|
The following is installed with the Pragma FortressSSH and the
information on this page is also available in the "readme.txt"
file. These are notes on the fixes and enhancements that have
been added to Pragma FortressSSH 5.0 since it's initial release
Build 1, on 09/26/06.
Some of these enhancements may not
be documented in the Help files or in the manual. Report
problems and your feedback via email to support@pragmasys.com or
by visiting our web site,
http://www.pragmasys.com/secure/support.asp.
You can obtain the latest product or evaluation copies by
contacting us via any of the following means :
Postal Address :
Pragma Systems, Inc.
13809 Research Blvd Suite 675 Austin,
TX 78750, USA.
(512) 219-7270 (TEL)
(512) 219-7110 (FAX)
Email :
info@pragmasys.com
If you have installed the evaluation package, it
will let you run it for 14 days from the time of installation.
Highlights on what's new in this release:
-----------------------
Build 9 Start
-----------------------------
Release Date: 12/02/09
Revision #: 507
Enhancements:
- "Certified for Windows Server 2008 R2" logo status achieved.
- "Campatible with Windows 7" logo status achieved.
- FIPSMode introduced to choose product features to conform to FIPS 140-2 certification.
- Build with FIPS certified OpenSSL-fips1.2 library and headers to achieve FIPS 140-2 certifications for few calls we still make to OPENSSL
- FortressCL now uses Pragma SSH library instead of its own crypto code. Pragma SSH library used MS Crypto calls and some OPENSSSL, both of which are FIPS 140-2 certified.
- IPv6 is now supported in all parts of the product (sshd, ssh, sftp, scp, gui, management programs)
- scp now has -A option like in our ssh and sftp so that password can be passed for automated file transfers
- diffie-hellman-group-exchange-sha256 support added in ssh key exchange
- CmdServer passes its shell/applic return code so that sshd can pass it to the client side.
- Returned call to TerminateJobObject to our TerminateCommandShell so that MonitorChildProcesses is checked, graceful termination is available, and Recording of terminated events occurs.
- Return call to NetworkCleanup and changed OS version check to run on anything since Win2000 instead of Win2000 only
- Returned code to clean up mapped drives
- Modified logging for server process to create unique file name based off PID and time and pass as argument to CmdServer
- Multiple sessions wthin one remote channel are logged corectly now.
- Changed how log files are opened so that now they can be read during live session; ssh session input is logged to files
- Added check box for mapping network drives in separate thread, exposing existing registry value via PrgamaMgr.exe gui.
- SCP: removed check for / and \\ in search for colon() to determine if parameter is remote machine. This allows domain accounts
to be used for scp file transfer.
- Sha-1 algorithm is used in place of md5 for fingerprint to ease support of FIPS
- FortressCL updated with numerous fix to support both FIPS or non-FIPS modes.
- PragmaCrypto.dll introduced which contains all crypto code used to comply with FIPS 140-2 guidelines/tests.
Fixes:
- SSH server Reconnect was turned off. Now it works.
- Running it in Win 2000 server does not need turning on "Replace a Process Level Token" user rights change
- FortressCL will not get getaddrinfo() not available error in Windows Server 2000.
- ssh.exe cmd line client's -R option stopped working. The problem was limited to our ssh cmdline client,
other vendor's ssh client's -R option worked fine.
- scp -o option used to crash scp and has now been fixed.
- Use SHA1 hash for fingerprint instead of MD5 in sshkeygen
- SSH2 standard's diffie-hellman oakley group14 support added
- default value for ThreadDriveMap changed to off, so that drives can be available for non-interactive sessions
- Default value for CustomAppSupport now set to yes.
- Fix for garbarge characters showing up on screen in Advanced Console
- PragmaMgrC.exe invokes registry editor correctly (regedtc.exe in place of re.exe)
Release Date: 07/23/09
Revision # 342
Enhancements:
- New Pragma Gen2 architecture for higher speed, reliability and enterprise
deployment readiness.
- Multiple sessions within a single sshd are now supported. Upto 64
shell, sftp, scp or port forwording sessions within one sshd can be started.
- Advance console and Shell support greatly improved by reducing APIs needed to be redirected
- Reconnection of dropped sessions is now supported by sshd. Useful for Handhelds
An industry first for a sshd server
- Server to client heartbeat feature added to sshd. SSH_MSG_IGNORE packet is sent to
the client by sshd to know that the ssh client is alive
- Handheld configuration settings consolidated in a separate page on Local Server Configuration
program for ease of setting up Handheld connectivity options
- Server has added smart logic to distingush between explicit disconnect issued by user versus disconnect
due to network connection drop. The former will not cause "Reconnect" mode to be entered but the latter will
Handhelds reconnection support needs this smart disconnection difference detection for real life use.
