Copssh update - 7.2.0


Copssh version 7.2.0 installers come with OpenSSH 8.2p, LibreSSL 3.0.2 and most recent versions of Cygwin and GNU tools. We have also updated Copssh Control Panel with some minor fixes.

-- Incompatibility note for Copssh versions 6.x and earlier --

As of version 7.0, Copssh uses Cygwin 3.x libraries, introducing major and backwards-incompatible changes, thus requiring a reinstallation. You can follow our instructions here, to refresh your installation withour losing your existing setup.

Thanks to major changes in Cygwin, Copssh doesn't need a dedicated service account any longer and is run by the local system account.

The logic behind the sftp home directory isolation is now improved by introducing symbolic link folders: Each activated user gets a symbolic link folder /home/___username , pointing to the home directory provided via the User Activation wizard, resulting with a more stable and less error-prone solution.  A small patch avoiding messages "bad ownership or modes for chroot directory" (non-relevant for a Copssh installation), is also introduced. NB! As always mentioned, even if the home directory isolation works as expected, you should use NTFS permissions on your file systems to achieve better security.

--- Potentially-incompatible changes in OpenSSH 8.2.0

This release includes a number of changes that may affect existing

 * ssh(1), sshd(8): the above removal of "ssh-rsa" from the accepted
   CASignatureAlgorithms list.

 * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
   from the default key exchange proposal for both the client and

 * ssh-keygen(1): the command-line options related to the generation
   and screening of safe prime numbers used by the
   diffie-hellman-group-exchange-* key exchange algorithms have
   changed. Most options have been folded under the -O flag.

 * sshd(8): the sshd listener process title visible to ps(1) has
   changed to include information about the number of connections that
   are currently attempting authentication and the limits configured
   by MaxStartups.

 * ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
   support to provide address-space isolation for token middleware
   libraries (including the internal one). It needs to be installed
   in the expected path, typically under /usr/libexec or similar.