OpenSSH 3.0

Markus Friedl markus at openbsd.org
Wed Nov 7 08:48:41 EST 2001 

OpenSSH 3.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).

We would like to thank the OpenSSH community for their continued
support and encouragement.

Important Changes:
==================

1) SSH protocol v2 is now the default protocol version

	use the 'Protocol' option from ssh(1) and sshd(8) if
	you need to change this.

2) The files
	/etc/ssh_known_hosts2
	~/.ssh/known_hosts2
	~/.ssh/authorized_keys2
   are now obsolete, you can use
	/etc/ssh_known_hosts
	~/.ssh/known_hosts
	~/.ssh/authorized_keys
   For backward compatibility ~/.ssh/authorized_keys2 will still used for
   authentication and hostkeys are still read from the known_hosts2.
   However, those deprecated files are considered 'readonly'.  Future
   releases are likely not to read these files.

3) The CheckMail option in sshd_config is deprecated, as sshd(8) no longer
   checks for new mail.

4) X11 cookies are now stored in $HOME.

New Features:
=============

1) Smartcard support in the ssh client and agent based on work by
   University of Michigan CITI (http://www.citi.umich.edu/projects/smartcard/).

2) support for Rekeying in protocol version 2

3) improved Kerberos support in protocol v1 (KerbIV and KerbV)

4) backward compatibility with older commercial SSH versions >= 2.0.10

5) getopt(3) is now used by all programs

6) dynamic forwarding (use ssh(1) as your socks server)

7) ClearAllForwardings in ssh(1)

8) ssh(1) now checks the hostkey for localhost (NoHostAuthenticationForLocalhost yes/no).

9) -F option in ssh(1)

10) ssh(1) now has a '-b bindaddress' option

11) scp(1) allows "scp /file localhost:/file"

12) The AuthorizedKeysFile option allows specification of alternative
    files that contain the public keys that can be used for user authentication
    (e.g. /etc/ssh_keys/%u, see sshd(8))

13) extended AllowUsers user at host syntax in sshd(8)

14) improved challenge-response support (especially for systems supporting BSD_AUTH)

15) sshd(8) can specify time args as 1h, 2h30s etc.

16) sshd(8) transmits the correct exit status for remote execution with protocol version 2.

17) ssh-keygen(1) can import private RSA/DSA keys generated with the commercial version

18) ssh-keyscan(1) supports protocol version 2

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.

More information about the openssh-unix-dev mailing list