Pragma Fortress SSH Client Version 5.0 Release Notes

The following is installed with the Pragma SSH Client Suite and the information on this page is also available in the "readme.txt" file. These are notes on the fixes and enhancements that have been added to Pragma SSH Client 5.0 since it's initial release.

Some of these enhancements may not be documented in the Help files or in the manual. Report problems and your feedback via email to support@pragmasys.com or by visiting our web site for support.

You can obtain the latest product or evaluation copies by contacting us via any of the following means :

Postal Address :

Pragma Systems, Inc.
13809 Research Blvd, Suite 675 Austin, TX 78750, USA.
(512) 219-7270 (TEL)
(512) 219-7110 (FAX)
Email :

Highlights on what's new in this release:

----------------------- Build 10 Start -----------------------------

Release Date: Nov 29 2018
Revision #: 1629

Enhancements:

- Unicode supported added to sftp
- Datestamp added to SFTP client logging

Fixes:

Release Date: May 3 2018
Revision #: 1563

Enhancements:

-oConnectionTimeout=time added to ssh cmd line client for connection timeout. can be given in seconds, minutes, etc. 10s, 1m, 5m30s sftp and scp can also use it.

Fixes:

- sshkeygen can now do conversion of larger RSA keys (bigger than 1024 bit)
- ssh command line client SSHv1 mode was trapping after user authentication

Release Date: Mar 22 2018
Revision #: 1520

Enhancements:

- SSH client now allows env vars to be passed before a shell is started. "SSH_SHELL" environment var value allows selection of shell for Fortress SSH server. "powershell" value will allow running Windows powershell. Full path of the shell can be provided also.
- Environment vars are passed by using -oSendEnv=Name[:value] option from ssh clients

To run powershell in Fortress sshd server using pragma ssh client, type:
ssh remotehost -oSendEnv=SSH_SHELL:powershell

- ssh command line client now supports zlib@openssh compression in addition to zlib which it supported before. sftp and scp client also gets this additional compression as they run on top of ssh.

Fixes:

Release Date: Mar 14 2018
Revision #: 1507

Enhancements:

- new logging implementation in sftp command line client
- updated to latest version of group key exchange
- new ACSII conversion of files during sftp file transfer, using command line sftp client

- use -a as command line parameter to convert all files during session
- use the ascii on/off command within the session to turn of/off

- license registration keys for FortressCl and FortressFX are stored per user, no longer requiring administrative privileges to enter registration key
- Wildcard option in sftp.exe cmd line client's ls or dir is now supported

Fixes:

- no longer prompting for password when using trying to use default id_dsa, id_rsa, and identity keys
- issue with session disconnect when X509 certificate used for authentication
- DSA keys bigger than 1024 bits, like 2048, were failing sometime to login in ssh or sftp.

Release Date: April 5 2017
Revision #: 1265

Enhancements:

FortressCL:
- content of trace window can be saved to a file
- more detailed trace logging.

Fixes:

FortressCL:

- fix for user not prompted for a pin if a password is stored for the site.
- fix where non-etm ciphers would fail

Release Date: Jan 16 2017
Revision #: 1034

Enhancements:

-ssh cmd line client fixed to avoid Cisco SSH diffie-hellman bug where our nbits prefer had to be 4096 instead of 8192

Fixes:

- FortressCL chacha cipher connection works with Openssh 6.6p1 on Ubuntu 14.04; Set limits on pbit calculation for dh gex as Ubuntu 14.04 openssh has a problem accepting too large of pbits.
- FortressCL fix so that aes ctr mode would disconnect over some network traffic like over vpn. Fix was not etm modes needing to return remainder data rather than 0.
- FortressFX delete of directories in left panel (local) were not working.
- FortressCL fix for PIN bug. We had a condition where a stored password was causing the PIN prompt not to happen

Release Date: Dec 20 2016
Revision #: 1005

Enhancements:

- new AES GCM and ChaCha ciphers added to ssh gui client (FortressCL.exe)

Fixes:

- FortressCL disconnects on listing on Unix systems
- command line ssh client scrolled lines could not be seen and margin setting issues

Release Date: Nov 21 2016
Revision #: 957

Enhancements:

- ssh.exe Add -oTraceLimit=nnnnn new option to say how many bytes in each ssh packet are to be traced. Works in conjunction with -oTraceFile=filename option. sftp.exe and scp.exe clients can pass these options also to ssh like other -o options.

