Bitvise ssh client mac os

What do you want to do?

I want to connect from my computer to an SSH server that’s already set up:

I want to set up an SSH server for other people to connect to:

Bitvise software does not contain ads, install product bundles or collect user data for sale. We are 100% supported by users who license our software. Thank you!

The roles of Bitvise SSH Client and SSH Server

Bitvise SSH Server is used to accept connections from SSH clients. The server is intended to run for a prolonged period of time, and will provide SSH clients that connect with access configured by the server administrator. The SSH server might be configured to provide access to a terminal console, port forwarding, or file transfer to and from the server using SFTP, SCP, or FTPS.

Bitvise SSH Client is used to initiate connections to SSH servers. It is usually used interactively, so it will only run when a user runs it, but it can also be launched unattended to run scripted commands or file transfers, or to maintain an SSH connection for port forwarding. The SSH client is used to access a terminal console on an SSH server, to initiate port forwarding, or to initiate file transfers to and from SSH servers using SFTP.

Both products are connectivity products. They cannot be used standalone. For an SSH server to be useful, you need clients that will connect to it. For an SSH client to be useful, you need an SSH server to connect to.

The two products can be installed on the same machine, but there is no benefit in connecting an SSH client to an SSH server running on the same machine, except for testing.

Источник

Download Bitvise SSH Client

Current version: 8.49, size: 23.1 MB

The link is to Amazon CloudFront and should be very reliable. If it does not work, try alternative.

If the installer downloads but does not start, check below.

Our installers are cryptographically signed. Our most recent installers use an Extended Validation digital certificate from DigiCert. Here is how to verify. Do not run installers for Bitvise software that do not carry a valid digital signature by Bitvise.

Bitvise SSH Client is easy to uninstall.

Using Bitvise SSH Client requires you to read and agree with its License Terms.

Bitvise software does not contain ads, install product bundles or collect user data for sale. We are 100% supported by users who license our software. Thank you!

Upgrading from a previous version

To upgrade from a previous version, download the new installer, execute it, and follow the process. The installer will detect an existing installation and will automatically remove it before installing the new one. During this process, your settings will be preserved.

Help! The installer does not start?

Depending on your Windows version, security settings, and how the installer was downloaded, you may need to take an extra step to start it. On Windows Server 2016, right-click the installer executable in Windows Explorer, click Properties, and see if you need to check Unblock on the General tab.

Источник

When to install Bitvise SSH Client?

Install Bitvise SSH Client if:

• You wish to connect from a Windows computer to a remote SSH or SFTP server.
• The server you connect to does not have to run Bitvise SSH Server. Our SSH Client can connect to most any SSH or SFTP server.
• However, a server has to exist, and you need to have access information for this server.
• Bitvise does not provide servers to connect to. If you were not provided information by someone to access their SSH server, you will need to set up your own server.

The SSH Client runs on desktop and server versions of Windows:

• We target all x86 and x64 desktop and server editions of Windows that are in support by Microsoft.
• We additionally support Windows XP and Windows Server 2003.

The focus of this guide is to demonstrate use of Bitvise SSH Client as part of setting up and accessing Bitvise SSH Server. Aspects of this guide may also apply to use of the SSH Client with other servers.

Where to install the SSH Client?

If you are installing the SSH Client as part of setting up Bitvise SSH Server:

Install it first on the same computer where the SSH Server is installed.

It normally does not make sense to connect to an SSH server on the same computer. However, if you are setting up an SSH server, ensuring that it can be accessed from the same computer is an important step in verifying that it works.

Subsequently, install the SSH Client on another computer in the same LAN. Use this installation to verify that the SSH Server can be accessed from another computer in its local area network.

Finally, install the SSH Client on the computer from which you want to access the SSH Server. This can be a computer across the internet.

Download the SSH Client

To install the SSH Client, you first need to download it. We recommend always downloading the latest version of the SSH Client from our website, as follows:

Open the SSH Client download page and download the installer.

