Releases: PowerShell/Win32-OpenSSH
v8.1.0.0p1-Beta
This release includes
- Upstream changes from OpenSSH 8.1
- Added ZLIB compression
- Upgraded LibreSSL to version 2.9.2.1
- Added support for AuthorizedKeysCommand and AuthorizedPrincipalsCommand.
- Read the VTSequence using the console win32 APIs.
- Added support for windows long paths. Thanks to @NoMoreFood.
- Fixes for various reliability issues listed here.
v8.0.0.0p1-Beta
This is a pre-release (non-production ready)
This release includes
- Upstream changes from OpenSSH 8.0
- Support for PKCS providers
- Fixes for various reliability issues listed here. Many of these intricate issues were investigated and fixed by @NoMoreFood.
Source - https://github.com/PowerShell/openssh-portable/releases/tag/v8.0.0.0
v7.9.0.0p1-Beta
This is a pre-release (non-production ready)
Note
- Default location of AuthorizedKeysFile for users in Administrators group is now
%programdata%/ssh/administrators_authorized_keys
. See here for help with permissions on this file.
This release includes
- Upstream changes from OpenSSH 7.8 and 7.9
- Kerberos support via GSSAPI by @NoMoreFood (#1295). Check here for usage.
- Rich command-line support for various shells including powershell, bash and cygwin (#1082 and #1211). Check here for usage.
- PTY support via conpty on Windows 10 for a richer xterm experience
- Fixes and enhancements to ssh-agent (#1263, PowerShell/openssh-portable#363)
- Fixes to enable auto-updating known_hosts via ssh and ssh-keygen (#1323)
- Fixes to other issues listed here
Source - https://github.com/PowerShell/openssh-portable/releases/tag/v7.9.0.0
v7.7.2.0p1-Beta
This is a pre-release (non-production ready)
UPDATE -We have updated ssh-shellhost.exe binary (fix for #1222) in V7.7.2.0 payload on 8/4/2018.
This release includes
- Support for auto updating known_hosts via ssh and ssh-keygen
- Optimized group membership resolution that results in vast performance improvement in processing simple user/group configuration rules.
- Fixed descriptor leaks in win32 fstat implementation(#1209) by @cbookg
- Support for handling user resolution in absence of explicit UPN (#1213) by @NoMoreFood
- Various other fixes listed here
Source - https://github.com/PowerShell/openssh-portable/releases/tag/v7.7.2.0
v7.7.1.0p1-Beta
This is a pre-release (non-production ready)
This release includes fixes for regressions introduced in v7.7.0.0.
Note
- If you configure a default shell, ensure that OpenSSH installation path is in system PATH. If not already present, amend system PATH and restart sshd service.
- Scp and Sftp are tested to work with Powershell and Cygwin's bash as default shells. There are still issues with WSL bash (manifest as hung sessions), we are working on investigating these.
List of all issues fixed - here
Source - https://github.com/PowerShell/openssh-portable/releases/tag/v7.7.1.0
v7.7.0.0p1-Beta
This is a pre-release (non-production ready)
Regressions
- #1164 - scp and sftp won't work if OpenSSH is installed in "Program Files" or any directory with a white space.
- Work around - install in a path with no white space - ex. c:\openssh
- #1165 - SCP fails when using bash as alternative shell
Note
- This release introduces new rules for specifying user/group based configuration rules for domain principals - these should now adhere to NameSamCompatible format. For more info refer sshd_config manual.
This release includes
- OpenSSH 7.7 changes from upstream.
- Normalized user/group principal resolution - by @NoMoreFood
- Improvements to support nested groups while processing group based configuration rules - by @NoMoreFood
- Chroot support for sftp (and scp via custom shell). See sshd_config manual
- Support sshd in interactive mode (for testing and trouble shooting)
- various other fixes listed here
Source - https://github.com/PowerShell/openssh-portable/releases/tag/v7.7.0.0
v7.6.1.0p1-Beta
This is a pre-release (non-production ready)
Note:
- New Logging facility added (ETW). Check out Logging Facilities for options to switch to file based logging.
- Binaries and PS files are now digitally signed.
- Source code is no longer maintained in this repository, see below for tag in PowerShell/openssh-portable associated with the release
This release includes
- Enhancements to overcome prior limitations in concurrent sessions and forwarded connections - by @NoMoreFood
- Support for navigation via symlinks - by @NoMoreFood
- Fixes in POSIX compat layer - by @revngnr and @djsweet
- ETW logging
- Wild card support in scp
- various other fixes listed here
Source - https://github.com/PowerShell/openssh-portable/releases/tag/v7.6.1.0
v7.6.0.0p1-Beta
This is a pre-release (non-production ready)
Please note
- to avoid confusion with various internal versions, we have made a conscious decision to synchronize future releases with the base OpenSSH software version (currently at 7.6).
- to differentiate this fork from core OpenSSH portable, the software name reported on the wire is updated from OpenSSH to OpenSSH_for_Windows.
This release includes
- security enhancement - sshd unprivileged workers will now run in runtime generated unique security identities.
- support for
ProxyCommand
using stdio redirection - fixes to regressions in previous release
- support to let applications break away from ssh session and run in background
- various other fixes listed here
v1.0.0.0-Beta
This is a pre-release (non-production ready)
This release includes changes to further prepare this fork for future integration to upstream repository. Also included are changes incorporating community feedback.
-
Unix styled privilege separation is implemented for Windows
- OpenSSh privilege separation model - http://www.citi.umich.edu/u/provos/ssh/privsep.html
- Posix_spawn is implemented in POSIX adapter as an alternative to fork() that is heavily used in Privilege separation.
- Additional state info is added to sshd to accommodate distinguishing the various modes (privileged monitor, unprivileged child, authenticated child).
- Required service state (like config and host keys) is transmitted over pipes from monitor to child processes.
- For every remote session, you'll now see 2 sshd processes, one running as SYSTEM and one running as the USER (similar to what you would see on Unix)
-
Changes to installation steps to adhere to the new architecture
- SSHD server is installed to run as SYSTEM
- SSHD no longer depends on ssh-agent server
- SSHD resources (sshd_config, hostkeys and authorized_keys) no longer need "READ" access to NT Service\SSHD.
-
Config/State separation
- SSHD resources - sshd_config, hostkeys are moved to a dedicated hidden directory - %ProgramData%\ssh
- SSH global resources - ssh_config and ssh_known_hosts will now work and can be placed in the above directory
- Logs would be written to the above directory too. This is a temporary solution while we evaluate moving logs to ETW sessions.
-
SSHD prerequisites auto setup
- SSHD service prereq resources - sshd_config and hostkeys, if they don't already exist - will now be automatically generated as part of service startup.
- This will reduce instllation steps to all but one step - i.e to run installsshd.ps1. There will be no more configuration steps needed.
-
Other misc issues listed here
Breaking Changes
- You need to be SYSTEM to do SSHD debug mode (sshd -d), typically used in troubleshooting scenarios. Running as an administrator is no longer sufficient. You may use
psexec -s cmd
to open up cmd.exe running as SYSTEM. - To use existing customized sshd_config, you need to copy it to %programdata%\ssh\sshd_config (Note that %programdata% is a hidden directory).
- To use existing host keys, you need to copy them from binary location to %programdata%\ssh\
- Prior versions required SSHD resources (sshd_config, host keys and authorized_keys) to have READ access to "NT Service\SSHD". This is no longer a requirement and the corresponding ACL entry should be removed. You may run
Powershell.exe -ExecutionPolicy Bypass -Command '. .\FixHostFilePermissions.ps1 -Confirm:$false'
to fix up these permissions. - Make sure binary location has the write permissions to just SYSTEM, Administrator groups. It is recommended to extract binaries to
%ProgramFiles%\OpenSSH
Known Issues:
- You may not be able to connect with sshd logs showing that "unable to get security token for user sshd". Please see #1053
- Match Blocks support has regressed. This will be fixed in the upcoming release.
v0.0.24.0
This is a pre-release (non-production ready)
This release includes the following bug fixes/enhancements: