Bitvise SSH Server v7.45Program Type:
Secure file transfer and terminal shell access for WindowsDeveloper:
Windows XP SP3, Vista, 7, 8, 10 | Server 2003 - 2016File Size:
14.01MbBitvise SSH Server
обеспечивает возможность безопасного удалённого входа на рабочие станции и серверы Windows. Основной функцией SSH-сервера является безопасность: в отличие от Telnet- и FTP-серверов, Bitvise SSH Server шифрует данные во время передачи. Таким образом, никто не сможет перехватить ваш пароль или посмотреть, какие файлы вы передаете при доступе к компьютеру по протоколу SSH.
Bitvise SSH Server идеально подходит для удалённого администрирования серверов Windows; для опытных пользователей, которым нужен доступ к своей домашней машине с работы или к своей рабочей машине из дома; а также для решения широкого диапазона сложных задач, таких как создание VPN с использованием SSH-туннелирования TCP/IP или предоставление безопасного хранилища файлов с использованием протокола SFTP.
--------------------------------------Bitvise SSH Server
provides secure remote login capabilities to Windows workstations and servers. Security is our SSH server's key feature: in contrast with Telnet and FTP servers, Bitvise SSH Server encrypts data during transmission. Thus, no one can sniff your password or see what files you are transferring when you access your computer over SSH.
Bitvise SSH Server is ideal for remote administration of Windows servers; for advanced users who wish to access their home machine from work, or their work machine from home; as well as for a wide spectrum of advanced tasks, such as establishing a VPN using the SSH TCP/IP tunneling feature, or providing a secure file depository using SFTP.
Our SSH server supports all desktop and server versions of Windows, 32-bit and 64-bit, from Windows XP SP3 and Windows Server 2003, up to the most recent – Windows 10 and Windows Server 2016.Bitvise SSH Server supports the following SSH services:
• Secure remote access via console (vt100, xterm and bvterm supported)
• Secure remote access via GUI (Remote Desktop or WinVNC required)
• Secure file transfer using SFTP and SCP (compatible with all major clients)
• Secure, effortless Git integration
• Secure TCP/IP connection tunneling (port forwarding)
When the Personal edition is chosen during installation, Bitvise SSH Server can be used free of charge by non-commercial personal users.Professional SSH server
We continue to invest considerable effort to create the best SSH software we can. These are some of the features that make Bitvise SSH Server special:
• Ease of use: Bitvise SSH Server is designed for Windows, so that it is easy to install and configure. In a regular Windows environment, it will work immediately upon installation with no configuring. (We do however recommend tightening down settings to restrict access only to those accounts and features that you use.)
• Encryption and security: Provides state-of-the-art encryption and security measures suitable as part of a standards-compliant solution meeting the requirements of PCI, HIPAA, or FIPS 140-2 validation.
• Unlimited connections: Bitvise SSH Server imposes no limits on the number of users who can connect, and gets no more expensive for a larger number of connections. The number of simultaneous connections is limited only by system resources!
• Windows groups: Bitvise SSH Server natively supports configurability through Windows groups. No need to define account settings for each Windows account individually. The SSH server knows what groups a user is in and, if configured, will use appropriate Windows group settings. Virtual filesystem mount points can be inherited from multiple groups.
• Quotas and statistics: The SSH Server can be configured with per-user and per-group quotas and bandwidth limits, and keeps a record of daily, monthly, and annual usage statistics.
• Speed: SFTP transfer speed mostly depends on the client, but Bitvise SSH Server allows clients to obtain some of the fastest transfer speeds available. With Bitvise SSH Client, SFTP file transfer speeds in the tens or hundreds of MB/s can be obtained. SFTP v6 optimizations, including copy-file and check-file for remote file hashing and checksums, are supported.
• Virtual filesystem: Users connecting with file transfer clients can be restricted to a single directory, or several directories in a complex layout. Users connecting with terminal shell clients can also be restricted in the same way if their Shell access type is set to BvShell.
• Git integration: Set an account's shell access type to Git access only, and configure the path to your Git binaries and repositories. The account can now securely access Git, without being given unnecessary access to the system.
• Obfuscated SSH with an optional keyword. When supported and enabled in both the client and server, obfuscation makes it more difficult for an observer to detect that the protocol being used is SSH. (Protocol; OpenSSH patches)
• Single sign-on: Bitvise SSH Server supports GSSAPI-enabled Kerberos 5 key exchange, as well as NTLM and Kerberos 5 user authentication. This means that, using Bitvise SSH Client or another compatible GSSAPI-enabled client, any user in the same Windows domain, or a trusted one, can log into the SSH server without having to verify the server's host key fingerprint, and without even having to supply a password! Using Windows group-based settings, the user's account doesn't even have to be configured in the SSH server.
• Virtual accounts: want to set up an SFTP server with many users, but don't want to create and manage 1000 Windows accounts? No problem. Bitvise SSH Server supports virtual accounts, created in SSH server settings, backed by the identity of one or more Windows accounts. SSH server settings for these accounts are also configurable on a virtual group basis.
• Bandwidth limits: Separate upload and download speed limits can be configured for each user and group.
• Excellent terminal support: Bitvise SSH Server provides the best terminal support available on the Windows platform. Our terminal subsystem employs sophisticated techniques to render output accurately like no other Windows SSH server. And when used with Bitvise SSH Client, our bvterm protocol supports the full spectrum of a Windows console's features: colors, Unicode characters, and large scrollable buffers.
• BvShell: Users whose filesystem access should be restricted to specific directories can have their Shell access type configured to BvShell. Similar to chroot, this provides access to a limited terminal shell which can allow for more powerful access than a file transfer client, but still restricts the user to root directories configured for them.
• Telnet forwarding: The SSH Server can be configured to forward terminal sessions to a legacy Telnet server, providing SSH security to existing Telnet applications.
• Flexibility: most SSH server features can be configured individually on a per-account basis from the user-friendly Bitvise SSH Server Control Panel. Using Bitvise SSH Client, the SSH server's Control Panel can be accessed and configured through the same user-friendly interface from any remote location.
• Server-side forwarding: with Bitvise SSH Server and Client, a server and multiple clients can be set up so that all port forwarding rules are configured centrally at the server, without requiring any client-side setting updates. The SSH clients only need to be configured once, and port forwarding rules can easily be changed when necessary.
• Scriptable settings: Using the supplied BssCfg utility, or using PowerShell, all settings can be configured from a text file, from a script, or interactively from the command-line.
• Multi-instance support: Bitvise SSH Server supports multiple simultaneous, independent installations on the same computer for customers needing completely separate instances for different groups of users. Multiple SSH server versions can run concurrently, as separate instances on the same server.
• Master/slave configuration: In environments with multiple SSH server installations, one can be configured to run as master, and others can be configured to run as slaves. Slave installations can be configured to synchronize their settings, host keys, and/or password cache with the master. This feature can be used both for cluster support, and to reproduce aspects of SSH server settings on a large number of similar installations.
