing tests only. The make variables VERBOSE_FAILURE or VF can be used to enable this:
$ make VF=1 test # Unix
$ mms /macro=(VF=1) test ! OpenVMS
$ nmake VF=1 test # Windows
Richard Levitte
Added the -copy_extensions option to the x509 command for use with -req and -x509toreq. When given with the copy or copyall argument, all extensions in the request are copied to the certificate or vice versa.
David von Oheimb, Kirill Stefanenkov kirill_stefanenkov@rambler.ru
Added the -copy_extensions option to the req command for use with -x509. When given with the copy or copyall argument, all extensions in the certification request are copied to the certificate.
David von Oheimb
The x509, req, and ca commands now make sure that X.509v3 certificates they generate are by default RFC 5280 compliant in the following sense: There is a subjectKeyIdentifier extension with a hash value of the public key and for not self-signed certs there is an authorityKeyIdentifier extension with a keyIdentifier field or issuer information identifying the signing key. This is done unless some configuration overrides the new default behavior, such as subjectKeyIdentifier = none and authorityKeyIdentifier = none.
David von Oheimb
Added several checks to X509_verify_cert() according to requirements in RFC 5280 in case X509_V_FLAG_X509_STRICT is set (which may be done by using the CLI option -x509_strict):
The basicConstraints of CA certificates must be marked critical.
CA certificates must explicitly include the keyUsage extension.
If a pathlenConstraint is given the key usage keyCertSign must be allowed.
The issuer name of any certificate must not be empty.
The subject name of CA certs, certs with keyUsage crlSign, and certs without subjectAlternativeName must not be empty.
If a subjectAlternativeName extension is given it must not be empty.
The signatureAlgorithm field and the cert signature must be consistent.
Any given authorityKeyIdentifier and any given subjectKeyIdentifier must not be marked critical.
The authorityKeyIdentifier must be given for X.509v3 certs unless they are self-signed.
The subjectKeyIdentifier must be given for all X.509v3 CA certs.
David von Oheimb
Certificate verification using X509_verify_cert() meanwhile rejects EC keys with explicit curve parameters (specifiedCurve) as required by RFC 5480.
Tomáš Mráz
For built-in EC curves, ensure an EC_GROUP built from the curve name is used even when parsing explicit parameters, when loading a encoded key or calling EC_GROUP_new_from_ecpkparameters()/ EC_GROUP_new_from_ecparameters(). This prevents bypass of security hardening and performance gains, especially for curves with specialized EC_METHODs. By default, if a key encoded with explicit parameters is loaded and later encoded, the output is still encoded with explicit parameters, even if internally a "named" EC_GROUP is used for computation.
Nicola Tuveri
Compute ECC cofactors if not provided during EC_GROUP construction. Before this change, EC_GROUP_set_generator would accept order and/or cofactor as NULL. After this change, only the cofactor parameter can be NULL. It also does some minimal sanity checks on the passed order. (CVE-2019-1547)
Billy Bob Brumley
Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey. An attack is simple, if the first CMS_recipientInfo is valid but the second CMS_recipientInfo is chosen ciphertext. If the second recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct encryption key will be replaced by garbage, and the message cannot be decoded, but if the RSA decryption fails, the correct encryption key is used and the recipient will not notice the attack. As a work around for this potential attack the length of the decrypted key must be equal to the cipher default key length, in case the certifiate is not given and all recipientInfo are tried out. The old behaviour can be re-enabled in the CMS code by setting the CMS_DEBUG_DECRYPT flag.
Bernd Edlinger
Early start up entropy quality from the DEVRANDOM seed source has been improved for older Linux systems. The RAND subsystem will wait for /dev/random to be producing output before seeding from /dev/urandom. The seeded state is stored for future library initialisations using a system global shared memory segment. The shared memory identifier can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to the desired value. The default identifier is 114.
Paul Dale
Revised BN_generate_prime_ex to not avoid factors 2..17863 in p-1 when primes for RSA keys are computed. Since we previously always generated primes == 2 (mod 3) for RSA keys, the 2-prime and 3-prime RSA modules were easy to distinguish, since N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting 2-prime vs. 3-prime RSA keys was possible by computing N mod 3. This avoids possible fingerprinting of newly generated RSA modules.
Bernd Edlinger
Correct the extended master secret constant on EBCDIC systems. Without this fix TLS connections between an EBCDIC system and a non-EBCDIC system that negotiate EMS will fail. Unfortunately this also means that TLS connections between EBCDIC systems with this fix, and EBCDIC systems without this fix will fail if they negotiate EMS.
Matt Caswell
Changed the library initialisation so that the config file is now loaded by default. This was already the case for libssl. It now occurs for both libcrypto and libssl. Use the OPENSSL_INIT_NO_LOAD_CONFIG option to OPENSSL_init_crypto() to suppress automatic loading of a config file.
Matt Caswell
Introduced new error raising macros, ERR_raise() and ERR_raise_data(), where the former acts as a replacement for ERR_put_error(), and the latter replaces the combination ERR_put_error() + ERR_add_error_data(). ERR_raise_data() adds more flexibility by taking a format string and an arbitrary number of arguments following it, to be processed with BIO_snprintf().
Richard Levitte
Introduced a new function, OSSL_PROVIDER_available(), which can be used to check if a named provider is loaded and available. When called, it will also activate all fallback providers if such are still present.
Richard Levitte
Enforce a minimum DH modulus size of 512 bits.
Bernd Edlinger
Changed DH parameters to generate the order q subgroup instead of 2q. Previously generated DH parameters are still accepted by DH_check but DH_generate_key works around that by clearing bit 0 of the private key for those. This avoids leaking bit 0 of the private key.
Bernd Edlinger
Significantly reduce secure memory usage by the randomness pools.
Paul Dale
{CRYPTO,OPENSSL}_mem_debug_{push,pop} are now no-ops and have been deprecated.
Rich Salz
A new type, EVP_KEYEXCH, has been introduced to represent key exchange algorithms. An implementation of a key exchange algorithm can be obtained by using the function EVP_KEYEXCH_fetch(). An EVP_KEYEXCH algorithm can be used in a call to EVP_PKEY_derive_init_ex() which works in a similar way to the older EVP_PKEY_derive_init() function. See the man pages for the new functions for further details.
Matt Caswell
The EVP_PKEY_CTX_set_dh_pad() macro has now been converted to a function.
Matt Caswell
Removed the function names from error messages and deprecated the xxx_F_xxx define's.
Richard Levitte
Removed NextStep support and the macro OPENSSL_UNISTD
Rich Salz
Removed DES_check_key. Also removed OPENSSL_IMPLEMENT_GLOBAL, OPENSSL_GLOBAL_REF, OPENSSL_DECLARE_GLOBAL. Also removed "export var as function" capability; we do not export variables, only functions.
Rich Salz
RC5_32_set_key has been changed to return an int type, with 0 indicating an error and 1 indicating success. In previous versions of OpenSSL this was a void type. If a key was set longer than the maximum possible this would crash.
Matt Caswell
Support SM2 signing and verification schemes with X509 certificate.
Paul Yang
Use SHA256 as the default digest for TS query in the ts app.
Tomáš Mráz
Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898.
Shane Lontis
Default cipher lists/suites are now available via a function, the #defines are deprecated.
Todd Short
Add target VC-WIN32-UWP, VC-WIN64A-UWP, VC-WIN32-ARM-UWP and VC-WIN64-ARM-UWP in Windows OneCore target for making building libraries for Windows Store apps easier. Also, the "no-uplink" option has been added.
Kenji Mouri
Join the directories crypto/x509 and crypto/x509v3
Richard Levitte
Added command 'openssl kdf' that uses the EVP_KDF API.
Shane Lontis
Added command 'openssl mac' that uses the EVP_MAC API.
Shane Lontis
Added OPENSSL_info() to get diverse built-in OpenSSL data, such as default directories. Also added the command 'openssl info' for scripting purposes.
Richard Levitte
The functions AES_ige_encrypt() and AES_bi_ige_encrypt() have been deprecated.
Matt Caswell
Add prediction resistance to the DRBG reseeding process.
Paul Dale
Limit the number of blocks in a data unit for AES-XTS to 2^20 as mandated by IEEE Std 1619-2018.
Paul Dale
Added newline escaping functionality to a filename when using openssl dgst. This output format is to replicate the output format found in the *sum checksum programs. This aims to preserve backward compatibility.
Matt Eaton, Richard Levitte, and Paul Dale
Removed the heartbeat message in DTLS feature, as it has very little usage and doesn't seem to fulfill a valuable purpose. The configuration option is now deprecated.
Richard Levitte
Changed the output of 'openssl {digestname} < file' to display the digest name in its output.
Richard Levitte
Added a new generic trace API which provides support for enabling instrumentation through trace output.
Richard Levitte & Matthias St. Pierre
Added build tests for C++. These are generated files that only do one thing, to include one public OpenSSL head file each. This tests that the public header files can be usefully included in a C++ application.
This test isn't enabled by default. It can be enabled with the option 'enable-buildtest-c++'.
Richard Levitte
Added KB KDF (EVP_KDF_KB) to EVP_KDF.
Robbie Harwood
Added SSH KDF (EVP_KDF_SSHKDF) and KRB5 KDF (EVP_KDF_KRB5KDF) to EVP_KDF.
Simo Sorce
Added Single Step KDF (EVP_KDF_SS), X963 KDF, and X942 KDF to EVP_KDF.
Shane Lontis
Added KMAC to EVP_MAC.
Shane Lontis
Added property based algorithm implementation selection framework to the core.
Paul Dale
Added SCA hardening for modular field inversion in EC_GROUP through a new dedicated field_inv() pointer in EC_METHOD. This also addresses a leakage affecting conversions from projective to affine coordinates.
Billy Bob Brumley, Nicola Tuveri
Added EVP_KDF, an EVP layer KDF API, to simplify adding KDF and PRF implementations. This includes an EVP_PKEY to EVP_KDF bridge for those algorithms that were already supported through the EVP_PKEY API (scrypt, TLS1 PRF and HKDF). The low-level KDF functions for PBKDF2 and scrypt are now wrappers that call EVP_KDF.
David Makepeace
Build devcrypto engine as a dynamic engine.
Eneas U de Queiroz
Add keyed BLAKE2 to EVP_MAC.
Antoine Salon
Fix a bug in the computation of the endpoint-pair shared secret used by DTLS over SCTP. This breaks interoperability with older versions of OpenSSL like OpenSSL 1.1.0 and OpenSSL 1.0.2. There is a runtime switch SSL_MODE_DTLS_SCTP_LABEL_LENGTH_BUG (off by default) enabling interoperability with such broken implementations. However, enabling this switch breaks interoperability with correct implementations.
Fix a use after free bug in d2i_X509_PUBKEY when overwriting a re-used X509_PUBKEY object if the second PUBKEY is malformed.
Bernd Edlinger
Move strictness check from EVP_PKEY_asn1_new() to EVP_PKEY_asn1_add0().
Richard Levitte
Changed the license to the Apache License v2.0.
Richard Levitte
Switch to a new version scheme using three numbers MAJOR.MINOR.PATCH.
Major releases (indicated by incrementing the MAJOR release number) may introduce incompatible API/ABI changes.
Minor releases (indicated by incrementing the MINOR release number) may introduce new features but retain API/ABI compatibility.
Patch releases (indicated by incrementing the PATCH number) are intended for bug fixes and other improvements of existing features only (like improving performance or adding documentation) and retain API/ABI compatibility.
Richard Levitte
Add support for RFC5297 SIV mode (siv128), including AES-SIV.
Todd Short
Remove the 'dist' target and add a tarball building script. The 'dist' target has fallen out of use, and it shouldn't be necessary to configure just to create a source distribution.
Richard Levitte
Recreate the OS390-Unix config target. It no longer relies on a special script like it did for OpenSSL pre-1.1.0.
Richard Levitte
Instead of having the source directories listed in Configure, add a 'build.info' keyword SUBDIRS to indicate what sub-directories to look into.
Richard Levitte
Add GMAC to EVP_MAC.
Paul Dale
Ported the HMAC, CMAC and SipHash EVP_PKEY_METHODs to EVP_MAC.
Richard Levitte
Added EVP_MAC, an EVP layer MAC API, to simplify adding MAC implementations. This includes a generic EVP_PKEY to EVP_MAC bridge, to facilitate the continued use of MACs through raw private keys in functionality such as EVP_DigestSign* and EVP_DigestVerify*.
Richard Levitte
Deprecate ECDH_KDF_X9_62().
Antoine Salon
Added EVP_PKEY_ECDH_KDF_X9_63 and ecdh_KDF_X9_63() as replacements for the EVP_PKEY_ECDH_KDF_X9_62 KDF type and ECDH_KDF_X9_62(). The old names are retained for backwards compatibility.
Antoine Salon
AES-XTS mode now enforces that its two keys are different to mitigate the attacked described in "Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC" by Phillip Rogaway. Details of this attack can be obtained from: http://web.cs.ucdavis.edu/%7Erogaway/papers/offsets.pdf
Paul Dale
Rename the object files, i.e. give them other names than in previous versions. Their names now include the name of the final product, as well as its type mnemonic (bin, lib, shlib).
Richard Levitte
Added new option for 'openssl list', '-objects', which will display the list of built in objects, i.e. OIDs with names.
Richard Levitte
Added the options -crl_lastupdate and -crl_nextupdate to openssl ca, allowing the lastUpdate and nextUpdate fields in the generated CRL to be set explicitly.
Chris Novakovic
Added support for Linux Kernel TLS data-path. The Linux Kernel data-path improves application performance by removing data copies and providing applications with zero-copy system calls such as sendfile and splice.
Boris Pismenny
The SSL option SSL_OP_CLEANSE_PLAINTEXT is introduced.
Martin Elshuber
PKCS12_parse now maintains the order of the parsed certificates when outputting them via *ca (rather than reversing it).
David von Oheimb
Deprecated pthread fork support methods.
Randall S. Becker
Added support for FFDHE key exchange in TLS 1.3.
Raja Ashok
Added a new concept for OpenSSL plugability: providers. This functionality is designed to replace the ENGINE API and ENGINE implementations, and to be much more dynamic, allowing provider authors to introduce new algorithms among other things, as long as there's an API that supports the algorithm type.
With this concept comes a new core API for interaction between libcrypto and provider implementations. Public libcrypto functions that want to use providers do so through this core API.
The main documentation for this core API is found in doc/man7/provider.pod, doc/man7/provider-base.pod, and they in turn refer to other manuals describing the API specific for supported algorithm types (also called operations).
https://www.openssl.org/
-
Changelog
Version information:
The SSH Server's upgrade access amnesty continues, so that all users of previous 8.xx version can update to the latest version with accumulated fixes. The minimum upgrade access to use this version is October 23, 2018.
We are at this point highly confident in the security, stability and compatibility of our latest 8.xx versions. We are aware of users still relying on versions 7.xx and 6.xx, and sometimes even older. The SSH Server is security-sensitive, network-facing software, and updating is the only way to receive the latest security and reliability fixes. We suggest all users update.
Control Panel and settings:
In Easy settings, when a mount point type was set to Blind drop, it could not subsequently be changed back to Limit to root directory. It was instead necessary to use Advanced settings to reset mount point permissions.
It is now possible to change a Blind drop mount point back to Limit to root directory in Easy settings.
The Log Folder Viewer interface would perform poorly if the SSH Server was generating a large number of log files, for example due to intense server activity combined with a small log file rollover threshold. The Log Folder Viewer now improves this by limiting the frequency of visual list updates.
UPnP NAT forwarding:
When UPnP NAT forwarding is enabled on a computer with multiple network adapters, the SSH Server was likely to try configuring the wrong gateway. For example, if the first IP address returned by Windows belonged to a Hyper-V virtual switch, this would prevent UPnP NAT forwarding from working.
The SSH Server will now enumerate network adapters to find gateways, and will try to configure those that are suitable.
UPnP gateway forwarding is now disabled for IPv6 addresses. In previous versions, the SSH Server would attempt to perform the same UPnP actions for IPv6 as it does for IPv4 addresses. This is not effective for IPv6, and would only generate errors.
In 9.xx versions, we will be adding experimental support for UPnP IPv6 pinholes. However, we were unable to find any devices with which to test this for 8.xx versions. Therefore, the SSH Server will currently not attempt any UPnP actions for IPv6 addresses.
General:
When multiple SSH Server instances are being installed, instance name conflicts are intended to be detected during installation. However, the check is also performed after installation. The after-installation check did not function on 64-bit systems and would not detect conflicts. Fixed.
https://www.bitvise.com/ssh-server
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
Features:
fix #2248 Add time stamp to terminal log name
Strip ansi code from terminal log
Make drag bookmark a little easier
Bug fixes:
Fix open terminal log link in info panel
Fix upload big file support with rz
UI:
Adjust default background color
Others:
Add experimental mac ARM build, may not work, not tested (#2244)
https://github.com/electerm/electerm
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Copy Files: New option to use WinSCP's native tunneling feature (File->Preferences->Copy Files->Global Settings)
Copy Files: By default, WinSCP's option to "Optimize connection buffer size" is now disabled
Connection groups are now listed in the "Cons" menu
http://winsshterm.blogspot.com/
-
Changelog
New features:
Use pagination when more than 100 files in file manager
Add edit with external edtor option (#2269)
Bug fixes:
fix #2257 [UI] Increase scroll bar width
fix #2255 Fix sftp remote can not paste in windows (#2256)
Make sidebar bookmark and history button clickable
Other updates:
Add google analytics to track use statics
Remove gcm cipher support, upgrade ssh module
https://github.com/electerm/electerm
-
Changelog
Bug Fixes:
Fix proxy support(https/http/sock4/sock5) for check update info and sync data
Fix select all operation would select hidden files issue
New features:
Add description input in bookmark form
Other updates:
Disable gpu support for linux
Upgrade webpack modules and update sync form UI
Upgrade electron
Remove google analytic code(not working)
https://github.com/electerm/electerm
-
Changelog
FIX: Crash report not generated when an abnormal termination occurs in the core area (terminal)
FIX: Terminal's context menu displaying on incorrect display
http://www.netsarang.com/products/xsh_overview.html
-
Changelog
Quick bug fix: Fix sftp pager can not click issue
1.17.15
Bug fixes:
fix #2304: Fix transfer file auto rename issue when remote/local file same path
Fix command line parameter 'port' is not resolved correctly (by @MicroOps-cn)
New Features:
Supports specifying tab name when opening a new connection from the command line (by @MicroOps-cn)
Support Single instance mode for running from command line, check details from https://github.com/electerm/electerm/wiki/Command-line-usage (by @MicroOps-cn)
Known issues:
The mac-arm build not tested, may not work at all
https://github.com/electerm/electerm
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Donationware
http://kitty.9bis.net/
-
(https://i.postimg.cc/76X1vX48/screenshot-1427.png)
SuperPuTTY is a Graphical User Interface (GUI)-based Windows application that is mainly employed for tab management for PuTTY SSH Client. PuTTY, the open-source terminal emulator is a competent program on its own, but it does lack a tabbed interface. Hence, Superputty does not only execute basic PuTTY commands but also fills the gaps by offering much-needed window management.
MIT License
Changelog
New Features from Sebastian Gemeiner:
Win+Shift Handling (Multi Monitor Setup)
Supports docking (Aero snap) by simulating key events to main form
Lazy loading for new session entries in context menu
Updated Docking Library to v3.0.6, Updated log4net library to v2.0.8, Switched to using Nuget Packages for third party libraries. [Maintenance]
Grammar correction in warning dialog when saving new sessions with a '-pw' parameter.
Fix issue where multiple logfiles were being created Issue #830
Log4Net dll updated due to security issue with previous version CVE-2018-1285 Issue #840
Various fixes to Settings provider Issue #806
Dozens of various fixes submitted by others
https://github.com/jimradford/superputty
-
Changelog
Bug fixes:
Fix #2318 Support space in editor path and file path
Updates:
Add rz upload warning and remove cancel button
Add Arabic language support by @haithamalnaeb
https://github.com/electerm/electerm
-
Changelog
This is not a new feature release, but a successor to 8.49 with continued maintenance updates.
Graphical client:
Certain user interface elements would not display correctly on Windows 11. Fixed.
Command-line use:
The SSH Client's command-line clients (sftpc, stermc, sexec, stnlc, spksc) now support the widely accepted "--" syntax to identify the end of named parameters and the beginning of positional parameters.
https://www.bitvise.com/ssh-client
-
Changelog
Fixed invalid handling of X509_verify_cert() internal errors in libssl Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses.
This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. ([CVE-2021-4044])
Corrected a few file name and file reference bugs in the build, installation and setup scripts, which lead to installation verification failures. Slightly enhanced the installation verification script.
