Introduced in 2.6.0

Major code re-factoring

  • SshServerMain uses by default an ECDSA key instead of an RSA one. This can be overridden either by -key-type / -key-size or -key-file command line option.
  • SSHD-1034 Rename org.apache.sshd.common.ForwardingFilter to Forwarder.
  • SSHD-1035 Move property definitions to common locations.
  • SSHD-1038 Refactor packages from a module into a cleaner hierarchy.
  • SSHD-1080 Rework the PacketWriter to split according to the various semantics
  • SSHD-1084 Revert the usage of asynchronous streams when forwarding ports.

Minor code helpers

  • SSHD-1004 Using a more constant time MAC validation to minimize timing side channel information leak.
  • SSHD-1030 Added a NoneFileSystemFactory implementation
  • SSHD-1042 Added more callbacks to SftpEventListener
  • SSHD-1040 Make server key available after KEX completed.
  • SSHD-1060 Do not store logger level in fields.
  • SSHD-1064 Fixed ClientSession#executeRemoteCommand handling of STDERR in case of exception to behave according to its documentation
  • SSHD-1076 Break down ClientUserAuthService#auth method into several to allow for flexible override
  • SSHD-1077 Added command line option to request specific SFTP version in SftpCommandMain
  • SSHD-1079 Experimental async mode on the local port forwarder
  • SSHD-1086 Added SFTP aware directory scanning helper classes
  • SSHD-1089 Added wrappers for one-time single session usage of SFTP/SCP clients
  • Propagate SCP file transfer ACK data to ScpTransferListener before validating it.

Behavioral changes and enhancements

  • SSHD-506 Added support for AES-GCM ciphers.
  • SSHD-954 Improve validation of DH public key values.
  • SSHD-1004 Deprecate DES, RC4 and Blowfish ciphers from default setup.
  • SSHD-1004 Deprecate SHA-1 based key exchanges and signatures from default setup.
  • SSHD-1004 Deprecate MD5-based and truncated HMAC algorithms from default setup.
  • SSHD-1005 Added support for SCP remote-to-remote file transfer
  • SSHD-1020 SSH connections getting closed abruptly with timeout exceptions.
  • SSHD-1026 Improve build reproductibility.
  • SSHD-1028 Fix SSH_MSG_DISCONNECT: Too many concurrent connections.
  • SSHD-1032 Fix possible ArrayIndexOutOfBoundsException in ChannelAsyncOutputStream.
  • SSHD-1033 Fix simultaneous usage of dynamic and local port forwarding.
  • SSHD-1039 Fix support for some basic options in ssh/sshd cli.
  • SSHD-1047 Support for SSH jumps.
  • SSHD-1048 Wrap instead of rethrow IOException in Future.
  • SSHD-1050 Fixed race condition in AuthFuture if exception caught before authentication started.
  • SSHD-1053 Fixed handling of certified keys authentication.
  • SSHD-1056 Added support for SCP remote-to-remote directory transfer - including ‘-3’ option of SCP command CLI.
  • SSHD-1057 Added capability to select a ShellFactory based on the current session + use it for “WinSCP”
  • SSHD-1058 Improve exception logging strategy.
  • SSHD-1059 Do not send heartbeat if KEX state not DONE
  • SSHD-1063 Fixed known-hosts file server key verifier matching of same host with different ports
  • SSHD-1066 Allow multiple binding to local port tunnel on different addresses
  • SSHD-1070 OutOfMemoryError when use async port forwarding
  • SSHD-1100 Updated used moduli for DH group KEX
  • SSHD-1102 Provide filter support for SftpDirectoryStream
  • SSHD-1104 Take into account possible key type aliases when using public key authentication
  • SSHD-1107 Allow configuration of minimum DH group exchange key size via property or programmatically
  • SSHD-1108 Increased minimum default DH group exchange key size to 2048 (but support 1024)