Thema: SSH/SSL/VPN Tools...

[SiLæncer]

KiTTY is a fork of the popular PuTTY telnet and SSH client with additional features packaged as a portable app, so you can connect in to your systems on the go.

Whats new:>>

    new: new menu item: Restart session
    new: new shotcut to enable/disable logging: SHIFT+F5
    bugfix: font resizing does not work
    bugfix: "negative" and "black and white" does not work

Quelle : https://github.com/cyd01/KiTTY/releases

http://kitty.9bis.net/

[SiLæncer]

Whats new:>>

    bugfix: special menu BREAK, had same id as font up. Remap all menu ids.
    bugfix: registry copy between KiTTY and PuTTY at session saving instead of session exit
    bugfix: impossibility to enter a private key pasphrase on automatic reconnection

Quelle : https://github.com/cyd01/KiTTY/releases

http://kitty.9bis.net/

[SiLæncer]

WinSSHTerm helps you to be more productive. Using keyboard shortcuts and intelligent navigation tools allows you to quickly switch between or start new SSH sessions even if you have to manage many systems. It has built-in support for copying files and running X applications. The terminal colors are carefully selected to minimize the stress for your eyes. WinSSHTerm is easy to use, lightweight and stable.

Freeware

Changelog

Script Runner: New button "Trust host keys", that automatically adds the host keys to the registry and outputs the fingerprints of all added host keys

[close]

http://winsshterm.blogspot.com/

[SiLæncer]

PuTTY is a free implementation of SSH and Telnet for Windows and Unix platforms, along with an xterm terminal emulator.

Freeware

Changelog

    Security fixes found by the EU-funded bug bounty:
        two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking
        a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant
    Bug fix: crash in GSSAPI / Kerberos key exchange affecting third-party GSSAPI providers on Windows (such as MIT Kerberos for Windows)
    Bug fix: crash in GSSAPI / Kerberos key exchange triggered if the server provided an ordinary SSH host key as part of the exchange
    Bug fix: trust sigils were never turned off in SSH-1 or Rlogin
    Bug fix: trust sigils were never turned back on if you used Restart Session
    Bug fix: PSCP in SCP download mode could create files with a spurious newline at the end of their names
    Bug fix: PSCP in SCP download mode with the -p option would generate spurious complaints about illegal file renaming
    Bug fix: the initial instruction message was never printed during SSH keyboard-interactive authentication
    Bug fix: pasting very long lines through connection sharing could crash the downstream PuTTY window
    Bug fix: in keyboard layouts with a ',' key on the numeric keypad (e.g. German), Windows PuTTY would generate '.' instead for that key
    Bug fix: PuTTYgen could generate RSA keys with a modulus one bit shorter than requested 

[close]

http://www.chiark.greenend.org.uk/~sgtatham/putty/

[SiLæncer]

PuTTY Key Generator, also known by the PuTTYgen moniker, is a small yet efficient program that can generate RSA and DSA keys for use with the OpenSSH authorized_keys file. It is a component of PuTTY and can be installed automatically with the Telnet client, but the chances are you would also see it incorporated in other third-party software.

MIT License

Changelog

    Security fixes found by the EU-funded bug bounty:

    two separate vulnerabilities affecting the obsolete SSH-1 protocol, both available before host key checking
    a vulnerability in all the SSH client tools (PuTTY, Plink, PSFTP and PSCP) if a malicious program can impersonate Pageant
    Bug fix: crash in GSSAPI / Kerberos key exchange affecting third-party GSSAPI providers on Windows (such as MIT Kerberos for Windows)
    Bug fix: crash in GSSAPI / Kerberos key exchange triggered if the server provided an ordinary SSH host key as part of the exchange
    Bug fix: trust sigils were never turned off in SSH-1 or Rlogin
    Bug fix: trust sigils were never turned back on if you used Restart Session
    Bug fix: PSCP in SCP download mode could create files with a spurious newline at the end of their names
    Bug fix: PSCP in SCP download mode with the -p option would generate spurious complaints about illegal file renaming
    Bug fix: the initial instruction message was never printed during SSH keyboard-interactive authentication
    Bug fix: pasting very long lines through connection sharing could crash the downstream PuTTY window
    Bug fix: in keyboard layouts with a ',' key on the numeric keypad (e.g. German), Windows PuTTY would generate '.' instead for that key
    Bug fix: PuTTYgen could generate RSA keys with a modulus one bit shorter than requested

[close]

http://www.chiark.greenend.org.uk/~sgtatham/putty/

[SiLæncer]

Whats new:>>

X-Server: added a possibility to manipulate the arguments, which are passed to the VcXsrv binary (e.g. to add fonts) under File->Preferences->X-Server it is now possible to temporarily rename the tab of an open session

http://winsshterm.blogspot.com/

[SiLæncer]

Whats new:>>

bugfix: auto-reconnect with password

Quelle : https://github.com/cyd01/KiTTY/releases

http://kitty.9bis.net/

[SiLæncer]

SSLCertScanner is the FREE SSL certificate scanner tool which can remotely scan, retrieve and validate the SSL certificate from any host either on the intranet or internet. It can greatly help you to track expired/rogue certificate on your SSL servers.

You can either enter the IP address or name of the host such as www.facebook.com. Also it supports both HTTPS (port 443) as well as LDAPS (port 636) service for scanning SSL certificate. On successful completion, important certificate details are displayed along with status of validation. You can also view the complete details of SSL certificate by simply double clicking on it.

It works on wide range of platforms starting from Windows XP to latest operating system Windows 10.

Freeware

Whats new:>>

Release includes major improvements in SSL certificate scanning features and enhanced HTML report

https://securityxploded.com/sslcertscanner.php

[SiLæncer]

Whats new:>>

    FIX: Crash when designating the user data folder to Google Drive
    FIX: The "Restore the Last used Tab group layout" option not functioning as intended

http://www.netsarang.com/products/xsh_overview.html

[SiLæncer]

Whats new:>>

    WinSSHTerm is now freeware!
    Added support for HTTP/SOCKS proxy
    Variables are now globally supported (Script Runner, Cluster Mode, Script Buttons)

http://winsshterm.blogspot.com/

[SiLæncer]

Whats new:>>

improved error handling when the custom location for PuTTY/KiTTY is not set to the original binary

http://winsshterm.blogspot.com/

[SiLæncer]

Whats new:>>

With version 8.17, the profile settings RDP > Authentication > Password and Store encrypted password in profile were changed to take effect the same way as similar settings under Login > Authentication, but their UI layout was not updated. Fixed.

https://www.bitvise.com/ssh-client

[SiLæncer]

mRemoteNG is a fork of mRemote: an open source, tabbed, multi-protocol, remote connections manager. mRemoteNG adds bug fixes and new features to mRemote.

It allows you to view all of your remote connections in a simple yet powerful tabbed interface.

mRemoteNG supports the following protocols:

    RDP (Remote Desktop/Terminal Server)
    VNC (Virtual Network Computing)
    ICA (Citrix Independent Computing Architecture)
    SSH (Secure Shell)
    Telnet (TELecommunication NETwork)
    HTTP/HTTPS (Hypertext Transfer Protocol)
    rlogin (Remote Login)
    Raw Socket Connections

License: GPLv2

Changelog

    Added:

    1512: Added option to close panel from right click menu
    1434: Revised sort button in connection tree to be able to sort in both orders
    1400: Added file download handling to HTTP(S) connections using Gecko
    1385: Added option to start mRemoteNG minimized
    826: Allow selecting RDP version to use when connecting

    Changed:

    1544: Improved Polish translations
    1518: Inheritance is no longer automatically enabled when importing nodes from Active Directory
    1468: Improved mRemoteNG startup time
    1443: Chinese (simplified) translation improvements
    1437: Norwegian translation improvements
    1378: Hyperlinks embedded within mRemoteNG now open in the system default browser
    1239: Increased default key derivation function (KDF) iterations from 1000 to 10000
    718: Moved port property from 'protocol' to 'connection' section
    Moved most RDP enums outside of the RDP protocol class. Scripts which reference these enums will need to be updated.
    Removed the "Automatically get session info" from the advanced options screen since it is no longer used.

    Fixed:

    1505: About screen now better follows theme colors
    1493: Updated database setup scripts for MSSQL and MySQL
    1470: The "Favorite" setting is now properly saved in the local connection settings file (not saved in database)
    1447: Exception occurs when resetting layout
    1439: Searching in hosts tree loses first keystroke
    1428: Fixed a rare error when checking for FIPS
    1426: Tabbing is reversed in config window
    1425: Connections didn't always respect the panel property
    841: Allow for sorting in port scan results
    617: Added missing description for password protect field in root node
    553: Browser language not set when using Gecko rendering engine
    323: Wallpaper always shows in RDP connections, even when turned off

[close]

https://mremoteng.org/

[SiLæncer]

Whats new:>>

Merge with PuTTY 0.72

Quelle : https://github.com/cyd01/KiTTY/releases

http://kitty.9bis.net/

[SiLæncer]

Changelog

Changes between 1.1.1c and 1.1.1d [10 Sep 2019]

  *) Fixed a fork protection issue. OpenSSL 1.1.1 introduced a rewritten random
     number generator (RNG). This was intended to include protection in the
     event of a fork() system call in order to ensure that the parent and child
     processes did not share the same RNG state. However this protection was not
     being used in the default case.

     A partial mitigation for this issue is that the output from a high
     precision timer is mixed into the RNG state so the likelihood of a parent
     and child process sharing state is significantly reduced.

     If an application already calls OPENSSL_init_crypto() explicitly using
     OPENSSL_INIT_ATFORK then this problem does not occur at all.
     (CVE-2019-1549)
     [Matthias St. Pierre]

  *) For built-in EC curves, ensure an EC_GROUP built from the curve name is
     used even when parsing explicit parameters, when loading a serialized key
     or calling `EC_GROUP_new_from_ecpkparameters()`/
     `EC_GROUP_new_from_ecparameters()`.
     This prevents bypass of security hardening and performance gains,
     especially for curves with specialized EC_METHODs.
     By default, if a key encoded with explicit parameters is loaded and later
     serialized, the output is still encoded with explicit parameters, even if
     internally a "named" EC_GROUP is used for computation.
     [Nicola Tuveri]

  *) Compute ECC cofactors if not provided during EC_GROUP construction. Before
     this change, EC_GROUP_set_generator would accept order and/or cofactor as
     NULL. After this change, only the cofactor parameter can be NULL. It also
     does some minimal sanity checks on the passed order.
     (CVE-2019-1547)
     [Billy Bob Brumley]

  *) Fixed a padding oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey.
     An attack is simple, if the first CMS_recipientInfo is valid but the
     second CMS_recipientInfo is chosen ciphertext. If the second
     recipientInfo decodes to PKCS #1 v1.5 form plaintext, the correct
     encryption key will be replaced by garbage, and the message cannot be
     decoded, but if the RSA decryption fails, the correct encryption key is
     used and the recipient will not notice the attack.
     As a work around for this potential attack the length of the decrypted
     key must be equal to the cipher default key length, in case the
     certifiate is not given and all recipientInfo are tried out.
     The old behaviour can be re-enabled in the CMS code by setting the
     CMS_DEBUG_DECRYPT flag.
     (CVE-2019-1563)
     [Bernd Edlinger]

  *) Early start up entropy quality from the DEVRANDOM seed source has been
     improved for older Linux systems.  The RAND subsystem will wait for
     /dev/random to be producing output before seeding from /dev/urandom.
     The seeded state is stored for future library initialisations using
     a system global shared memory segment.  The shared memory identifier
     can be configured by defining OPENSSL_RAND_SEED_DEVRANDOM_SHM_ID to
     the desired value.  The default identifier is 114.
     [Paul Dale]

  *) Correct the extended master secret constant on EBCDIC systems. Without this
     fix TLS connections between an EBCDIC system and a non-EBCDIC system that
     negotiate EMS will fail. Unfortunately this also means that TLS connections
     between EBCDIC systems with this fix, and EBCDIC systems without this
     fix will fail if they negotiate EMS.
     [Matt Caswell]

  *) Use Windows installation paths in the mingw builds

     Mingw isn't a POSIX environment per se, which means that Windows
     paths should be used for installation.
     (CVE-2019-1552)
     [Richard Levitte]

  *) Changed DH_check to accept parameters with order q and 2q subgroups.
     With order 2q subgroups the bit 0 of the private key is not secret
     but DH_generate_key works around that by clearing bit 0 of the
     private key for those. This avoids leaking bit 0 of the private key.
     [Bernd Edlinger]

  *) Significantly reduce secure memory usage by the randomness pools.
     [Paul Dale]

  *) Revert the DEVRANDOM_WAIT feature for Linux systems

     The DEVRANDOM_WAIT feature added a select() call to wait for the
     /dev/random device to become readable before reading from the
     /dev/urandom device.

     It turned out that this change had negative side effects on
     performance which were not acceptable. After some discussion it
     was decided to revert this feature and leave it up to the OS
     resp. the platform maintainer to ensure a proper initialization
     during early boot time.
     [Matthias St. Pierre]

[close]

https://www.openssl.org/