Fixed EVP_PKEY_eq() to make it possible to use it with strictly private keys.
Fixed PVK encoder to properly query for the passphrase.
Multiple fixes in the OSSL_HTTP API functions.
Allow sign extension in OSSL_PARAM_allocate_from_text() for the OSSL_PARAM_INTEGER data type and return error on negative numbers used with the OSSL_PARAM_UNSIGNED_INTEGER data type. Make OSSL_PARAM_BLD_push_BN{,_pad}() return an error on negative numbers.
Allow copying uninitialized digest contexts with EVP_MD_CTX_copy_ex.
Fixed detection of ARMv7 and ARM64 CPU features on FreeBSD.
Multiple threading fixes.
Added NULL digest implementation to keep compatibility with 1.1.1 version.
Allow fetching an operation from the provider that owns an unexportable key as a fallback if that is still allowed by the property query.
https://www.openssl.org/
-
Changelog
Security bugfixes:
OpenSSL DLLs updated to version 3.0.1.
New features sponsored by the University of Maryland:
Added new "protocol = capwin" and "protocol = capwinctl" configuration file options.
New features for the Windows platform:
Added client mode allowing authenticated users to view logs, reconfigure and terminate running stunnel services.
Added support for multiple GUI and service instances distinguised by the location of stunnel.conf.
Improved log window scrolling.
Added a new 'Pause auto-scroll' GUI checkbox.
Double click on the icon tray replaced with single click.
Other new features:
Rewritten the testing framework in python (thx to Peter Pentchev for inspiration and initial framework).
Added support for missing SSL_set_options() values.
Updated stunnel.spec to support RHEL8.
Bugfixes:
Fixed OpenSSL 3.0 build.
Fixed reloading the configuration with systemctl reload stunnel.service.
Fixed incorrect error messages for OpenSSL functions.
https://www.stunnel.org/index.html
-
Changelog
New features sponsored by the University of Maryland:
Added new "protocol = capwin" and "protocol = capwinctrl" configuration file options.
New features for the Windows platform:
Added client mode allowing authenticated users to view logs, reconfigure and terminate running stunnel services.
Added support for multiple GUI and service instances distinguised by the location of stunnel.conf.
Improved log window scrolling.
Added a new 'Pause auto-scroll' GUI checkbox.
Double click on the icon tray replaced with single click.
OpenSSL DLLs updated to version 3.0.1.
Other new features:
Rewritten the testing framework in python (thx to Peter Pentchev for inspiration and initial framework).
Added support for missing SSL_set_options() values.
Updated stunnel.spec to support RHEL8.
Bugfixes:
Fixed OpenSSL 3.0 build.
Fixed reloading configuration with "systemctl reload stunnel.service".
Fixed incorrect messages logged for OpenSSL errors.
Fixed printing IPv6 socket option defaults on FreeBSD.
https://www.stunnel.org/index.html
-
(https://i.postimg.cc/LXKjnSmK/Xftp.png)
Powerful SSH, TELNET, SFTP, RLOGIN and SERIAL terminal emulator with strong security features, emulation customization, script support, and more.
Freeware
Changelog
ADD: Added a highlight on/off option in Key Mappings
ADD: Add username and computer name to authentication request files
ADD: Option to cycle through Find results
ADD: Option to turn on/off the displaying of a session's properties in the Session Management window
ADD: Added Find Next/Find Previous in Find menu and can also be set as shortcut keys
ADD: Option to maintain or remove highlights after closing the Find window
ADD: Ability to customize which sessions and tabs to send keystrokes to
MOD: Improved terminal speed when using on-the-fly highlighting
MOD: Buffer emptied more efficiently when scroll buffer is full (improves terminal speed)
MOD: Improved performance when channel information updates during tunneling
MOD: Improved performance when finding selected text area
FIX: Unable to process the % character in passwords for URLs when using the script xsh.session.open
FIX: Crash during text output when auto-scrolling is disabled
FIX: Unable to disable Smart Selection from the Smart Selection menu
FIX: Certain key actions not applied properly when using tmux
ADD: PKCS#11 Certificate support
FIX: String formatting function not working when creating AppLog
FIX: When opening multiple sessions, they do not open in order
FIX: Live update process runs multiple times
FIX: Even after authentication in one product in PowerSuit or XshellPlus, other products try to authenticate
http://www.netsarang.com/products/xsh_overview.html
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
Bug fixes:
fix #2332 Fix duplicate input in linux
fix #2321 Fix paste editor path cause transfer file issue
Updates:
Update ssh2/xterm modules
https://github.com/electerm/electerm
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Donationware
http://kitty.9bis.net/
-
Whats new:>>
Fix the issue with Private key usage confirmation.
http://kitty.9bis.net/
-
(https://i.postimg.cc/T3q1hSqy/screenshot-1515.png)
Speedy SSH client wrapped in a GUI, featuring an integrated FTP-to-SFTP bridge and support for TCP/IP tunneling, restarted transfers, directory listing, and more.
Freeware
Changelog
New features:
SFTP drive: Access files on an SFTP server as if they were local, from any Windows application.
Terminal session recording: The content of terminal sessions can now be automatically saved to files.
SSH jump proxy: The SSH Client can now more conveniently connect to a final destination SSH or SFTP server, by first connecting to an SSH jump server.
Keyboard shortcuts: An SFTP window can now be opened more practically from a terminal window, and vice versa.
Cryptography: New cryptographic algorithms include chacha20-poly1305 and encrypt-then-MAC hashing.
https://www.bitvise.com/ssh-client
-
Whats new:>>
ADD: Ability to send strings line by line in the Command Pane
MOD: Changed crash report server
FIX: Unable to connect to nginx ssh proxies
FIX: Screen not refreshing properly in Vi
FIX: Crash when sending key input to all sessions
FIX: Crash when changing display scaling on certain Windows OSes
http://www.netsarang.com/products/xsh_overview.html
-
Changelog
Bug fixes:
fix #2349: Fix locale check fail may cause app can not start in win7
fix #2350: Fix file conflict modal infomation
fix #2346: Fix rz/sz ends cause encode setting lose
Updates:
Improve performance when save update bookmarks
Known issues:
[rz] When upload file with rz command, for file > 1M, may not end properly, and may not update progress, but still upload in background.
When use edit with... from context menu, editor only support apps in system path, means editor name without path
https://github.com/electerm/electerm
-
Changelog
New features:
Added a bash completion script.
Bugfixes:
Fixed a transfer() loop bug.
https://www.stunnel.org/index.html
-
Whats new:>>
Merge pull request: Add far2l terminal extensions support (#357)
http://kitty.9bis.net/
-
Changelog
SFTP drive:
On systems with negative UTC offsets, the Windows Command Prompt would display unexpected error messages as part of directory listings for directories without an SFTP file time. Fixed.
Terminal:
Starting a clipboard selection now pauses terminal output.
Double-clicking the system icon now once again closes the terminal window.
Remote Desktop:
The setting Share clipboard is now enabled for new profiles by default.
Window behavior:
The SSH Client can now be configured to prevent system sleep, for example when connected.
Command-line use:
The log utility did not work at all in version 9.12. Fixed.
The main SSH Client window now supports the option -start=login which can be used in conjunction with other -start=... options. For consistency with previous versions, the option -loginOnStartup is now an alias for -start=login,tray. This means the SSH Client connects automatically and also minimizes to the system notification area. When opening an SSH Client profile through right-click > Connect, the profile is now opened with -start=login, but not tray. This means the SSH Client connects automatically with the main window visible.
https://www.bitvise.com/ssh-client
-
Changelog
Upgrade:
When upgrading from versions before 9.xx, the automatic log archival task is now disabled. This is to avoid interfering with any log maintenance the administrator has already set up.
If settings before 9.xx configured no limit to the number of simultaneous connections, such settings would be upgraded incorrectly to apply a lower limit. Fixed.
FTPS:
If the FTPS protocol is enabled, the SSH Server now supports TLS 1.3 on Windows versions where it is available. Currently, this requires Windows 11 or Windows Server 2022.
Tasks:
Log maintenance and command execution tasks now log an Info-level log event when they start.
Task triggers now support endsWith and contains as operators that work on strings. The contains operator also continues to work on structures, as it did previously.
Control Panel and Settings:
When configuring an encrypted volume in Advanced settings, the setting Full path to data file would have a misleading browse interface which did not allow selecting a filename which does not yet exist. Instead, a full path to a nonexistent file had to be entered manually. The browse interface now supports configuring a file which does not yet exist.
The Log Folder Viewer was not showing file icons in version 9.12. Fixed.
In the Statistics CSV export dialog, suggested filenames could include invalid characters. Fixed.
In account and group lists, reduced the number of columns for improved clarity and performance.
Command-line utilities:
The log utility did not work at all in version 9.12. Fixed.
https://www.bitvise.com/ssh-server
-
Whats new:>>
Fix: another bad memory allocation.
http://kitty.9bis.net/
-
Changelog
SSH:
When using one of the key exchange methods with Diffie Hellman group exchange, the SSH Client and FlowSsh could perform an invalid memory access. Invalid DH group size parameters could be sent to the server. Fixed.
Graphical client:
When the setting Window behavior > New child windows was set to Restore last position (default value in versions 9.12 and 9.14), the SFTP window could open off-screen. Fixed. The default value of this setting is now Center to parent.
The following settings now support environment variable expansion:
Options > Execute Local Command
RDP > Remote Desktop > Profile
RDP > Command-Line Parameters > Custom
SFTP > Local and Upload Settings > Initial directory
Improved keyboard navigation via Tab-key.
Terminal:
The terminal window in the graphical SSH Client could crash or deadlock, especially during selection. Several issues fixed.
The terminal window title could be blank. Fixed.
SFTP:
If a custom SFTP subsystem is configured, this is now invoked as an SSH exec request instead of a subsystem request. This should work with more servers where this feature is needed.
Command line:
sftpc will now use the SFTP protocol version setting from the profile, if a -profile=... parameter is used.
The graphical SSH Client now supports the -sftpVersion command-line parameter to override the loaded profile.
All clients now support the -dhGexMinBits parameter.
The parameter -rdpCustomSettings is now -rdpCustomStg and can appear multiple times to configure multiple Remote Desktop settings.
https://www.bitvise.com/ssh-client
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
UI:
Improve setting/bookmark panel UI
Improve tabs UI
Update pinned side panel UI, now will not cover terminal
Updates:
Improve performance(may still having performance issue, please feedback)
Improve some wording
https://github.com/electerm/electerm
-
Whats new:>>
Quick bug fix: Fix window resize not working issue
https://github.com/electerm/electerm
-
Changelog
SFTP drive:
When disconnecting, the SFTP drive will no longer cause a prompt that the SSH session is still active, unless another application is holding a file or directory handle open.
Note that the Windows Command Prompt does keep a directory handle open indefinitely, as long as the window (or the cmd.exe process) is open.
Terminal:
In previous 9.xx versions, the key combinations Ctrl+_ and Ctrl+^ could not be sent. Fixed.
SSH Server Remote Control Panel:
This version contains the Bitvise SSH Server Remote Control Panel (WRC) necessary to remotely administer SSH Server versions 9.16 and higher.
https://www.bitvise.com/ssh-client
-
Changelog
Upgrade:
A major new feature in SSH Server 9.xx versions is the Windows session cache. This is enabled by default for new installations. When enabled, settings such as the On-logon command have a different effect than in previous SSH Server versions.
To preserve behavior, the Windows session cache is now disabled when upgrading existing settings from versions 8.xx and earlier.
In versions 8.xx and earlier, it was possible to configure settings in subtly inconsistent ways. For example, it was possible to remove or rename a Connect profile so that the port forwarding settings in a group settings entry referenced a Connect profile which no longer exists.
In previous 9.xx versions, the settings interface would not open after upgrading an installation which had settings configured this way. Fixed.
Control Panel and Settings:
When configuring an encrypted volume in Advanced settings, the setting Full path to data file now won't display an overwrite prompt when selecting an existing file.
Default settings in Tasks and actions now include straightforward examples for email notifications for uploads and downloads. These examples won't appear when updating from previous 9.xx versions unless the task list is reset to apply the new defaults.
The Log folder viewer now once again supports the Enter key to open the selected file.
Connections:
In previous 9.xx versions, the Connection on-logon command was broken and did not work. Fixed.
File transfer:
The Encrypted volume and Other SFTP server filesystem providers can now be configured to limit access to a subdirectory of the encrypted volume or remote SFTP filesystem.
Bitvise SSH Server provides access to filesystems which do not support POSIX permissions. In versions 8.xx and older, the SSH Server would respond to attempts to set POSIX permissions, such as using chmod, by simulating success. In previous 9.xx versions, the SSH Server would respond with failure if a client attempted to set only POSIX permissions, but not any supported attributes. This is a problem for scripts that assume chmod to succeed. The SSH Server will now once again simulate success for such requests.
If the feature Move completed uploads was configured in an account settings entry, as opposed to a group settings entry, the account would not be able to log in. Fixed.
The correct filesystem provider is now logged when an SFTP client attempts to use an invalid handle.
https://www.bitvise.com
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Multi-Input Scripts: Added possibility to search scripts
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/HLS5SfJ3/NVIDIA-Ge-Force-Now.png)
This versatile, cross-platform client can handle SSH, Telnet, Serial, Shell, and SFTP terminals simultaneously, greatly enhancing the workflow and productivity of the user.
Freeware
Changelog
Features:
[APP] Added Windows x86_64 version. #213
[APP] Added MacOS x86_64 version. #46 #65 #306 #372 #408 #412 #418 #429
[APP] Update the third-party libraries and tools to the latest version: #237
Qt v5.15.2
libssh v0.9.6
openssl v1.1.3m
pcre2 v10.39
spdlog v1.9.2
zstd v1.5.2
gsudo v1.0.2
vcxsrv v1.20.14.0
[SHELL] Supports running 64-bit windows shells, like 64-bit cmd, powershell and so on.
[SHELL] The Windows version automatically chooses to use ConPty or WinPty depending on the system.
[SSH] Use VcXsrv instead of XMing as the X server to improve compatibility, display and performance. #157
[GUI] Added support for Unicode 13.
[GUI] Supports showing or hiding Toolbar in the focus mode. #331
[GUI] Added New Session menu item in the Session pane. #424
[GUI] Added Description text edit in the Session dialog. #336 #423
[TERM] Supports OSC 8 to set the hyperlink. #160 #413 #453 #454
[TERM] Supports OSC 52 to allow clipboard synchronization.
[TERM] Supports 8-bit controls IND, NEL, HTS, RI, SS2, SS3, SPA, EPA, SOS, DECID.
[TERM] Supports setting the initial modes: #134 #473
Auto Wrap Mode (DECAWM)
New Line Mode (LNM)
Reverse Screen Mode (DECSCNM)
Cursor Keys Mode (DECCKM)
Numeric Keypad Mode (DECNKM)
[SFTP] Supports specifying file creation permissions, the default permissions is 644.
[SFTP] Supports specifying fold creation permissions, the default permissions is 755.
[SFTP] Supports fixing invalid path characters when downloading and editing files. #371 #383
[SFTP] Uploading and downloading files preserves the permissions of the files and folders. #340 #469
[SFTP] Uploading and downloading files preserves the timestamp of the files. #445 #487
[SESSION] Supports resolving ~ to the user home directory in Windows. #464
[SESSION] Supports highlighting timestamps in ISO 8601 and RFC 2822 formats.
[SESSION] Supports independent setting of word separators for the alt screen. #252
Improvements:
[APP] Added WindTerm.png and WindTerm.desktop created by sakura1943 from archlinux to the Linux version. #320
[GUI] Better support for high DPI displays. #80 #251
[GUI] Hide the shortcut keys containing Meta in the Windows and Linux systems.
[GUI] Modify shortcut keys to conform to the MacOS system standard.
[GUI] The default send count of the Sender is changed from infinity to 1. #449
[SSH] Supports setting identify files with relative paths. #305
[SSH] Automatically clear the automatic login information when modifying the target. #329
[TERM] Improve the performance of parsing the control sequences.
[TERM] Better support for 7-bit controls (S7C1T) and 8-bit controls (S8C1T).
Bug Fixes in Version 2.3.1 (2022-02-22):
[GUI] Toolbar icons did not scale correctly on screens with different resolutions. #256 #348 #463
[GUI] After clearing the automatic login information, modifying host or port will cause the connect and save buttons to be disabled.
[GUI] MessageBar supports copying text. #492
[GUI] Added tooltips to the Window Date/Time Format input boxes in the Session Settings dialog to describe the date/time format.
[LOG] The parameter %h of the log content template was not correctly parsed as Host Address.
[LOG] The precision of the timestamp has been improved to 1ms. #497
[LOG] The timestamp recorded in the log does not match the timestamp displayed. #497 #511
[SHELL] In MacOS and Linux systems, processes configured with multiple parameters cannot run. #259
[SESSION] Session host cannot contain @ character. #512
[SESSION] The painted 24-bit colorbar has many tiny gaps.
https://github.com/kingToolbox/WindTerm
-
Whats new:>>
Bug fixes:
Fix context menu paste function.
UI:
Always use tree list in bookmark select.
Other updates:
Update dependencies.
https://github.com/electerm/electerm
-
Changelog
Installation and update:
Due to a bug in the log utility included with SSH Client version 9.12, using built-in update functionality to update from version 9.12 to versions 9.14 - 9.16 would fail. Now, when updating from version 9.12, the first attempt will still fail, but will replace the log utility so that a second attempt succeeds.
Running the new version installer directly to update manually works for all versions and does not trigger this issue.
SSH:
Starting with versions 9.xx, at the start of an SSH connection, the SSH Client would wait to send its SSH_MSG_NEWKEYS message until it has received it from the server. As a result, connections to certain SSH servers would not work. Affected servers include xlightftpd and RomSShell used by certain Brocade network equipment. The client now once again sends this message promptly.
Fixed issue which could cause the SSH Client to disconnect and generate the error "SSH manager has been terminated by exception: Null pointer read". This was more likely when using an SSH jump proxy, configurable in Proxy settings, but could occur generally using SSH tunneling.
Improved detection of misconfigured obfuscation settings.
Graphical client:
Logout behavior is now configurable. When disconnecting, the SSH Client can now be configured to close open windows without asking for confirmation.
SFTP GUI:
The graphical SFTP interface can now display Owner and Group columns for remote files.
Remote directory properties now show disk usage and free space information.
sftpc:
A new df command now shows disk usage and free space information.
Terminal:
The terminal window in the graphical SSH Client now supports additional settings for text selection and copying: word boundary characters for double-click select; whether double-click select can span more than one line; and whether to trim any trailing spaces when copying.
Terminal window settings now display fonts alphabetically sorted.
SSH Server Remote Control Panel:
The SSH Server Remote Control Panel window did not close when the SSH connection disconnected, and the window was not usable after. The window now closes as intended.
https://www.bitvise.com
-
Changelog
Installation and update:
Due to a bug in the log utility included with SSH Server version 9.12, using built-in update functionality to update from version 9.12 to versions 9.14 and 9.16 would fail. Now, when updating from version 9.12, the first attempt will still fail, but will replace the log utility so that a second attempt succeeds.
Running the new version installer directly to update manually works for all versions and does not trigger this issue.
When an SSH Server update was started automatically, but uninstallation of the existing version failed, the SSH Server would not automatically restart. When updating to future versions from version 9.17 or higher, if uninstallation fails but rollback succeeds, the main SSH Server service will now be restarted.
Settings:
When pasting from clipboard, password fields would accept ASCII control characters, including newline characters that are included by Excel when copy & pasting a selected cell. Password fields will now filter out control characters when pasting, including the Tab character.
SSH:
Improved detection of misconfigured obfuscation settings.
File transfer:
In previous versions including 8.xx, if an SCP client interrupted a download – such as by disconnecting – the SSH Server's SCP subsystem would still completely read the file and record a complete download in the I_SFS_TRANSFER_FILE event. Interrupted SCP downloads are now correctly logged as incomplete.
https://www.bitvise.com
-
Whats new:>>
New features:
Support trzsz (https://github.com/trzsz/trzsz, trz/tsz, similar to rz/sz), and compatible with tmux(by @lonnywong)
Fix #2385 Batch input support multi line
Bug fixes:
Fix after paste with context menu, lose focus issue
https://github.com/electerm/electerm
-
Changelog
Security bugfixes:
OpenSSL DLLs updated to version 3.0.2.
New features:
Updated stunnel.spec to support bash completion
Bugfixes:
Fixed an PRNG initialization crash (thx to Gleydson Soares).
https://www.stunnel.org/index.html
-
Whats new:>>
Performance Improve
Resolve bookmark related(create, delete, clone etc) performance issue
Other info:
Will continue improve performance in future releases.
https://github.com/electerm/electerm
-
Whats new:>>
New feature "WSL Starter": Easy access to WSL on Windows (Tools->WSL Starter)
Bug fix: Now correctly restoring the window in some cases with multiple monitors
http://winsshterm.blogspot.com/
-
Changelog
Bug fixes
fix #2408 Fix privacy notice link
fix #2410 Trim hostname ( #2411 )
New features
Support terminal cursor style setting
Performance
Refractor file transfer, always compress folder and transfer
Improve session performance, do not render sftp components when invisible
Improve tabs control performance
Will continue improve performance in future releases.
ONION
Use same icon as in file list when open file info modal
Better release note format
New file transfer UI
Other updates
Improve npm publish process
Upgrade trzsz to 0.3.2, improve tmux pane progress bar. (by @lonnywong )
Check https://github.com/electerm/electerm/wiki/Know-issues for more known issues
https://github.com/electerm/electerm
-
Whats new:>>
Quick Bug fix release:
Fix #2416 Fix window size remember
Fix file transfer in windows OS
https://github.com/electerm/electerm
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
Fix #2421 Fix search lose focus issue
Fix #2419 Fix password dropdown select function
Fix #2415 [macos] Fix edit file with local app function (#2420)
https://github.com/electerm/electerm
-
Whats new:>>
New features:
Support serialport (#2428)
Bug fixes:
Fix remember window size
Other updates:
[linux] Add --in-process-gpu command line flag
Update issue template
Use playwright to do e2e test, upgrade electron to v17 (#2427)
https://github.com/electerm/electerm
-
Whats new:>>
Quick Bug fix:
Fix #2438 [windows only] Fix close tab cause app stop working
New features:
Fix #2433 Always save/restore current terminal state when reload or duplicate tab
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes:
fix #2445 bug fix: Fix click other place cause transfer panel freaze
New features:
Support multi window (#2440)
Add "New window" menu to dock (#2442)
https://github.com/electerm/electerm
-
Whats new:>>
Quick bug fix: dock menu code cause app can not run in linux and windows
https://github.com/electerm/electerm
-
(https://i.postimg.cc/HLS5SfJ3/NVIDIA-Ge-Force-Now.png)
This versatile, cross-platform client can handle SSH, Telnet, Serial, Shell, and SFTP terminals simultaneously, greatly enhancing the workflow and productivity of the user.
Freeware
Changelog
Translation:
[FRENCH] Update the language file, contributed by EvoWebFrance@github and LuxNegra@github. #499
[CHINESE] Update the language file, contributed by Lemonawa@github. #607
Features:
[APP] Update the third-party libraries and tools to the latest version: #48 #585
gsudo v1.2.0
clink v1.3.15
[APP] Supports dynamic memory compression, typically 20% to 90% of the working memory load can be reduced.
[APP] Supports system proxy.
[APP] Supports global proxy, including No Proxy, System Proxy, Http Proxy and Socks v5 Proxy.
[APP] Supports specifying the path of the .wind profiles folder to facilitate subsequent upgrades and cloud synchronization. #161 #411 #438 #529 #537 #541 #601
[GUI] Add Anything Palette and Tunnels buttons to the menu bar.
[GUI] Add XServer button to the menu bar.
[GUI] Supports opening the Profiles Directory Dialog via menu item File - Preferences - Profiles Directory.
[GUI] Supports using Alt+1 to Alt+5 to select the first to fifth tab, and Alt+0 to select the last tab. #82 #86 #420
[LOG] The log file name and content templates support including %z - Time Zone.
[SESSION] Supports setting the background color of the tab of a session.
[SESSION] Supports using the shortcut key Ctrl+D to close the unconnected or disconnected session. #397 #526
[SESSION] Supports new proxy type ProxyCommand. #557
[SESSION] Supports importing "ProxyTelnetCommand" field from PuTTY configuration.
[SESSION] Supports clearing the screen locally. #335 #447 #530 #553 #571
[SCHEME] Added dumb system to support highlighting, folding, outlining and clearing the screen locally of dumb devices.
[SESSION] Supports delayed sending of commands that are automatically executed after startup. The default delay is 1 second. #428
[SESSION] Supports free type mode that allows the use of the mouse to move the cursor, select text and drag and drop text. #239 Intro video
Drag mouse to select text.
Double-click to select a word.
Triple-click to select the line.
Shift + Click to select a piece of text.
Move the cursor by Alt + Mouse Click. For convenience, when the Term is xterm or xterm-256color, only a mouse click is required to move the cursor.
[SSH] Supports independent tunnels opening, stopping and management. #189 #194 #373 #444
[SSH] When the listening port of a tunnel is set to 0, dynamic port allocation is supported.
[SSH] Supports automatically opening the internal X Server on startup.
[SSH] Supports configuring VcXsrv Windows X Server, including Display number, Window mode, Clipboard, Keyboard etc.
[SSH] Supports VcXsrv Windows X Server extensions.
XTEST
SECURITY
XINERAMA
XFIXES
XFree86-Bigfont
RENDER
RANDR
COMPOSITE
DAMAGE
MIT-SCREEN-SAVER
DOUBLE-BUFFER
RECORD
DPMS
X-Resource
GLX
[SSH] Supports setting custom environment variables for ProxyCommand.
[SSH] Reduce the remote tunnels check time to 0.5 second to speed up the transfer. #444
[SSH] Tunnels will open KeepAlive by default to prevent being disconnected by timeout. #557
[SSH] JumpServer will open KeepAlive by default to prevent being disconnected by timeout.
[SHELL] The cmd and admin:cmd sessions support rich completion, history, and line-editing capabilities by integrating the clink. #585
[SCHEME] Supports highlighting IPv6 and MAC.
[TERM] Supports OSC 133;A, OSC 133;B, OSC 133;C, OSC 133;D to set the start position and end position of prompts and outputs.
Improvements:
[API] Changed api names from Show*Dialog to Open*Dialog, for example, showFocusModeDialog is changed to openFocusModeDialog.
[GUI] Added new list and table widgets, and support button bar at the bottom.
[GUI] Added Warning state and corresponding color to the SlipButton widget.
[GUI] Line feeds are no longer included when selecting by line.
[GUI] The pop-up widget of the More button in the toolbar is modified to a menu.
[TAB] Even when only one tab is open, the activation mark of the tab is displayed.
[TAB] Improve the appearance of a tab by increasing the transparency of the background color and reducing its drawing area.
[SSH] Tunnels will no longer be forced closed when a non-critical error occurs.
[SSH] Hide the configuration items of X Server in the MacOS and Linux systems. #649
[SESSION] When a SOCKS5 error occurs, more detailed error information will be provided.
[TEXT] Optimized the wrapping performance of lines that contain only ascii characters.
[TRANSLATION] Automatically handle mnemonic characters in strings to be translated.
[MACOS] Use a separate menu bar for consistency with other versions.
[MACOS] Make the application icon smaller for better looks. #463 #651
Bugs:
[APP] When a session using dumb system is disconnected, executing Clear Screen will cause the application to crash. #553 #629
[APP] When a session is disconnected, clicking the hyperlink will cause the application to crash.
[GUI] Resizing the Filer pane will cause a black color block. #608
[GUI] Switching a session from sync channel A to sync channel B causes the channel prompt message bar to disappear.
[GUI] The environment variable of the process of the Shell session cannot be set to multi-line text.
[GUI] When the environment variable being typed in the Process Environment dialog did not exist, the variable value in the text box was incorrectly emptied.
[GUI] When the session is disconnected, the transfer items in the transfer bar cannot be manipulated. #547
[GUI] When using the shortcut key Ctrl+Shift+W to close a tab, the confirm dialog will not pop up.
[GUI] The text in the input box is sometimes displayed in gray as placeholder text.
[GUI] After modifying the name or icon of a session, reconnecting the session did not use the new name and icon correctly.
[GUI] When the bottom dock is expanded, the tooltip of the Expand button should be Shrink, not Expand.
[GUI] Supports viewing and copying the server's IP in the info popup window. #658
[GUI] Supports viewing and copying the serial session's Baud Rate, Data Bits, Parity, Stop Bits, Flow Control in the info popup window.
[GUI] Supports the text in the info popup window can be selected using the mouse and keyboard.
[LOG] Blank lines in the log are incorrectly logged as %v. #556
[SSH] Unable to log in to the system with a user with blank password. #504 #579
[SSH] When the server does not provide any authentication method, no related error message is displayed.
[SSH] The ssh.ciphers, ssh.keyExchange, ssh.macHashes, ssh.publicKeys do not take effect after configuration.
[SCHEME] When the session's system is set to non-linux, punctuation is not colored correctly.
[SERIAL] The log folder cannot be created correctly when the session name happens to be a system reserved name, such as CON, NUL, COM, LPT, AUX, PRN etc. #624
[SESSION] When modifying DataType of a Tcp Session to text and saving, the value is incorrectly saved as binary.
[SESSION] When the session is disconnected, some cached text may not be correctly output to the screen.
[SESSION] When the session is logged out, no Remote channel is closed is reported.
[SESSION] When the session is disconnected due to a timeout, no The remote host closed the connection is reported.
[SESSION] SOH, STX, ETX, EOT, ACK, DLE, DC1, DC2, DC3, DC4, NAK, SYN, ETB, CAN, EM, SUB, FS, GS, RS, US are displayed incorrectly. #539
[SESSION] When page up and down when executing less /etc/services, ESC M characters are displayed incorrectly. #621
[TAB] The background color of the close button in the tab of the Shell Pane is not transparent.
[TERM] Failed to pass the test of cursor-control characters inside ESC sequences of vttest.
[TERM] When switching from the alternative screen to the main screen, the cursor shape is not restored. #517
[MACOS] When creating a new session, the icon of the session cannot be selected. #618
[MACOS] When the info window pops up, the system will ask if the application need permission to record the screen.
https://github.com/kingToolbox/WindTerm
-
Changelog
Bug fixes:
Fix with split terminal click sftp would break app process
Fix a memory leak in sever side
New features:
Remember pinned sidebar state
Add confirm before exit option in settings
Performance improve and code refractor:
Use standalone footer module
Refractor event related code
Refractor quick command related code
Other updates:
Improve default light theme UI
Improve edit with menu related UI/UX
Do not start default terminal when user set start bookmarks
https://github.com/electerm/electerm
-
Whats new:>>
Bug fix: Fixed some focus issues
Script Runner: Output CustomId if not empty
http://winsshterm.blogspot.com/
-
Changelog
Bug fixes:
fix #2466 Fix tab title
fix #2472 Fix serial port form custom baudRate support
Remove system tray since it is useless, fix auto hide function
fix #2471 Fix fullscreen UI
New features:
fix #2469 Support pin quick command panel to bottom
Support term search options(whole word, regexp, case sensitive)
Performance improve:
Use standalone term search module
Other updates:
Updates modules ssh2->1.10.0, react -> 18.1.0, xterm -> 4.19beta
Update use guide wiki
https://github.com/electerm/electerm
-
Changelog
Bug Fixes in Version 2.4.1 (2022-04-25):
[APP] The application crashes when closing VPN. #684
[MACOS] The application sometimes crashes when exiting. #281 #463 #665 #670 #672 #681 #698
[MACOS] The text box in the login wizard does not support copy and paste with shortcut keys Command+C and Command+V. #682
[WINDOWS] The icon of application is unexpectedly smaller.
[GUI] The caret of the range selected with Shift modifier is always the position of the command prompt.
[GUI] When the proxy in the session dialog is initialized to No Proxy, the widgets below it are not hidden correctly.
[SSH] When there are multiple authentication steps, each step does not give enough hints. #632
[SSH] When a login method is disabled, the corresponding tab in the login wizard are still visible. #632
[SSH] Automatic login does not support including the same authentication method multiple times. #694
[SSH] chacha20-poly1305@openssh.com is not sent to the server when logging in.
[SSH] After the automatic login fails, the login wizard is not displayed. #476
[SSH] The login wizard does not give any hints when all authentication methods are disabled.
[TERM] Lines in VIM are not aligned atfer auto wrap. #260 #555 #683
[TERM] GNU Screen 4.00.03 cannot be displayed properly. #697
[TERM] The control sequence OSC 133;C; is not properly supported. #680 #693
[SESSION] The text in btop is not displayed properly. #583
https://github.com/kingToolbox/WindTerm
-
Changelog
Bug fixes
Fix #2478 Fix rz/sz (#2481)
Fix #2477 Fix disable check upgrade on start can not manually check update in about panel
Fix terminal input exit do not corrently close terminal
Fix #2476 Fix open all bookmarks in category function
Other updates
Skip upgrade check for windows store build and snap build
https://github.com/electerm/electerm
-
Changelog
Installation and update:
Improved reliability of creating temporary directories which could previously cause installation to fail.
Main window:
The FTP bridge password input fields on the Services tab now scroll horizontally.
Terminal:
Fixed issues that could cause the terminal window to display output incorrectly in situations that are difficult to reproduce. We continue to investigate and welcome feedback from users who experience these issues.
SSH:
When using Diffie-Hellman key exchange methods with group exchange, the SSH Client would accept only server-generated groups with a generator much smaller than the modulus. Some servers, such as Rebex, send a generator parameter as large as the modulus. The SSH Client will now accept such groups.
We cannot guarantee that unusual server-generated groups will work with Windows CNG cryptography. We continue to disrecommend Diffie-Hellman key exchange methods that use group exchange due to such compatibility issues. The SSH Client continues to downrank these key exchange methods by default.
https://www.bitvise.com
-
Changelog
Installation and update:
Improved reliability of creating temporary directories which could previously cause installation to fail.
Control Panel:
Fixed behavior of the pop-up menu when clicking the notification area icon.
Added support for Ctrl+A and Ctrl+Backspace key combinations in a variety of user interface elements that did not previously support them.
Addressed support for Esc and Tab keys in the Manage certificates dialog.
Fixed issue when deleting log files in the Log folder viewer.
In Easy settings, the Back and Next buttons were incorrectly swapped. Fixed.
Connections:
In previous 9.xx versions, the Connection timeout feature did not work. Fixed.
Tasks:
Configuring an On-logon command for an Execute command task would result in an error when running the task. Fixed.
Improved elevation handling for Windows sessions created for tasks.
SFTP jump server mount points:
Greatly improved diagnostic logging for connection issues when configuring Another SFTP server mount points.
Fixed an issue which would cause the SSH Server to emit an invalid SFTP packet when using Another SFTP server mount points. This would cause repeated connects and disconnects.
https://www.bitvise.com
-
Changelog
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.3.
* New features
- Updated the pkcs11 engine for Windows.
* Bugfixes
- Removed the SERVICE_INTERACTIVE_PROCESS flag in
"stunnel -install".
https://www.stunnel.org/index.html
-
Changelog
New feature "Connection Filter": Filter connections quickly with include and/or exclude patterns (Navigate->Connection Filter)
Script Runner/Cluster Mode: New button "Con filter" to quickly access the new feature "Connection Filter"
Script Runner/Cluster Mode: CTRL+A selects all connections
Cluster Mode: New option to add a connection or all connections inside a folder from the Connections window (Right Click->Add to Cluster Mode)
Cluster Mode: Remember the column count, default is 2
Holding "SHIFT" and opening a connection will open the connection in the next window
PuTTY option "Change Settings..." now available in the tab context menu, which lets you change settings like font size while the session remains active
Disabled editing the connection name by clicking on it (still possible with F2 or "Right click"->Rename)
Info Dialog: New section for Windows, added UBR to the build number for Windows
Bug fix: Focus issue when clicking on the title bar and then on a menu item
http://winsshterm.blogspot.com/
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Bug fix: Quick Connect: Open connection with "Enter" key
Bug fix: Connection Filter: Search for Pattern Groups now functional
Bug fix: Connection Filter: Tab order improved
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
Bug fixes:
Fix duplicate tab function
Fix close quick command function, would stop pinned state
Fix sortable table UI in terminal info panel
Fix terminal info panel table sort
Fix close terminal reopen issue
New features:
Remember sftp sort prop and order
After download upgrade, open downloaded file in folder for linux and windows
When only one tab, remove close button
Other updates:
Add German language file by @Hope-IT-Works
Upgrade trzsz.js to v0.3.4 (#2493) by @lonnywong
Auto submit PR for winget when new release published by @vedantmgoyal2009
Show dev dependencies in app deps list
https://github.com/electerm/electerm
-
Changelog
New feature: Toggle Full Screen for the current session with ALTGR+ENTER
Bug Fix: Alt-Tab: Needs to press tab twice
Bug Fix: Detaching the terminal when using multiple monitors always detaches on the primary monitor
Search, History, QuickConnect: These windows won't get closed when WinSSHTerm looses focus
Tab context menu: Compacted PuTTY menu items into a sub menu / New menu item "Toggle Full Screen"
WSL Starter: Autostart SSH server will now be triggered on demand, when opening a WSL connection
WSL Starter: For a WSL connection, it is now sufficient to set the host and port
Color Scheme: Default color scheme now "WinSSHTerm light" / Adjusted color scheme "WinSSHTerm light"
Color Scheme: New button to set the default light tab color (used in "WinSSHTerm light")
Color Scheme: Default background color now equal to "Tab Color" if "Custom Tab layout" is enabled
new unsupported warning if an architecture mismatch was detected (Popup, Title Bar)
new built-in variable CON.PASSWD to access the SSH password (see point 26 in the FAQ section)
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/qBP6j5tb/screenshot-1802.png)
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator.
Freeware
Changelog
Major improvements to network proxy support:
Support for interactively prompting the user if the proxy server requires authentication.
Built-in support for proxying via another SSH server, so that PuTTY will SSH to the proxy and then automatically forward a port through it to the destination host. (Similar to running plink -nc as a subprocess, but more convenient to set up, and allows you to answer interactive prompts presented by the proxy.)
Support for HTTP Digest authentication, when talking to HTTP proxies.
Introduced pterm.exe, a PuTTY-like wrapper program for Windows command prompts (or anything else running in a Windows console). Not yet included in the installer, but available as a .exe file from the Download page.
Updated Unicode and bidi support to Unicode 14.0.0.
New command-line option -pwfile, like -pw except that it reads the password from a file so that it doesn't show up on the command line.
Windows Pageant: option --openssh-config to allow easy interoperation with Windows's ssh.exe.
-pw (and -pwfile) now do not fall back to interactively prompting for a password if the provided password fails. (That was the original intention.)
New configuration options for keyboard handling:
Option to control handling of Shift + arrow keys
Extra mode in the function-keys option, for modern xterm (v216 and above).
Bug workaround flag to wait for the server's SSH greeting before sending our own, for servers (or proxies) that lose outgoing data before seeing any incoming data.
Crypto update: added side-channel resistance in probabilistic RSA key generation.
Crypto update: retired the use of short Diffie-Hellman exponents (just in case).
Bug fix: reconfiguring remote port forwardings more than once no longer crashes.
Bug fix: terminal output processing is now paused while handling a remote-controlled terminal resize, so that the subsequent screen redraw is interpreted relative to the new terminal size instead of the old.
Bug fix: Windows PuTTYgen's mouse-based entropy collection now handles high-frequency mice without getting confused.
Bug fix: Windows Pageant can now handle large numbers of concurrent connections without hanging or crashing.
Bug fix: if Windows Pageant is started multiple times simultaneously, the instances should reliably agree on one of them to be the persistent server.
Bug fix: remote-controlled changes of window title are now interpreted according to the configured character set.
Bug fix: remote-controlled changes of window title no longer get confused by UTF-8 characters whose encoding includes the byte 0x9C (which terminates the control sequence in non-UTF-8 contexts).
Bug fix: popping up the window context menu in the middle of a drag-select now no longer leaves the drag in a stuck state.
Bug fix: extensive use of true colour in the terminal no longer slows down window redraws unnecessarily.
Bug fix: when PSCP reports the server sending a disallowed compound pathname, it correctly reports the replacement name it's using for the downloaded file.
Bug fix: enabling X11 forwarding in psusan failed to fall back through possible port numbers for the forwarded X display.
For developers: migrated the build system to CMake, removing the old idiosyncratic mkfiles.pl and the autotools system.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://i.postimg.cc/t4GXCgrk/screenshot-1371.png)
PuTTY Key Generator, also known by the PuTTYgen moniker, is a small yet efficient program that can generate RSA and DSA keys for use with the OpenSSH authorized_keys file. It is a component of PuTTY and can be installed automatically with the Telnet client, but the chances are you would also see it incorporated in other third-party software.
MIT License
Changelog
Major improvements to network proxy support:
Support for interactively prompting the user if the proxy server requires authentication.
Built-in support for proxying via another SSH server, so that PuTTY will SSH to the proxy and then automatically forward a port through it to the destination host. (Similar to running plink -nc as a subprocess, but more convenient to set up, and allows you to answer interactive prompts presented by the proxy.)
Support for HTTP Digest authentication, when talking to HTTP proxies.
Introduced pterm.exe, a PuTTY-like wrapper program for Windows command prompts (or anything else running in a Windows console). Not yet included in the installer, but available as a .exe file from the Download page.
Updated Unicode and bidi support to Unicode 14.0.0.
New command-line option -pwfile, like -pw except that it reads the password from a file so that it doesn't show up on the command line.
Windows Pageant: option --openssh-config to allow easy interoperation with Windows's ssh.exe.
-pw (and -pwfile) now do not fall back to interactively prompting for a password if the provided password fails. (That was the original intention.)
New configuration options for keyboard handling:
Option to control handling of Shift + arrow keys
Extra mode in the function-keys option, for modern xterm (v216 and above).
Bug workaround flag to wait for the server's SSH greeting before sending our own, for servers (or proxies) that lose outgoing data before seeing any incoming data.
Crypto update: added side-channel resistance in probabilistic RSA key generation.
Crypto update: retired the use of short Diffie-Hellman exponents (just in case).
Bug fix: reconfiguring remote port forwardings more than once no longer crashes.
Bug fix: terminal output processing is now paused while handling a remote-controlled terminal resize, so that the subsequent screen redraw is interpreted relative to the new terminal size instead of the old.
Bug fix: Windows PuTTYgen's mouse-based entropy collection now handles high-frequency mice without getting confused.
Bug fix: Windows Pageant can now handle large numbers of concurrent connections without hanging or crashing.
Bug fix: if Windows Pageant is started multiple times simultaneously, the instances should reliably agree on one of them to be the persistent server.
Bug fix: remote-controlled changes of window title are now interpreted according to the configured character set.
Bug fix: remote-controlled changes of window title no longer get confused by UTF-8 characters whose encoding includes the byte 0x9C (which terminates the control sequence in non-UTF-8 contexts).
Bug fix: popping up the window context menu in the middle of a drag-select now no longer leaves the drag in a stuck state.
Bug fix: extensive use of true colour in the terminal no longer slows down window redraws unnecessarily.
Bug fix: when PSCP reports the server sending a disallowed compound pathname, it correctly reports the replacement name it's using for the downloaded file.
Bug fix: enabling X11 forwarding in psusan failed to fall back through possible port numbers for the forwarded X display.
For developers: migrated the build system to CMake, removing the old idiosyncratic mkfiles.pl and the autotools system.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Changelog
Health monitoring:
On some systems, the Windows function GetSystemTimes can return inconsistent values. In this case, previous SSH Server 9.xx versions would stop due to an unexpected condition if the setting Health monitoring > Monitor CPU usage was enabled. Fixed.
In general, the SSH Server will no longer stop if one of the health monitoring features encounters an error, but will instead only log the error.
Control Panel and Settings:
Double-clicking the system tray icon for the SSH Server Control Panel would put the window into the foreground if it was hidden, but not if it was minimized, or behind other applications' windows. Fixed.
In the Custom events interface under Advanced settings > Logging, events are now sorted by default according to name, rather than number. Events can still easily be sorted by any column.
Email notifications:
In previous 9.xx versions, DKIM signing did not work. Fixed.
File transfer:
When the Real root path for a mount point did not exist, and the setting Create root path was disabled, the SSH Server would still create the directory if the client sent a "create directory" request. The SSH Server will no longer create the mount point root path in this circumstance.
For newly created mount points, the default value of the setting File sharing for uploads is now Delete instead of the previous value, Read, Delete. This is to prevent files from being read or copied in an inconsistent state by another application or connection while they are being uploaded.
Logging:
Further improvements to diagnostic logging for SFTP jump server mount points.
When logging the flags attribute for an auto-execute command, the Windows job object setting would be logged incorrectly. Fixed.
https://www.bitvise.com
-
Changelog
Terminal:
Restored behavior from previous SSH Client versions, including 8.xx, where right-click can be used immediately after selecting to copy-and-paste the selected text.
The DECSTBM message (Set Top and Bottom Margins) should now be handled correctly.
spksc:
The command-line client for the SSH Public Key Subsystem, spksc, now supports commands to list local keys in addition to public keys configured for public key authentication on the server.
If Ctrl+C was pressed during command execution, spksc would previously hang. Fixed.
Host key manager:
When using the Modify Host Key dialog, pasting a host address containing spaces would cause the SSH Client to crash. Fixed.
https://www.bitvise.com
-
Whats new:>>
Fixed an issue introduced in version 9.19, where passwordless authentication required a Windows restart, or uninstallation and reinstallation followed by restart, in order to work after updating from a previous SSH Server version.
https://www.bitvise.com
-
Changelog
Bug fixes:
Fix #2504: Fix window title
Fix #2505: Fix passphase detect
Fix #2508: Fix tab close in background issue
Fix #2512: Fix quick command not working in split terminal
Fix side panel UI when use system title bar
Fix bookmark panel white screen bug when click transfer icon
UI:
Fix #2510 [UI]: improve setting page UI
Improve tabs UI
Improve sync form UI
New features:
Show warning and close/reload choice when connection lost
Support load themes from iTerm2-Color-Schemes/electerm
Add close process button to activity list in info panel
Other updates:
Improve tab delete function, use watch to handle
Fix theme related test
Updated sync to github/gitee guide
https://github.com/electerm/electerm
-
Whats new:>>
In versions 9.19 and 9.21, it was not possible to create directories through virtual filesystem mount points that provide unlimited access. Fixed.
https://www.bitvise.com
-
(https://i.postimg.cc/MT3jnVQR/screenshot-1716.png)
SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.
You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.
It works on wide range of platforms starting from Windows XP to latest operating system Windows 11.
Freeware
Whats new:>>
Mega 2022 release supporting new Windows 11 platform. Now displays Certificate Serial Number in the list & all reports. Fine tuned Timeout values for high speed scan. Updated with latest SSL/TLS Cipher Suites. Fixed receive buffer size issue with ssl certificate retrieval.
https://securityxploded.com/sslcertscanner.php
-
Whats new:>>
Quick bug fix: Roll back db wrapper, resolve some users can not save config issue
https://github.com/electerm/electerm
-
Changelog
Authentication:
On installations where all of the following is true:
Windows accounts can log in using password authentication.
Virtual accounts are in use and are backed by the automatically managed Windows account.
An account lockout policy is configured in Windows.
In such configurations, it was possible for a remote attacker to lock out the automatically managed Windows account (usually BvSsh_VirtualUsers) by attempting password authentication against it. This would cause connections from virtual accounts to fail. If the SSH Server's automatic IP blocking is stricter than the Windows account lockout policy, the attacker could connect from multiple IP addresses to successfully lock the account.
The automatically managed Windows account could also get locked out accidentally if its password expired, followed by many simultaneous connections from one or more virtual accounts. For example, this could occur with password expiry followed by 100 login attempts in the same second.
The SSH Server now unlocks the automatically managed Windows account if it is locked out. If the password expires, the SSH Server now also takes steps to prevent a lockout due to other simultaneous logins.
Version 9.19 introduced the issue where passwordless authentication required a Windows restart in order to fully function after updating from a previous SSH Server version. Version 9.21 fixed this for updates from previous 9.xx versions, but this was not effective after updating from versions 8.xx. Fixed.
Updating from versions older than 7.21 still always requires a Windows restart for passwordless authentication to fully function.
Email notifications:
When sending email through an outgoing SMTP server, the SSH Server now supports the SMTP authentication method AUTH LOGIN. This allows compatibility with servers such as smtp.office365.com.
https://www.bitvise.com
-
Changelog
Terminal:
When the alternative window buffer is activated, the terminal window now prevents client-side scrolling. This interfered with display of server-side applications which provide their own scrolling via keyboard.
SFTP drive:
There exist servers, such as GlobalSCAPE, which support neither the SFTP request space-available, nor the alternative statvfs@openssh.com. These requests are used to query free space on the server. With such servers, this information cannot be queried, so the SSH Client will now report a very large amount of free space on the SFTP drive. The client previously reported zero free space, which prevented some applications from writing files.
https://www.bitvise.com
-
Changelog
Bug fixes:
Fix some file operation not working in local file manager
Fix reload function not working right when in sftp pane
Improve:
Improve app start time
Add more change log link to upgrade note
Redesign edit with system editor function
Other updates:
Add google analytics to track use statics, check provicy notice link in wiki for detail
Refractor some modules
https://github.com/electerm/electerm
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Donationware
Whats new:>>
fix: autostoresshkey and -auto-store-sshkey options don't seem to be working #389
http://kitty.9bis.net/
-
Whats new:>>
Klink not portable.
Fix compilation issue.
http://kitty.9bis.net/
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Changelog
Jump Server: Implemented the new PuTTY feature "SSH Proxy" (>= 0.77)
WSL Starter: Several bug fixes, WSL variables can now be used in the connection configuration
Info dialog: Version check added
Color Scheme: Improvements to the default color scheme "WinSSHTerm light"
Multi-Input Scripts: Bug fix: Remember current script text when closing
Copy Files: Bug fix: Pop-up when Plink is not installed
Rename Tab: Bug fix when moving tab to another window
Quick connect: Bug fix: Replace variables in tab title
Removed support for KiTTY
Added URL to the support forum (Help->Support)
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
Bug fixes:
Fix #2542 Fix batch input accept newline character
Fix #2531 Fix new tab index logic
Fix #2530 Fix reload do not show terminal issue
https://github.com/electerm/electerm
-
Whats new:>>
Fix upgrade check and ignore upgrade function
https://github.com/electerm/electerm
-
Changelog
Security bugfixes:
OpenSSL DLLs updated to version 3.0.5.
Bugfixes:
Fixed handling globally enabled FIPS.
Fixed openssl.cnf processing in WIN32 GUI.
Fixed a number of compiler warnings.
Fixed tests on older versions of OpenSSL.
https://www.stunnel.org/index.html
-
(https://i.postimg.cc/jSDXwrNs/screenshot-1068.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Add dynamic firewall support.
https://client.pritunl.com
-
Changelog
Major updates:
Resolve tabs components performance issue (#2572)
Use higher server port
Bug fixes:
Fix keyboard event handling in sftp mode (#2560)
Fix bookmark list height, avoid covered by footer bar (#2557)
New features:
Remember batch input history in local storage
Performance improve:
Improve switch tab speed
Improve fullscreen exit icon performance
Improve font list performance
Improve localtorage clear function
Improve sftp sort setting performance
Improve config store performance
Other updates:
trzsz ( trz / tsz ) supports Windows 11 PowerShell (#2565) by @lonnywong
trzsz ( trz / tsz ) supports directories (#2559) by @lonnywong
https://github.com/electerm/electerm
-
Whats new:>>
Improve dynamic firewall support
https://client.pritunl.com
-
(https://i.postimg.cc/HLS5SfJ3/NVIDIA-Ge-Force-Now.png)
This versatile, cross-platform client can handle SSH, Telnet, Serial, Shell, and SFTP terminals simultaneously, greatly enhancing the workflow and productivity of the user.
Freeware
Changelog
Features:
[SESSION] Supports auto completion for Linux Shell, MacOS Shell, PowerShell, Windows Cmd, Git and so on. Intro video
22 Git Commands
32 Windows Cmd Commands
42 Linux / MacOS Shell Commands
3695 PowerShell Commands of Windows Server 2022 and PowerShell v7.3
[SESSION] Supports auto completion for the command snippets from the QuickBar. Intro video
[SESSION] Supports auto completion for History Commands. Intro video
[SESSION] Supports the encrypted storage of command history. The default maximum number of history commands is 10000.
[SESSION] Supports modifying the default configuration of session. #775 #822
[SESSION] Supports ignoring bells received more than once within a specified second, the default is 2 seconds.
[SCHEME] Added macOS system, and all Shell sessions in the macOS system use the macOS by default.
[SSH] Supports Duplicate Session and Duplicate SSH Channel. #623 #669
[SHELL] Automatically add --login and -i parameters when importing Shell sessions. #753 #781
[SHELL] Automatically detect and set LANG environment variables. #347 #705
[TERM] Supports customizing the key values sent by the alt modifier key and meta modifier key.
[GUI] The filtering algorithm of the filter boxes is modified to a multiple pattern matching algorithm.
[GUI] Added Copy Command menu item in the term view to quickly copy the command output.
[GUI] Supports setting whether to enable auto completion, completion content, etc in Settings Dialog - Terminal - Auto Completion. #773 #784 #785 #786 #792 #811 #815 #860
[GUI] Supports setting the number of visual rows of the autocomplete list, and whether to preselect the most matching item in Settings Dialog - Terminal - Auto Completion.
[GUI] Supports setting whether to store history command, as well as storage size, storage time, etc. in Settings Dialog - Terminal - Command History.
[GUI] Supports deleting the saved history command in Settings Dialog - Terminal - Command History. #773
[GUI] Supports setting the bell style in Session Settings Dialog - Terminal - Bell, including Mute, Beep and Customized, the default is Beep. #654 #655
[GUI] Supports setting the Locale in Session Settings Dialog - Shell - Process - Locale environment variables. #347 #705
[TAB] Restore the last modified tab name. #626
[TAB] Automatically add a number sequence to tabs with the same title for easy identification.
[FILER] Add menu items Copy directory path and Copy directory path to terminal.
Improvements:
[SSH] Pageant and ssh-agent authentication are no longer performed by default.
[SSH] When the automatic login fails, the login will no longer restart, but will continue to log in manually. #857
[SSH] When a disconnection is detected during the login, the Reconnect button will be displayed to facilitate a quick reconnection.
[GUI] Add the Remember this step check box to control whether to remember the authentication information of the current step when logging in. #787 #857
[GUI] The filtering algorithm of the filter boxes prefers to match the first and consecutive characters.
[GUI] Set the shortcut key for the action Window.DuplicateView to Ctrl+Shift+D. #770
[GUI] Set the shortcut key for the action Terminal.OpenSession to Alt+O.
[GUI] Change the shortcut key for the actionNew Session from Ctrl+N to Alt+N. #782 #800
[GUI] Disabled the Font Ligature feature of most input boxes.
[GUI] After clicking the clear authentication button, a message box will pop up to display the clear result.
[GUI] In the Session Settings dialog, only the modified configuration items are written to the configuration file.
[GUI] Replace all Window.ShowPane* with Window.TogglePane*. #880
[SCHEME] Cmd supports highlighting Slash Options.
[SCHEME] Impoved the highlighting of Slash Options.
[SESSION] The default lines of scrollback history is limited to 999999.
[SESSION] New reconnection requests are ignored during the connection process. #765
[SESSION] When using the mouse to select text in vim, the alt modifier key must be pressed simultaneously to enter free type mode. #897
[SESSION] In the free type mode, pressing the escape key will exit the mode instead of sending the key to the remote host.
[SESSION] Automatically executed commands are no longer trimmed. #870
[SENDER] The scroll bar is no longer forced to scroll to the bottom of the screen when sending commands.
Bugs:
[SSH] When creating a remote tunnel, the application will crash if the connected port is already in use. #767
[SSH] Closing a remote tunnel will cause other tunnels in the same session to be closed by mistake.
[SSH] Cannot log in correctly when the password contains !=. #679
[GUI] The menu item Session / Open Session does not open the Open Session dialog correctly.
[GUI] The Listen Port does not updated correctly when clicking on a different tunnel item in the Tunnels dialog.
[GUI] In full screen mode, the drop-down box of the address bar will pop up in a new window instead of the current window. #804
[GUI] When there is some wrapped lines, the terminal view may not be drawn correctly when the size changes.
[LOG] Failed to create log files when the session name contains illegal characters, such as :, |, <, >, etc.
[TAB] The text is not correctly elided according to the width of the tab.
[TERM] Special characters cannot be entered using the alt modifier key in macOS.
[SFTP] The configuration item SSH - SFTP - Automatically fix invalid path characters did not take effect when it was set to false.
[SCHEME] Percentages are incorrectly identified as command prompts. #897
[SESSION] Clink fails to start when the application path contains spaces. #736 #746
[SESSION] Unable to enter the Cyrillic characters ? and ?. #783
[MODEM] The path pasted in the sz download dialog did not take effect. #836
https://github.com/kingToolbox/WindTerm
-
Whats new:>>
Bug fixes:
fix #2578 Fix data sync function
Other updates
test: Add data sync test
Improve load speed and fix locale init function (#2576)
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes:
Fix #2582 Fix bookmark quick commands not showing issue
Fix ssh config load fail cause app crash when mouse over bookmark
Other updates:
Improve build and test (#2586)
Improve all data store performance
UI: Improve error message UI(clear text message)
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes:
Fix #2588 Fix context menu position not right when click near bottom
New features:
Fix #2591 feat: Support file extension in file list UI
Fix some rsa key support issue
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes:
Fix #2597 Fix create bookmark category function
New features:
Add cut/paste bookmark context menu in bookmark edit UI
Other updates:
[skip build] Add bookmark group test (#2599)
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes:
Fix check upgrade info at start.
New features:
Added rsa-sha-xxx key sig support from mscdex/ssh2#1200.
Other updates:
Add auto check upgrade test.
https://github.com/electerm/electerm
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Changelog
PuTTY: Replaced command line option "-pw" with the new and more secure option "-pwfile", so if passwords are used for authentication, it is required to use PuTTY/Plink 0.77 or higher
Improvement: WinSSHTerm could freeze in some cases
Bug fix: In some cases it was not possible to delete the file "libWinSSHTerm.dll"
Bug fix: When selecting "Display context menu" as copy&paste behaviour for the terminal, right clicking in a terminal window the first time would close the context menu
http://winsshterm.blogspot.com/
-
Changelog
SECURITY FIX: In version 2.23.0, temporary files are used for PuTTY's new command line option "-pwfile". In some cases these temporary files did not get deleted, that means files containing the password might be inside your temporary folder. So be sure to delete your temporary files folder (probably "C:\Users<USER>\AppData\Local\Temp") if you use passwords to authenticate for your ssh sessions. Instead of using temporary files, now in version 2.23.1 shared memory is used. All password files will be deleted after they got read by PuTTY/Plink. Additionally, only when PuTTY will read the password file, the password is actually written. If you don't use passwords for ssh authentication, you are not affected by this issue.
Bug Fix: WinSSHTerm not exiting properly in some cases when the features "Script Runner" or "Check Access" was used
http://winsshterm.blogspot.com/
-
Whats new:>>
Bug fix: Setting the password command line option for PuTTY/Plink/WinSCP even if password is empty
Bug fix: Minor focus issues
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
New features:
Add export/import all data function in sync setting(fix #2611)
Bug fixes:
Fix upgrade info logic, do not show it if no need to upgrade(fix #2613)
Other updates:
Replace subx with useProxy (#2618), expecting performance improve
https://github.com/electerm/electerm
-
(https://i.postimg.cc/jSDXwrNs/screenshot-1068.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Redesign client
Fix connection state management
https://client.pritunl.com
-
Whats new:>>
Improve error message display.
https://client.pritunl.com
-
Whats new:>>
Interface improvements.
https://client.pritunl.com
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Donationware
Whats new:>>
Fixed [Bug] KITTY 0.76.0.2:
Mouse scrolling in tmux does not work depending on how the session is started
http://kitty.9bis.net/
-
Changelog
New features:
OpenSSL 3.0 FIPS Provider support for Windows.
Bugfixes:
Fixed building on machines without pkg-config.
Added the missing "environ" declaration for BSD-based operating systems.
Fixed the passphrase dialog with OpenSSL 3.0.
https://www.stunnel.org/index.html
-
Whats new:>>
Fix issue with unformatted ovpn profiles
https://client.pritunl.com
-
Whats new:>>
Improve Windows service management
https://client.pritunl.com
-
Whats new:>>
Fix issue disabling tray icon
https://client.pritunl.com
-
Whats new:>>
Redesign profile layout
https://client.pritunl.com
-
Whats new:>>
New features:
feat: Add more term types in term option (fix #2629)
Other updates:
Upgrade deps(xterm/electron/antd), now sogou input should works fine (#2634)
https://github.com/electerm/electerm
-
Whats new:>>
Fix terminal related settings can not be set
https://github.com/electerm/electerm
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
Fix setting or other data not save issue
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes:
Fix auto focus for search input(#2642)
New features:
Add clear batch input history option (#2643)
https://github.com/electerm/electerm
-
(https://i.postimg.cc/jSDXwrNs/screenshot-1068.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Improve interface layout
https://client.pritunl.com
-
Whats new:>>
Bug fixes:
Fix #2645 Fix terminal bg image load
Fix #2648 Fix batch input history clear function
https://github.com/electerm/electerm
-
Changelog
General:
SSH Client help windows now allow selection and copy & paste.
Updated keyboard shortcuts in the pop-up menu for the SSH Client icon in the system notification area. This resolves conflicts and makes the shortcut keys consistent with Ctrl+Shift shortcuts in SSH Client windows.
SSH:
The SSH Client now displays the signature algorithm used during client authentication with a public key.
The default list of submethods for keyboard-interactive authentication is now empty.
Command-line clients:
Improved output of command-line clients when output is piped into another program, or redirected into a file.
Sftpc:
When output is redirected, sftpc no longer truncates file and directory paths shorter than 1,000 bytes. For easier processing, file transfer results such as "OK" and "in sync" are now displayed as "<OK>" and "<sync>".
The remove/delete commands del, ldel, rm, lrm, rmdir and lrmdir now support the -ifExist parameter. If passed, this parameter causes the command to test whether the path exists before attempting to delete it. If the path does not exist, the command succeeds.
Terminal:
Due to Ctrl+Shift+... keyboard shortcuts new in versions 9.xx, the terminal window in the graphical SSH Client would no longer send to the server Ctrl+Shift key combinations such as Ctrl+Shift+F1. These combinations are now sent again.
The clear command now causes the terminal window to scroll down instead of overwriting visible screen content.
A full reset, or a soft terminal reset, now avoids clearing the primary screen buffer, such as when the screen command exits.
https://www.bitvise.com
-
Changelog
General:
Previous SSH Server 9.xx versions did not run on older Windows versions, such as Windows Server 2008 R2, unless KB 2533623 was installed. This version implements a workaround for this dependency, so that KB 2533623 is again not required.
Email:
The maximum length of the local part of an email address is now raised from 64 bytes to 128.
BvShell:
Improved inconsistent Tab auto-complete behavior.
The cd command now displays a warning when more than one parameter is passed. (In most shells, supplying more than one parameter to cd is invalid.)
Master/follower synchronization:
Fixed multiple issues associated with activation code synchronization.
The user interface in the follower now displays more clearly when the activation code could not be synchronized because master settings do not permit it.
Control Panel and Settings:
Settings entries, such as virtual groups and connect profiles, whose names are referenced by other settings entries, can now be renamed, so that references are automatically updated.
When editing an account settings entry in Easy settings, mount point settings (including permissions) would be reset on mount points, even if the mount points were not changed. Fixed.
Mount point permissions can now be configured in Easy settings.
CSV import for settings entries that contain nested lists would incorrectly fail to clear these lists when importing. Most significantly, importing a Windows account from CSV would fail to clear or overwrite a default "/" mount point inherited from the Everyone Windows group in Advanced settings. Fixed.
When starting a CSV import on a list that already contains entries, the interface now asks whether to clear existing entries before importing.
The Custom events interface can now display events filtered by name or description.
In SSH Server settings, a single press of the Alt key would block Alt+Tab and the Windows Key from working until the user switched windows using the mouse. Fixed.
Additional improvements to the behavior of the pop-up menu for the SSH Server Control Panel icon in the system notification area.
https://www.bitvise.com
-
Changelog
Bug fixes
Auto blur terminals when setting panel opened
New features
feat: Add disable open default tab setting
Add loading screen
Add trigger delay when mouse over quick command button
Other updates
Change default mac exec to zsh
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes:
Fix #2660 fix #2666 Fix copy select content logic
Fix #2670 Fix file info/mode edit
UI:
Fix logo element UI
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes:
Support same key close terminal search.
Fix data import function in setting sync.
https://github.com/electerm/electerm
-
Whats new:>>
Add connection single sign-on
Add disable gateway option
https://client.pritunl.com
-
(https://i.postimg.cc/qBP6j5tb/screenshot-1802.png)
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator.
Freeware
Changelog
Support for OpenSSH certificates, for both user authentication keys and host keys.
New SSH proxy modes, for running a custom shell command or subsystem on the proxy server instead of forwarding a port through it.
New plugin system to allow a helper program to provide responses in keyboard-interactive authentication, intended to automate one-time password systems.
Support for NTRU Prime post-quantum key exchange,
Support for AES-GCM (in the OpenSSH style rather than RFC 5647).
Support for more forms of Diffie-Hellman key exchange: new larger integer groups (such as group16 and group18), and support for using those and ECDH with GSSAPI.
Bug fix: the 32-bit Windows build now runs on Windows XP again.
Bug fix: server-controlled window title setting now works again even if the character set is ISO 8859 (or a few other affected single-byte character sets).
Bug fix: certain forms of OSC escape sequences (sent by some real servers) could cause PuTTY to crash.
Bug fix: the -pwfile/-pw options no longer affect local key passphrase prompts, and no longer suppress Plink's anti-spoofing measures.
Note: installing the 0.78 or later Windows installer will not automatically uninstall 0.77 or earlier, due to a change we've made to work around a bug. We recommend uninstalling the old version first, if possible. If both end up installed, uninstalling both and then re-installing the new version will fix things up.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://i.postimg.cc/t4GXCgrk/screenshot-1371.png)
PuTTY Key Generator, also known by the PuTTYgen moniker, is a small yet efficient program that can generate RSA and DSA keys for use with the OpenSSH authorized_keys file. It is a component of PuTTY and can be installed automatically with the Telnet client, but the chances are you would also see it incorporated in other third-party software.
MIT License
Changelog
Support for OpenSSH certificates, for both user authentication keys and host keys.
New SSH proxy modes, for running a custom shell command or subsystem on the proxy server instead of forwarding a port through it.
New plugin system to allow a helper program to provide responses in keyboard-interactive authentication, intended to automate one-time password systems.
Support for NTRU Prime post-quantum key exchange,
Support for AES-GCM (in the OpenSSH style rather than RFC 5647).
Support for more forms of Diffie-Hellman key exchange: new larger integer groups (such as group16 and group18), and support for using those and ECDH with GSSAPI.
Bug fix: the 32-bit Windows build now runs on Windows XP again.
Bug fix: server-controlled window title setting now works again even if the character set is ISO 8859 (or a few other affected single-byte character sets).
Bug fix: certain forms of OSC escape sequences (sent by some real servers) could cause PuTTY to crash.
Bug fix: the -pwfile/-pw options no longer affect local key passphrase prompts, and no longer suppress Plink's anti-spoofing measures.
Note: installing the 0.78 or later Windows installer will not automatically uninstall 0.77 or earlier, due to a change we've made to work around a bug. We recommend uninstalling the old version first, if possible. If both end up installed, uninstalling both and then re-installing the new version will fix things up.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Whats new:>>
Bug fixes:
fix #2674 Auto expand all bookmark category when search
fix #2675 disable batch input resize
https://github.com/electerm/electerm
-
Whats new:>>
This version contains an upgrade access amnesty so it can be used with any license that is valid for a previous SSH Server 9.xx version.
https://www.bitvise.com
-
Whats new:>>
Graphical client:
User Authentication Banner dialog text can now be selected and copied to clipboard.
Improved default file browse filter for client authentication keypair import.
https://www.bitvise.com
-
Changelog
Security bugfixes:
OpenSSL DLLs updated to version 3.0.7.
New features:
Provided a logging callback to custom engines.
Bugfixes:
OpenSSL DLLs updated to version 3.0.6.
Fixed "make cert" with OpenSSL older than 3.0.
Fixed the code and the documentation to use concious language for SNI servers (thx to Clemens Lang).
https://www.stunnel.org/index.html
-
(https://i.postimg.cc/jSDXwrNs/screenshot-1068.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Fix issues with reconnections
Improve connection single sign-on
https://client.pritunl.com
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Bug fix: Focus issues when "Multi-Input" was not enabled (thanks to mxmihai)
http://winsshterm.blogspot.com/
-
Whats new:>>
Fix DNS issues
https://client.pritunl.com
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
Bug fixes:
fix #2692 Fix toggle terminal search keyboard shortcut
New features:
Support telnet (#2704)
Other updates:
Update electron version -> 18
https://github.com/electerm/electerm
-
Whats new:>>
Fix connection issues on Linux
https://client.pritunl.com
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Donationware
http://kitty.9bis.net/
-
Whats new:>>
Default header name is kitty.log #440
http://kitty.9bis.net/
-
Whats new:>>
Switch back to original window title managment, prior to major refacto.
http://kitty.9bis.net/
-
Whats new:>>
new regex url
http://kitty.9bis.net/
-
Whats new:>>
Add disable reconnection option
Use safe storage for profile keys
https://client.pritunl.com
-
(https://i.postimg.cc/76X1vX48/screenshot-1427.png)
SuperPuTTY is a Graphical User Interface (GUI)-based Windows application that is mainly employed for tab management for PuTTY SSH Client. PuTTY, the open-source terminal emulator is a competent program on its own, but it does lack a tabbed interface. Hence, Superputty does not only execute basic PuTTY commands but also fills the gaps by offering much-needed window management.
MIT License
Changelog
Minor changes Fixes version issue with SuperPuTTY Update Checker Fixes Issues #887, #888, #889
Children attach improvement by @vityank in #851
Added RDP Support to Command line by @TzachiSh in #852
https://github.com/jimradford/superputty
-
Whats new:>>
Fix startup issue
https://client.pritunl.com
-
Whats new:>>
Bug fixes:
fix #2744 fix sync pass clear when upload data
New features:
fix #2724 Support ctrl/meta + mousewheel to trigger zoom/change font size whole page or terminal
https://github.com/electerm/electerm
-
Changelog
Security bugfixes:
OpenSSL DLLs updated to version 3.0.8.
New features:
Added the new 'CAengine' service-level option to load a trusted CA certificate from an engine.
Added requesting client certificates in server mode with 'CApath' besides 'CAfile'.
Bugfixes:
Fixed EWOULDBLOCK errors in protocol negotiation.
Fixed handling TLS errors in protocol negotiation.
Prevented following fatal TLS alerts with TCP resets.
Improved OpenSSL initialization on WIN32.
Improved testing suite stability.
Improved file read performance.
Improved logging performance.
https://www.stunnel.org/index.html
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
New option to append custom command line parameters for Pageant, useful e.g. when using PuTTY CAC (File->Prefernces->Pageant)
Bug fix: Ignored private key file when using Jump Server mode "SSH Proxy" (thanks to drizzt09)
Bug fix: Possible race condition in Script Runner
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/jSDXwrNs/screenshot-1068.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Fix profile connection issue
https://client.pritunl.com
-
Whats new:>>
Add advanced settings
Improve connection management with multi-factor authentication
https://client.pritunl.com
-
Changelog
Cryptography:
OpenSSL version updated to 1.1.1t. Bitvise software primarily uses Windows CNG for cryptography. We use OpenSSL for specific cryptographic algorithms not supported by Windows. Currently, these are chacha20-poly1305 and on older Windows versions, the elliptic curve secp256k1. Our software does not use OpenSSL features affected by recent OpenSSL security advisories.
Terminal:
The key combination Alt+Backspace would incorrectly open the terminal window's system menu. Fixed.
https://www.bitvise.com
-
Changelog
General:
Previous SSH Server 9.xx versions would incorrectly and unnecessarily allocate some thread-local storage indices for each connection, instead of at startup. This would effectively prevent the SSH Server from handling more than about 500 concurrent connections. Fixed.
Cryptography:
OpenSSL version updated to 1.1.1t. Bitvise software primarily uses Windows CNG for cryptography. We use OpenSSL for specific cryptographic algorithms not supported by Windows. Currently, these are chacha20-poly1305 and on older Windows versions, the elliptic curve secp256k1. Our software does not use OpenSSL features affected by recent OpenSSL security advisories.
Tasks and email notifications:
If more than one task was triggered by the same event, tasks could be removed from the execution queue which should not be removed, and the task that should have been removed would stay in the queue. Fixed.
The SSH Server would log an error when sending an email notification to multiple addresses that were duplicates of each other. Fixed.
File transfer:
When previous 9.xx versions upgraded settings from versions before 9.xx, the virtual filesystem mount point setting File sharing behavior was upgraded incorrectly. The correct behavior is to map the old Default value to Free, and the old Force value to Force. Instead, upgrading to 9.xx would change the old Default value to Force, and the old Force value to Use global defaults.
This does not affect most users in a significant way since Free and Force behave the same for most clients. However, for users who previously changed mount point settings to force a specific file sharing mode, this oversight reset their custom file sharing settings to the new global defaults.
This version fixes the issue for users who newly upgrade from a version before 9.xx. Users who already upgraded to a previous 9.xx version, and used the Force setting before upgrading, should check the new global file sharing settings in Advanced settings > File transfer to ensure these settings meet their requirements.
Control Panel and Settings:
When using the Log folder viewer to select and delete all log files, the SSH Server Control Panel would crash. Fixed.
Improved validation behavior for a number of field types in settings.
https://www.bitvise.com
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
Bug fixes:
fix download upgrade button, use sourceforge download mirror when github mirror fails
Other updates:
UI: update upgrade panel UI, add sourceforge mirror link
Some code refractor, improve performance
https://github.com/electerm/electerm
-
Whats new:>>
Fix DNS issues on macOS Ventura
Fix tuntap issue on Windows
https://client.pritunl.com
-
(https://i.postimg.cc/Y248TrJK/screenshot-2150.png)
Powerful SSH, TELNET, SFTP, RLOGIN and SERIAL terminal emulator with strong security features, emulation customization, script support, and more.
Freeware
Whats new:>>
FIX: A problem with a false message stating that a validly signed package has been tampered with.
https://www.netsarang.com/en/free-for-home-school/
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Donationware
Whats new:>>
Trying to re-enable title management
https://github.com/cyd01/KiTTY
-
Changelog
New features:
Improved logging performance with the "output" option.
Improved file read performance on the WIN32 platform.
DH and kDHEPSK ciphersuites removed from FIPS defaults.
Set the LimitNOFILE ulimit in stunnel.service to allow for up to 10,000 concurrent clients.
Bugfixes:
Fixed the "CApath" option on the WIN32 platform by applying https://github.com/openssl/openssl/pull/20312.
Fixed stunnel.spec used for building rpm packages.
Fixed tests on some OSes and architectures by merging Debian 07-tests-errmsg.patch (thx to Peter Pentchev).
https://www.stunnel.org/index.html
-
Whats new:>>
Missing clear log file shortcut #462
Port number is not recognized as URL part #461
Set shift bit also if right or left shift key press detected; added workaround for some buggy clients #449
https://github.com/cyd01/KiTTY
-
Whats new:>>
Fix interface issues
https://client.pritunl.com
-
Whats new:>>
Native arm64 build for Windows on Arm now available
Dropped support for x86 (32-bit)
Improved implementation makes the Dll "lib/WinSSHTerm.dll" now obsolete
Configuration Window: Tab key now moves to the next property
Build environment: Upgrade to Visual Studio 2022
http://winsshterm.blogspot.com/
-
Whats new:>>
Fix connection issues
https://client.pritunl.com
-
(https://i.postimg.cc/pTKsLpr4/GrafX2.png)
NetMod is a lightweight utility that can act as a proxy server with advanced capabilities, namely the ability to modify requests and access blocked websites behind the firewall. As you probably hinted, the application comes with a built-in SSH client, OpenVPN and SSL/TLS tunneling, so you are able to access everything blocked for your system or geographic area.
Freeware
Whats new:>>
Downgraded plink version to 0.76 due to some servers not responding
SSH SlowDNS support UDP/DOT/DOH mode but dns address form must be specified
https://sourceforge.net/projects/netmodhttp/
-
(https://i.postimg.cc/jSDXwrNs/screenshot-1068.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Add force DNS profile option on macOS
https://client.pritunl.com
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Bug fix: "Reconnect gracefully" doesn't work when using Jump Server mode "SSH Proxy"
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
Bug fixes:
Fix #2770 fix window control function(maximize)
Fix #2769 fix terminal not respond to resize window issue
Fix context menu item hard to click when overlaps with tabs-inne by @mmagi
Other updates:
Increase quick command length limit
https://github.com/electerm/electerm
-
Whats new:>>
Redesign DNS management on macOS
Add network reset function to menu
https://client.pritunl.com
-
Whats new:>>
Quick bug fix release:
fix #2783 fix #2780 Fix close window button function, fix tab context menu
https://github.com/electerm/electerm
-
(https://i.postimg.cc/xCLNxGzC/screenshot-2167.png)
Create a high-performance Virtual Private Network (VPN) based on a server-client architecture with the help of this intuitive and reliable application.
Apache License 2.0
Changelog
All cumulative updates bellow are included.
Limit key usage of server certificates when creating X.509 certificates.
SoftEther VPN 4.41 Build 9782 Beta
Updated OpenSSL version to 3.0.7.
Fixed a problem VPN Client. Now automatic retry will be stopped after specified number of retries even if there is an authentication error when connecting.
Fixed a problem that it does not start on Windows XP (occurred on Build 9772).
OpenSSL version is now displayed in various places.
Fixed a shortcut key error in VPN Client Manager.
Fixed a taskbar bug with Windows 11.
Sanitized the HTTP version in HttpSendNotImplemented.
Added PKCS#11 DLL names (SafeNet, OpenSC, SHALO AUTH).
https://www.softether.org/
-
Whats new:>>
Add device authentication
Interface improvements
https://client.pritunl.com
-
Whats new:>>
Fix DNS issues on macOS
https://client.pritunl.com
-
Whats new:>>
Improve logging output
Improve device authentication
https://client.pritunl.com
-
Whats new:>>
Bug fix: "Reconnect gracefully" terminates the PuTTY window when using Jump Server mode "SSH Proxy" and the proxy host is not reachable
Bug fix: Fixed architecture detection for Windows under Help->Info
Bug fix: Variables did not get properly replaced when using WSL Starter
MSI installer: Changed default install scope to "user" (see point 30 in the FAQ section)
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Whats new:>>
Bug fixes:
fix copy content to clipboard issue when editor open
New features:
Support double click title bar area to maximize/unmaximize
Support middle click to close tab
Add batch delete function in bookmark manage page (#2802)
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes:
Fix ctrl+tab not working for errored tab
Fix can not expand category issue in bookmark management
New features:
Support ctrl+shift+tab to switch to prev tab
https://github.com/electerm/electerm
-
Whats new:>>
Quick bug fix release: fix bookmark category expand
https://github.com/electerm/electerm
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Donationware
Whats new:>>
Add shortcuts for private key confirmation dialog pages
https://github.com/cyd01/KiTTY
-
(https://i.postimg.cc/pTKsLpr4/GrafX2.png)
NetMod is a lightweight utility that can act as a proxy server with advanced capabilities, namely the ability to modify requests and access blocked websites behind the firewall. As you probably hinted, the application comes with a built-in SSH client, OpenVPN and SSL/TLS tunneling, so you are able to access everything blocked for your system or geographic area.
Freeware
Whats new:>>
-Added feature profile drag reorder
https://sourceforge.net/projects/netmodhttp/
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Configuration: Backup to and restore from file
Cluster Mode: New option to adjust Multi-Input selection for a whole row/column
Configuration: New option "Tab Prefix" for each folder
Connection Groups: New option to prevent closing all connections
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Donationware
Whats new:>>
Sendcmd no longer works #471
Prepare to remove FAR2L patch (it breaks __xx internal commands: #483)
https://github.com/cyd01/KiTTY
-
(https://i.postimg.cc/pTKsLpr4/GrafX2.png)
NetMod is a lightweight utility that can act as a proxy server with advanced capabilities, namely the ability to modify requests and access blocked websites behind the firewall. As you probably hinted, the application comes with a built-in SSH client, OpenVPN and SSL/TLS tunneling, so you are able to access everything blocked for your system or geographic area.
Freeware
Whats new:>>
-Added feature Update Checker in About tab
-Bug fixes VPN connection hangs
https://sourceforge.net/projects/netmodhttp/
-
Whats new:>>
#474 resolves #360: window closes if dns resolution fails after manual reconnect
#476 Resolves #475 Terminal window stops updating after resuming from sleep
#477 Add OSC 52 "set clipboard" support
https://github.com/cyd01/KiTTY
-
Whats new:>>
-Added feature attach log to window
-Bug fixes drag drop stuck when popup menu shown
-Bug fixes V2ray fakedns
-Bug fixes and improvements QR Code scanner
https://sourceforge.net/projects/netmodhttp/
-
Whats new:>>
fix Portable KiTTY window closes if Window title contains "%%l" #372
https://github.com/cyd01/KiTTY
-
Whats new:>>
[Security] Need configuration option to disable severe security issues #455
https://github.com/cyd01/KiTTY
-
Whats new:>>
MOD: Changed RSA key signature algorithm to rsa-sha2-512
FIX: Silent install activation issues with Xmanager Power Suite and Xshell Plus when using the activation parameter
FIX: 'Remove Highlights upon Close' option not functioning, FIX: Finding continuously with the Enter key not functioning
FIX: Wrong URL for manual deactivation
FIX: Failed downloads display an incorrect message from TrueUpdate
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
Fixed some focus issues
Scroll bar now enabled in full-screen mode
Added a search button in the connections window
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/HLS5SfJ3/NVIDIA-Ge-Force-Now.png)
This versatile, cross-platform client can handle SSH, Telnet, Serial, Shell, and SFTP terminals simultaneously, greatly enhancing the workflow and productivity of the user.
Freeware
Changelog
Features:
[GUI] Supports highlighting text manually.
[GUI] Supports instant highlighting of all instances of the current selection.
[SESSION] Support SSH OneKey and Expect OneKey.
[SESSION] Supports multiple types of triggers.
Custom Link
Custom Menu
Event: Connection And Disconnection
Highlight Text
Play Sound
Run Command
Send Text
Show Tooltip
[SESSION] Built-in with multiple useful triggers.
Hyperlink
Ip Address
Hexadecimal Converter
Timestamp Converter
Unarchiver
[GUI] Added Duplicate SSH channel to the custom mouse actions of the tab.
[GUI] Use Paste Selected Text instead of Copy And Paste to avoid overriding the system clipboard.
[GUI] The Sync Input dialog box supports deleting an item in the synchronization list by double-clicking it.
[GUI] The tab uses a font with strikethrough enabled to draw a nonexistent session name.
[GUI] Hides the ? button on Windows.
[GUI] Supports clicking on hyperlinks, such as http, https, mail, ftp, ftps, file, scp, sftp, etc.
[SCHEME] Supports syntax highlighting on the alt screen.
[SCHEME] Highlight words such as don't, doesn't, can't, couldn't, etc.
[SCHEME] Highlights command options connected by multiple hyphens, such as -fno-access-control.
[TERM] The alt screen prohibits clearing the current screen.
Improvements:
[GUI] Improve the Master Password dialog box to display more rich information.
[GUI] Improve the Explore Pane to avoid drawing defects caused by resolution issues.
[GUI] Reduce the right-side margin of the Session Settings and Terminal Settings dialog boxes.
[GUI] Reduce the margins and size of the slip button.
[GUI] Improve the drawing performance of markers in the scrollbar.
[SCHEME] Improve the performance of text highlighting by using a faster regular expression engine.
[SCHEME] Identify command prompt lines with greater accuracy.
Bugs:
[SSH] Unable to connect to certain devices such as routers, switches, etc. These devices usually use DropBear as an SSH server.
[APP] When Sysmon is enabled, disconnecting or restarting may cause the application to crash.
[APP] Unable to automatically create the folder when writing the configuration file if it does not exist.
[GUI] When the character spacing is set to one character width, the actual spacing displayed is too large.
[GUI] When the Highlight the current fold option is not set, the display of the fold margin is abnormal.
[GUI] When the DPI scaling in Windows is set to 125%, the icons are not displayed properly.
[GUI] When managing thousands of servers, the session combobox loads too slowly.
[GUI] When opening a new window, the quickbar does not load correctly in the new window.
[GUI] When opening a new window, the layout of the new window is inconsistent with the currently active window.
[GUI] When drawing text with non-monospaced fonts, the highlighted word's background color width is smaller than its actual width.
[GUI] Word boundaries were not correctly recognized in a string of consecutive punctuation marks based on word separators.
[GUI] Hyperlinks that include percent-encoded characters (e.g. %20) are not automatically converted to their corresponding characters.
[GUI] Cannot correctly use the regular expression w+ to match UTF-8 strings.
[GUI] When selecting by lines, the selection area will erroneously expand to both ends at the same time.
[GUI] After searching, pressing "Esc" to cancel the search does not clear the search information in the status bar.
[SSH] After updating the password, automatic login repeatedly requests the new password and does not update the old password.
[SCHEME] admin:cmd cannot recognize the command prompt symbol # correctly, and functions such as syntax highlighting, folding, and auto-completion fail to work properly.
[SCHEME] when an email username contains punctuation marks, only the text following the punctuation mark is highlighted.
https://github.com/kingToolbox/WindTerm
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
Bug fixes:
Fix switch tab lose focus issue,
Fix drag tab cause switch tab order chaos
Fix server info UI(net speed and mem)
Fix split terminal border not showing issue
New features:
Add clear option to select no proxy in bookmark options
Telnet username set not required
Add desc to bookmark list title
https://github.com/electerm/electerm
-
Whats new:>>
Security fix: WinSCP's process arguments don't contain plain text passwords any longer. It is required to use WinSCP 6.0.0 or higher.
New option "File->Preferences->Terminal->Close window": The terminal window now doesn't close on exit by default to prevent loss of the scroll history. To restore the old behavior set the option to "on clean exit" (thanks to Phil)
New shortcut ALTGR+R which triggers a graceful reconnection for the current selected tab
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Changelog
User visible changes
tapctl (windows): generate driver-specific names (if using tapctl to create additional tap/wintun/dco devices, and not using --name) (Github #337)
interactive service (windows): do not force target desktop for openvpn.exe - this has no impact for normal use, but enables running of OpenVPN in a scripted way when no user is logged on (for example, via task scheduler) (Github OpenVPN/openvpn-gui#626 )
Bug fixes
fix use-after-free with EVP_CIPHER_free
fix building with MSVC from release tarball (missing version.m4.in)
dco-win: repair use of --dev-node to select specific DCO drivers (Github #336)
fix missing malloc() return check in dco_freebsd.c
windows: correctly handle unicode names for "exit event"
fix memleak in client-connect example plugin
fix fortify build problem in keying-material-exporter-demo plugin
fix memleak in dco_linux.c/dco_get_peer_stats_multi() - this will leak a small amount of memory every 15s on DCO enabled servers, leading to noticeable memory waste for long-running processes.
dco_linux.c: properly close dco version file (fd leak)
https://openvpn.net/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
Bug fixes:
Fix MFA empty submit cause crash
Fix screen maximize always to primary display issue
Fix window size control in system title bar mode
New features:
Support ssh tunnel
Support address bookmark in sftp panel
https://github.com/electerm/electerm
-
Whats new:>>
Quick bug fix release
fix #2861 fix terminal height control in system titlebar mode
https://github.com/electerm/electerm
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
UI: fix a typo in bookmark form tabs
https://github.com/electerm/electerm
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Bug fix: Shared Connections: Tab Prefix now correctly handled
Bug fix: Copy files: Process arguments for WinSCP now correctly handled
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/xCLNxGzC/screenshot-2167.png)
Create a high-performance Virtual Private Network (VPN) based on a server-client architecture with the help of this intuitive and reliable application.
Apache License 2.0
Changelog
As a result of a high-level code review and technical cooperation by Cisco Systems, Inc. of the United States, six vulnerabilities, including CVE-2023-27395, have been fixed. The risk of exploitation of any of the fixed vulnerabilities is relatively low under normal usage and environment, and actual attacks are not easy to conduct, We recommend that you update your software as much as possible.
Updated OpenSSL version to 3.0.9.
Resolved the problem that older versions of SoftEther VPN Client could not connect with RC4-MD5 when TLS 1.0 - 1.2 is enabled.
A potential inconsistency existed in some places due to incomplete locking of CapsCacheLock in the multi-threaded exclusion control for the VPN Server's internal data structure called Caps.
Resolved a problem that caused rare crashes due to insufficient multithread locking for a data structure called the IP address table inside the VPN Server's virtual HUB.
Removed display of IP address from response error messages in VPN Server's behavior as an HTTPS Web server.
DoS attack prevention function is implemented in SoftEther VPN Server.
Heap area protection of memory has been enhanced. When memory is released and reallocated, a random security value called a canary is written to the before/after area of memory, and if the value has been modified, the process is terminated (restarted) for safety, assuming it is a buffer overflow of the memory area. This feature may effectively prevent confidentiality or integrity violations in the event that some heap area overflow vulnerability is discovered in this system in the future.
The lock acquisition function called RW Lock (reader/writer lock) used inside the OpenSSL library used by this program calls the lock function provided by the OS (libc, pthread, kernel), but it is not supported in recent Linux distributions. However, there is a bug in the RW Lock of pthreads included in recent Linux distributions that, when handling thousands of sessions on a single server, would cause all CPUs to suddenly enter a spinlock interactive wait state, consuming an extremely long amount of CPU time, making VPN communication sessions difficult to communicate with, and causing VPN sessions to disconnect due to timeouts. This problem was caused by a glitch on the OS side. This problem was an OS-side defect and only occurred on at least Ubuntu 20.04 or later Linux distributions and the x64 version. Since this is an OS-side problem that is difficult to fix, we have rewritten the user mode program to use only the normal Mutex Lock instead of the RW Lock to work around this problem. This problem has been avoided.
https://www.softether.org/
-
Changelog
Installation:
If Install WinFsp was unchecked, the SSH Client installer would still unpack WinFsp files, without registering them. The installer will no longer unpack WinFsp files unless Install WinFsp is selected.
SSH:
The SSH Client is now compatible with the OpenSSH-style authentication agent in 1Password. The SSH Client previously refused to connect to the Windows named pipe created by 1Password because the pipe owner is not a member of the Administrators group or Local System. For compatibility with this agent, the SSH Client no longer checks pipe ownership, but implements more validation of information received over the pipe.
Port forwarding:
The command-line parameters -c2sFile and -s2cFile now also import comment fields, if present.
Terminal:
If the accent color was enabled for window title bars in Windows, the SSH Client's terminal window title could be hard to read. Fixed.
Double-click word selection did not work correctly on the first word of the first line in the terminal window. Fixed.
The terminal window now supports 5-hexadecimal-digit Unicode characters, i.e. Unicode code points higher than 65535.
https://www.bitvise.com
-
Changelog
General:
The SSH Server would stop if the Stats subdirectory did not yet exist and could not be created. The SSH Server will no longer stop in this circumstance.
SSH:
When the no-flow-control extension is enabled, the SSH connection permits only one SSH channel at a time. In this circumstance, the SSH Server would refuse to open a subsequent SSH channel for a short time after the previous channel was closed. This prevented a client from opening a new channel immediately after closing the previous one. Fixed.
Scriptable settings:
When using BssCfg to generate a new host keypair, the -kpSize parameter did not take effect. Fixed.
When dumping settings in textual format, disabled settings could previously be included. Fixed.
In previous 9.xx versions, settings that accept strings could not be set to an empty string using PowerShell. Fixed.
File transfer:
If the feature to Move completed uploads did not succeed on the first attempt because the file already existed, environment variables were not expanded on subsequent attempts. Fixed.
Email notifications:
Improved diagnostic information when sending a test message.
https://www.bitvise.com
-
Whats new:>>
Shared connections: Added support for HTTP basic authentication, see File->Preferences->Connections->Options (thanks to Kvadric)
Code clean-up: Removed code which handled upgrading from ancient versions (prior to 1.11.0)
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/jSDXwrNs/screenshot-1068.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Add macOS DNS options
Update openvpn client
https://client.pritunl.com
-
Whats new:>>
Fix issues with reconnection
https://client.pritunl.com
-
Whats new:>>
Fix #2868: Support batch operation (#2871)
Fix #2703: Add copy file path ccontext menu
https://github.com/electerm/electerm
-
Whats new:>>
2.29.1
Bug fix: Loading custom sftp port into field "Log Level"
2.29.0
Copy files: New option to set a custom port for protocol "sftp" (Copy Files->Port (sftp))
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Changelog
Security bugfixes:
OpenSSL DLLs updated to version 3.0.9.
OpenSSL FIPS Provider updated to version 3.0.8.
Bugfixes:
Fixed TLS socket EOF handling with OpenSSL 3.x. This bug caused major interoperability issues between stunnel built with OpenSSL 3.x and Microsoft's Schannel Security Support Provider (SSP).
Fixed reading certificate chains from PKCS#12 files.
Features:
Added configurable delay for the "retry" option.
https://www.stunnel.org/index.html
-
Whats new:>>
Fix server compatibility issue
https://client.pritunl.com
-
Whats new:>>
New features
Support sync data to custom server ( #2884 )
Support more proxy type and easier proxy form ( #2883 )
Bug fixes
fix #2888 : Fix server info output
https://github.com/electerm/electerm
-
Whats new:>>
Fix Linux compatibility issues.
https://client.pritunl.com
-
Changelog
Version information:
This version continues the upgrade access amnesty introduced in version 9.25, so it can be used with any license that is valid for a previous SSH Server 9.xx version. The minimum upgrade access expiry date to activate this version is January 1, 2022.
Control Panel and Settings:
In previous SSH Server 9.xx versions, newly created settings would configure the Open Windows Firewall setting to an unintended initial value. When the Windows Firewall service is enabled, the initial value is meant to be Open port(s) to local network (subnet scope, non-Public profiles only). Instead, the initial value was always set to Do not change Windows Firewall settings. Fixed.
Improved default clock leniency for time-based one-time password authentication. For newly created settings, and for newly created group settings entries in existing settings, the default value of Maximum forward time-steps is increased from 0 to 1, and the default value of Maximum backward time-steps is increased from 1 to 2. This does not affect the values in existing settings.
https://www.bitvise.com
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
Quick bug fix release:
Fix telnet bookmark can not be saved properly issue
https://github.com/electerm/electerm
-
(https://i.postimg.cc/pTKsLpr4/GrafX2.png)
NetMod is a lightweight utility that can act as a proxy server with advanced capabilities, namely the ability to modify requests and access blocked websites behind the firewall. As you probably hinted, the application comes with a built-in SSH client, OpenVPN and SSL/TLS tunneling, so you are able to access everything blocked for your system or geographic area.
Freeware
Whats new:>>
-Added uninstaller dialog to clear app data
-Bug fixes
https://sourceforge.net/projects/netmodhttp/
-
Whats new:>>
New features:
Support load batch operation in command line use (#2904)
Support set serverPort by command line param (#2896)
Bug fixes:
Fix open/close setting/batchOp modal logic
Fix enableGlobalProxy setting not working issue
fix #2900 hide copy file path context menu when right click blank area
https://github.com/electerm/electerm
-
Changelog
Fix excessive time spent checking DH q parameter value: The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus parameter, thus it is unnecessary to perform these checks if q is larger than p.
If DH_check() is called with such q parameter value, DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally intensive checks are skipped.
Fix DH_check() excessive time with over sized modulus:
The function DH_check() performs various checks on DH parameters. One of those checks confirms that the modulus ("p" parameter) is not too large. Trying to use a very large modulus is slow and OpenSSL will not normally use a modulus which is over 10,000 bits in length. However the DH_check() function checks numerous aspects of the key or
parameters that have been supplied. Some of those checks use the supplied modulus value even if it has already been found to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying a key/parameters with a modulus over this size will simply cause DH_check() to fail.
### Changes between 3.1.1 and 3.1.2 [1 Aug 2023]
* Fix excessive time spent checking DH q parameter value.
The function DH_check() performs various checks on DH parameters. After
fixing CVE-2023-3446 it was discovered that a large q parameter value can
also trigger an overly long computation during some of these checks.
A correct q value, if present, cannot be larger than the modulus p
parameter, thus it is unnecessary to perform these checks if q is larger
than p.
If DH_check() is called with such q parameter value,
DH_CHECK_INVALID_Q_VALUE return flag is set and the computationally
intensive checks are skipped.
([CVE-2023-3817])
*Tomáš Mráz*
* Fix DH_check() excessive time with over sized modulus.
The function DH_check() performs various checks on DH parameters. One of
those checks confirms that the modulus ("p" parameter) is not too large.
Trying to use a very large modulus is slow and OpenSSL will not normally use
a modulus which is over 10,000 bits in length.
However the DH_check() function checks numerous aspects of the key or
parameters that have been supplied. Some of those checks use the supplied
modulus value even if it has already been found to be too large.
A new limit has been added to DH_check of 32,768 bits. Supplying a
key/parameters with a modulus over this size will simply cause DH_check() to
fail.
([CVE-2023-3446])
*Matt Caswell*
* Do not ignore empty associated data entries with AES-SIV.
The AES-SIV algorithm allows for authentication of multiple associated
data entries along with the encryption. To authenticate empty data the
application has to call `EVP_EncryptUpdate()` (or `EVP_CipherUpdate()`)
with NULL pointer as the output buffer and 0 as the input buffer length.
The AES-SIV implementation in OpenSSL just returns success for such call
instead of performing the associated data authentication operation.
The empty data thus will not be authenticated. ([CVE-2023-2975])
Thanks to Juerg Wullschleger (Google) for discovering the issue.
The fix changes the authentication tag value and the ciphertext for
applications that use empty associated data entries with AES-SIV.
To decrypt data encrypted with previous versions of OpenSSL the application
has to skip calls to `EVP_DecryptUpdate()` for empty associated data
entries.
*Tomáš Mráz*
* When building with the `enable-fips` option and using the resulting
FIPS provider, TLS 1.2 will, by default, mandate the use of an extended
master secret (FIPS 140-3 IG G.Q) and the Hash and HMAC DRBGs will
not operate with truncated digests (FIPS 140-3 IG G.R).
https://www.openssl.org/
-
Whats new:>>
-Bug fixes
https://sourceforge.net/projects/netmodhttp/
-
Whats new:>>
-Fixed scrollbar where user cannot press on track
-Added scrollbar arrow buttons
-Bug and crash fixes
https://sourceforge.net/projects/netmodhttp/
-
Whats new:>>
New features:
Support portable in Windows OS (#2916)
Bug fixes/UI:
fix #2908 Improve zoom button UI in system menu
fix #2908 Fix zoom not applied issue when restart
Other updates:
Upgrade electron to v22 (#2921)
https://github.com/electerm/electerm
-
Whats new:>>
Quick bug fix release:
Fix #2929 Fix read file function
Fix #2930 Fix dns lookup function
https://github.com/electerm/electerm
-
Whats new:>>
Quick bug fix release:
fix #2931 Fix open link cause error issue
https://github.com/electerm/electerm
-
(https://i.postimg.cc/qBP6j5tb/screenshot-1802.png)
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator.
Freeware
Changelog
Windows installer scope is back to the normal 'per machine' setting, reverting 0.78's security workaround.
Note: this means that installing the 0.79 or later Windows installer will not automatically uninstall 0.78, if 0.78 was installed using its default 'per user' scope. In that situation we recommend uninstalling 0.78 first, if possible. If both end up installed, uninstalling both and then re-installing the new version will fix things up.
Terminal mouse tracking: support for mouse movements which are not drags.
Terminal mouse tracking: support for horizontal scroll events (e.g. generated by trackpads).
Backwards compatibility fix: certificate-based user authentication now works with OpenSSH 7.7 and earlier.
Bug fix: in a session using the 'Raw' protocol, pressing ^D twice in the terminal window could cause an assertion failure.
Bug fix: terminal output could hang if a resize control sequence was sent by the server (and was not disabled in the Features panel) but PuTTY's window was set to non-resizable in the Window panel.
Bug fix: GTK PuTTY could fail an assertion if a resize control sequence was sent by the server while the window was docked to one half of the screen in KDE.
Bug fix: GTK PuTTY could fail an assertion if you tried to change the font size while the window was maximised.
Bug fix: the 'bell overload' timing settings were misinterpreted by Unix PuTTY and pterm 0.77/0.78; if any settings were saved using these versions, confusion can persist with newer versions.
Bug fix: SSH authentication banners were not reliably printed if a server sent one immediately before closing the connection (e.g. intended as a user-visible explanation for the connection closure).
Bug fix: the 'close' command in PSFTP always reported failure, so that ending a psftp -b batch script with it would cause PSFTP as a whole to believe it had failed, even if everything worked fine.
Bug fix: certificate handling would do the wrong thing, for RSA keys only, if you specified a detached certificate to go with a PPK file that had a different certificate embedded.
Bug fix: Windows Pageant's option to write out a configuration file fragment for Windows OpenSSH now works even if you have a space in your user name.
Bug fix: in local-line-editing mode, pressing ^U now just clears the line, instead of clearing it and then inserting a literal ^U.
Several bug fixes in edge cases of terminal wrapping, involving double-width characters.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://i.postimg.cc/t4GXCgrk/screenshot-1371.png)
PuTTY Key Generator, also known by the PuTTYgen moniker, is a small yet efficient program that can generate RSA and DSA keys for use with the OpenSSH authorized_keys file. It is a component of PuTTY and can be installed automatically with the Telnet client, but the chances are you would also see it incorporated in other third-party software.
MIT License
Changelog
Windows installer scope is back to the normal 'per machine' setting, reverting 0.78's security workaround.
Terminal mouse tracking: support for mouse movements which are not drags.
Terminal mouse tracking: support for horizontal scroll events (e.g. generated by trackpads).
Backwards compatibility fix: certificate-based user authentication now works with OpenSSH 7.7 and earlier.
Bug fix: in a session using the 'Raw' protocol, pressing ^D twice in the terminal window could cause an assertion failure.
Bug fix: terminal output could hang if a resize control sequence was sent by the server (and was not disabled in the Features panel) but PuTTY's window was set to non-resizable in the Window panel.
Bug fix: GTK PuTTY could fail an assertion if a resize control sequence was sent by the server while the window was docked to one half of the screen in KDE.
Bug fix: GTK PuTTY could fail an assertion if you tried to change the font size while the window was maximised.
Bug fix: the 'bell overload' timing settings were misinterpreted by Unix PuTTY and pterm 0.77/0.78; if any settings were saved using these versions, confusion can persist with newer versions.
Bug fix: SSH authentication banners were not reliably printed if a server sent one immediately before closing the connection (e.g. intended as a user-visible explanation for the connection closure).
Bug fix: the 'close' command in PSFTP always reported failure, so that ending a psftp -b batch script with it would cause PSFTP as a whole to believe it had failed, even if everything worked fine.
Bug fix: certificate handling would do the wrong thing, for RSA keys only, if you specified a detached certificate to go with a PPK file that had a different certificate embedded.
Bug fix: Windows Pageant's option to write out a configuration file fragment for Windows OpenSSH now works even if you have a space in your user name.
Bug fix: in local-line-editing mode, pressing ^U now just clears the line, instead of clearing it and then inserting a literal ^U.
Several bug fixes in edge cases of terminal wrapping, involving double-width characters.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Whats new:>>
New features:
fix #2892 Highlight all matches when search in terminal
fix #2938 Add auto focus for keyboard interactive input
Bug fixes/UI:
Improve footer UI
Other updates:
Update antd to v5, improve setting page open speed (#2937)
Change Winget Releaser job to ubuntu-latest (#2932) by @sitiom
https://github.com/electerm/electerm
-
(https://i.postimg.cc/jSDXwrNs/screenshot-1068.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Fix DNS issues.
https://client.pritunl.com
-
Whats new:>>
Quick bug fix release:
Fix tsz not working issue
https://github.com/electerm/electerm
-
Whats new:>>
Fix #2945 Fix proxy apply logic
https://github.com/electerm/electerm
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
New features:
fix #2927 Add a setting that would refresh local/remote file list when switch from terminal (#2950)
Bug fixes/UI:
fix #2947 Fix close/reload session button not working issue
Other updates:
Use vite to build resource (#2949)
fix #2946 Disable default refresh keyboard shortcut
https://github.com/electerm/electerm
-
Whats new:>>
Fix #2964 Fix trz command support
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes:
fix #2967 Fix support for importing old bookmarks
fix expand-all function in bookmark panel
Other updates:
Provide standalone portable release download
https://github.com/electerm/electerm
-
Whats new:>>
New features:
Add context menu for folder in file manager/sftp to enter folder in terminal
Bug fixes:
Fix sftp mode would not render issue
Fix trz not really upload issue
Fix keyboard shortcuts zoom not remembered issue
Avoid quick command panel close when search or filter by label, sort quick command by click count
https://github.com/electerm/electerm
-
Changelog
FIX: Crash report is issued when connection is lost
FIX: Issue with free license registration being erroneously cancelled
FIX: Email address validation issues during free license registration
FIX: Unable to open File Manager window with a custom key mapping
FIX: Scripts not able to parse text if a language other than English exists
FIX: Difficulty in locating newly created user keys or session files in the list
http://www.netsarang.com/products/xsh_overview.html
-
(https://i.postimg.cc/1tFTP4sm/screenshot-733.png)
KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.
Donationware
Whats new:>>
Fix OSC52 popup is too frequent.
Fix OSC52 panic.
https://github.com/cyd01/KiTTY
-
Changelog
New features/UI:
Feat: Support input custom zoom level
Support multi ssh tunnels in one ssh connection
Fix command line param support
Add tab index number to tab title
Support command line params --sftp-only to run in sftp only mode
Feat: Support input custom zoom level
UI: Improve some UI detail
Bug fixes:
Fix edit remote file always loading when submit
Support SetEnv in command line and bookmark form
When switch folder in sftp, clear selected files
https://github.com/electerm/electerm
-
Changelog
Security bugfixes:
OpenSSL DLLs updated to version 3.1.3.
Bugfixes:
Fixed the console output of tstunnel.exe.
Features sponsored by SAE IT-systems
OCSP stapling is requested and verified in the client mode.
Using "verifyChain" automatically enables OCSP stapling in the client mode.
OCSP stapling is always available in the server mode.
An inconclusive OCSP verification breaks TLS negotiation. This can be disabled with "OCSPrequire = no".
Added the "TIMEOUTocsp" option to control the maximum time allowed for connecting an OCSP responder.
Features:
Added support for Red Hat OpenSSL 3.x patches.
https://www.stunnel.org/index.html
-
Whats new:>>
New features:
Fix #2991 Add connect (only) button in bookmark form
Auto read private keys to login when no password/privateKey provided
Fix #2992 Fix zoom input behavior in menu
Bug fixes:
Fix #2990 Fix command line support when window already open
Fix #2993 Fix x11 support
Fix a potential memory leak
https://github.com/electerm/electerm
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Environment Color: New mode draws border around the terminal instead of changing the background color. The old behaviour can be restored by selecting "File->Preferences->Terminal->Environment Color Mode->change background color"
Environment Color: The color is now also visible in the tab title
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Changelog
Command-line clients:
Even when output was redirected, the command-line clients sftpc, sexec, stermc, stnlc and spksc would not run unless the process was associated with a console window. Fixed.
User interface:
Names and strings containing the & character were not properly displayed in lists. Fixed.
File transfer:
When using the Move to dialog in the SFTP window, the SSH Client could crash. Fixed.
https://www.bitvise.com
-
Changelog
Version information:
This is not a new feature release, but a successor to 9.29 with continued maintenance updates.
We skip versions containing zeros to avoid misunderstandings. For example, 9.03 and 9.30 might both be called "9.3".
This version continues the upgrade access amnesty introduced in version 9.25, so it can be used with any license that is valid for a previous SSH Server 9.xx version. The minimum upgrade access expiry date to activate this version is January 1, 2022.
You can download this version here. (Alternative)
Settings:
If you last saved settings using SSH Server version 6.31 or older; and then updated to, or imported such settings into, an SSH Server version from 9.12 to 9.29; then these SSH Server 9.xx versions would upgrade terminal shell settings incorrectly. Other settings would be preserved, but terminal shell settings for accounts and groups would be reset to default 6.xx values.
Version 9.31 again correctly imports terminal shell settings last saved by versions 6.31 and older.
If you never used SSH Server version 6.31 or older, you are not affected by this issue.
If you used SSH Server version 6.31 or older; then updated to any version from 6.41 to 8.49, and caused settings to be saved by this version; and then updated to a 9.xx version; you are not affected by this issue.
You are affected by this issue if you previously used SSH Server version 6.31 or older, so that your settings were last saved by this version; then updated to, or imported settings into, any version from 9.12 to 9.29. In this case, the issue would trigger when settings were first saved by the 9.xx version. Once the settings were first saved:
Shell access type for Windows groups would be reset to Command Prompt.
Shell access type for virtual groups would be reset to No shell access.
Shell access type for Windows and virtual accounts would be reset to Use group default.
This is a security issue if you have Windows accounts which should not have terminal shell access. It is a functional issue if you have accounts which should be able to access the terminal shell, but this issue caused the terminal shell settings to be changed or disabled.
If you are affected by this issue, you should either:
Use Advanced settings to manually review your Windows group, Windows account, virtual group, and virtual account settings, and ensure that terminal shell access is configured as you intend, for all accounts and groups.
Alternately, you can update to SSH Server version 9.31 or later, and import or restore settings from a previous automatic or manually-saved backup where the terminal shell settings were correct.
Names and strings containing the & character were not properly displayed in lists. Fixed.
Improved display of list entry numbers when editing list settings entries.
The setting Undefined group mount points has been renamed to Excluded group mount points.
Tasks and actions:
When a configured task cannot be run because a Windows logon session could not be obtained, this is now more properly logged as a warning instead of an information event.
Execute command tasks which capture command output now more properly use the OEM code page instead of the ANSI code page. The OEM code page is generally used by Windows command-line programs.
Windows file shares:
For new installations, the default setting for Max total share wait time has been reduced from 20 seconds to 11 seconds. This reduces issues with common client software which times out if the server does not respond to a login attempt within 15 seconds.
File transfer:
If the administrator does not define any mount points for a user, the log message I_CHANNEL_SESSION_SFTP_REJECTED now contains more useful help.
IP blocking:
When using automatic permanent IP blocking, the automatically added Client IP address rule would be incorrectly added after other entries, including after any geographic IP rules. This could make the permanent block ineffective. Automatically added rules are now inserted more correctly at the start.
https://www.bitvise.com
-
Whats new:>>
Quick fix release: fix passphase submit do not work when provide privateKey
1.33.00
New features:
fix #2948 fix #2227 fix #1782 Support connection hopping
Bug fixes:
fix #3001 fix password promote support
fix #2925 fix remember input history logic
https://github.com/electerm/electerm
-
Whats new:>>
New features/UI:
fix #3006 feat: Add ipv4 for network info
UI: Add proper symbol for sessions with connecction hopping
Bug fixes:
fix #2955 fix #3011: Fix telnet can not connect issue
Fix some keyboard interactive promote title
Other updates:
Code refractor: rewrite session core
Handle uncaught error/excption to make process more stable
https://github.com/electerm/electerm
-
Whats new:>>
New features:
fix #2914 Add calc folder size button
Bug fixes:
fix #3007 fix #3013 Fix ssh terminal color issue
https://github.com/electerm/electerm
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Bug fix: Variables now work again for "Env Color"
Environment Color: The color now also changes in a WinSCP session
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
New features:
Fix #3017 Always ask for password once if not provided (#3018)
Other updates:
Code refractor: follow standard v17 rules
https://github.com/electerm/electerm
-
Whats new:>>
New features/UI:
Fix #3016 Adjust settting/batch op page UI/logic
Fix #3019 Add skip all button in conflict modal
UI: Improve theme list performance(paged)
Fix #3020 Fix main menu/sub menu bg
Bug fixes:
Fix #3015 Give proper message when transfer errored
Other updates:
Electron version bump to 26.2.4
https://github.com/electerm/electerm
-
Whats new:>>
New features
fix #2996 Remember quick commands labels
Bug fixes
fix #3026 Fix x11 support
fix #3023 Fix test conenction fucntion
https://github.com/electerm/electerm
-
Whats new:>>
Bug fix: Copy Files: authentication might fail in a special case (thanks to bearmc27)
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Whats new:>>
New features:
fix #3033 Show search match count and current match index
fix #3031 Support multi delayed scripts for bookmark
fix #3029 Support auto upload(overwrite) data to sync server when data change
Bug fixes/UI:
Fix quick command list UI, make label matched ones more visible
https://github.com/electerm/electerm
-
Whats new:>>
Fix #3035 Fix in some cases app in mac OS can not init
Fix #3034 Fix expand category when create new category cause UI error
https://github.com/electerm/electerm
-
Whats new:>>
Fix setting panel width not responsive issue
Fix #3038 Fix sftp drag file to folder function
Fix #3036 Fix remote address bookmark not loaded when app init
Fix context menu not hide when close setting panel
Remove username placeholder to avoid confusion
https://github.com/electerm/electerm
-
Whats new:>>
Added several new shortcuts, e.g. to quickly close a tab (Navigate->Shortcuts->Mouse)
Multi-Input: Added buttons for easier closing and reconnecting multiple tabs
Multi-Input: Refactored the buttons for selecting the tabs, holding CTRL while clicking will invert the selection
Cluster Mode: Closing tabs now possible
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Whats new:>>
New features:
Directly close session if user types exit in terminal #3052 #3051
Bug fixes/UI:
fix #3049 Fix window postion remember function
UI: smaller tree child left padding #3052 #3051
fix #3056 Fix theme list pageSize control, fix ssh form port number
fix #3032 Make quick commands/batch input more visible
https://github.com/electerm/electerm
-
Whats new:>>
Fix #3058 Only auto close session if user types exit and socket closed
https://github.com/electerm/electerm
-
(https://i.postimg.cc/jSDXwrNs/screenshot-1068.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Fix network adapter issues on Windows
https://client.pritunl.com
-
Whats new:>>
Bug fixes/UI:
fix #3060 #3068 Fix startDirectory not working issue
#3067 UI: paged transfer history
Auto hides the traffic lights when in non-system title bar mode in Mac (#3062) by @duanhongyi
Other updates:
fix #3063 Show hidden files by default in sftp
https://github.com/electerm/electerm
-
Whats new:>>
Fix paths on macOS
https://client.pritunl.com
-
Whats new:>>
Fix #3071 Fix split terminal not showing issue
https://github.com/electerm/electerm
-
(https://i.postimg.cc/xTx14YQQ/screenshot-2582.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Fix paths on macOSFix macOS device authentication compatibility issues
https://client.pritunl.com
-
Whats new:>>
Fix macOS service issues
https://client.pritunl.com
-
Whats new:>>
FIX: Registration issues for certain free users
http://www.netsarang.com/products/xsh_overview.html
-
(https://i.postimg.cc/CMQSGhgZ/Hornil-Style-Pix.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Changelog
New features:
Fix #3081 Support set login password
Fix #3077 Add terminal word separator config
Bug fixes/UI:
Fix #3082 UI: Adjust tree left indent
Fix #3084 Fix bookmark/sync data import
Fix #3073 Fix copy session function, avoid blank terminal
Fix #3075 UI: Improve ssh/sftp tab UI
Fix #3076 Fix tab index count function
https://github.com/electerm/electerm
-
Whats new:>>
Fix #3088 Avoid duplicate submit change password operation
Fix #3087 #3089 Add space to default terminal word separator
Fix #3094 Support open non-en character file path for windows OS
https://github.com/electerm/electerm
-
(https://i.postimg.cc/HLS5SfJ3/NVIDIA-Ge-Force-Now.png)
This versatile, cross-platform client can handle SSH, Telnet, Serial, Shell, and SFTP terminals simultaneously, greatly enhancing the workflow and productivity of the user.
Freeware
Changelog
Bugs:
[SESSION] Unable to paste text. #1946
2.6.0 Prerelease 3:
Features:
[EXPLORER] When the state of the session changes, the session nodes in the Explorer Pane also adjust the color and style of the text, such as displaying a strikethrough when a session is deleted.
[FILER] Supports Preserve original file modification time, selected by default, and Preserve original folder modification time, not selected by default.
[FILER] Supports specifying default editors for systems Windows, macOS and Linux respectively.
[GUI] The Session tree in the Session Pane supports moving nodes through drag and drop.
[GUI] Added Move To... to the context menu of the Session tree in the Session Pane to support moving selected nodes.
[GUI] Supports duplicating the selected group nodes and their child session nodes in the Session Pane.
[GUI] Supports Copy text if selected, otherwise paste text when right-clicking the mouse.
[GUI] Change Select Fold to Select Command in the right-click menu and add the shortcut key Ctrl+Shift+/.
[GUI] Change Goto Folder Header and Goto Next Folder Header to Goto Previous Command and Goto Next Command in the right-click menu and enhance the reliability of jumping to commands.
[GUI] Display the scanning progress of files and folders during the transfer preparation phase.
[LOG] Change the default maximum size of the log file from 10MB to 0MB, meaning the log file size is no longer limited by default.
[SCHEME] Supports syntax pairing on the alt screen.
[SCHEME] Unless the server-side specifies attributes such as foreground color, background color, italics, or inverse color for the font, semantic coloring is used for text rendering to display more diverse content.
[SESSION] Supports specifying the identity files for sessions in systems Windows, macOS and Linux respectively.
[SESSION] In Free Type mode, pressing the Ctrl key allows the copying of the dragged text.
[SFTP] Removed the use of the SCP protocol because it is no longer secure.
[SFTP] Removed Use high speed transfer because it is no longer needed.
[SFTP] Try to delete the partially transferred files when file transfer fails.
[TERM] Supports CSI ?0c, CSI ?1c, CSI ?8c to set the visibility of the cursor.
[TERM] Supports CSI 4:0m, CSI 4:1m, ..., CSI 4:5m to set the underline style.
[TERM] Supports CSI 58;2;INDEXm, CSI 58;5;R;G;Bm, CSI 59m to set the underline color.
[TERM] Supports OSC 697, which is the private control sequences of Fig.
[TERM] Supports OSC 1337, which is the private control sequences of iTerm2.
[TERM] According to the ECMA-48 3rd edition, consider CSI 21m as drawing underline instead of removing bold font style.
[TERM] According to the ECMA-48 3rd edition, consider CSI 22m as removing bold and faint font styles instead of removing faint font style.
[TERM] According to the ECMA-48 5th edition, support using CSI 38:2:INDEXm, CSI 38:2::R:G:Bm, CSI 48:2:INDEXm, CSI 48:2::R:G:Bm, CSI 58:2:INDEXm, CSI 58:2::R:G:Bm to set the foreground and background colors.
Improvements:
[FILER] **Significantly improve the speed of copying ...
https://github.com/kingToolbox/WindTerm
-
Changelog
Fix fullscreen button and shortcut(alt+f)
Fix split terminal shortcut(ctrl or meta+/)
Fix #3106 Change default new bookmark shortcut to ctrl/meta+n
1.35.0
New features/UI:
Major update: Support keyboard shortcut config (#3103)
fix #3097 Support custom css in setting page
fix #3098 Add display raw text switch in bookmark form
fix #2638 Add new fullscreen toggle keyboard shortcut (alt+f by default)
fix #3067 UI: add page size changer in transfer history table
fix #3092 Support color tag for bookmarks
Bug fixes:
fix iterm theme readonly
fix #3074 Fix batch operation transfer file stucked
https://github.com/electerm/electerm
-
Whats new:>>
New features:
Major update: Support terminal custom keywords highlight
Bug fixes:
fix bookmark tag color picker
fix custom css support
https://github.com/electerm/electerm
-
Whats new:>>
New features
Major update: Improve tabs UI, improve drag support
fix #3066 Add hide ssh-config category in setting
Add terminal log switch in terminal info panel
fix #3114 Add time stamp to terminal log
Bug/UI fixes
UI: Fix default link color
fix #3111 Fix zoomin/out shortcut config support
https://github.com/electerm/electerm
-
Whats new:>>
New features:
Add addTimeStampToTermLog switch to terminal info panel/setting
Bug fixes:
#3121 #3115 Fix some default shortcuts like ctrl+v not handled right in vim and other terminal app
fix terminal log logic
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes:
#3142 Fix ignore skip release function
#3149 #3135 Fix drag windows cause db too big
#3143 Fix tab tooltip could be dragged issue
Fix bookmarked local path mya not work in windows
Other updates:
Reduce bundle size by remove language files
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes:
#3152 Fix windows root drive list (#3157)
#3154 Fix new bookmark cause crash
https://github.com/electerm/electerm
-
(https://s26.postimg.cc/otriaxhcp/screenshot_1224.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Bug fix: Issue when variables contain a dollar sign (thanks to djamp42)
Improved handling of obsolete PuTTY sessions used by WinSSHTerm
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Whats new:>>
New features:
Add release date to new version title
Bug fixes:
Fix ctrl-v shortcut in windows
Fix telnet support
Restore add button when no tabs
Fix shortcuts in sftp
https://github.com/electerm/electerm
-
Whats new:>>
New features:
Support pin terminal info panel
Support drag to resize side panel
Bug fixes:
UI fix: Fix sync form placeholder
Fix upgrade function in windows OS
https://github.com/electerm/electerm
-
(https://i.postimg.cc/RFcjZ8FM/screenshot-2652.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
Bug fixes:
UI: fix left panel drag resize
Fix #3168 Fix upgrade may fail when no config
Fix some app crash issue
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes/UI
#3166 Fix random crash issue
UI: Add tag to bookmark item title
#3174 Fix terminal font family setting bug
fix ssh connect when no .ssh folder and no password
UI: better upgrade panel UI
#3175 Fix http proxy support
https://github.com/electerm/electerm
-
(https://i.postimg.cc/3NYz4B42/screenshot-2653.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Whats new:>>
Bug fix: Issue with validating when configuration contains variable
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
(https://i.postimg.cc/xTx14YQQ/screenshot-2582.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Add minimal interface
https://client.pritunl.com
-
Whats new:>>
Bug fix: Correctly validate hostnames
Show warning under "Help->Info" if validation check is disabled
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Whats new:>>
New features:
#3286 Support promote for username
Bug fixes:
#3282 Fix terminal hight color match
Fix cancel file select cause crash(zmodem)
#3291 Fix sync pass save
Other updates:
Use zmodem-ts instead of zmodem.js module
https://github.com/electerm/electerm
-
(https://i.postimg.cc/C57XjqkX/screenshot-2654.png)
NetMod is a lightweight utility that can act as a proxy server with advanced capabilities, namely the ability to modify requests and access blocked websites behind the firewall. As you probably hinted, the application comes with a built-in SSH client, OpenVPN and SSL/TLS tunneling, so you are able to access everything blocked for your system or geographic area.
