using Rebex.Net;

Encryption and other enhancements in Rebex ZIP

We added all the important features that didn't make it into the first release of Rebex ZIP: AES encryption, stream-based access to compressed files, asynchronous methods, and more. Check out the list below for details. On top of that, a new explorer-like sample was added.

FIPS 140-2 mode in FTP/SSL

When using Rebex FTP on a machine where only certified FIPS 140-2 algorithms are allowed, a FIPS 140-2 mode is enabled and non-compliant algorithms are switched off. This mode can also be enabled manually by referencing Rebex.Security.dll and setting the Rebex.Security.Cryptography.CryptoHelper.UseFipsAlgorithmsOnly property to true. This was already available in Rebex SFTP before.

New stream-based access to remote files in SFTP

While there is nothing wrong with PutFile and GetFile methods, sometimes a stream-based access is required. We now added a new GetStream method that returns a stream representing a remote file - and all the stream features are supported, including seeking and setting file length. This makes it possible to (for example) use Rebex SFTP with Rebex ZIP to access a remote ZIP file and extract selected files from it without having to download the whole ZIP file.

Complete list of changes:

• FTP/SSL: Added FIPS 140-2 compliant mode that is automatically enabled on systems where only compliant algorithms are allowed.
• FTP: Ftp class inherits from NetworkSession base class that implements some common properties.
• FTP: Added a workaround for FTP servers with broken MLST output.
• FTP: SITE command is no longer used to detect MS IIS FTP 7.x because it caused problems to some firewalls.
• FTP: FtpList.GetEnumerator is now an implementation of IEnumerable<FtpItem>.
• FTP: Better error handling in GetFiles/PutFiles methods.

Some of you already noticed Rebex DLLs in Visual Studio 2010's application folders. It's now official - we are proud to anounce that Microsoft is using Rebex FTP/SSL and SFTP in Microsoft Visual Studio 2010 and Microsoft Expression Web!

If you would like to be informed about what's going on at Rebex, you are welcome to follow us on Twitter.

We have just released a hotfix for Rebex FTP/SSL that adds FIPS 140-2 compliant mode. It is automatically enabled on systems where only FIPS-compliant algorithms are allowed. This has already been available in Rebex SFTP. This hotfix is only needed when running Rebex FTP/SSL on a FIPS-only systems.

If you have an active Rebex FTP/SSL, Rebex File Transfer Pack or Rebex Total Pack license, you can download the hotfix from the following URL:

http://www.rebex.net/protected/hotfix-ftp-fips.aspx

.NET 4.0 and Visual Studio 2010 are supported

This release adds support for .NET 4.0 and Visual Studio 2010. Native .NET 4.0 builds of all our components are available.

Sending mail messages with massive attachments

In Rebex Mail, it is now possible to send huge attachmets using the new do-not-load-into-memory options. By huge, we mean attachments of virtually unlimited size. This feature is not enabled by default (because not loading data into memory has some drawbacks), so if you are interested in it, check out our Q&A forum.

Tumbleweed's SSL-like encrypted tunnel support

Tumbleweed SecureTransport servers are often used by large financial institutions. In addition to explicit and implicit TLS/SSL, these servers also support a proprietary SSL-like encryption tunnel that makes it possible to use encrypted connection but still be able to work with FTP-aware firewalls (designed for unencrypted FTP). Rebex FTP/SSL is one of the few FTP clients supporting this feature. To use it, just specify FtpSecurity.TumbleweedTunnel instead of .Explicit when connecting.

Complete list of changes:

• FTP: Information about invalid data IP address detection is now written to the log.
• FTP: Fixed a bug that caused "/" local path argument of PutFiles/GetFiles methods to be treated as current directory.
• FTP: A more meaningful exception is raised when a premature OK response is received while still uploading data.
• FTP: More information is logged when a FTP connection is broken.
• FTP: A full local path is passed in FtpBatchTransferProgressEventArgs.
• FTP: Added experimental FtpOptions.UseLargeBuffers to use larger internal buffers (doesn't seem to make substantial difference on most systems).
• FTP: Fixed a bug in PRET command implementation that caused problems with DrFTPd servers.
• FTP: FtpTransferProgressEventArgs now contain RemotePath and LocalPath when available.
• FTP: FtpBatchTransferException is now serializable.
• FTP: On .NET Compact Framework, SO_LINGER option is enabled for data sockets.
• FTP/SSL: Added support for Tumbleweed's SSL-like encrypted tunnel encryption.
• FTP/SSL: Removed useless pre-authentication feature check in implicit SSL mode.

• SFTP: Fixed a bug that caused "/" local path argument of PutFiles/GetFiles methods to be treated as current directory.
• SFTP: Added Sftp.Bind and Scp.Bind method to make it possible to bind the SFTP or SCP object to existing SSH session.
• SFTP: A full local path is passed in SftpBatchTransferProgressEventArgs.
• SFTP: SftpTransferProgressEventArgs now contain RemotePath and LocalPath when available.
• SFTP: SftpBatchTransferException is now serializable.
• SFTP: Queued data packets are no longer written to the output stream after download operation has been aborted.

• MIME: Fixed a bug that caused an exception to be raised when assigning one MailMessage's mail address collection property to another.
• MIME: Added MimeOptions.DoNotCloseStreamAfterLoad option.
• MIME: Added a workaround for parsing 'References' header with missing angle brackets.
• S/MIME: Signed and/or encrypted e-mail messages with TNEF body are now parsed correctly.
• SMTP: Added MimeOptions.DoNotPreloadAttachments to make it possible to handle extremely large attachments.
• POP3: Added a workaround for QuarkMail Server that incorrectly announces authentication capabilies.

• SSH Shell: Added experimental support for CSH to Shell class.
• SSH Shell: Added Ssh.Bind method to make it possible to bind the Ssh object to an existing SSH session.

• Terminal: Fixed a bug that caused cursor to be redrawn incorrectly in some cases.

• SSH Core: Added a workaround for a server that announces support for "password" authentication but requires "keyboard-interactive" instead.
• SSH Core: Fixed a bug in ZLIB compression routines that caused compatibility problems with GlobalScape and BitVise servers when compression was enabled.
• SSH Core: Fixed a bug that caused SSH session to hang if a broken (incomplete) SSH packet arrived (rare).

Rebex ZIP has just been released as well! We are now busy adding enryption capabilities to it. Is there a need for another ZIP component? We are sure there is, because Rebex ZIP is one of the few ZIP components that don't rely on any open-source library for ZLIB compression - yes, we wrote everything from scratch.

GSSAPI and Kerberos support in Mail and Secure Mail

Few months ago, we introduced GSSAPI/Kerberos authentication support in Rebex SFTP - and now it is available in Rebex Mail and Rebex Secure Mail as well! Microsoft SSPI is used as an underlying authentication provider for both. In practice, this means you can authenticate with SMTP, POP3 or IMAP to Microsoft Exchange server using Kerberos single-sign-on, which is definitely an improvement over NTLM. Negotiate algorithm is also supported - this automatically selects either NTLM or Kerberos, depending on what is available.

This feature is not supported in .NET Compact Framework edition of Rebex (Secure) Mail - it will be added in the next release.

SFTP v4 support

Rebex SFTP supports v4 of the protocol now. In practice, one of the main benefits is that it is possible to select transfer type (Sftp.TransferType) without need to select the target OS type first (Sftp.ServerType). Unfortunately, many SFTP servers inclusing OpenSSH only supports SFTP v3, which means that the target OS type has to be still set for these. Another benefit of SFTP v4 is that it uses UTF-8 charset by default, which is a great improvement - in v3, charset was undefined.

Integrated ZLIB support in SSH, SFTP, SCP and SSH Shell

ZLIB is used to compress all communication. This means faster file transfers in SFTP and SCP when transferring compressible files and better throughput for Rebex SSH Shell, where most data is simple text. To disable ZLIB compression and make the new version work just like before, use SshParameters.Compression property, as described in this SFTP tutorial. This also means that the experimental ZLIB compression support introduced in build 3428 no longer works because there is no need for it now.

Complete list of changes:

• FTP: Added FtpOptions.ConnectPassiveLater option - makes the passive mode transfer initialize the connection only after the LIST/NLST/RETR/STOR commands are sent (instead of after PASV).
• FTP: Enhanced MODE Z support.
• FTP: Added a workaroud for bad PASV implementation at ftp-edi.pubnet.org.
• FTP: CCC command no longer actively sends close_notify TLS message by default.
• FTP: Fixed a bug in proxy code that caused data transfers to fail when using HTTP CONNECT proxy with NTLM authentication.
• SFTP: SFTP v4 support added.
• SFTP: Fixed a bug in CreateDirectory/ChangeDirectory workaround for CoreFTP.
• SFTP: Added workaround for ProFTPd's mod_sftpd SSH_FXP_REALPATH command that fails for newly created directories.
• MIME: MailMessage object's BodyText and BodyHtml properties now remove illegal characters when set.
• MIME: LinkedResource.FileName property added.
• MIME: Mail messages with empty TNEF/winmail.dat attachment no longer cause an exception to be thrown.
• S/MIME: Added MimeOptions.SkipCertificateUsageCheck option to make it possible to skip certificate usage check.
• S/MIME: Fixed a bug that caused an exception to be thrown when signing a mail message on FIPS-enabled systems.
• SMTP: Kerberos, NTLM and Negotiate authentication methods through GSSAPI/SSPI are now supported (not yet available on .NET Compact Framework).
• SMTP: GSSAPI or NTLM is also attempted in Auto mode if the mail server doesn't support any other authentication methods.
• POP3: Kerberos, NTLM and Negotiate authentication methods through GSSAPI/SSPI are now supported (not yet available on .NET Compact Framework).
• POP3: Added workaround for I&ES Mail Server that doesn't like TOP n 1 command.
  