Fixes:

- ssh.exe change ansi parser to handle cursor position out of bounds (MS openssh port server was sending these ). We now limit it to screen size.
- FortressCL bug where the serial stop bits were not being set correctly.
- FortressCL fixed clipping of wrapped lines for cases where the line has been expanded after being set. Line resizing and clipboard copying works better now.
- telnetc scripting fixed to return control to session after processing

Release Date: Nov 10 2016
Revision #: 942

Enhancements:

- Expand the FortressCL Trace window to handle 1000 trace messages (up from 255)

Fixes:

- Override default handling of FortressCL trace mouse wheel and handle it ourselves since default handling is jerky.
- telnetc scripting fixed to return control to session after processing

Release Date: Sept 13 2016
Revision #: 856

Enhancements:

- FotressCL now has a preference setting telling how to handle OCSP staples. The default is off, but the software can be configured to generate staples for all certificates (except root) or just a staple for the end certificate. This can be useful if the client doesn't have access to the certificate chain revocation information.

Fixes:

- Under some circumstances, FortressCL was building the certificate chain multiple times. Optimizations have been implemented so that the chain will only be built once per key type.
- sftp.exe command line client now takes -o options and all options anywhere. No need that they be given before user@hostname

Release Date: August 10 2016
Revision #: 814

Enhancements:

- FortressCL serial COM port support added. PC COMx ports or USB ports can now be connected to Cisco devices console serial port (9600, 8, 1, XON/XOFF typical setups) with a cable and then logged in from FortressCL with serial transport.
- FortressCL PFX certificate format support added
- Smart card insert and PIN prompts are done with character mode dialogs in console clients and GUI dialogs for GUI programs for maximum flexibility in scripting/automation
- "-oSCPinPrompt" added to cmd line ssh/sftp/scp clients for scripting/automation with smart cards
- SOCKS5 and SOCKS4 support added to ssh clients with external connect.exe new binary which supports SOCKS4/SOCKS5/HTTP/direct proxy option for maximum connectivity flexibility
- oSCPin="zzzz" added to cmd line ssh/sftp/scp clients for passing smart card pin for scripting automation. ssh Config file also supports all these -o options so that they do not have to be provided in the cmd line.
- Upload-key.exe new command line tool added to list/add/delete a user's public key in s SSH server. This tool now works to upload keys to Pragma and Vandyke SSH servers which support RFC 4819. We plan to keep improving this tool to work with OpenSSH and other vendor's ssh servers in future.

Fixes:

- FortressCL Always prompt for PIN option made to work better and work in all windows OS and middleware
- FortressCL can work with smart cards that do not push the certificates to Windows certificate stores
- FortressCL fix selection of reader combo box for multiple card readers

Release Date: July 15 2016
Revision #: 766

Enhancements:

- ProxyCommand is supported in ssh command line clients with -W option;
ssh, sftp and scp can use this option to reach a remote host with a proxy host in between. A typical command example:
ssh -oProxyCommand="ssh -W %h:%p user@proxyhost" user@targethost
- FortressFX provides user public key uploading/deleting/listing through a new gui menu Tools->UploadKeys. It uses publickey subsystem defined by RFC 4819 which is now supported by Vandyke and Pragma SSH servers and clients.
- Ansicolor mode is the made the default. Default history lines of terminal is made to 3000 instead of previous 150
- FortressCL - Toolbar color selection is stored for that site. Font selection made to be effective for that site.