Do not use older versions if you can avoid it. They may contain known security, compatibility, and reliability issues fixed in later versions.

For information about changes in SSH Client versions, consult the SSH Client version history.

Run the installer

The process of downloading and starting the SSH Client installer is largely identical as when installing Bitvise SSH Server:

• You will need to be logged into Windows with administrative permissions to run the SSH Client installer.
• Before approving it to run, verify Bitvise’s signature on the SSH Client installer.

If you have approved to run the installer, the installer interface will appear.

• Review the End User License Agreement. You must accept the agreement to continue installation.
• No other action is required at this step.
• The black console window will show technical details of the installation, including information about any problems if they occur.

Advanced installation

The SSH Client installer can also be run from the command line, to perform an installation unattended. Run the installer with suitable command line parameters in this case. For help with supported parameters, run the installer as follows:

Running the SSH Client

After installation, you can run the graphical SSH Client as follows:

• From the Windows Start menu.
• By double-clicking its desktop icon (if you chose to create one during installation).
• By double-clicking an SSH Client profile: a file with a .tlp or .bscp extension.

Once you start it, you can of course also pin the SSH Client to your Windows task bar.

Notification area icon

When you close the graphical SSH Client via the X icon when it is connected, it will by default not exit, but instead minimize to the notification area in your task bar:

If your notification area icons are hidden, you may not notice that you already have numerous SSH Client sessions active.

If you prefer, you can change this behavior by setting Closing behavior differently:

Command line clients

After installation, you can also use a Windows Command Prompt or PowerShell window to invoke a number of command line clients included with Bitvise SSH Client:

• Use sftpc for command-line file transfers.
• Use sexec for remote command execution.
• Use stnlc for unattended port forwarding/tunneling.
• Use stermc for a command-line SSH terminal client.
• Use spksc for command-line management of authentication keypairs configured for a user at an SSH server.

PowerShell scripting

Bitvise SSH Client includes FlowSshNet, our SSH library for .NET, which can be used to initiate SSH sessions and SFTP file transfers from PowerShell or .NET. In the SSH Client installation directory, look for a subdirectory named FlowSshNetSamples to find sample PowerShell scripts. The usual location is:

C:\Program Files (x86)\Bitvise SSH Client\FlowSshNetSamples

Источник

What is SSH?

The Secure Shell protocol version 2, or SSH2, specifies how a client can connect securely to an SSH server, and then use the resulting secure link to access the server’s resources. Among other things, the client can run programs; transfer files; and forward other TCP/IP connections over the secure link.

The SSH2 protocol is a descendant of the SSH v1.x series of protocols. SSH version 2 is standardized at IETF, and the vast majority SSH implementations now support SSH version 2. SSH version 1 is less secure, and is almost no longer being used.

How secure is SSH?

The Secure Shell protocol provides the services of server authentication; encryption; data integrity verification; and client authentication. Server authentication is performed using RSA, DSA, or ECDSA public key algorithms. For encryption and data integrity verification, a number of algorithms are provided which every SSH product can implement in a modular fashion. Client authentication can be performed using a password, a public key, single sign-on Kerberos, and other methods.

The SSH2 protocol specification is publicly available and has been reviewed by several independent implementers. When properly used, the protocol is understood to be secure against all known cryptographic attacks, passive as well as active.

Client vs. server

In internet protocols, the terms client and server have specific technical meanings:

• A client, when speaking of a program, is a program that initiates connections and requests to other computers.
• A server is a program that waits to receive connections and handles requests.

A client may run all of the time or some of the time, depending on when a user needs it. A client may more likely run on a desktop computer, but can also run on a server computer if this computer needs to send out request or initiate connections.

A server usually runs all the time, in the background. A server may more likely run on a computer in a data center. However, it is also perfectly feasible to use server programs on a desktop computer.

