Rebex Buru SFTP Server documentation

Release notes

2.7.2 (2022-09-26)

  • When bindings section is missing in the configuration file, the SSH server will listen on both IPv4 and IPv6 "any" addresses.
  • Server will now not use IPv4 "any" address for empty (not missing) bindings section in the configuration file.
  • SSE2 fallback for ChaCha20 for processors without AVX2.
  • Fixed sometimes missing or wrong error message for invalid command line input.
  • Web Admin - fixed error when address is missing in SSH binding
  • Web Admin - server configuration page now displays proper values for server private keys and SSH bindings when default values are used.
  • Web Admin - fixed description for log pages without logs.

2.7.1 (2022-08-19)

  • Increased SSH terminal buffer sizes for better performance with tools such as rsync.

2.7.0 (2022-08-08)

  • Added support for server-sig-algs SSH extension (RFC 8332).
  • Optimized ChaCha20Poly1305 and AEAD ciphers internals.
  • Web Admin - user lockout management moved from user edit form to independent dialog accessible directly from Users page.
  • Web Admin - users can now check for updates on home page.
  • Web Admin - fixed caption for default SSH shell in user edit form.
  • Web Admin - users using unsupported browsers (such as Internet Explorer) will now see a user-friendly error message

2.6.2 (2022-05-09)

  • Web Admin - improved validation for empty rows in user's path mappings.
  • Added IPv6 Any ([::]:22) to the list of SSH server's default listening addresses.

2.6.1 (2022-05-02)

2.6.0 (2022-04-04)

2.5.3 (2022-02-11)

  • Web Admin - Windows account and password fields in user detail no longer prefills values from web browser.

2.5.2 (2022-01-28)

  • Fixed a bug in custom logging configuration that caused a failure at startup when using a file sink.
  • Web Admin - added notification flash bar.

2.5.1 (2022-01-20)

  • Fixed occasional freeze in legacy / terminal console mode.
  • Web Admin - user sessions are no longer valid after complete reinstall.
  • Web Admin - fixed application hanging after failed start.
  • Web Admin - added suppressHttpEndpointWarning option to disable HTTP endpoint warning when running e.g. behind a reverse proxy.

2.5.0 (2021-12-23)

  • Added Terminal support.
  • Added new CLI command: user inspect <username> [--query <jmespath>].
  • Log level can be now overridden from command line burusftp run --log-level <loglevel>.
  • --no-color option will toggle off color output and ANSI/VT codes for most commands.
  • --verbose option is now a shortcut for --log-level debug.
  • Breaking changes:
    • Changed public key fingerprint (used in e.g. user update --remove-keys) to SHA-256 base-64.
    • --log-level verbose log level now logs unencrypted packet data - use with caution!

2.4.6 (2021-11-30)

2.4.5 (2021-11-16)

  • Fixed an issue when some IPv4 and IPv6 bindings could not be used together.

2.4.4 (2021-10-27)

  • Support for SSH session inactivity timeout (max idle duration) - see configuration.

2.4.3 (2021-10-21)

2.4.2 (2021-09-31)

  • Support for SFTP v5. This improves compatibility with WinSCP client, which expects SFTP v5 to enable File Hashing extension that makes it possible to calculate checksums of remote files.
  • Fixed not requesting read permission in addition to delete for source path of rename operation.
  • Fixed compatibility issues in SCP protocol.
  • Fixed SSH aliases sometimes returning invalid exit code and error message.

2.4.1 (2021-07-26)

  • Fixed an error when SFTP module could not be initialized with write-only root directory.
  • Fixed physical path incorrectly marked as non-existing in path mapping section (Web Admin).
  • Fixed access rights inheritance for nested virtual paths.
  • Write-only directories are now properly visible from parent directory.

2.4.0 (2021-06-08)

  • Web Admin client-side performance optimizations.
  • Added Web Admin theming (Pro edition only).
  • Web Admin will display a warning when service user is not able to access user folder.

2.3.0 (2021-05-06)

  • SSH renegotiation is now configurable using maximum data transferred or time period threshold or can be disabled altogether.
  • Users can now connect using SFTP even when they have no path mappings defined (empty read-only directory is shown).
  • user add no longer requires the process user to be able to query service definition user.

2.2.0 (2021-03-16)

  • Major performance improvement for Chacha20/Poly1305 encryption.
  • Added burusftp svc restart and burusftpwa svc restart commands.
  • Web Admin improvements:
    • Added [Restart] button to service management page.
    • Showing detailed error message when service fails to start.
    • Faster feedback on service management page.
    • SSH host key widget on server configuration page improved.

2.1.1 (2021-03-11)

  • Fixed library loading issue for custom logging.

2.1.0 (2021-02-05)

  • Users can be added with password hash only (e.g. when importing from existing user database) - see burusftp user add.
  • Fixed log highlighting issues.
  • Updated color scheme and layout (Web Admin).
  • Home page dashboard (Web Admin).
  • Breaking changes:
    • No longer looking for free license in application's root path.
    • SSH session ID now added to most log entries, where relevant.
    • User password hashes are rehashed on successful login to specified algorithm - see configuration.

2.0.1 (2021-01-28)

  • Fixed installer UI scaling issues.

2.0.0 (2021-01-25)

  • New major features
    • Windows installer is now available for download.
    • Added Windows authentication and impersonation support (Pro edition only).
    • Support for custom logging configuration file - see configuration.
    • Config folder is now searched for in the following paths:
      • [INSTALLATION_PATH]\config
      • %PROGRAMDATA%\Rebex\BuruSftp (this path is used by installer by default)
  • Breaking changes:
    • Re-installation is needed when upgrading to version 2.x - see the upgrade guide.
    • SSH server will now shutdown when license expires.
    • Command line changes:
      • We plan to release more Buru applications in addition to the SFTP server, and hence buru.exe is renamed to burusftp.exe, buruwa.exe to burusftpwa.exe.
      • Password and public key authentication are now required by default when set.
      • Password and public key can no longer be setup as enabled or required without password or public key, respectively.
      • init, install and run commands now perform more extensive environment checks which might include patching the user database to new version.
      • burusftp user list -v now lists locked users with L prefix.
      • Some options were renamed, e.g. --keyAuth to --key-auth. In most cases a temporary fallback is available allowing you to use previous option names with a warning.
    • Services and their display names were renamed.

1.9.1 (2020-10-12)

  • Support recursive directory creation (mkdir -p).
  • No longer logging packet data in verbose mode.

1.9.0 (2020-08-10)

  • Added account lockout support.
  • Show confirmation dialog when deleting user (Web Admin).
  • Breaking changes:
    • Account lockout is now enabled by default.

1.8.4 (2020-08-08)

  • Fixed access issue (Web Admin).

1.8.3 (2020-07-29)

1.8.2 (2020-07-27)

  • burusftp init also checks configuration files.

1.8.1 (2020-07-21)

  • Fixed freeze on certain IP filter ranges and logging set to debug.

1.8.0 (2020-07-16)

  • Added burusftp init command for quick non-interactive installation - see burusftp init.
  • Fixed handling of unknown SSH packets received before authentication.
  • Fixed auto-redirection to home page after login (Web Admin).
  • Fixed installation abort when service user not found.
  • Workaround for very old OpenSSH 4.x/5.x clients that refuse to accept data packets while SSH renegotiation is in progress.
  • Web administration can now start even without valid configuration file.
  • Breaking changes:
    • Changed access log default level to Information (was Warning).
    • Unsupported SSH algorithms will prevent server from starting (before just displayed an error).
    • (users.usernameCaseSensitive) option is no longer supported. Usernames case-insensitive.

1.7.4 (2020-05-26)

  • Minor UI tweaks in web administration (Web Admin).
  • Fixed license check for beta versions.

1.7.3 (2020-05-22)

  • Fixed Chacha20-Poly1305 decryption issue.

1.7.2 (2020-05-18)

  • Fixed license upgrade page (Web Admin).

1.7.1 (2020-05-05)

  • Support for aes256-gcm@openssh.com and aes128-gcm@openssh.com encryption (enabled by default) - see configuration.
  • Support for hmac-sha2-512-etm@openssh.com and hmac-sha2-256-etm@openssh.com MACs (enabled by default) - see configuration.

1.7.0 (2020-05-04)

  • Support for two-factor authentication (password + public key) - see burusftp user add, burusftp user update
  • Support for chacha20-poly1305@openssh.com encryption (enabled by default) - see configuration.
  • Support for curve25519-sha256 key exchange (enabled by default) - see configuration.
  • Added support for 'check-file' SFTP extension, making it possible to calculate hashes of remote files.
  • Fixed hanging burusftpwa.exe service after service shutdown.
  • Fixed reporting of writable permissions for read-only files.

1.6.0 (2020-04-28)

  • New design of web administration UI.
  • Changed some configuration defaults:
    • config/config.yaml is now required for the server to start.
    • Default server keys location is now config/keys (was /keys). /keys directory is still used in search when no paths are specified.
  • Configuration file is now generated upon install.
  • Keys are now generated upon install. You can still generate the keys manually - see burusftp keygen.
  • Configuration samples (e.g. config/config-sample.yaml) are renamed to examples (config/config-example.yaml).
  • Added default configuration files (e.g. config/config-default.yaml).
  • Added checking for duplicate port bindings.
  • Cannot start server without fully persisted SSH keys.
  • Browser should no longer autofill passwords on user administration page.
  • Removed invalid warning when hostname was supplied as hostname for web admin binding.
  • Obsoleted configuration keys are no longer supported.

1.5.0 (2020-03-23)

  • Fixed SFTP/SCP binding deserialization issue.
  • FileZilla import supported (experimental).
  • Upgraded to .NET Core 3.1.
  • Removed support for obsoleted enableCrashReporting flag.