Fixes:

- FortressFX host switching and connect would fail if the previous connect to a host had failed. Connect Failures are shown in a popup message box.
- PragmaReg.exe returns the correct success and failure codes to check via Windows batch scripts. 0 return code means success. 1 or higher numbers means various errors.
- FortressCL allows private keys to lack a newline at the end of the file. Logon to Amazon AWS with a pem key was failing due to that before.
- FortressFX was not sending userid for identity file certificate logons thus current logon user id was being used. This caused logon to Amazon AWS sftp servers to fail with a pem key as userid is typically different from windows logon userid.
- FortressCL non-ansicolor mode text selection and copying from screen works correctly
- FortressCL color button in toolbar makes the color effective right away
- FortressCL cursor color and attributes made to match with default values if not changed/set ever

Release Date: May 25 2016
Revision #: 678

Enhancements:

- FortressCL
- If UserPrincipalName is selected to be filled from Smart Card and there is no UPN in the smart card, user will be prompted to enter it.
- logs show ssh client and ssh server versions at the top to assist in customer support
- returned support for Windows XP and Windows Server 2003 OS

Fixes:

- FortressCL
-sshd server rekeying of SSH session keys was causing FortressCL.exe to fail.
- Choosing Public key button was causing certificate store load to be triggered and "key or Certificate from file" could not be chosen.
- If SSH1 is chosen and the server does not support it, FortressCL will disconnect instead of giving an SSH2 session
- Shortcuts at Install for FortressCL and FortressFX are done correctly for Standard users
- handles smartcard x509v3-sign-rsa login better without traps for OpenSSH and Tectia ssh servers that support this older way of x509v3 authentication.
- handles non-smartcard certificates better if read from the store and no card in the reader
- Cmd line ssh client handles first screen correctly if console screen buffer height and console window size height is the same.

Release Date: May 06 2016
Revision #: 643

Enhancements:

-FortressCL
- improved logging
- improved tracing

Fixes:

Release Date: Apr 26 2016
Revision #: 601

Enhancements:

-command line clients
-set xterm as default terminal type
-Add support for XTERM Send Device Attributes (CSI [>c)
-support for xterm "set title" verb
-added VERASE pty mode
-FortressCL
-Add option to selectively restrict smartcards based to those with the smartcard EKU.
-Added 4 new rejection criteria fox X509 certificates
-Added EKU list fox X509 certificates
-Added Trusted Certificates List fox X509 certificates
-FortressFX
-support for symbolic links

Fixes:

-command line clients:
-improved scroll implementation
-insert mode
-ctr ciphers allowed in FIPS mode
-FortressCL - added x509 failover to support tectia x509 certificate authentication

Release Date: Jan 18 2016
Revision #: 410

Enhancements:

- osinfo.exe tool included detects Windows 10 and Windows Server 2016 operating systems correctly
- sftp-server shows linked file destination end-points. E.g. "Application Data" will show where it is pointing to.
- packet tracing enhanced in ssh cmd line, sftp and Fortress FX gui sftp. -oPacketTrace=filename used to create a trace file

Fixes:

- sftp client - unable to transfer larger than 2 GB files from/to Serv-U server
- hmac-sha2-512 MAC picked up correctly if requested by the other side
- added SHA2 MAC algorithms to ssh client and server default MACs so that they are available right away after install

Release Date: Jan 18 2016
Revision #: 410

Enhancements:

Fixes:

Release Date: Nov 23 2015
Revision #: 343

Enhancements:

- Updated Help Files
- FortressCL - key generation using RFC4716 format or openssh format for easier storage in Fortress SSH Server authorized_keys2 files

Fixes:

Release Date: Oct 02 2015
Revision #: 286

Enhancements:

- FortressCL - Client support for ActivClient 6.2 and 7.0.