- SSH1 protocol support added for legacy support of old devices
SSH1 can be disabled with a config entry change for sites that do not need it
- Improved Group Membership algorithm for group based access restriction control
- Customer Application has clean documented way to send custom code for beep or special functions
sshd and Pragma telnetd can work from the same custom code
- User drive letter mapping improvements to get logon prompts quickly by lauching an extra
thread that maps user drives in the background; this thread exits when done. ThreadDriveMap
can be set to "no" to avoid this asynchronous drive mapping for scripts who may need drive letters
at the launch
- Windows PowerShell is now fully supported and can be set as the default shell
- Supports new Windows Server 2008 R2 and Windows 7
- All languages supported by Windows are now supported by sshd server and clients.
UTF-8 (65001) is a good page to choose. Users can choose any CodePage and Fonts that support their national language.
Fixes:
- Group access not detected correctly
- Ports not forwarded correctly on some occasions
- scp not showing all filenames in recursive transfer
- scp not showing file transfer status for all files
- Client disconnects at any time will not tie up sshd/sftp/scp servers
- sshd, sftp, scp start or later failures reported better to clients
- Auto load of Certificate login fixed to work for new users who had not logged in before.
Auto load of certificates now works corectly for Windows 2000 and all later Windows operating systems
- If "PATH" in user level was set, it would override "PATH" in system level. Now User level PATH is appended after system's PATH.
Clients/Tools:
- telnetc supports TelnetSSL protocol. telnetc /s option is used to invoke SSL
FortressCL
- control-c and control-break is now passed to server enabling application termination/exit
- TelnetSSL protocol is now supported
Known Issues:
- NONE.
----------------------- Build 9
End
-------------------------------
-----------------------
Build 8 Start
-----------------------------
Release Date: 03/18/09
Revision # 183
Enhancements:
- Support for Microsoft's new PowerShell. Many fixes done (listed below) to
have PowerShell run well with Pragma SSH server.
- Tested to run with new Windows server 2008 R2 and Windows 7.
- SSH1 protocol support added and can be easilly disabled if desired
Fixes:
- Line editing insert key toggle is handled correctly by SSH server
- Server turns on AutoWrap at start as PC screens assumes/expects it
- Server handles tab command completions by comamnd shells
- Works with any screen sizes. Sizes like 120x50 was a problem before.
- 16bit programs, like edit.com, do not have 43 lines limitations any more
- Server sets the screen margins
- Server properly clears the screen buffer and maintains attributes
- Screen attributes/color maintained during erase,clearing, region drawing.
- Screen flicker reduced in large screen drawing/updates
- PowerShell can execute commands passed. AdvConsole/Console mode and not
Stream mode is needed by Powershell for its run or running passed commands
- Telmc /c continues update now restores screen after exiting
- ssh.exe and telnetc.exe now restores text attributes after ending a session
- SSH.exe client used to get stuck with Tectia server. Now it works.
- ssh, telnetc support for VT Application mode. Needed for programs like vi.exe
- ssh, telnetc does erase processing with the correct attribute/color
Known Issues:
- NONE.
----------------------- Build 8
End
-------------------------------
-----------------------
Build 7 Start
-----------------------------
Release Date: 01/12/09
Revision # 108
*** This build is Certified for Windows Server 2008 and has passed Microsoft Hyper-V virtualization test ***
Enhancements:
- New NamedPipe for ssh aware applications to write to clients
- New trouble shooting logging option to log server operation to debug window or file
Fixes:
- Removed limit on number of virtual SFTP directories
- TMP and TEMP variables converted to short path names
- large number of channels can be used without error
{ returned realloc call to channel_new if number of channels used
lowered initial channel count and increment value
changed refs to channel pointer to use index to array of channels, this allows the channel array to be reallocated}
- sftp filesize fixed for 32-bit package
- fix for Pragma Manager program running on Windows 2000
Known Issues:
- NONE.
----------------------- Build 7
End
-------------------------------
-----------------------
Build 6 Start
-----------------------------
Release Date: 09/23/08
Revision # 149
Enhancements:
- New technology used (Detours) to make AdvancedConsole mode more robust
- Native Itanium 64 bit support now available with Detours use for
AdvancedConsole and wrap.
