Bitvise SSH Server

Bitvise Limited·Bitvise.SSH.Server

Secure file transfer and terminal shell access for Windows

Our SSH server supports all desktop and server versions of Windows, 32-bit and 64-bit, from Windows XP SP3 and Windows Server 2003, up to the most recent – Windows 11 and Windows Server 2025. Bitvise SSH Server includes the following: - SFTP server: Secure file transfer using SFTP - compatible with a wide variety of clients - SCP server: Secure file transfer using SCP - compatible with command line and graphical clients - FTPS server: Secure file transfer using FTP over TLS/SSL - compatible with secure FTPS clients - SSH server: Secure remote access via console - vt100, xterm and bvterm are supported - Secure remote access via GUI - Remote Desktop or WinVNC required - Secure, effortless Git integration - Secure TCP/IP connection tunneling (port forwarding)

winget install --id Bitvise.SSH.Server --exact --source winget

Latest 9.65·July 11, 2026

Release Notes
  • Release notes:
    • We are anticipating an "information security armageddon" due to increasing ability of AI to find security issues, in all software and systems, which were not found in human testing and code review. The quality of commercially available AI tools has improved to where they are now indispensable for software correctness. We are applying AI tools proactively to find and fix flaws which previously missed detection. Users will observe this as an increased frequency of significant and important updates. We believe the time to do this is now, before it becomes too easy to exploit issues by pointing an AI to an executable binary.
  • Installation and updates:
    • If the SSH Server cannot load instance type settings when upgrading or reinstalling, it now disables checking for updates in new default settings, so that automatic updates remain disabled in case they were disabled previously.
    • Reworked corner-case behaviors and status reporting when upgrading settings from much older versions.
  • Control Panel and Settings:
    • Improved reporting for connections stuck in disconnect cleanup.
    • If the SSH Server Control Panel cannot load instance type settings, it now more clearly indicates that update settings will also reset to defaults.
  • Scriptable settings:
    • Since version 9.51, the BssCfg command-line configuration utility failed to implement round-trip support for BssCfg settings exportText followed by BssCfg settings importText. Fixed.
  • Connect profiles:
    • When making an outgoing connection via an HTTP CONNECT proxy, the SSH Server now limits the maximum size of received HTTP headers.
  • General:
    • It is possible for SSH Server subsystems to hang indefinitely after a client disconnects. To some extent, this is unavoidable: Windows API functions can hang indefinitely when accessing a network share. If this happens in a file transfer session, the SSH Server's file transfer subsystem hangs until Windows calls return. It is possible that they never return. In versions before 9.5x, the SSH Server would mitigate this by unconditionally terminating subsystems after a client disconnects. This could cause pending log events and On-upload commands to not be processed. In recent versions, we removed the unconditional termination, favoring to wait until the subsystem exits. This revealed that some users are seeing indefinite hangs. Connection cleanup can wait indefinitely for stuck subsystems to complete. This can block new connections until the SSH Server is restarted. The SSH Server now once again terminates stuck subsystems when a client disconnects, as long as the subsystem is not generating further log events or upload notifications. If a subsystem has to be terminated, the SSH Server now performs a diagnostic mini-dump. Recent dumps are retained in the ChildProcessDumps subdirectory of the SSH Server installation directory. We are not aware of anything we can do about subsystems which are stuck in Windows APIs that do not return on network share access. However: if you see subsystems stuck in situations without network shares, any dumps would be of interest for us to investigate.
    • A number of SSH Server settings support environment variable expansion. The SSH Server previously implemented recursive expansion: an expanded variable could reference another one which would also be expanded. This is atypical for Windows applications and could produce unexpected results. When expanding environment variables, the SSH Server now uses a single expansion pass.
    • Improved connection disconnect logging.
    • The SSH Server is now less permissive with regard to NUL characters in protocol strings where NULs are not expected.
  • Authentication:
    • When handling many new connections from SSH, SFTP or SCP clients that use the none preliminary authentication method, the SSH Server could lock out IP addresses because of the number of none authentication requests, even though no authentication attempt carrying actual credentials failed. Fixed.
  • File transfer:
    • The setting Delete incomplete uploads was available in previous versions, but was ineffective. Fixed.
    • The SSH Server now limits the number of file or directory handles which a client may hold open at any one time.
    • The SSH Server now performs more effective throttling of file hashing to limit the amount of CPU and memory that can be used by a single client. This favors to avoid penalizing typical use, such as reasonably-sized blocks and hashing of whole files.
    • When an On-upload command is configured, the command line can be configured to expand unsafe, client-controlled paths. This remains not recommended: an on-upload script should retrieve paths from environment variables, not command-line parameters. The SSH Server now performs stricter validation of unsafe environment variable expansion for On-upload commands. Commands that were previously safe should continue to run. The SSH Server is now stricter in refusing commands that could compromise the system.
    • Improved worst-case performance of wildcard patterns in FTPS, SCP, BvShell.
    • For mount points of type Another SFTP server, the SSH Server now implements a timeout for the duration of the initial SSH key exchange for the outgoing connection.
    • Reduced metadata disclosure in less common configurations of mount point permissions.
    • Improved handling of errors that may occur while closing files.
    • The SSH Server now further restricts client ability to make changes affecting a mount point root directory. This further tightens the fix in 9.39 which prevented mount point roots from being moved.
  • SFTP:
    • The SSH Server now implements more granular limits for the sizes of decoded SFTP strings.
  • FTPS:
    • A variety of FTPS disconnect conditions were previously logged with excessive severity. These are now logged more appropriately.
  • Port forwarding:
    • In previous versions, it was possible for a user to bypass certain custom-configured port forwarding restrictions. Fixed.
    • The SSH Server now implements a limit for the number of concurrent client-configured server-to-client port forwarding rules which a single user can have active. Currently, this limit is fixed at 10,000. A warning is logged if the limit is close to being reached.