• Delegated administration: Users of the SSH Server who do not have full administrative rights can be granted limited access to SSH Server settings, where they can add or edit virtual accounts using the remote administration interface in Bitvise SSH Client. Limited administration tasks can be delegated without requiring full administrative access.Encryption and security features
• Key exchange algorithms:
- ECDH over elliptic curves secp256k1, nistp256, nistp384, nistp521 using SHA-512, SHA-384, or SHA-256
- Diffie Hellman with group exchange using SHA-256 or SHA-1
- Diffie Hellman with fixed 4096, 3072, 2048, or 1024-bit group parameters using SHA-512, SHA-256, or SHA-1
- GSSAPI key exchange using Diffie Hellman and Kerberos authentication
• Signature algorithms:
- ECDSA over elliptic curves secp256k1, nistp256, nistp384, nistp521 using SHA-512, SHA-384, or SHA-256
- RSA using 4096, 3072, 2048, 1024-bit key sizes with SHA-512, SHA-256, or SHA-1
- DSA using SHA-1 (legacy)
• Encryption algorithms:
- AES with 256, 128-bit keys in GCM mode
- AES with 256, 192, 128-bit keys in CTR mode
- AES with 256, 192, 128-bit keys in CBC mode (legacy)
- 3DES in CTR or CBC mode (legacy)
• Data integrity protection:
- AES with 256, 128-bit keys in GCM mode
- HMAC using SHA-256, SHA-1
• Authentication types:
- Password authentication with Windows accounts - local or Active Directory
- Password authentication with virtual accounts - configurable password policy
- Public key authentication
- Kerberos single sign-on using GSSAPI
- Time-based one-time password (SSH Server versions 8.xx and newer)
• Additional security features:
- Denial of service protection through throttling of incoming connections
- Login attempt delay for concurrent logins for same user or from same IP address
- Automatic temporary IP address blocking with IP whitelist
- Username blacklist
- Configurable client IP address, product version string restrictions
- Account-specific IP address restrictions
- Account-specific IP address restrictionsFIPS 140-2 validation
When FIPS is enabled in Windows, our software uses Windows built-in cryptography, validated by NIST to FIPS 140-2 under certificates #2937, #2606, #2357, and #1892. On Windows XP and 2003, our software uses the Crypto++ 5.3.0 FIPS DLL, originally validated by NIST under certificate #819 (historical). When FIPS mode is not enabled, additional non-FIPS algorithms are supported.Bitvise SSH Server Users' Guide >>What's new in v7.45:
- Bitvise SSH Server, SSH Client, and FlowSsh previously did not implement strict size limits or sanitization of content before displaying or logging strings received from a remote party. Much stricter size limits and sanitization are now implemented.
- Version 7.21 introduced settings to configure minimum and maximum sizes of DH groups to be considered for Diffie Hellman key exchange methods with group exchange. These settings did not work correctly in many circumstances. This would allow clients to request 1024-bit DH parameters where this was meant to be prohibited. Fixed.
- Bitvise SSH Server, SSH Client, and FlowSsh now report the size of the Diffie Hellman group actually used in DH key exchange. This is useful with key exchange methods that use DH group exchange, where there was previously no straightforward way to know what size group was used.Known issues
• These clients incorrectly trim spaces at the end of the SSH version string, and the SSH Server sends such a space when this setting is enabled. Affected clients calculate the SSH session exchange hash as if this space wasn't sent, corrupting signature verification. The error manifests with a message such as:
• Signature verification failed
• If you experience this issue, a workaround is to disable the Omit server version setting. Future versions of affected clients may resolve this issue. A future new feature release of the SSH Server will also resolve this issue by removing the unnecessary space, but minor versions will not, to avoid defeating the purpose of the Omit server version feature.
• Windows 10: As of July 2017, if the SSH Server setting Open Windows Firewall is set to a value other than Do not change Windows Firewall settings, the latest versions of Windows 10 may log this during system shutdown: The Bitvise SSH Server service did not shut down properly after receiving a preshutdown control. After investigating, we find that even though the SSH Server has a dependency on the Windows Firewall service in this configuration, Windows appears to over-aggressively shut down related functionality, so that the SSH Server cannot deinitialize. We have at this time not found a solution, and believe that a fix is needed by Microsoft. Affected users can avoid this issue by configuring the SSH Server with Do not change Windows firewall settings. If this is done, a rule to allow access to the SSH Server must be added in Windows Firewall settings manually.
• Windows XP: All versions of our software that we recommend using are built using Visual Studio 2015. The C++ run-time library used by this Visual Studio version has a known issue where 1-2 kB of memory are leaked each time a new thread is created. This issue does not occur on later Windows versions; it does not occur e.g. on Windows Server 2003. Microsoft has stated they do not intend to fix this issue. Bitvise's view is that the impacts on our SSH Client and FlowSsh are manageable; whereas our SSH Server is rarely used on Windows XP. We therefore do not plan to work around this; but we warn that this can be a potential denial of service vector on Windows XP.Download: