FlowSsh: SSH client library for C, C++ and .NET

The same SSH library as we use in our SSH server for Windows is available for licensing for SSH client applications.

Features:

  • Separate easy to use interfaces for C, C++, and .NET.

  • Fully documented.

  • Comes with several complete sample applications in C, C++, C#, and Visual Basic.

  • Full support for public key authentication.

  • Full support for SFTP and tunneling / port forwarding.

  • Support for general channel types, including exec requests and terminal sessions. (Terminal emulation not included.)

  • Supports ZLIB compression. (But does not use the widely used zlib library.)

  • Supports connecting through a proxy.

  • Provides state-of-the-art encryption and security suitable as part of a standards-compliant solution meeting the requirements of PCI, HIPAA, or FIPS 140-2 validation.

  • Compatible with both 32-bit and 64-bit Windows applications. (Non-Windows platforms not supported.)

  • Code base separate and independent of other SSH implementations. Does not use OpenSSH, libssh, or similar.

  • Does not contain parts subject to GPL or similar licenses.

Included in Bitvise SSH Client

FlowSshNet is included with our SSH Client, and can be used under the Bitvise SSH Client license on computers where the Client is installed. PowerShell scripts are included under the SSH Client installation directory, demonstrating how to use FlowSshNet with PowerShell. Look for the following samples in your installation:

  • FlowSshNetSamples\FlowSshNet_Exec.ps1

  • FlowSshNetSamples\FlowSshNet_Sftp.ps1

Download the Latest Version  

For use independent of Bitvise SSH Client, FlowSsh 9.34 is available for download. (Alternative.) Build instructions and license terms are included in the archive.

Use of FlowSsh for evaluation and testing is free of charge. To include FlowSsh in your production application, contact us.

When used without a license, FlowSsh will display an evaluation dialog unless Bitvise SSH Client is also installed. To avoid the evaluation dialog during testing, install Bitvise SSH Client.

Documentation

Complete FlowSsh documentation can be found here.

Pricing

FlowSsh is available in the following license types:

It can be used free of charge under the Bitvise SSH Client license on computers where Bitvise SSH Client is installed. All paid licenses are intended for use in applications independently of Bitvise SSH Client.

A per-developer license costs USD 599.95 per developer. It is valid for any number of programs and applications, but requires a fee for each developer involved in writing programs that use FlowSsh.

A per-application license costs USD 599.95 per application. It permits use by an unlimited number of developers, but is valid only for a single, specific application.

A full source code license costs USD 5,000. It permits modification of source code, and use in multiple products. It allows use of the inner FlowSsh library in server applications, which the outer FlowSshC, C++, and .NET wrappers do not. However, it does not permit distribution of FlowSsh source code, or use in general-purpose SSH products, competing with Bitvise's.

There are no royalty fees based on use of the resulting applications. Use in commercial programs is permitted and encouraged.

Each license type comes with 12 months of free access to new versions of FlowSsh. Subsequently, upgrade access extension is optional, and is available at 20% of the license price per year. Like with our other licenses, upgrade access years cannot be skipped, but there are also no penalties for retroactive upgrade access extension.

To purchase a license, please contact us.

Architectural Limitations

In our current design, FlowSsh is incompatible with applications that use .NET Application Domains. The FlowSsh implementation makes heavy use of fibers, which .NET Application Domains do not support. This means FlowSsh is currently not a suitable choice for use in ASP.NET (within an IIS process).

Support

Bug reports, suggestions, and specific questions to which direct responses are possible are handled free of charge. Please contact us if you would like to suggest a feature or report an issue.

In-depth support to help you use FlowSsh, or any other of our products, is available at USD 399.95 per incident.

Encryption and security features

SSH and SFTP:

  • Key exchange algorithms:

    • Curve25519
    • ECDH over elliptic curves secp256k1, nistp256, nistp384, nistp521 using SHA-512, SHA-384, or SHA-256
    • Diffie Hellman with group exchange using SHA-256
    • Diffie Hellman with fixed 4096, 3072, or 2048-bit group parameters using SHA-512 or SHA-256
    • Diffie Hellman with 1024-bit group parameters or using SHA-1 (legacy)
    • GSSAPI key exchange using Diffie Hellman and Kerberos authentication
  • Signature algorithms:

    • Ed25519
    • ECDSA over elliptic curves secp256k1, nistp256, nistp384, nistp521 using SHA-512, SHA-384, or SHA-256
    • RSA using 4096, 3072, or 2048-bit key sizes with SHA-512 or SHA-256
    • RSA using 1024-bit keys or with SHA-1 (legacy)
    • DSA using SHA-1 (legacy)
  • Encryption algorithms:

    • ChaCha20 with 512-bit keys with Poly1305
    • AES with 256, 128-bit keys in GCM mode
    • AES with 256, 192, 128-bit keys in CTR mode
    • AES with 256, 192, 128-bit keys in CBC mode (legacy)
    • 3DES in CTR or CBC mode (legacy)
  • Data integrity protection:

    • ChaCha20 with 512-bit keys with Poly1305
    • AES with 256, 128-bit keys in GCM mode
    • HMAC using SHA-256 or SHA-512, in encrypt-then-MAC mode
    • HMAC using SHA-256 or SHA-512 (classic)
    • HMAC using SHA-1 (legacy)
  • Server authentication:

    • Client verifies server identity using server host key fingerprint or public key
    • Automatic synchronization of new host keys to client supported
  • Client authentication:

    • Password authentication
    • Password change during password authentication
    • Public key authentication

FIPS 140-2 validation

When FIPS is enabled in Windows, our software uses Windows built-in cryptography, validated by NIST to FIPS 140-2 under certificates #2937, #2606, #2357, and #1892. On Windows XP and 2003, our software uses the Crypto++ 5.3.0 FIPS DLL, originally validated by NIST under certificate #819 (historical). When FIPS mode is not enabled, additional non-FIPS algorithms are supported.

Cryptographic implementations and availability

Current Bitvise software versions (9.12 and higher) use the following cryptographic implementations for different algorithms, on different versions of Windows:


Algorithm
Windows XP,
Server 2003
Windows Vista to 8.1,
Server 2008 to 2012 R2
Windows 10, 11,
Server 2016 to 2022
Signature
RSA Crypto++ 5.3 Windows CNG Windows CNG
Ed25519 n/a DJB DJB
ECDSA (NIST curves) Crypto++ 5.3 Windows CNG Windows CNG
ECDSA/secp256k1 Crypto++ 5.3 OpenSSL Windows CNG
1024-bit DSA Crypto++ 5.3 Windows CNG Windows CNG
Non-standard DSA Crypto++ 5.3 Crypto++ 5.6 Crypto++ 5.6
Key exchange
Classic DH Crypto++ 5.3 Windows CNG Windows CNG
Curve25519 n/a DJB DJB
ECDH (NIST curves) Crypto++ 5.3 Windows CNG Windows CNG
ECDH/secp256k1 Crypto++ 5.3 OpenSSL Windows CNG
Encryption
AES Crypto++ 5.3 Windows CNG Windows CNG
ChaCha20 n/a OpenSSL OpenSSL
3DES Crypto++ 5.3 Windows CNG Windows CNG
Integrity
GCM n/a Windows CNG Windows CNG
Poly1305 n/a OpenSSL OpenSSL
HMAC-SHA2 Crypto++ 5.3 Windows CNG Windows CNG
HMAC-SHA1 Crypto++ 5.3 Windows CNG Windows CNG

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)

This product includes cryptographic software written by Eric Young (eay@cryptsoft.com).