• IMAP: Fixed a bug in Imap object's External authentication method implementation.
• IMAP: GSSAPI or NTLM is also attempted in Auto mode if the mail server doesn't support any other authentication methods.
• IMAP: Added a workaround for servers that reply with FETCH BODYSTRUCTURE what FETCH BODY is requested.
• IMAP: Kerberos, NTLM and Negotiate authentication methods through GSSAPI/SSPI are now supported (not yet available on .NET Compact Framework).
• IMAP: Message structure parser enhanced to be compatible with more servers and distinguish attachments and linked resources.
• SSH Shell: Added workaround for SSH packets 101 that some SSH servers were observed to use.
• Terminal: Fixed a bug that caused Disconnect event not to be raised when some types of connection failures occured.
• Terminal: TerminalControl now correctly resizes itself when hosted in WPF.
• SSH Core: Fixed a bug in ArcFour cipher implementation that made it unusable.
• SSH Core: Fixed a bug that caused an SSH welcome message to be parsed incorrectly when split accross multiple packets.
• SSH Core: Added support for ZLIB transfer compression.
• ProxySocket: Proxy object now has Encoding property that makes it possible to specify character set to be used for parsing server responses.
• ProxySocket: ProxySocketException.ErrorCode property now returns HTTP and Socket4/Socks5 error codes when available.
• ProxySocket: SspiAuthentication and GssApiProvider classes added that provide GSSAPI/SSPI functionality.
• Security: Certificate's CRL distribution point list can be accessed using GetCrlDistributionPoints method.

We are also progressing nicely on Rebex ZIP component as well. If there is something you would like it to support, please visit our customer feedback & ideas forum and add some suggestions!

This releases fixes two bugs in the previous build - one in Rebex SFTP and Rebex SSH Shell's GSSAPI/Kerberos authentication, the other in Rebex Secure Mail's SHA-2 signature support.

Complete list of changes:

• SSH Core: Fixed a bug in GSSAPI authentication that caused it to work improperly in 32bit .NET Framework.
• S/MIME: SHA-2 now works with private keys in non-Microsoft key storages (such as Smart Cards) as well.
  

SHA-2 support in Secure Mail

In addition do SHA-1 and MD5 hash algorithms, SHA-2 support was added to Rebex Secure Mail. This includes SHA-256, SHA-384 and SHA-512. Signatures using these algorithms can now be both created and validated. This feature only works in Windows XP SP3, Windows Server 2003 and newer OS's.

GSSAPI and Kerberos support in SFTP and SSH Shell

GSSAPI authentication - "gssapi-with-mic" authentication method defined by RFC 4462 - is now supported by Rebex SFTP and Rebex SSH Shell along with Kerberos v5 and NTLM mechanisms. Microsoft SSPI is used as an underlying authentication provider for both. There is a new easy-to-use Login method overload for this authentication method and we will definitely post more information about it soon.

IEnumerable<T> support added to collections

This means that you can now use the LINQ query language (and its extension methods) with collections such as SftpItemCollection or AttachmentCollection.

Complete list of changes:

• FTP: Added automated UTF-8 detection on modern FTP servers.
• FTP: Listing parser enhanced to support some non-English month names that sometimes occur in file listings of broken servers.
• FTP: Fixed a bug that might cause an active FTP connection to immediately time out when executed on an existing but idle connection.
• FTP: IEnumerable<T> support added to collections for .NET 2.0 and higher.
• FTP: Ftp.CopyToAnotherServer method can now handle Abort requests.
• FTP: Bandwidth throttling functionality slowed down the transfer too much when a limited but high speed was requested.
• SFTP: IEnumerable<T> support added to collections for .NET 2.0 and higher.
• Mail CF: First public release of the .NET Compact Framework package of Rebex Secure Mail.
• MIME: Signature parser enhanced to better parse "signed" e-mails with missing signature.
• MIME: Binary attachments claiming to be text are now parsed as application/octet-stream.
• MIME: IEnumerable<T> support added to collections for .NET 2.0 and higher.
• MIME: Fixed a bug in MimeHeaderCollection class that made it possible to add a null header.
• MIME: Date header parser enhanced to handle invalid ';' characters.
• S/MIME: Added support for messages signed using algorithms based on SHA-2 (SHA-256, SHA-384 and SHA-512).
• IMAP: Added workround for Gmail that is unable to select a localized version of the Inbox folder. The inbox folder is now reported as Inbox for all Gmail language variants.
• IMAP: Fixed a bug in IMAP response parser that caused it to fail in rare circumstances.
• SSH Shell: Added support for break request defined by RFC 4335.
• SSH Shell: Added Shell.GetExitCode method to make it possible to retrieve process exit code (if available).
• Terminal: Fixed bad exception message in TerminalControl.Bind method.
• Terminal: TerminalOptions serialization fixed to work correctly with serialized data from older releases.
• Terminal: Fixed a bug in the logging code for SshChannel.SetTerminalSize method.
• SSH Core: Support for GSSAPI authentication (gssapi-with-mic) added. Kerberos (not on .NET CF) and NTLM mechanisms are supported. MS SSPI is used as an underlying authentication provider.
• SSH Core: SshFingerprint class extended to support multiple hash algorithms.
• SSH Core: Added BannerReceived event that ca be used to receive banner messages sent by the server.
• SSH Core: Added FingerprintCheck event as an alternative way to check server fingerprint.
• SSH Core: Support for authentication using both username/password and public key at the same time made compatible with Maverick SSHD server.
• Time: Version number change only.
• TLS/SSL: Enhanced logging of certificate-related actions during the TLS/SSL negotiation.
• Security: .PFX/P12 private key file loading support for Windows Mobile 5 and newer.
• Security: Added support for signatures based on SHA-2 (SHA-256, SHA-384 and SHA-512.
• Security: If .NET 3.5 is available, a new and much faster AES implementation is used instead of RijndaelManaged.
• Security: Behavior of certificate finders in CMS/PKCS #7 was enhanced - embedded certificates are always searched now.

A feature that is requested very often is integrated transfer compression in Rebex SFTP. This is particularly useful when transferring text files or other highly compressible files, and a similar feature is already included in Rebex FTP. So why does it take so long to add this to SFTP as well? The problem is that the .NET Framework compression API is well-suited to be used in protocols utilizing stream transfer modes such as FTP, but entirely unsuitable for protocols using block transfer mode such as SSH, the underlying protocol used by SFTP.

Fortunately, since build 3428, it is possible to enable ZLIB compression in Rebex SFTP and Rebex SSH Shell using ZlibStream for .NET, a library build on top of a C# port of JCraft's Java JZlib library. JZlib is a re-implementation of zlib in pure Java. It is covered by a BSD-style license, which makes it possible to be used for free (even in commercial closed-source applications).

OK, so how to enable transfer compression? It is rather simple – download and install ZlibStream for .NET, add a reference to Rebex.ZlibStream.dll to your application and when connecting to an SFTP server in your code, add few additional lines:

C#

Sftp sftp = new Sftp();
SshParameters parameters = new SshParameters();
parameters.CompressionStreamType = typeof(Rebex.IO.Compression.JZlib.ZlibOutputStream);
sftp.Connect(hostname, password, parameters);

VB.NET

Dim sftp As New Sftp
Dim parameters As New SshParameters
parameters.CompressionStreamType = GetType(Rebex.IO.Compression.JZlib.ZlibOutputStream)
sftp.Connect(hostname, password, parameters)

In Rebex SSH Shell, an equivalent code can be used.

At this point, you may be asking yourself – why is this not included in Rebex components by default? There are two reasons:

1. A BSD-style license requires that all derivative works reproduce the full text of the license in the source code and documentation. This goes against our philosophy for .NET components - we don’t want our clients to still bother with licensing issues after they purchased a license.
2. Some of our clients have a strict no-free-software policy that forbids them from using anything based on or derived from a software using an open source license. Therefore, no free or open source code is allowed into the codebase of products we sell.

To address this, we are currently implementing a new ZLIB compression library from scratch, without using any third-party code. Once this is finished, Rebex SFTP and SSH Shell will finally support transfer compression by default. Until then, simply use ZlibStream for .NET as described above.

A new component has just been released: Rebex Telnet for .NET.

Rebex Telnet terminal emulation and automated shell scripting library for .NET languages (such as C# or VB.NET). It makes it easy to execute commands on Unix/Windows Telnet servers or add terminal emulation capabilities to your applications.

Features include:

• Terminal emulation - Windows Forms control and virtual (off-screen) terminal.
• Shell scripting objects.
  
• Terminal session recording and replay.
• Samples in C# and VB.NET including WinForm Telnet Client.
• Easy-to-follow tutorial for a quick start.
  
• Complete C# source code is optionally available.
• And more...

Of course, Rebex Telnet was added to Rebex Total Pack as well, so if you already have an active subscription, you can download it immediately. For information about upgrading, please contact us!

See also: Telnet component homepage | Download trial | Pricing from $249