Fixes:

Release Date: Sept 23 2015
Revision #: 273

Enhancements:

- FortressCL - improved CAC implementation.
- FortressCL - special enhancements for connection to Cisco hardware
- FortressFX - smart card support

Fixes:

----------------------- Build 9 Start -----------------------------

Release Date: August 25 2015
Revision #: 3380

Enhancements:

- command line ssh client reports a more accurate status code in verbose mode

Fixes:

- FortressCL fix for certificate authentication against Cisco devices
- FortressFX fix for files greater than 4GB
- telmc column spacing

Release Date: June 12 2015
Revision #: 3283

Fixes:

- Authentication Dialog issues in FortressCL

Release Date: Jan 26 2015
Revision #: 3103

Fixes:

- FortressCL Apply button not activated until new page selected

Release Date: 11/05/2014
Revision #: 2904

Released to keep in sync with Fortress SSH Server

Release Date: 06/12/2014
Revision #: 2841

Released to keep in sync with Fortress SSH Server

Release Date: 08/25/2014
Revision #: 2816

Enhancements:

- FortressFX now supports links to directories or files. Linked directories or files are shown with 'l' in attributes and users can click it to go down to the linked directory or access the file. SFTP RFC based so works for links in all operating systems ( Windows, Linux, Solaris, etc ).
- sftp.exe client command line program now supports two new commands: open and close
- sftp client now supports "-p" flag to allow/disallow file attribute and time preservation
- -i switch in sftp cmd client is now documented; -i pubkey allows public key authentication
- -i and -A params in sftp client are applied in open verb for automated authentication with pubkey or password
- sftp client now has new cmd 'umask' to be used for remote systems

Fixes:

- Fixed FX directory recovery if a directory can't be opened.
- When a sftp client batchfile processing command fails, next commands are continued to be processed. Before sftp client used to exit.
- sftp client failing to set times for readonly files transferred
- sftp client default mask for remote systems changed to 755 from 775. New umask allows it to be changed
- sftp client cmd errors are given clearer messages

Known issues:

none

Release Date: 10/07/2014
Revision #: 2696

Released to keep in sync with Fortress SSH Server

Release Date: 05/27/2014
Revision #: 2680

Enhancements:

- RFC 6187 certificate support to all ssh clients
- Graphical Key Generation program guikeygen.exe added for generating SSH keys

Fixes:

- printing support fix for Windows 2008 and later
- Mouse support fixed to work when WindowsTerm emulation is used with Pragma clients and servers
- FortressFX key generation from menu is fixed

Release Date: 07/15/2013
Revision #: 2294

Enhancements:

- timestamp added to protan utility so it can be used to troubleshoot telnet session timing issues
- ssh cmd line adds -oPullKeyFromCert=yes option to pick public key from CAC or x509 v3 cards so that authentication can be done to sshd servers that support public key authentication but not x509
- FortressCL supports sending public key from CAC or x509 v3 cards so that authentication can be done to sshd servers that support public key authentication but not x509

Fixes:

- sftp client may hang when 0 length file is "put" and target file name is not given. First reported seen to Mainframe sftp server ad then duplicated to Linux openssh sftp servers.

Known issues:

none

Release Date: 11/28/2012
Revision #: 2031

Enhancements:

- Pragma SSH client now support Password Change option. Thus ssh, sftp, scp cmd line and FortressFX clients works with password change. This feature conforms to SSH password change RFC which is described in SSH_MSG_USERAUTH_PASSWD_CHANGEREQ message specified in RFC 4252 (SSH Authentication Protocol). The feature should work with all SSH servers that conforms to the RFC standard.

  • To specify a new password on the command line and to force a password change:
    ssh -B newpassword ...
  • To force a password change via password prompts:
    ssh -y ...
  • If the user account requires a password change prior to logon, sshd servers will automatically force password change to be invoked by ssh clients.
- VT100 function key escape sequences added to the Console Telnet Client

Fixes:

- SSH Client and CL registration key is now kept intact when installing a SSH Client updated install

Known issues:

- Sites that exist in an upgraded version of FortressCL will display black on black font preview on new Color Settings page of the Site Manager

Release Date: 10/18/2012
Revision #: 1956

Enhancements:

- FortressCL color setup can be configured per site using the Site Manager dialog
- FortressCL Global Sites can be configured using the wizard
- Improved FortressFX user interface, allowing drag and drop and removal of extra dialog prompts
- new configuration file option for ssh client to ignore message of a new host fingerprint, IgnoreChangedHost
- FortressCL improved port forwarding

Fixes:

- sftp and scp -oidentityfile=filename options now work to pass certificate for certificate authentication. Before password authentication was being forced on users.
- ssh1 displayed even though ssh2 protocol in use

Known issues:

- Sites that exist in an upgraded version of FortressCL will display black on black font preview on new Color Settings page of the Site Manager

Release Date: 04/18/2012
Revision #: 1715

Enhancements:

- telmc column formatting improved to work in both 80 column and larger 132 column consoles. Shows connected state in a column labeled "S" meaning state with one character: C means connected. R means awaiting reconnect.
- scp now supports giving * pattern in source file names. E.g. scp mydir/t*.txt targetmachine:.
- scp will accept drive letters in file path or directory; in paths both forward and back slashes are accepted.

Fixes:

- None.

Release Date: 01/18/2012
Revision #: 1584

Enhancements:

- Works and certified for IBM Cloud and Intel Cloud
- FortressFX has new double panel interface with the left panel showing local directory and the right panel remote directory
- Forward slash allowed in ssh client config file
- FortressCL: AES-CTR support added in the protocol layer by calling Pragma Crypto Library functions. UI Modified so that choice of CTR is exposed to the user.
- FortessCL: Added a retry count for keyboard interactive. If the retry is reached max (currently set to 3) auth falls back to password.

Fixes:

- Our ssh.exe command line client wasn't requesting confirmation of the channel request to execute a command and therefore wasn't handling the error of command execution failure properly
- FortressCL - Sets the connection string at the status location properly

Known issues/limitations:

- Drag & Drop do not work in FortressFX double panel
- FortressFX double panel will have Toolbox icons on top of each panel for easier UI navigation

Release Date: 08/19/2011
Revision #: 1370

Enhancements:

- FortressCL: Fixed authentication dialog box. If SSH1 was the selected authentication method, there were inconsistencies in how the various checkboxes like password, GSSAPI, certificate etc. worked. These issues have been fixed.)
- FortressCL: Fixed issues related to diffie-hellman key exchange. If there was only one specified key exchange algorithm specified by the server, there was a bug that parsed this algorithm name incorrectly. This has been fixed.

Fixes:

- Fixed an upload bug by ignoring list control.

Release Date: 04/20/2011
Revision #: 1225

Enhancements:

- FortressCL: Added support for IPv6 port forwarding (tunneling)
- FortressCL: Added event logging: messages are now added to Windows event log
- Command line ssh client (ssh.exe): Added event logging: messages are now added to Windows event log
- FortressFX: Added event logging: messages are now added to Windows event log

Fixes:

- None.

Release Date: 11/29/2010
Revision #: 1055

Enhancements:

- US DOD CAC PKI, Microsoft Windows PKI and Smart card support added
- x509 Certificate use is now supported in gui clients, command line clients and management programs. x509 Certificates can be in Windows Certificate Store/LDAP/smart cards or exported files. x509 Certificate can be used as host keys and in user authentication.
- Full support of x509 and Smart card in FortressCL
- Keyboard interactive mode is added in cmd line clients

Fixes:

- None.

Release Date: 06/28/2010
Revision #: 827

Enhancements:

- FIPSMode introduced to choose product features to conform to FIPS 140-2 certification
- FortressCL now uses Pragma SSH library instead of its own crypto code. Pragma SSH library used MS Crypto calls and some OPENSSSL, both of which are FIPS 140-2 certified
- IPv6 is now supported in all parts of the product
- scp now has -A option like in our ssh and sftp so that password can be passed for automated file transfers
- diffie-hellman-group-exchange-sha256 support added in ssh key exchange

Fixes:

- FortressCL will not get getaddrinfo() not available error in Windows Server 2000.
- ssh.exe cmd line client's -R option stopped working. The problem was limited to our ssh command line client, other vendor's ssh client's -R option worked fine.
- scp -o option used to crash scp and has now been fixed.