- New graphic set definition added for use with Stay-Linked console client
add registry value "DECCharSet" under configured users with a value
of 6, plus true vt220 character map
Fixes:
- Characters outside ASCII character set allowed in password and username
- PRB: User defined in 3rd or greater Active Directory group in Pragma Manager
Group page cannot gain access
- AdvancedConsole mode enhanced to give these features and robustness:
a) Backspace now works when tabbed command completion text is edited
b) Backspace processing will not erase passed command prompts
c) Backspace processing technique redone to use Windows console
for more accurate backspace processing in all cases
c) F7 popped command history works robustly
d) F2, F3, F4 cmd shell processing works correctly
e) In editors like vi.exe, ": " command now erases texts where command is typed.
ESC-K clear line server was sending was not getting out properly to client
- PRB: environment variables defined for user appending s to variable in session
- Multiple groups added from single dialog selection list all groups
- Configuration values for groups near end of long list work
- Pragma Manager stops Remote Registry service
- forwarded ports not closing when client disconnects
- forwarded ports closing unexpectedly
Known Issues:
- NONE.
----------------------- Build 6
End
-------------------------------
-----------------------
Build 5 Start
-----------------------------
NOTE: There is no Build 5 for FortressSSH.
----------------------- Build 5
End
-------------------------------
-----------------------
Build 4 Start
-----------------------------
Release Date: 12/07/07
Revision # 289 (pragmareg displays this revision number as # 33)
Enhancements:
- *** Certified for Windows Vista ***
- Client size not limited by server side maximum window size
- New Configuration Push in Pragma Manager
- improved search for user profiles for key authentication
Fixes:
- FIX: PCI Compliance issue which reports a buffer-overflow. Our
testing did not result in a buffer overflow, so there is no security
risk of execution of arbitrary code. The complaint would cause the
server to appear to freeze.
- Updated child process termination
- Advanced Console redraw when using special input keys
- sftp bad address error on directory chang
Known Issues:
- NONE.
----------------------- Build 4
End
-------------------------------
-----------------------
Build 3 Start
-----------------------------
Release Date: 01/24/07
Enhancements:
- Groups configurable by domain name and not domain controller
machine name.
Fixes:
- In Vista 64-bit, 64-bit programs failed to show output
- Improved key generation for writing to user shell
- Report of invalid character map value in environment variable
- sftp.exe cmdline client hung in file uploads to BITVISE WinSSHD
- fix for ssh client script processing
- ssh client display fixes
- PROB: crash for some group access
- backspace fix in Advanced Console
- InetD handle leak if maximum number of connections reached
- support for Windows 2003 Active Directory domain functional level
added
- PROB: SSHD process hangs if user shell cannot be launched
- sftp file transfer hanging
Known Issues:
- NONE.
----------------------- Build 3
End
-------------------------------
-----------------------
Build 2 Start
-----------------------------
Release Date: 12/08/06
Enhancements:
- Network shares referenced by UNC name allowed as virtual
directories
Fixes:
- FIX 09272006: FortressFX SSH/sftp Port number not passed to lower
layer.
This would disallow connection to server port other than standard
22.
- FIX: ESC key can be pressed once to send ESC to server
- FIX: port forwarding
- FIX: SFTP from some clients does not close
- FIX: screens clear completely
- FIX: Server and client exit status reported
- FIX: SCP access does not need Shell Access as well
- FIX: Term environment variable assigned correctly
Known Issues:
- NONE.
----------------------- Build 2
End
-------------------------------
-----------------------
Build 1 Start
-----------------------------
Release Date: 09/26/06
Enhancements:
- Full 64 bit x64 version support for Intel EM64T and AMD64
processors
- Two separate packages available. One for 32-bit and another for
64-bit.
- Support for Windows Vista(both 32 and 64 bit) and Windows Longhorn
server
- Session Monitoring configurable by Pragma Manager
- More troubleshooting features added
- More sessions possible with smaller desktop count
- Optimized for both 64bit and 32bit with the newest compiler
technologies
- 64 bit version allows for reaching new scalability heights in
terms
of session support and larger file transfer size
- environment variable can be used in Home Directory designation
- Import/Export of Configuration Settings
- Easier Configuration of Idle Session Timeout
- Reverse Video configuration
- Bigger and faster File transfer speeds
- Escape sequences can be sent in multiple packets allowing improved
emulation
- SSH1 code taken out to improve product security. Only SSH2 is
supported
Fixes:
- New Release. N/A
Known Issues:
- NONE.
----------------------- Build 1
End
-------------------------------
|
