v2.7.0

This release fixes upx, closing #214 and changes how the rssh client dll loads itself (which the minor version update)

Fixes:

• The UPX binary can now be either upx or upx-cl thanks for @rjvkn for that PR

Changes:

• When loading as a DLL, the reverse ssh client dll will detach itself from its parent process using rundll32 running its VoidFunc this will help in cases where the dll is unloaded too quickly for the goruntime & internals to start. It may increase risk of detection on platforms with AV/EDR as its pretty easy to say "why is rundll32 running a shell". If people want it reverted/have a better solution, please open an issue for discussion. Thanks to @0xW1LD for this!

v2.6.24

This release incorporates a small fix to ICMP handling when using the ssh tunnel functionality found and fixed by @wrighterase.

v2.6.23

This release adds a couple quality of life changes and a fix for a connection issue.

Feature:

• watch command will now only exit on Ctrl + C (SIGINT) #208
• rssh clients now have an additional argument --connect-timeout which is used to time out the initial TCP dial to the RSSH server, this will default to 180 secons

Fixes:

• RSSH clients will no longer get stuck connecting when network connections intermittently fail during dial #209

v2.6.22

Update modules to resolve CVE-2025-58181, something RSSH is not vulnerable to. But we ball

v2.6.21

Just a small dependencies only update

v2.6.20

This is a tiny release which fixes an unreported potential race condition in the multiplexer.

It also upgrades modules and includes some additional instructions about using RSSH with Potato class exploits (such as GodPotato) where starting a shell may fail.

v2.6.19

This release adds a few quality of life changes.

Features:

• RSSH can now read server fingerprint and destination from files (using --fingerprint-file and --destination-file respectively #205, #206 )
• The SSH version string can now be changed with either --version-string or using the link command with link --version-string, these will always have the prefix SSH- as that is part of the SSH protocol, #202
• The private key that the client uses can now be overridden with the command like argument --private-key-path #200, to enable packaging

v2.6.18

This release fixes a regression which would cause remote reverse forwards to fall. It also fixes a previously undiscovered crash in the client when supplying bad URLs as an executable.

Bug Fixes:

• Fix ChannelOpenDirectMsg ordering in remote forward only (second time doing this)
• Ensure that urls are not nil before calling .Query() on them

v2.6.17

This is a small release containing a fix for a nil pointer dereference.

Bug Fix:

• The server will no longer crash if a user connects to an rssh client, then quits their terminal window/ends their ssh session without quitting their connection to the RSSH client (#196)

Changes:

• All session/exec handlers can now be recovered if a panic occurs

v2.6.16

A tiny release to fix a bug where the watch command may deadlock.