Release Date: 12/02/09
Revision #: 507

Enhancements:

- FIPSMode introduced to choose product features to conform to FIPS 140-2 certification. - FortressCL now uses Pragma SSH library instead of its own crypto code. Pragma SSH library used MS Crypto calls and some OPENSSSL, both of which are FIPS 140-2 certified.
- IPv6 is now supported in all parts of the product.
- scp now has -A option like in our ssh and sftp so that password can be passed for automated file transfers
- diffie-hellman-group-exchange-sha256 support added in ssh key exchange

Fixes:

- FortressCL will not get getaddrinfo() not available error in Windows Server 2000.
- ssh.exe cmd line client's -R option stopped working. The problem was limited to our ssh command line client, other vendor's ssh client's -R option worked fine.
- scp -o option used to crash scp and has now been fixed.

Release Date: 07/15/09
Revision #: 332

Enhancements:

- FortressCL: Added SSL support as a connection protocol. On the connection dialog box, the protocol dropdown control has an additional entry, "Telnet SSL", as a protocol option. So, FortressCL now supports telnet, telnet SSL, ssh1 and ssh2 as connection protocols.

- FortressCL: Default port for "telnet SSL" protocol is 992. The connection dialog box now reflects this change.

- FortressCL: Previously, Ctrl-C and Ctrl-V used to be used as cut and paste operators, respectively. Ctrl-C, therefore, could not be used to break out of shell programs. This has been modified so that Ctrl-Insert and Ctrl-Shift-Insert are now used as cut and paste respectively. Ctrl-C can now be used to interrupt shell programs.

- FortressCL: Fixed spurious message on disconnect

----------------------- Build 9 End -------------------------------

----------------------- Build 8 Start -----------------------------

Release Date: 03/18/09
Revision #: 183

Enhancements:

- None.

Fixes:

- FortressCL: Font changes were not being effected immediately. Changed this behavior in the dialog box that can be invoked via button or menu options.
- FortressCL: For GSSAPI authentication, any specification of domain name via the authentication screen is ignore. Instead, the full identification of the interactive user is deduced by Fortress CL and used as the login identity.
- FortressCL: For certificate authentication, specification of a domain is accepted. Previously, the domain name specification field was grayed out for this authentication method.

----------------------- Build 8 End -------------------------------

----------------------- Build 7 Start -----------------------------

No BUILD 7.
Build number jumps to Build 8 from BUild 6 skipping Build 7.

----------------------- Build 7 End -------------------------------

----------------------- Build 6 Start -----------------------------

Release Date: 09/23/08
Revision #: 149

Enhancements:

- FortressCL: Added feature to assign separate cursor color
- FortressCL: Added feature to map ANSII colors to user defined colors

Fixes:

- None.

----------------------- Build 6 End -------------------------------

----------------------- Build 4 & 5 Start-----------------------------

No BUILD 4 & 5.
Build number jumps to Build 6 from BUild 3 skipping Build 4 & 5.

----------------------- >Build 4 & 5 End -------------------------------

----------------------- Build 3 Start -----------------------------

Release Date: 01/24/07

Enhancements:

- None

Fixes:

- sftp.exe command line client hung in file uploads to BITVISE WinSSHD
- fix for ssh client script processing
- ssh client display fixes
- sftp file transfer hanging

----------------------- Build 3 End -------------------------------

----------------------- >Build 2 Start-----------------------------

Release Date: 12/08/06

Enhancements:

- None

Fixes:

- FIX: Port forwarding

----------------------- Build 2 End -------------------------------

----------------------- Build 1 Start -----------------------------

<

Release Date: 09/26/06

This is a brand new product. Any problems found in this build will be fixed in Build 2.

----------------------- Build 1 End -------------------------------

Navigation

Social Media