Freeware
Whats new:>>
-Reverted TAP adapter driver to v90.00.00.21 due to incompatibility with some Windows versions
https://sourceforge.net/projects/netmodhttp/
-
Whats new:>>
New features:
Add terminal setting -> add timestamp to terminal log
Add terminal info category toggle
Add ssh tunnel host support
Bug fixes:
Fix confirm exit config support
Fix standalone sftp support
Save some drag area when many tabs
Other updates:
Improve sftp list speed
https://github.com/electerm/electerm
-
Whats new:>>
Bug fix: Reconnect issue when using a variable for host/ip
Applied basic validation for connection configuration to "Cons"
Preferences window: Notify user when variables with hidden values are defined without using a master password
Backup: Show some information in case an error occurs when saving to file
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Changelog
New features:
#3321 UI: Notify download file name and folder after download
UI: Add proper icons for terminal info panel
#3272 UI: Support mouse scroll tabs when many tabs
Bug fixes:
Fix Ctrl-A function in terminal
#3320 Fix sync data order
#3323 Use standalone server for every window
#3318 Fix local session kill in windows
#3319 UI: Fix add button dropdown UI
#3313 Ignore right click links in terminal
Other updates:
#3299 make max edit file size 30k -> 3M
https://github.com/electerm/electerm
-
Whats new:>>
Bug fix: Fixed validation for host/ip
Bug fix: Fixed issue when toggling full screen status of a detached terminal window
The download button for tools that are used by WinSSHTerm now shows the download link
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Whats new:>>
Bug fix: In version 2.33.5, the host validation was modified incorrectly
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Whats new:>>
Fix bookmark list icons UI
https://github.com/electerm/electerm
-
Whats new:>>
Fix data sync.
https://github.com/electerm/electerm
-
(https://i.postimg.cc/HLS5SfJ3/NVIDIA-Ge-Force-Now.png)
This versatile, cross-platform client can handle SSH, Telnet, Serial, Shell, and SFTP terminals simultaneously, greatly enhancing the workflow and productivity of the user.
Freeware
Changelog
Features:
[GUI] Supports GPU-accelerated rendering for text.
[GUI] Uses full hinting for text rendering to make the rendered text more visually appealing.
[GUI] Automatically save text marks when exiting, and restore them upon next start-up.
[GUI] Disables rainbow brackets on the alt screen to avoid conflicts with features in editors like Vim. #2111
[FILER] Supports displaying files within the WSL subsystem.
[FILER] Supports synchronizing the current folder of the WSL subsystem.
[SESSION] Supports deleting history items from the auto-complete list using Shift+Del.
[SFTP] In the gaps between sending and receiving packets, the SFTP thread will sleep to reduce CPU usage.
[SSH] Perform SSH operations, including connection establishment, authentication and command execution, in an asynchronous manner.
[SSH] Supports ssh-agent for authentication on Windows.
[SSH] Supports agent forwarding, with agents including pageant, ssh-agent, $SSH_AUTH_SOCK, Enviroment variable, Unix domain socket etc.
[SSH] Strictly ensure that the opening sequence is Shell, SFtp, Sysmon.
[SSH] Supports sending signals. And automatically sends SIGINT signal when Ctrl+C is pressed.
[SSH] Removes the internal proxy socket, allowing libssh to directly connect to the server and send/receive packets. This not only significantly improves packet transmission performance but also reduces the receive buffer by 256KiB per session.
[SYSMON] Supports displaying system information of the WSL subsystem, including CPU, memory, time, etc.
Improvements:
[GUI] Significantly improves the clarity of screenshots in tab tooltips.
[SESSION] Significantly improved text parsing, modification, and rendering, especially to avoid extremely slow screen rendering when the text exceeds the maximum number of srollback lines.
Bugs:
[APP] The application sometimes crashes when rapidly reconnecting to the server repeatedly.
[SESSION] When a command generates a large amount of output, pressing Ctrl+C does not immediately stop the command execution.
[SESSION] During file transfers, keyboard input becomes sluggish or even unresponsive.
[SESSION] When text exceeds the maximum number of scrollback lines, the text at the bottom is sometimes incorrectly colored.
[WSL] In Vim on WSL2, uppercase letters cannot be entered using the Shift key.
https://github.com/kingToolbox/WindTerm
-
(https://i.postimg.cc/RFcjZ8FM/screenshot-2652.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
Bug fix/UI update release:
#3336 Fix conform exit do not work issue in windows
Fix sync data order control
UI: show formatted os info in info panel
https://github.com/electerm/electerm
-
Whats new:>>
New features:
2793 #2714 #2647 #2145 #2061 #1907 Support drag/drop to adjust quick command order
3332 Support drag/drop to adjust address bookmarks order
Bug fixes:
3339 Fix bug cause app not working in windows
3237 Fix transfer list bug
https://github.com/electerm/electerm
-
Whats new:>>
Fix symbolic link resolve
Fix sz/rz sometimes not working issue
Fix quick command show in sftp mode
Fix quick commands crash issue
https://github.com/electerm/electerm
-
(https://i.postimg.cc/3NYz4B42/screenshot-2653.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Changelog
Shortcuts: It is now possible to use CTRL+Right ALT instead the ALTGR key (useful for keyboard layouts without the ALTGR key)
Bug fix: In some cases the state of modifier keys (CTRL, SHIFT, ALTGR) were not properly detected
Quick-Connect: New "Persist" button to save current data to a new connection
View: New option to show/hide Quick-Connect, Search, or History button in the menu bar for quicker access
Preferences: Reorganized the "Misc" page
Moved menu elements in menu bar closer together to save some space
Bug fix: Incorrect location of the Multi-Input tool strip in some cases
Info dialog: Added the current keyboard layout id
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Changelog
Installation:
When installing using command-line parameters, the -autoUpdates parameter could previously be used only to disable automatic updates. It now also supports other values (stronglyRecommended, recommended or allAvailable).
The FlowSshNet library, an optional SSH/SFTP scripting feature included with the SSH Client, now uses the Universal C Runtime. This allows the SSH Client to no longer include the outdated Visual C++ 2010 CRT. As a result, FlowSshNet is now installed only on Windows 7 SP1 or newer. (Previously, this feature was compatible with Windows Vista or newer.)
SFTP drive:
Updated the WinFsp version included with the SSH Client to 2.0.23075.
Improved the WinFsp installation process.
SSH:
When connecting through an SSH jump proxy, interactive authentication methods can now be used to authenticate against the jump proxy. Previously, only pre-configured (unattended) authentication could be used.
When the SSH Client fails to connect to a server, the error message now contains more detailed information about IP addresses to which the client attempted to connect.
stermc:
In certain versions of Windows, the Windows function ScrollConsoleScreenBufferW fails if the destination coordinate is the same as the origin. This would cause previous stermc versions to exit with an error. Fixed.
sftpc:
The sftpc command-line client now supports new get/put command parameters:
-rv: Resume verifiably. Acts like -r for Resume, but does not resume unless the server supports synchronization using block-by-block hashing. This avoids corruption which is possible if heuristic resume detects the file can be resumed, but there are subtle changes in the middle of the file.
-noSync: Disables synchronization using block-by-block hashing, even if the server supports it. This can be used with -r to achieve a faster heuristic resume, but corruption is possible if there are subtle changes in the middle of the file.
-noBuf[=y|n]: If the server supports the extended SFTP attribute no-buffering@bitvise.com, this allows the user to express a preference whether the server should open the file for unbuffered I/O.
SFTP:
The graphical SFTP interface now remembers its maximization state.
The graphical SFTP interface now offers an option to clear recent folder history.
When using cut & paste (rather than copy & paste) between Local and Remote panes, files are now moved instead of copied.
In both graphical SFTP and sftpc, the Resume and Overwrite options are now once again available separately, even if the server supports synchronization using block-by-block hashing. This allows the user to express a preference to resume a file, but only if the partial destination file is unchanged relative to the source.
When uploading, the SSH Client now includes the extended SFTP attribute intended-size@bitvise.com to communicate the final intended size of the file. This can help detect and diagnose incomplete transfers.
The mirror feature would incorrectly remove destination files after they were mirrored, if the file names were present in the destination with a different case than in the source. Fixed.
The mirror feature now supports a fast skip option which attempts to skip files which are present in both source and destination with the same size and last modification time. This can dramatically improve the speed of large mirror transfers where most files are unchanged, but at the cost of not verifying the content of skipped files.
https://www.bitvise.com
-
Changelog
Control Panel and Settings:
When sending a test email, the email queue window now opens automatically instead of requiring the administrator to find it.
If the administrator edited the Comment field for a client public key or server host key immediately after importing the key, the SSH Server Control Panel would crash. Fixed.
Setting focus on any input field would cause the Unsaved settings banner to appear, even if the setting was not modified. Fixed.
To avoid login errors and delays that can be challenging to diagnose, newly created Windows group settings entries now disable the setting Map remembered shares by default. The setting can still be enabled in Advanced settings, both in account and group settings entries.
SSH:
A client which identifies itself as SSH OpenVMS V5.5 VMS_sftp_version 3 sends an SSH_MSG_IGNORE message at the start of the SSH connection. This behavior is indistinguishable from the packet sequence manipulation technique used in the Terrapin attack. This makes this client incompatible with Terrapin attack mitigations introduced in SSH Server version 9.32.
The SSH Server now implements relaxed checking to accommodate this type of client. Clients which do not support strict key exchange are allowed to send SSH_MSG_IGNORE during the first key exchange, as long as the connection does not negotiate an encryption or data integrity algorithm which is vulnerable to Terrapin.
FTPS:
The FTPS protocol does not allow for broken session detection. If the administrator did not configure the Connection timeout setting in Advanced settings, under Connections, FTPS connections could disconnect silently in a way not detectable by the SSH Server, until they were disconnected manually by the administrator.
The SSH Server now implements an FTP connection timeout which is set to at most 45 minutes, or shorter if the SSH connection timeout setting is stricter. The next feature release which changes the configuration format will add a setting to configure the FTP connection timeout separately.
File transfer:
For mount points backed by the Windows file system, the SSH Server now implements optimizations which may improve performance for clients that send small SFTP read/write requests, in particular for uploads to non-local storage (Windows file shares):
When uploading files which are detected to reside on non-local storage (Windows file shares), the SSH Server now opens the files for unbuffered I/O (the Windows flag FILE_FLAG_NO_BUFFERING). This has been observed to improve performance for some types of network shares.
A client may now use the extended SFTP attribute no-buffering@bitvise.com to express a preference whether the server should use unbuffered I/O.
When the client pipelines non-overlapping read/write requests, mount points which use the Windows file system now process these I/O requests asynchronously. Responses are still sent in the order requests were received.
When the client pipelines non-overlapping read/write requests, the SSH Server is now able to merge I/O for two or more consecutive read/write requests. The client still receives separate responses.
A client may now use the extended SFTP attribute intended-size@bitvise.com to indicate the size of an intended upload. This can help detect and diagnose incomplete transfers.
https://www.bitvise.com
-
Whats new:>>
sftpc:
Improved behavior of the -noBuf parameter for put and get commands.
https://www.bitvise.com
-
Whats new:>>
File transfer:
As a result of changes in 9.34, file transfers would fail on some systems. Believed fixed.
https://www.bitvise.com
-
(https://i.postimg.cc/qBP6j5tb/screenshot-1802.png)
PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator.
Freeware
Changelog
Security fix for CVE-2024-31497: NIST P521 / ecdsa-sha2-nistp521 signatures are no longer generated with biased values of k. The previous bias compromises private keys.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
(https://i.postimg.cc/t4GXCgrk/screenshot-1371.png)
PuTTY Key Generator, also known by the PuTTYgen moniker, is a small yet efficient program that can generate RSA and DSA keys for use with the OpenSSH authorized_keys file. It is a component of PuTTY and can be installed automatically with the Telnet client, but the chances are you would also see it incorporated in other third-party software.
MIT License
Changelog
Security fix for CVE-2024-31497: NIST P521 / ecdsa-sha2-nistp521 signatures are no longer generated with biased values of k. The previous bias compromises private keys.
http://www.chiark.greenend.org.uk/~sgtatham/putty/
-
Whats new:>>
Show warnings if an unsecure version of PuTTY/WinSCP is used
New option to disable security warnings under File->Preferences->General
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Whats new:>>
SFTP:
Version 9.34 added logic to ensure SFTP responses are sent in the same order requests are received. Due to an oversight, the SSH Server's file transfer subsystem would hang, most readily if a client sent consecutive SFTP requests with the same request ID. This was observed with WS_FTP (version 12.9) and also with phpseclib. Fixed.
The SSH Server now implements the SFTP extended request fsync@openssh.com for files opened with unbuffered I/O.
https://www.bitvise.com
-
Changelog
New features/UI:
Show ssh tunnel status in tab tooltip
Support ssh tunnel name, new ssh tunnel list UI
Add sshTunnelLocalHost input for ssh tunnel
UI: improve disk info data order
Fix window control button z-index
Bug fixes:
Fix del shortcut when edit file name
Refractor file transfer function, fix some file not upload issue [skip build]
Fix sync error when no user config
Fix multi window support in Mac OS
#3345 Fix cancel rz upload crash terminal issue
https://github.com/electerm/electerm
-
Changelog
Bug fixes/UI:
Code improve, avoid potential memory leak
Avoid memory leak when session close
#3384 Make websocket connection stronger
#3383 Fix invalid theme color cause crash
#3366 Support open web url from bookmark (#3381)
UI: #3377 Fix side panel z-index
UI: Fix sort by frequency translate
UX: #3373 Increase close tab notification duration
https://github.com/electerm/electerm
-
(https://i.postimg.cc/xTx14YQQ/screenshot-2582.png)
User-friendly and well-put-together piece of software that allows you to effortlessly import, manage, and configure OpenVPN profiles.
Freeware
Whats new:>>
Improve vpn configuration support
https://client.pritunl.com
-
(https://i.postimg.cc/RFcjZ8FM/screenshot-2652.png)
Terminal/ssh/sftp client(linux, mac, win) based on electron/ssh2/node-pty/xterm/antd/subx and other libs.
MIT License
Whats new:>>
Quick bug fix release:
#3389 #3387 #3384 #3339 Fix close local session cause app crash issue in windows OS
https://github.com/electerm/electerm
-
Changelog
ADD: Clipboard support in Python scripts
ADD: Added keymapping option to select a Quick Commands Sets
ADD: Ability to pass parameters to commands such as realcmd, PowerShell, etc.
ADD: Option to see Keyboard Interactive input field contents
ADD: Ability to import MobaXterm sessions
MOD: Session Converter Resource Cleanup
FIX: Expanded state of Session Manager not saving
FIX: Quick Command not functioning if its string contains a $ character
FIX: Crash when pasting a session in the Session Manager
FIX: Issue of being unable to rename tabs with Python script
FIX: PKCS Token Pin input prompt from Xagent appears behind Xshell
FIX: Issue of being unable to use Yubico DLL as PKCS DLL
http://www.netsarang.com/products/xsh_overview.html
-
Whats new:>>
New features:
Support deep link starts with electerm:// check wiki: https://github.com/electerm/electerm/wiki/Deep-link-support
Bug fixes/UI:
Update UX/UI, add animation when transferring
Add ssh tunnel direction guide
Fix crash on local terminal ends
https://github.com/electerm/electerm
-
Changelog
Control Panel and Settings:
If the Windows setting Roll the mouse wheel to scroll was set to One screen at a time, the SSH Server Control Panel would exit abruptly when attempting to scroll. Full page mouse wheel scrolling is now supported.
On Windows XP and Windows Server 2003, the Custom events interface in Advanced settings and the list on the Statistics tab did not display text for searchable columns. Fixed.
When the SSH Server Control Panel was opened displaying the Server tab, it would cause Windows to log repeated audit events about enumerating group membership for the SSH Server's BvSsh_VirtualUsers account. Fixed.
Logging:
Connection disconnect log events now include information about connection duration, so it does not need to be calculated by finding the matching connection accept event.
SFTP:
Version 9.34 introduced an inconsistency in how the SSH Server responds to SSH_FXP_READ requests which attempt to read past end-of-file. When processing a single such request, the SSH Server would send SSH_FXP_STATUS with SSH_FX_EOF; but when responding to consolidated requests, the SSH Server could send SSH_FXP_DATA with empty data. When using SFTP v6, the end-of-file flag would also be set, but this flag is not present in SFTP v3 and v4. This broke file transfers using some clients, specifically the Perl mesh client (based on Net::SFTP).
The SSH Server again consistently responds to past-end-of-file SSH_FXP_READ requests by sending SSH_FXP_STATUS with SSH_FX_EOF.
Security Clarification: [ April 2024 ]
We are receiving inquiries about whether our software is affected by the recent PuTTY ECDSA/nistp521 private key compromise due to signature nonce generation described in CVE-2024-31497.
Bitvise software implements ECDSA/nistp521 using Windows cryptography on all recent versions of Windows, or using Crypto++ on Windows XP and Windows Server 2003. These are different cryptographic implementations than PuTTY and are not known to be affected by this issue.
Security Clarification: [ April 2024 ]
We are receiving inquiries about whether our software is affected by the recent XZ Utils backdoor described in CVE-2024-3094.
Bitvise software does not use XZ Utils and is not affected by this issue.
https://www.bitvise.com
-
Whats new:>>
We are receiving inquiries about whether our software is affected by the recent PuTTY ECDSA/nistp521 private key compromise due to signature nonce generation described in CVE-2024-31497.
Bitvise software implements ECDSA/nistp521 using Windows cryptography on all recent versions of Windows, or using Crypto++ on Windows XP and Windows Server 2003. These are different cryptographic implementations than PuTTY and are not known to be affected by this issue.
https://www.bitvise.com
-
Whats new:>>
Graphical interface:
The graphical SSH Client now supports command-line parameters for Window behavior preferences. Users who are running the SSH Client in a portable manner, or using the -noRegistry parameter; and who relied on the previous default for Closing behavior; can now select that behavior using the parameter: BvSsh -wndClose=hideIfConn
https://www.bitvise.com
-
Changelog
Major update:
Support RDP session (#3399)
New features:
Add "show hidden files on sftp start" setting
Bug fixes:
Fix calc folder size in windows
Fix transfer folder in mac may calc folder size wrong
Support resolve v4/v6 ip for domain
Fix deep link support
https://github.com/electerm/electerm
-
Whats new:>>
Bug fixes/UI:
Add rdp wiki link to rdp form and connection UI
Fix rdp/web bookmark category select
Fix #3411 Clear selection after close terminal search panel
https://github.com/electerm/electerm
-
(https://i.postimg.cc/3NYz4B42/screenshot-2653.png)
WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.
Freeware
Changelog
Support for environment variables added to set custom locations for PuTTY, WinSCP, Pageant, Plink and VcXsrv (see point 32 in the FAQ section)
Env Color: Instead of only changing the background color it is now possible to optionally change all 22 terminal colors in PuTTY (see point 21 in the FAQ section)
Bug fix: Spacing in tabs corrected
Square color area in the tab changed to a colored dot to save space
New configuration parameter "Custom Type" for each connection
Connection Filter: new option to resolve variables
Connection Filter: new parameter "Custom Type" added to the properties list
New updateable msix package available in the Microsoft Store
Msix package: Removed download pop ups and links
Bug fix: Prevent starting WinSSHTerm if the key file is invalid
DL-> https://github.com/WinSSHTerm/WinSSHTerm/releases
http://winsshterm.blogspot.com/
-
Changelog
New features/UI/UX:
Support dynamic port forwording(socks proxy)
UI: Add right close btn to setting modal
Support ssh/local terminal init folder by command line "-d /some/path"
UI: Upppercase encode select and proper width
Add commonly used command list to quick command form
Support keepaliveInterval setting for bookmark
Bug fixes/UI:
Fix sync old version data issue
Keep more space for drag in tabs bar
Fix command line support
https://github.com/electerm/electerm