OpenSSH 4.7: call for testing.

Darren Tucker dtucker at zip.com.au
Thu Aug 16 00:28:32 EST 2007


Hi All.

OpenSSH 4.7 is preparing for release so we are asking for any interested 
folks to please test a snapshot. The main changes are:

  * sshd(8) in new installations defaults to SSH Protocol 2 only.
    Existing installations are unchanged.

  * The SSH channel window size has been increased, which improves
    performance on high-BDP networks.

  * ssh(1) and sshd(8) now preserve MAC contexts between packets, which
    saves 2 hash calls per packet and results in 12-16% speedup for
    arcfour256/hmac-md5.

  * A new MAC algorithm has been added, UMAC-64 (RFC4418) which is
    approximately 20% faster than HMAC-MD5.

  * A -K flag was added to ssh(1) to set GSSAPIAuthentication=Yes

#616: proxycommand breaks hostbased authentication.
#856: scp hangs on FIFOs rather than erroring
#891: possible problem with non-printing characters during scp copy
#1196: SIGINT is ignored by SSHD in case of privilegeseparation yes
#1220: Fix error messages for multiple mechanism GSSAPI libraries
#1224: ssh-add man page does not fully describe -d
#1225: Tidy up GSSAPI code
#1232: "LocalCommand" is executed before session is set up
#1236: SCP inappropriate truncate error when copying to FIFO file
#1261: Timed out command through ControlMaster yields 0 return value.
#1286: SFTP keeps reading input until it runs out of buffer space

#1243: Multiple including of paths.h on AIX 5.1 systems.
#1262: ssh disconnect message from master control is confusing
#1287: Use getpeerucred on Solaris
#1294: includes.h should pull in string.h based on HAVE_STRING_H
#1299: Remove redefinition of _res in getrrsetbyname.c
#1306: Spurious : "chan_read_failed for istate 3" errors from sshd
#1325: SELinux support broken when SELinux is in permissive mode
#1339: pam_dhkeys doesn't work
#1343: Privilege separation does not work on QNX

There is also #1322 (pam_abl) which has not been applied, but I'm not 
sure about that one (so if you use PAM, please try the latest patch from 
that bug, even if you don't use pam_abl or equivalent).

Thanks to all who contributed.

More detail may be found in the ChangeLog in the portable OpenSSH
tarballs.

The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html

Portable snapshots are available at:
http://www.mindrot.org/openssh_snap/

Running the regression tests supplied with Portable does not require
installation and is a simply:

$ ./configure && make tests

Testing on suitable non-production systems is also appreciated.
Please send reports of success or failure to
openssh-unix-dev at mindrot.org.

Thanks.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list