If you are looking for SSH software, you are looking for a server if you want to set up a computer to receive connections from other people and their computers. You are looking for a client if you wish to connect, using SSH, to someone else’s computer.

SSH compared to SSL/TLS

SSH and TLS/SSL are different protocols used for similar purposes. Both protocols are used to authenticate communicating parties and secure data during transport.

SSL/TLS tend to use X.509 certificates, is based on ASN.1 encodings, and is most commonly used to as a security layer for HTTP, SMTP, and FTP traffic.

The SSH protocol tends to use public keys without a certificate infrastructure, is based on a simpler binary encoding, and tends to be used as a security layer for SFTP and SCP file transfers, terminal shell access, and forwarding of connections for other applications.

SSH can be perceived as a less clunky version of TLS. Due to its deliberate independence from X.509 certificates, SSH lends itself well to connections between entities with an existing trust relationship, where TLS does poorly. TLS lends itself better to connections between strangers.

SSH features

SSH is a highly flexible protocol, and many different types of services can use it. The protocol’s open architecture allows these services to run at the same time without impeding one another.

An SSH client and server can transfer files using the protocols SCP and SFTP, which run on top of an established SSH session. While SCP is the old Unix rcp utility transplanted onto a different transport, SFTP is a flexible remote file access protocol that can be used in advanced ways. SFTP is better standardized and widely supported, so often software that provides an SCP-like interface really uses SFTP instead.

Note that SFTP is unrelated to FTP, or to FTP over TLS/SSL. The protocols are independent and very different.

A frequently used service is the remote console. This involves allocating a channel within the SSH session, which is then used as transport for a terminal protocol such as vt100 or xterm. The client displays to the user a console window within which the user can execute command line programs on the server.

SSH also provides exec requests. An exec request executes a program on the server like a remote console, but without expectation of interactive input. Exec requests are useful for automated remote administration.

Another popular SSH function is port forwarding, or TCP/IP connection tunneling. With SSH port forwarding, it is possible to secure a TCP/IP connection established by an independent application that would otherwise be vulnerable to network attacks. To learn more, check out our introduction to port forwarding.

Источник

Bitvise SSH Client: Free SSH file transfer, terminal and tunneling

Our SSH client supports all desktop and server versions of Windows, 32-bit and 64-bit, from Windows XP SP3 and Windows Server 2003, up to the most recent – Windows 10 and Windows Server 2019.

Our client is free for use of all types, including in organizations. To begin, simply download it here.

Our SSH and SFTP client for Windows incorporates:

One of the most advanced graphical SFTP clients.

Single-click Remote Desktop forwarding.

State-of-the-art terminal emulation with support for the bvterm, xterm, and vt100 protocols.

Support for corporation-wide single sign-on using SSPI (GSSAPI) Kerberos 5 and NTLM user authentication, as well as Kerberos 5 host authentication.

Support for ECDSA, RSA and DSA public key authentication with comprehensive user keypair management.

Encryption and security: Provides state-of-the-art encryption and security suitable as part of a standards-compliant solution meeting the requirements of PCI, HIPAA, or FIPS 140-2 validation.

Obfuscated SSH with an optional keyword. When supported and enabled in both the client and server, obfuscation makes it more difficult for an observer to detect that the protocol being used is SSH. (Protocol; OpenSSH patches)

Powerful SSH port forwarding capabilities, including dynamic forwarding through integrated SOCKS and HTTP CONNECT proxy.

Powerful command-line parameters which make the SSH client highly customizable and suitable for use in specific situations and controlled environments.

An FTP-to-SFTP bridge allowing you to connect to an SFTP server using legacy FTP applications.

An advanced, scriptable command-line SFTP client, sftpc.

A scriptable command-line remote execution client, sexec, and a command-line terminal console client, stermc.

A scriptable command-line tunneling client, stnlc, with support for static port forwarding rules, dynamic SOCKS-based tunneling, and FTP-to-SFTP bridge.

