Advanced Server Access Release Notes

Advanced Server Access client

Release: 1.60.0

Deployment date: May 04, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See サポートされているオペレーティングシステム.

Enhancements

  • The sft ssh command can include the SFT_ALLOW_INSECURE_USERNAMES=1 enviroment variable to temporarily allow ssh connections with usernames that include non-standard characters. See アドバンストサーバーアクセスのクライアントを使用する.
  • The client now supports the Diffie Hellman Group Exchange SHA256 Kex Algorithm.
  • Several changes were made to AD-Joined. See AD-Joined.
    • When a user with multiple AD accounts connects to an discovered AD device, they can choose which account to use.
    • Users can connect to AD devices without entering a password. See Passwordless certificates.
    • Users can connect to AD devices from the GUI on both macOS and Windows.
  • Users can configure the client.timeout_seconds option to define a maximum time to wait for a response from servers. See
  • Unenrolled clients now return more detailed error messages.

Fixes

  • Specifying a username with SSH connections returned an error.
  • The link to the Advanced Server Access documentation was incorrect on the macOS client.
  • Clients didn't retry connections for certain operations if the team had already exceeded the Advanced Server Access API rate or concurrency limits.
  • The SFT_Hook_Events environment variable for lifecycle hooks was unavailable for scripts.

Past releases

Release: 1.58.0

Deployment date: March 21, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See サポートされているオペレーティングシステム.

Fixes

  • The Advanced Server Access client on macOS and Linux platforms was found to be vulnerable to command injection via specially crafted URLs.
    This is a High severity issue and Okta strongly recommends updating the Advanced Server Access client to version 1.58.0. For more information, see the Okta security advisory for CVE-2022-1030.

Release: 1.57.0

Deployment date: February 17, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See サポートされているオペレーティングシステム.

Fixes

  • The Advanced Server Access client on Windows was found to be vulnerable to command injection via specially crafted URLs.
    This is a High severity issue and Okta strongly recommends updating the Advanced Server Access client to version 1.57.0. For more information, see the Okta security advisory for CVE-2022-24295.

  • The sft config edit command was unable to modify the ssh.allow_rsa_sha1_keys option.

Release: 1.56.1

Deployment date: January 10, 2022

Enhancements

  • The Advanced Server Access client now supports Windows 11.

Fixes

  • Using a single client instance for multiple ASA user accounts on the same team sometimes caused an error.

Release: 1.55.1

Deployment date: November 10, 2021

Enhancements

  • Clients can use legacy RSA/SHA1 host key algorithms with the ssh.allow_rsa_sha1_keys option.

Release: 1.54.1

Deployment date: August 4, 2021

Advanced Server Access now has its own dedicated help site: Advanced Server Access.

This enhancement offers direct access to independent online help for Advanced Server Access from help.okta.com.

The new site provides several benefits:

  • Compactly designed, product-centric content

  • Streamlined navigation

  • More efficient content updates and responsiveness to customer feedback

Release: 1.54.0

Deployment date: June 30, 2021

Starting September 2021, Advanced Server Access will no longer support the following operating systems:

  • CentOS 6

  • FreeBSD 10

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before September 2021. See サポートされているオペレーティングシステム.

Fixes

  • RoyalTSX server lists were incorrectly formatted.

  • The Advanced Server Access client installer incorrectly required Rosetta to be installed on Apple M1 Macs.


Release: 1.53.2

Deployment date: June 1, 2021

Enhancements

  • The sft list-servers command now supports outputting server labels for teams that have PolicySync enabled.


Release: 1.52.2

Deployment date: April 29, 2021

Enhancements

  • The Advanced Server Access client is now natively supported on the M1 platform.


Release: 1.51.3

Deployment date: March 23, 2021

Fixes

  • Clients ignored the LogLevel option when printing server banners.

Release: 1.51.1

Deployment date: February 16, 2021

Features and enhancements

  • Use sft config edit to edit the Advanced Server Access client configuration file with your system's default editor.
  • The client now retries rate limited SSH authentication requests for up to five minutes before failing.

Release: 1.50.1

Deployment date: November 16, 2020

Features and enhancements

  • Reducing the frequency that the host key cache is cleared improved parallel client performance.

Early Access Features

  • Shared primary user group identifiers (GIDs) are now supported.

Fixes

  • Enabling Client Trust Forwarding broke agent forwarding during non-interactive sessions.

Release: 1.45.4

Deployment date: July 10, 2020

Fixes

  • When using client trust forwarding, a panic could occur, causing the client to crash. (OKTA-312023)

Release: 1.45.3

Deployment date: June 16, 2020

Fixes

  • When used on a client not enrolled in any teams, the output from the 'sft resolve -q' command wasn't quiet.
  • When running numerous 'sft' commands in parallel, it was possible to corrupt the internal 'known_hosts' file, which led to subsequent connection errors. (OKTA-292731)
  • The SecureCRT ssh client couldn't connect to servers when using the 'ProxyCommand' option. (OKTA-259170)

Release: 1.44.2

Deployment date: March 24, 2020

Features and enhancements

  • The macOS client now supports Royal TSX for RDP.
  • The title bar of the Windows RDP client now displays the destination hostname.
  • ssh_config now supports true and false for Boolean SSH configurations, in addition to yes and no.