Installer type: exe

ArchitectureScopeDownloadSHA256
x86DownloadF66B00341DB90F20F656B3BD770801435A5D4562DFFC06D5129E4A7AEA532435
x64DownloadF66B00341DB90F20F656B3BD770801435A5D4562DFFC06D5129E4A7AEA532435

Details

Homepage
https://bitvise.com/ssh-server
License
Proprietary
Publisher
Bitvise Limited
Support
https://bitvise.com/contact
Privacy Policy
https://bitvise.com/privacy-policy
Copyright
Copyright (C) 2000-2026 by Bitvise Limited.
Moniker
bitvisesshserver

Tags

sftpsshsshd

Older versions (16)

9.64
ArchitectureScopeDownloadSHA256
x86Download03952F104F2C35BB81A472B85286083492C494143572FC29DD57E9B70006CDE4
x64Download03952F104F2C35BB81A472B85286083492C494143572FC29DD57E9B70006CDE4
9.63
ArchitectureScopeDownloadSHA256
x86DownloadBE439EE41D9EC0A0B4A01B8D976219AACF911815F01E5A816DDB8EC7B5D41FDD
x64DownloadBE439EE41D9EC0A0B4A01B8D976219AACF911815F01E5A816DDB8EC7B5D41FDD
9.62
ArchitectureScopeDownloadSHA256
x86Download536D5CDB9BC40347DBA4DE68E422F10F520BD55CE5AF5F5E45B39A2276DA1F33
x64Download536D5CDB9BC40347DBA4DE68E422F10F520BD55CE5AF5F5E45B39A2276DA1F33
9.61
ArchitectureScopeDownloadSHA256
x86Download19A30CC19687A7BEAA464C40B2E3E945C7EF05C87E861DF6122F3EFEBE0B02A0
x64Download19A30CC19687A7BEAA464C40B2E3E945C7EF05C87E861DF6122F3EFEBE0B02A0
9.59
ArchitectureScopeDownloadSHA256
x86Download3753C3624B0D13676605CBF754B980BE06AAD24D45AE16BBFA653BE9E45AC597
x64Download3753C3624B0D13676605CBF754B980BE06AAD24D45AE16BBFA653BE9E45AC597
9.58
ArchitectureScopeDownloadSHA256
x86DownloadFC1E37B6B9EA8F0166DBB26D9852BA69095958C1D6F18A660884B7D5F2DBDE36
x64DownloadFC1E37B6B9EA8F0166DBB26D9852BA69095958C1D6F18A660884B7D5F2DBDE36
9.57
ArchitectureScopeDownloadSHA256
x86Download882B96951DBFB819CDE90D1ED43DA8B206754F16C8863FE08B71521FB13182F6
x64Download882B96951DBFB819CDE90D1ED43DA8B206754F16C8863FE08B71521FB13182F6
9.56
ArchitectureScopeDownloadSHA256
x86DownloadDD65111B2F8C77F894240B505AC5C71DB248C4E4D56D3D64BD84D5E290B21992
x64DownloadDD65111B2F8C77F894240B505AC5C71DB248C4E4D56D3D64BD84D5E290B21992
9.53
ArchitectureScopeDownloadSHA256
x86Download23C0364902DA1AD0E9A181114C30B657EC622F71FF1344A4755B8F438CD28457
x64Download23C0364902DA1AD0E9A181114C30B657EC622F71FF1344A4755B8F438CD28457
9.52
ArchitectureScopeDownloadSHA256
x86DownloadA963991219829B073AC8C55C2820BACDE1D0E7FE48EF3191D214F3E1E829F33F
x64DownloadA963991219829B073AC8C55C2820BACDE1D0E7FE48EF3191D214F3E1E829F33F
9.51
ArchitectureScopeDownloadSHA256
x86DownloadF437349511EA3620DAFE1907BB5D9F17728DE7D583D5A1B2B7FA31C424A2B45E
x64DownloadF437349511EA3620DAFE1907BB5D9F17728DE7D583D5A1B2B7FA31C424A2B45E
9.47
ArchitectureScopeDownloadSHA256
x86Download9C571C19A2E2670CD2CF4CF385B0EC6875B349DDF8EF1EFE63F8B934C8F4E1C6
x64Download9C571C19A2E2670CD2CF4CF385B0EC6875B349DDF8EF1EFE63F8B934C8F4E1C6
9.46
ArchitectureScopeDownloadSHA256
x86DownloadABE549CE9C3E80714EF5F7556370272DCCFBCEA9751C7A2EEE4D022169412C74
x64DownloadABE549CE9C3E80714EF5F7556370272DCCFBCEA9751C7A2EEE4D022169412C74
9.45
ArchitectureScopeDownloadSHA256
x86DownloadD7890461AD3E6B50C59D5E7CEA17FD65393C63B1362DDD35FE268D7B4CEEB39F
x64DownloadD7890461AD3E6B50C59D5E7CEA17FD65393C63B1362DDD35FE268D7B4CEEB39F
9.43
ArchitectureScopeDownloadSHA256
x86DownloadBB9ED867A75DAA43FC41536C6C7924687EBB089A73843D72EAB1BCBE45EADFFB
x64DownloadBB9ED867A75DAA43FC41536C6C7924687EBB089A73843D72EAB1BCBE45EADFFB
9.42
ArchitectureScopeDownloadSHA256
x86DownloadAB06547326ED5BE6F4ECCE76DABBEFEE1BCF2F90F99E31A1ACC194B63553D552
x64DownloadAB06547326ED5BE6F4ECCE76DABBEFEE1BCF2F90F99E31A1ACC194B63553D552