Our .NET SSH library, FlowSshNet, with example PowerShell scripts showing how to use the SSH library for file transfer and remote program execution from PowerShell.

Bitvise SSH Server remote administration features.

Bitvise software does not contain ads, install product bundles or collect user data for sale. We are 100% supported by users who license our software. Thank you!

Graphical SFTP File Transfers

Bitvise SSH Client incorporates one of the most advanced SFTP file transfer clients, supporting:

• automatic resuming, text file awareness, recursive subdirectory transfers;
• powerful, advanced transfer list management;
• verified-integrity resume with servers that support SFTP v6 check-file and check-file-blocks;
• directory mirroring with servers that support SFTP v6 check-file and check-file-blocks;
• high speed — in tens or hundreds of MB/s with Bitvise SSH Server, network and disk speed permitting;
• fast responsiveness to user input even when in the middle of multiple file transfers.

Bitvise SSH Client also incorporates an advanced, scriptable command-line SFTP client.

Terminal Access — Remote Console

Bitvise SSH Client provides integrated access to the SSH server’s console, either via VT-100 and xterm protocols supported by most SSH servers on any platform, or via the enhanced bvterm protocol supported by Bitvise SSH Server:

• all terminal emulation is done in a regular Windows console, using standard Windows fonts, supporting standard settings for Windows consoles;
• UTF support with VT-100 and xterm, Unicode support with bvterm (full Unicode support on NT-series Windows platforms);
• full color support with xterm and bvterm;
• support for large screen buffers, all key combinations including Alt-keys and accurate console rendering with bvterm (fully accurate on NT-series Windows platforms).

Bitvise SSH Client also incorporates a command line terminal emulation client, stermc, as well as a command-line remote execution client (sexec).

Single sign-on

When using Bitvise SSH Client to connect to a GSSAPI-enabled SSH server in the same or a trusted Windows domain, you can let Kerberos 5 (or on older platforms, NTLM) perform the server as well as user authentication for you. No manual host key verification; no management of user passwords and public keys. Just tell the SSH client which server in the domain to connect to, and if that server is Bitvise SSH Server (WinSSHD) or another server with compatible support for GSSAPI, the two programs will authenticate and establish a secure connection automatically.

Port Forwarding

Bitvise SSH Client is a powerful SSH2 port forwarding client with many features, including:

Dynamic tunneling via integrated proxy supporting SOCKS4, SOCKS4A, SOCKS5 and HTTP CONNECT proxy tunneling protocols. Configure your applications to connect to target hosts through the SSH Client’s proxy, and no manual tunneling rules need be configured.

How to set up programs for dynamic tunneling: Firefox, IE; with these settings in Bitvise SSH Client.

Port forwarding settings can be saved to and loaded from a profile. One can maintain multiple complex tunneling configurations without having to manually enter parameters before each session.

Bitvise SSH Client minimizes its presence by displaying only a system tray icon when running in the background. If an error is encountered while the program is minimized, the icon reflects that.

Server-side forwarding: with Bitvise SSH Server and Client, a server and multiple clients can be set up so that all port forwarding rules are configured centrally at the server, without requiring any client-side setting updates. The SSH clients only need to be configured once, and port forwarding rules can easily be changed when necessary.

Command-line parameters are supported. Using command-line automation, a port forwarding session can be started from a link in the Startup menu without requiring any user interaction whatsoever. Help with the command-line parameters can be found in the SSH client log area when it is first started, or by executing ‘BvSsh /?’ from a command prompt.

After an SSH session is established, any external application can be launched automatically.

If an SSH session is interrupted, Bitvise SSH Client can automatically reconnect to the server.

Bitvise SSH Client also incorporates an advanced, scriptable command-line tunneling client.