Fixes

  • The macOS client had a pathing issue in sft list-servers-rjson
  • When multiple login attempts were made concurrently from the command line, the system didn't wait for the first to complete.

Advanced Server Access server agent

Release: 1.60.0

Deployment date: May 04, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See サポートされているオペレーティングシステム.


Past releases

Release: 1.58.0

Deployment date: March 21, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See サポートされているオペレーティングシステム.

Release: 1.57.0

Deployment date: February 17, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See サポートされているオペレーティングシステム.

Release: 1.56.1

Deployment date: January 10, 2022

Enhancements

  • The Advanced Server Access server agent now supports Alma Linux and ARM-based Ubuntu servers.

Fixes

  • Some sshd configurations encountered issues related to Match statements.

Release: 1.55.1

Deployment date: November 10, 2021

This release is part of our scheduled release cycle and includes no user-facing changes.

Release: 1.54.0

Deployment date: June 30, 2021

Starting September 2021, Advanced Server Access will no longer support the following operating systems:

  • CentOS 6

  • FreeBSD 10

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before September 2021. See サポートされているオペレーティングシステム.

Fixes

  • Whitespace and comments were not ignored when searching for host keys in sshd configuration files.


Release: 1.53.2

Deployment date: June 1, 2021

Enhancements

Fixes

  • On Windows, logs were not being stored properly.


Release: 1.52.2

Deployment date: April 29, 2021

Enhancements

  • The Advanced Server Access server agent is now available for ARM64 architectures.

Early Access Features

  • PolicySync Attribute-Based Access Controls (ABAC) is now supported. This allows server access to be determined by labels assigned to individual servers.


Release: 1.51.3

Deployment date: March 23, 2021

Enhancements

  • The server agent now validates changes to the sshd_config file. This prevents a malformed configuration file from disrupting connectivity.
  • The server agent now creates a backup of the sshd_config file before making changes to it. This ensures that a working configuration can be restored in the event of an invalid configuration file.
  • The default thread count for machines with a large number of processors has been reduced. This improves individual processor performance.

Fixes

  • When on-demand users attempted to connect to a Windows server using RDP, their initial attempt would sometimes fail.

Release: 1.51.1

Deployment date: February 16, 2021

Features and enhancements

Client tools:

  • Use sft config edit to edit the Advanced Server Access client configuration file with your system's default editor.
  • The client now retries rate limited SSH authentication requests for up to five minutes before failing.

Gateways:

  • Gateways now include a sample config file.
  • Gateways now support agent forwarding.

Fixes

Server tools:

  • When servers running Red Hat Enterprise Linux were upgraded, sometimes their server entries in Advanced Server Access were duplicated.
  • When admins enabled or disabled Forward Client Trust for a project, it sometimes resulted in an invalid sshd configuration. (Early Access)

Release: 1.50.4

Deployment date: December 17, 2020

Fixes

  • Attempting to apply a Unix user ID (UID) change and a user deletion operation to the same user simultaneously sometimes caused the agent to crash.

Release: 1.50.3

Deployment date: November 17, 2020

Fixes

  • Users who were members of non-existent local Unix groups sometimes caused the agent to crash.
  • When the agent was freshly installed on Windows, the Remote Desktop Protocol (RDP) broker failed to start.

Release: 1.45.3

Deployment date: June 16, 2020

Fixes

  • Remote desktop protocol sessions weren't closed when a user was deactivated or deleted. (OKTA-294736)

Release: 1.44.6

Deployment date: April 20, 2020

Fixes

  • The Linux agent had an issue where some user group memberships were not correctly added.

Release: 1.44.4

Deployment date: April 15, 2020

Features and enhancements


Release: 1.44.2

Deployment date: March 24, 2020

Features and enhancements

  • The unix client can update customer user attributes, including shell, home directory, and account comment.
  • The RSA certificate ID part of SSH logs is now parsed.

Fixes

  • When sudo entitlements were renamed on unix, there was an issue.
  • Improved error handling when loading TLS certificates.
  • File permissions on sshd_config were sometimes altered when changing the file.

Release: 1.41.0

Deployment date: November 13, 2019

Features and enhancements

  • Reduced event hook logging.

Fixes

  • When migrating a server to a different project, there were sometimes user sync issues.


Advanced Server Access gateways

Release: 1.60.0

Deployment date: May 04, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See サポートされているオペレーティングシステム.


