OpenSSH 3.6 released

From: Markus Friedl (markus@openbsd.org)
Date: 03/31/03

  • Next message: Dario SERMASI: "trying to chroot users connecting via ssh"
    Date: Mon, 31 Mar 2003 14:49:03 +0200
    From: Markus Friedl <markus@openbsd.org>
    To: secureshell@securityfocus.com
    
    

    OpenSSH 3.6 has just been released. It will be available from the
    mirrors listed at http://www.openssh.com/ shortly.

    OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
    implementation and includes sftp client and server support.

    We would like to thank the OpenSSH community for their continued
    support to the project, especially those who contributed source and
    bought T-shirts or posters.

    We have a new design of T-shirt available, more info on
            http://www.openbsd.org/tshirts.html#18

    For international orders use http://https.openbsd.org/cgi-bin/order
    and for European orders, use http://https.openbsd.org/cgi-bin/order.eu

    Changes since OpenSSH 3.5:
    ============================

    * RSA blinding is now used by ssh(1), sshd(8) and ssh-agent(1).
      in order to avoid potential timing attacks against the RSA keys.
      Older versions of OpenSSH have been using RSA blinding in
      ssh-keysign(1) only.

      Please note that there is no evidence that the SSH protocol is
      vulnerable to the OpenSSL/TLS timing attack described in
            http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

    * ssh-agent(1) optionally requires user confirmation if a key gets
      used, see '-c' in ssh-add(1).

    * sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation
      is enabled.

    * sshd(8) now removes X11 cookies when a session gets closed.

    * ssh-keysign(8) is disabled by default and only enabled if the
      new EnableSSHKeysign option is set in the global ssh_config(5)
      file.

    * ssh(1) and sshd(8) now handle 'kex guesses' correctly (key exchange
      guesses).

    * ssh(1) no longer overwrites SIG_IGN. This matches behaviour from
      rsh(1) and is used by backup tools.

    * setting ProxyCommand to 'none' disables the proxy feature, see
      ssh_config(5).

    * scp(1) supports add -1 and -2.

    * scp(1) supports bandwidth limiting.

    * sftp(1) displays a progressmeter.

    * sftp(1) has improved error handling for scripting.

    Checksums:
    ==========

    - MD5 (openssh-3.6p1.tar.gz) = 72ef1134d521cb6926c99256dad17fe0
    - MD5 (openssh-3.6.tgz) = 758822b888c5c3f83a98045aef904254

    Reporting Bugs:
    ===============

    - please read http://www.openssh.com/report.html
      and http://bugzilla.mindrot.org/

    OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
    Kevin Steves, Damien Miller and Ben Lindstrom.


  • Next message: Dario SERMASI: "trying to chroot users connecting via ssh"

    Relevant Pages

    • OpenSSH 3.6.1 released
      ... OpenSSH 3.6.1 has just been released. ... implementation and includes sftp client and server support. ... in a few other SSH v2 implementations and causes connections to ... new EnableSSHKeysign option is set in the global ssh_config ...
      (Bugtraq)
    • OpenSSH 3.6.1 released
      ... OpenSSH 3.6.1 has just been released. ... implementation and includes sftp client and server support. ... in a few other SSH v2 implementations and causes connections to ... new EnableSSHKeysign option is set in the global ssh_config ...
      (SSH)
    • OpenSSH 3.6 released (fwd)
      ... New OpenSSH version.. ... new EnableSSHKeysign option is set in the global ssh_config ... * setting ProxyCommand to 'none' disables the proxy feature, ...
      (Bugtraq)
    • OpenSSH 3.0.1 (fwd)
      ... OpenSSH 3.0.1 has just been released. ... implementation and includes sftp client and server support. ... OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, ...
      (Bugtraq)