1.4.3 (2019-08-06)

  • Improved error message when service fails to start.
  • Fixed error message when license expired.

1.4.2 (2019-06-10)

  • Fixed error message when loading invalid user SSH public key.
  • Fixed loading of authorized_keys format of user public keys.
  • Fixed log level dropdown (Web Admin).
  • Fixed Web Admin log display.
  • Key manipulation messages are more readable.

1.4.1 (2019-05-20)

  • Fixed virtual path validation.

1.4.0 (2019-05-10)

  • Added 32-bit Windows version.

1.3.2 (2019-04-24)

1.3.1 (2019-04-17)

  • Fixed console log level.

1.3.0 (2019-04-03)

  • Access log now also includes IP addresses.
  • Fixed 'File not found' issue for virtual paths mounted into existing filesystem.
  • Fixed verbose log level when writing to logfile.
  • Empty audit file no longer created on startup in logging folder.

1.2.0 (2019-03-20)

  • Added virtual path format check (Web Admin, path command).
  • Installer now grants 'Logon as Service' privilege for service user.
  • Fixed typos in webconfig configuration documentation.
  • Fixed SSH alias execution when user has no path mappings.
  • Fixed install process privilege elevation when run from mingw shell.
  • Fixed service user lookup for users without domain qualified name.

1.1.3 (2019-02-22)

  • Fixed parsing of obsoleted values in config.yaml.

1.1.2 (2019-02-21)

1.1.1 (2019-02-19)

  • Added an option to disable username case sensitivity.
  • Minor Web Admin user interface enhancements performed.

1.1.0 (2019-02-07)

  • Fixed memory leak (updated internal libraries).
  • Password salt size, algorithm and username regex patterns moved to 'users' section in config.yaml. Old configuration files are still compatible but a warning will be shown.
  • Fixed loading of PKCS#8 public keys.
  • Web Admin - Fixed redirection to login page when user session expired.
  • Web Admin - Fixed username regex pattern not being properly applied.
  • Web Admin - External changes now properly trigger reload of config.yaml configuration file.
  • Removed crash reporter (errors are saved to logfiles).

1.0.4 (2018-12-11)

  • Added minLevel and aspNetMinLevel to Web Admin configuration.

1.0.3 (2018-11-21)

  • Support for authorized_keys users' public keys.
  • Updated internal libraries.

1.0.2 (2018-11-08)

  • Added user list command.
  • Fixed logging of unhandled exceptions.
  • Fixed notification of user public key error (web admin).
  • path list no longer encloses username in double quotes.

1.0.1 (2018-10-22)

  • Added support for custom shell host names.
  • Added logging section to webadmin server configuration.

1.0.0 (2018-10-04)

  • BREAKING: Changed user database format.
  • Non-admin accounts can no longer log in to web administration (there was no content available anyway).
  • Removed SSH Tunneling configuration section from web administration (as it was still incomplete).
  • Fixed algorithm selection widget that didn't work properly in Chrome / Edge.

0.2.2 (2018-10-03)

  • BREAKING: Logging configuration section revamped:
    • Added an option to specify different server and access log locations.
    • Can specify minimal level for server log.
  • BREAKING: WebAdmin role setting simplified:
    • Users can now access web administration by adding --webadmin to user add or user update.
    • Revoking WebAdmin role is done by adding --noadmin to user update.
  • Displays warnings when SFTP server service does not have access to user folder or folder does not exist.
  • Minor UI tweaks performed.

0.2.1 (2018-09-18)

  • BREAKING: SSH algorithms use __INTERMEDIATE level (previous: __MODERN) for increased compatibility.
  • Fixed an issue where SSH algos were not draggable in web administration.
  • Fixed SSH key information in web administration.
  • Fixed 'burusftpwa svc' auto-elevation.

0.2.0 (2018-09-18)

  • BREAKING: User database no longer contains default user - user must be created manually using burusftp install or burusftp user add.
  • BREAKING: Using NETWORK SERVICE user as default when installed as Windows Service.
  • Install/uninstall scripts now use auto-elevation (burusftp install).
  • Fixed error when startup type was explicitly set for svc install.
  • Errors and warnings are shown with an alert in console.
  • Minor UI fixes performed.

0.1.12 (2018-07-13)

  • Added support for service startup Windows Eventlog logging.

0.1.11 (2018-07-11)

  • Fixed missing manpage for 'burusftp user update'.
  • Fixed manpage crash when console buffer height was too small.
  • Added manpage support for msys console.
  • Additional SSH public key formats added.

What next?

Download

Download fully functional free 30-day trial.

Free download

Non-commercial use

Get a free non-commercial license. It includes most of the features of Professional edition.

Get free license

Commercial use

If you use the server for anything related to business or commercial use you have to purchase a license.

Sales contact
sales@rebex.net

Buy a license

Get help

The server is completely free for personal, academy and other non-commercial use.

Technical support

support@rebex.net