Copssh version 7.2.0 installers come with OpenSSH 8.2p, LibreSSL 3.0.2 and most recent versions of Cygwin and GNU tools. We have also updated Copssh Control Panel with some minor fixes.
-- Incompatibility note for Copssh versions 6.x and earlier --
As of version 7.0, Copssh uses Cygwin 3.x libraries, introducing major and backwards-incompatible changes, thus requiring a reinstallation. You can follow our instructions here, to refresh your installation withour losing your existing setup.
Thanks to major changes in Cygwin, Copssh doesn't need a dedicated service account any longer and is run by the local system account.
The logic behind the sftp home directory isolation is now improved by introducing symbolic link folders: Each activated user gets a symbolic link folder /home/___username , pointing to the home directory provided via the User Activation wizard, resulting with a more stable and less error-prone solution. A small patch avoiding messages "bad ownership or modes for chroot directory" (non-relevant for a Copssh installation), is also introduced. NB! As always mentioned, even if the home directory isolation works as expected, you should use NTFS permissions on your file systems to achieve better security.
--- Potentially-incompatible changes in OpenSSH 8.2.0
This release includes a number of changes that may affect existing
* ssh(1), sshd(8): the above removal of "ssh-rsa" from the accepted
* ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
from the default key exchange proposal for both the client and
* ssh-keygen(1): the command-line options related to the generation
and screening of safe prime numbers used by the
diffie-hellman-group-exchange-* key exchange algorithms have
changed. Most options have been folded under the -O flag.
* sshd(8): the sshd listener process title visible to ps(1) has
changed to include information about the number of connections that
are currently attempting authentication and the limits configured
* ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one). It needs to be installed
in the expected path, typically under /usr/libexec or similar.