Highly customizable

Run ‘BvSsh -?’ for a list of command-line parameters providing flexibility to:

make Bitvise SSH Client load a profile and connect immediately on startup and exit on disconnect using the -profile, -loginOnStartup and -exitOnLogout parameters;

make Bitvise SSH Client hide portions of its user interface (main window, authentication messages, access to SSH features) using the -hide and -menu parameters;

run Bitvise SSH Client from removable media and prevent it from making any changes to the Windows registry — and yet use public key authentication and verify host keys using the -noRegistry, -keypairFile and -hostKeyFile parameters;

Additionally, when the graphical Bitvise SSH Client is running, you can use the command line utility BvSshCtrl to programmatically cause the client to log in, log out, or exit. Run ‘BvSshCtrl’ for help.

Portable use of Bitvise SSH Client

Bitvise SSH Client (Tunnelier) supports command-line parameters that control how it uses the Windows registry (the -noRegistry and -baseRegistry parameters). This can be used when control over registry usage is required.

The latest versions of our SSH Client additionally support storing host key information and client authentication keypairs in an SSH Client profile. This means that you can copy the contents of the SSH Client installation directory to a USB key, insert the USB key into another computer, and run the graphical SSH Client as follows:

BvSsh -noRegistry -profile=U:\Profile.bscp

This will tell the Client to not use the Windows registry, and to connect exclusively using the host and keypair information you have saved into Profile.bscp.

For more information about the supported command line parameters, run the graphical SSH Client as follows:

Bitvise SSH Client further includes command line clients – sftpc, sexec, stermc, and stnlc – which also support the -noRegistry and -profile parameters. These command line clients are frequently used unattended, but can also be used interactively. For more information, check Using Bitvise SSH Client Unattended.

Command-Line SFTP Client

Bitvise SSH Client incorporates sftpc, an advanced command-line SFTP client which supports:

• queued background transfers so you can continue browsing directories while a file downloads (‘get * -bg’);
• powerful command-line parameters for automated scripted transfers launched from a batch file or an external program;
• verified-integrity resume with servers that support SFTP v6 check-file and check-file-blocks;
• automatic text file conversion when transferring files between platforms (the ‘type’ command);
• wildcards — the * and ? wildcard characters can match more than one file;
• recursive transfers — a simple ‘get * -s’ downloads all files and subdirectories;
• resume support — ‘get file.txt -r’ resumes a previously downloaded file if it already exists;
• high speed — in the tens of MB/s with Bitvise SSH Server, network and disk speed permitting.

Usage: after installing Bitvise SSH Client, get this help by executing «sftpc -?»

Command list: after installing Bitvise SSH Client, get this help by connecting to a server using sftpc, then execute «help» and «help «

The «log» utility can be used with sftpc to store the output of each individual SFTP session in a separate, uniquely named log file for auditing.

The «retry» utility can be used with sftpc to automatically repeat transfer attempts after specific types of failures.

Command-Line Remote Execution Client

Bitvise SSH Client incorporates sexec, a scriptable command-line remote execution client which can be used to securely execute programs on remote machines from a batch file. The batch file can perform actions based on the exit code reported from the remote program, and can capture the remote program’s output for processing by simple redirection of sexec output.

Another command-line program included with Bitvise SSH Client, stermc, conveniently opens an SSH terminal emulation session with xterm, VT-100 and bvterm support in the same Command Prompt window it is started from. If you SSH from computer A to computer B running Bitvise SSH Server, and you also have Bitvise SSH Client installed on computer B, you can use stermc to conveniently establish an onward SSH terminal session to computer C.

All Bitvise command-line clients support all authentication methods supported by Bitvise SSH Client, can load settings from a profile configured in the graphical client, work with the same user keypair and host key database as the graphical client, can connect through a SOCKS or HTTP CONNECT proxy, and support a common set of command-line parameters controlling most aspects of establishing an SSH connection.

Command-Line Tunneling Client

Bitvise SSH Client incorporates stnlc, a scriptable command line port forwarding client with support for static port forwarding rules, dynamic SOCKS-based tunneling, as well as the FTP-to-SFTP bridge.

