Tectia SSH 6.6.7 Release Update: Key Fixes and Compatibility Improvements

Posted by HANDD on 20th January 2026

SSH has published the release notes for Tectia Client 6.6.7, covering important Windows cryptography changes, smartcard authentication fixes, and a small set of targeted bug fixes.

If you run Tectia Client in production, especially on Windows, this is a release worth reviewing, as it aligns with Microsoft’s ongoing changes to cryptographic providers.

6.6 is still LTS (Long Term Supported)

SSH confirms that the 6.6 release of Tectia Client is Long Term Supported (LTS), supported for 3 years from the release date of 6.6.5.

They also note that Tectia Client 6.6.7 shares the same end-of-support date as 6.6.5, and official support end dates can be checked directly via SSH’s end-of-support page.

Important change in 6.6.7: Windows cryptographic provider update (TECT-1419)

The main “Important Change” listed in 6.6.7 is:

Windows cryptographic provider usage has been updated to align with Microsoft’s move away from Cryptographic Service Provider (CSP) towards Key Storage Provider (KSP), as part of Microsoft’s fix for CVE-2024-30098.

This matters because Microsoft is actively tightening how Windows handles crypto provider support, and legacy methods can be impacted as a result.

Bug fixes included in 6.6.7

SSH lists the following fixes under 6.6.7:

  1. Checksum option behaviour (TECT-1285)
    A regression is fixed where --checksum=no still triggered checksum file access in Tectia Client 6.6.5 and later.
  2. Smartcard authentication fix after Windows update (TECT-1419)
    SSH has fixed a smartcard authentication failure caused by the Windows October 2025 update (KB5066793), related to Microsoft’s cryptographic provider changes.
  3. SHA-2 authentication fix with Microsoft CryptoAPI keys (TECT-1525)
    SSH also fixed an issue where SHA-2 authentication failed when using keys from Microsoft CryptoAPI (MSCAPI).

No new features in this release

SSH notes that Tectia Client 6.6.7 introduces no new features, meaning this release is primarily focused on compatibility and stability fixes.

Platforms covered

According to SSH, Tectia Client 6.6.7 is available for:

  • AIX (POWER)
  • HP-UX (IA-64 and PA-RISC)
  • Solaris (SPARC and x86-64)
  • Linux (x86-64)
  • Windows (x86-64)

They also note PQC algorithms are not supported on HP-UX (IA-64).

What HANDD recommends (practical, no promises)

If you’re using Tectia Client on Windows and rely on smartcards or Microsoft CryptoAPI-based authentication, this release is worth reviewing as part of your next maintenance window.

A sensible approach is:

  • validate in non-production first
  • confirm smartcard authentication behaviour
  • check any automated SFTP/SSH workflows that rely on checksum behaviour or SHA-2 authentication

For full detail, always refer to SSH’s official release notes and manuals.

Need support reviewing your upgrade path?

At HANDD, we help organisations maintain secure, reliable file transfer operations across mixed environments and platforms.

If you want a quick sense-check on upgrade impact or what to validate before rolling into production, feel free to contact us.

Always Managed. Fully Secure.