New snapshot
Daniel T. Chen
chenda at cs.unc.edu
Tue Nov 14 15:25:27 EST 2000
Hey all, the latest snapshot configures, compiles, and runs fine on the
x86 SuSE 6.3, 6.4, and 7.0 test machines (all OpenSSL-0.9.6).
Host: i686-pc-linux-gnu
Compiler: gcc
Compiler flags: -g -O2 -Wall -I. -I. -I/usr/local/ssl/include
Linker flags: -L/usr/local/ssl/lib -L/usr/local/ssl
Libraries: -ldl -lnsl -lz -lutil -lpam -lcrypto -lwrap
dtc
---
Daniel T. Chen | chenda at cs.unc.edu
On Tue, 14 Nov 2000, Damien Miller wrote:
> I have just uploaded a new snapshot to:
>
> http://www.mindrot.org/misc/openssh/openssh-SNAP-20001114.tar.gz
>
> This snapshot includes Markus Friedl's new SSH2 RSA authentication work
> and -R portforwarding for SSH2. Please give these a good test.
>
> The new RSA authentications works similar to the current SSH2 DSA keys,
> but requires a little modification to config files. Currently RSA
> key cannot be shared between SSH1 and SSH2.
>
> To generate keys, ssh-keygen now has a type '-t' parameter. Valid types
> are 'rsa1' (for SSH1 RSA keys), 'rsa' (SSH2 RSA) and 'dsa' (SSH2 DSA).
>
> eg. "ssh-keygen -t rsa -f ~/.ssh/id_rsa" will generate a new SSH2 RSA key.
>
> For public key authentication, just copy the public portion of the RSA
> key into your ~/.ssh/authorized_keys2 file. It is normal for the public
> RSA keys to be shorter than DSA keys.
>
> SSH2 RSA keys are fully supported by ssh-agent. Keys are tried in the order
> in which they are added to the agent, so 'ssh-add' your RSA key first if
> you want to try it out.
>
> For the server, all hostkeys are now unified and sshd will automatically
> detect the type of a host key. The 'HostDSAKey' option is therefore
> deprecated in favor of 'HostKey'. To specify RSA and DSA keys for SSH2 use,
> just use more 'HostKey' options. The 'DSAAuthentication' option is
> deprecated in favour of the general 'PubkeyAuthentication' option.
>
> The host key section of my sshd_config looks like this:
>
> HostKey /etc/ssh/ssh_host_key
> HostKey /etc/ssh/ssh_host_rsa_key
> HostKey /etc/ssh/ssh_host_dsa_key
>
> For the client, the 'IdentityFile2' option is deprecated in favor of an
> autodetecting 'IdentityFile' option. You can specity rsa1, dsa and rsa keys
> using this option.
>
> RSA pubkey auth seems a little quicker than DSA and it is not vulnerable to
> the problems described in the WARNING.RNG file.
>
> Full changelog:
>
> 20001113
> - (djm) Add pointer to http://www.imasy.or.jp/~gotoh/connect.c to
> contrib/README
> - (djm) Merge OpenBSD changes:
> - markus at cvs.openbsd.org 2000/11/06 16:04:56
> [channels.c channels.h clientloop.c nchan.c serverloop.c]
> [session.c ssh.c]
> agent forwarding and -R for ssh2, based on work from
> jhuuskon at messi.uku.fi
> - markus at cvs.openbsd.org 2000/11/06 16:13:27
> [ssh.c sshconnect.c sshd.c]
> do not disabled rhosts(rsa) if server port > 1024; from
> pekkas at netcore.fi
> - markus at cvs.openbsd.org 2000/11/06 16:16:35
> [sshconnect.c]
> downgrade client to 1.3 if server is 1.4; help from mdb at juniper.net
> - markus at cvs.openbsd.org 2000/11/09 18:04:40
> [auth1.c]
> typo; from mouring at pconline.com
> - markus at cvs.openbsd.org 2000/11/12 12:03:28
> [ssh-agent.c]
> off-by-one when removing a key from the agent
> - markus at cvs.openbsd.org 2000/11/12 12:50:39
> [auth-rh-rsa.c auth2.c authfd.c authfd.h]
> [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
> [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
> [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
> [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
> [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
> add support for RSA to SSH2. please test.
> there are now 3 types of keys: RSA1 is used by ssh-1 only,
> RSA and DSA are used by SSH2.
> you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
> keys for SSH2 and use the RSA keys for hostkeys or for user keys.
> SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
> - (djm) Fix up Makefile and Redhat init script to create RSA host keys
> - (djm) Change to interim version
> - (djm) Fix RPM spec file stupidity
> - (djm) fixpaths to DSA and RSA keys too
>
> 20001112
> - (bal) SCO Patch to add needed libraries for configure.in. Patch by
> Phillips Porch <root at theporch.com>
> - (bal) IRIX patch to adding Job Limits. Patch by Denis Parker
> <dcp at sgi.com>
> - (stevesk) pty.c: HP-UX 10 and 11 don't define TIOCSCTTY. Add error() to
> failed ioctl(TIOCSCTTY) call.
>
> 20001111
> - (djm) Added /etc/primes for kex DH group neg, fixup Makefile.in and
> packaging files
> - (djm) Fix new Makefile.in warnings
> - (djm) Fix vsprintf("%h") in bsd-snprintf.c, short int va_args are
> promoted to type int. Report and fix from Dan Astoorian
> <djast at cs.toronto.edu>
> - (djm) Hardwire sysconfdir in RPM spec files as some RPM versions get
> it wrong. Report from Bennett Todd <bet at rahul.net>
>
> 20001110
> - (bal) Fixed dropped answer from skey_keyinfo() in auth1.c
> - (bal) Changed from --with-skey to --with-skey=PATH in configure.in
> - (bal) Added in check to verify S/Key library is being detected in
> configure.in
> - (bal) next-posix.h - added another prototype wrapped in POSIX ifdef/endif.
> Patch by Mark Miller <markm at swoon.net>
> - (bal) Added 'util.h' header to loginrec.c only if HAVE_UTIL_H is defined
> to remove warnings under MacOS X. Patch by Mark Miller <markm at swoon.net>
> - (bal) Fixed LDFLAG mispelling in configure.in for --with-afs
>
> 20001107
> - (bal) acconfig.in - removed the double "USE_PIPES" entry. Patch by
> Mark Miller <markm at swoon.net>
> - (bal) sshd.init files corrected to assign $? to RETVAL. Patch by
> Jarno Huuskonen <jhuuskon at messi.uku.fi>
> - (bal) fixpaths fixed to stop it from quitely failing. Patch by
> Mark D. Roth <roth at feep.net>
>
> 20001106
> - (bal) typo in configure.in in regards to --with-ldflags from Marko
> Asplund <aspa at kronodoc.fi>
> - (bal) fixed next-posix.h. Forgot prototype of getppid().
>
>
>
>
More information about the openssh-unix-dev
mailing list