Past releases

Release: 1.58.0

Deployment date: March 21, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See サポートされているオペレーティングシステム.

Release: 1.57.0

Deployment date: February 17, 2022

Beginning June 2022, Advanced Server Access will remove support for the following operating systems:

  • Ubuntu 12.04
  • Red Hat Enterprise Linux 6

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before June 2022. See サポートされているオペレーティングシステム.

Fixes

  • Closing a client connection sometimes caused a gateway error

Release: 1.56.1

Deployment date: January 10, 2022

Enhancements

  • The Advanced Server Access gateway now supports Alma Linux and ARM-based Ubuntu servers.

Fixes

  • Bastions couldn't use an FQDN or load balancer as an AccessAddress.

Release: 1.55.1

Deployment date: November 10, 2021

Early Access Features

  • AD-Joined can automatically discover Active Directory (AD) servers.
  • AD-Joined allow Remote Desktop Protocol (RDP) proxy connections with AD credentials.

For details, see AD-Joined.

Enhancements

  • Restricted access to some Linux system capabilities using sft-gatewayd.service.
  • Gateways can refuse Secure Shell (SSH) and RDP connections with the RefuseConnections option.

Fixes

  • Sensitive data was being included in diagnostic support bundles.

Release: 1.54.1

Deployment date: August 4, 2021

Advanced Server Access now has its own dedicated help site: Advanced Server Access.

This enhancement offers direct access to independent online help for Advanced Server Access from help.okta.com.

The new site provides several benefits:

  • Compactly designed, product-centric content

  • Streamlined navigation

  • More efficient content updates and responsiveness to customer feedback

Fixes

  • Gateways didn't forward SSH login banners to clients.

Release: 1.54.0

Deployment date: June 30, 2021

Starting September 2021, Advanced Server Access will no longer support the following operating systems:

  • CentOS 6

  • FreeBSD 10

If you're using any of the listed operating systems, Okta recommends upgrading to a supported operating system before September 2021. See サポートされているオペレーティングシステム.

Enhancements

  • SSH session log file entries no longer include duplicate connection IDs.


Release: 1.52.2

Deployment date: April 29, 2021

Enhancements

  • Gateways now report the number of active connections. This allows admins to view a gateway's current connection load.
  • The log integrity validation algorithm for SSH session logs has been improved. This helps to ensure the authenticity of SSH session logs.

  • A gateway will no longer start if the temporary directory for its log storage is not on a valid device. This allows an invalid log directory to be detected at start up rather than during runtime.

  • The temporary directory for gateway log storage can now be specified by the SessionLogTempStorageDirectory configuration option. This allows the temporary directory to be configured and for the temporary directory and storage directory to be on different volumes.

Fixes

  • SSH session metadata was incorrectly logged.


Release: 1.51.3

Deployment date: March 23, 2021

Enhancements

  • Gateways now report the local disk storage in use or zero when using external storage. This change allows admins to determine whether gateway files are stored locally or externally, and how much storage is in use.

Release: 1.51.1

Deployment date: February 16, 2021

Features and enhancements

  • Gateways now include a sample config file.
  • Gateways now support agent forwarding.

Release: 1.49.2

Deployment date: November 9, 2020

Early Access Features

Gateways

You can now install and use Advanced Server Access gateways. See アドバンストサーバーアクセスのゲートウェイをインストールする.

Session capture

You can now enable session capture on a project to log all session data on a gateway. See プロジェクトのセッションキャプチャを有効にする.


Advanced Server Access platform

Release: 2022.05.01

Deployment date: May 11, 2022

Feature

  • The AD-Joined feature provides Remote Desktop Protocol (RDP) access to Active Directory (AD) resources using existing AD accounts. This feature allows teams to better integrate their AD domain with Advanced Server Access. See AD-Joined.


Past releases

Release: 2022.04.02

Deployment date: April 13, 2022

Feature

  • The Certificate Signing Algorithm setting allows projects to use the more secure ssh-ed25519 algorithm in server authentication certificates. New projects use the ssh-ed25519 algorithm by default, but teams can still use the legacy ssh-rsa algorithm to provide support for older operating systems. See プロジェクトを作成する.

Release: 2022.03.2

Deployment date: March 16, 2022

Enhancements

  • This release removes the legacy Billing Contact tab from the Advanced Server Access settings page.

Release: 2022.03.1

Deployment date: March 9, 2022

Fixes

  • When a user account was deleted from Advanced Server Access, the account was not promptly removed from local servers.

Release: 2022.03.0

Deployment date: March 2, 2022

Fixes

  • Delays occurred when a local Linux or Windows user was deleted after they were deleted in Advanced Server Access.

Release: 2021.11.12

Deployment date: November 12, 2021

Enhancements

  • Rate limits are applied using an updated measurement method.
  • API responses send an X-RateLimit-Retry-At header after exceeding the rate limit.

See Rate Limting.