For more information about using this client, run ‘stnlc -h’.

FTP-to-SFTP Bridge

Bitvise SSH Client incorporates an FTP-to-SFTP bridge which performs translation between the FTP and SFTP protocols, allowing any FTP client application to connect securely to an SFTP server through Bitvise SSH Client. Both active mode and passive mode FTP data connections are supported, as well as restarted transfers, directory listings and other features. All FTP clients should be able to list directories and transfer files across Bitvise SSH Client’s FTP-to-SFTP bridge, including integrated clients in applications such as DreamWeaver, GUI clients such as BulletProof FTP, and command line clients such as the default ftp.exe client accompanying Windows. If an FTP client you use fails to work with Bitvise SSH Client’s FTP-to-SFTP bridge, let us know.

See Accessing an SFTP Server with an FTP Client for more information about the FTP bridge.

Using with Bitvise SSH Server

When connected to Bitvise SSH Server, our client can do all of the above, as well as the following:

bvterm console: When connected to Bitvise SSH Server, our client provides you with the best console available on the Windows platform. Our bvterm protocol supports the full spectrum of a Windows console’s features: colors, Unicode characters, all-key access and large scrollable buffers.

Remote server configuration: Using Bitvise SSH Client, all SSH Server settings can be configured remotely without having to use Remote Desktop.

Windows version compatibility

Bitvise SSH Client supports the following Windows versions:

• Windows Server 2019
• Windows Server 2016
• Windows 10
• Windows Server 2012 R2
• Windows Server 2012
• Windows 8.1
• Windows Server 2008 R2
• Windows Server 2008
• Windows Vista SP1 or SP2
• Windows Server 2003 R2
• Windows Server 2003
• Windows XP SP3

A recent Bitvise SSH Client version should be used on all platforms. The SSH Client is security-sensitive software that communicates across a network. Using a recent version is the only way to receive updates. Therefore, we do not recommend indefinite use of older versions.

Encryption and security features

Key exchange algorithms:

• Curve25519
• ECDH over elliptic curves secp256k1, nistp256, nistp384, nistp521 using SHA-512, SHA-384, or SHA-256
• Diffie Hellman with group exchange using SHA-256 or SHA-1
• Diffie Hellman with fixed 4096, 3072, 2048, or 1024-bit group parameters using SHA-512, SHA-256, or SHA-1
• GSSAPI key exchange using Diffie Hellman and Kerberos authentication

• Ed25519
• ECDSA over elliptic curves secp256k1, nistp256, nistp384, nistp521 using SHA-512, SHA-384, or SHA-256
• RSA using 4096, 3072, 2048, 1024-bit key sizes with SHA-512, SHA-256, or SHA-1
• DSA using SHA-1 (legacy)

• AES with 256, 128-bit keys in GCM mode
• AES with 256, 192, 128-bit keys in CTR mode
• AES with 256, 192, 128-bit keys in CBC mode (legacy)
• 3DES in CTR or CBC mode (legacy)

Data integrity protection:

• AES with 256, 128-bit keys in GCM mode
• HMAC using SHA-256, SHA-1

• Client verifies server identity using server host key fingerprint or public key
• Automatic synchronization of new host keys to client supported

• Password authentication
• Password change during password authentication
• Public key authentication
• Kerberos single sign-on using GSSAPI
• Two-factor authentication with a time-based one-time password

FIPS 140-2 validation

When FIPS is enabled in Windows, our software uses Windows built-in cryptography, validated by NIST to FIPS 140-2 under certificates #2937, #2606, #2357, and #1892. On Windows XP and 2003, our software uses the Crypto++ 5.3.0 FIPS DLL, originally validated by NIST under certificate #819 (historical). When FIPS mode is not enabled, additional non-FIPS algorithms are supported.

Cryptographic implementations and availability

Current Bitvise software versions (8.36 and higher) use the following cryptographic implementations for different algorithms, on different versions of Windows:

Источник