v2.6.23

This release adds a couple quality of life changes and a fix for a connection issue.

Feature:

• watch command will now only exit on Ctrl + C (SIGINT) #208
• rssh clients now have an additional argument --connect-timeout which is used to time out the initial TCP dial to the RSSH server, this will default to 180 secons

Fixes:

• RSSH clients will no longer get stuck connecting when network connections intermittently fail during dial #209

v2.6.22

Update modules to resolve CVE-2025-58181, something RSSH is not vulnerable to. But we ball

v2.6.21

Just a small dependencies only update

v2.6.20

This is a tiny release which fixes an unreported potential race condition in the multiplexer.

It also upgrades modules and includes some additional instructions about using RSSH with Potato class exploits (such as GodPotato) where starting a shell may fail.

v2.6.19

This release adds a few quality of life changes.

Features:

• RSSH can now read server fingerprint and destination from files (using --fingerprint-file and --destination-file respectively #205, #206 )
• The SSH version string can now be changed with either --version-string or using the link command with link --version-string, these will always have the prefix SSH- as that is part of the SSH protocol, #202
• The private key that the client uses can now be overridden with the command like argument --private-key-path #200, to enable packaging

v2.6.18

This release fixes a regression which would cause remote reverse forwards to fall. It also fixes a previously undiscovered crash in the client when supplying bad URLs as an executable.

Bug Fixes:

• Fix ChannelOpenDirectMsg ordering in remote forward only (second time doing this)
• Ensure that urls are not nil before calling .Query() on them

v2.6.17

This is a small release containing a fix for a nil pointer dereference.

Bug Fix:

• The server will no longer crash if a user connects to an rssh client, then quits their terminal window/ends their ssh session without quitting their connection to the RSSH client (#196)

Changes:

• All session/exec handlers can now be recovered if a panic occurs

v2.6.16

A tiny release to fix a bug where the watch command may deadlock.

v2.6.15

This is a small release that fixes a few user interface bugs, and improves the NTLM handling for linux.

Bug Fixes:

• When using the connect directive in the server console, after exiting a client ctrl + d now works to quit the server console ( and characters typed are better handled in general)
• On the server console CTRL + C now works similar to bash, producing a fresh prompt
• New warning when no user authorised keys are present
• When doing an NTLM negotiation take the domain from the user specified arguments to create the NTLMSSP_Challenge message (read more about this here: #188)

Big thank you to both @stacksparrow4 and @durck for these changes!

v2.6.14

This is a small release that fixes a couple bugs and adds a quality of life features.

Features:

• The link command now takes a new argument --use-host-header which will use the HTTP host header to generate the callback ip when using templated downloads

Bug Fixes:

• When the client loses server connection, it will now close any remote forwards it had open, otherwise reopening your remote forwards is impossible.
• Fix an issue where the ip address given from forwarding the server port would be unparsable, stopping connections from working properly when pivoting.

Thanks to @wrighterase