djm at mindrot.org
Thu Mar 22 21:43:56 EST 2001
Portable OpenSSH 2.5.2p2 is now available from the mirror sites
listed at http://www.openssh.com/portable.html
Security related changes:
Improved countermeasure against "Passive Analysis of SSH
(Secure Shell) Traffic"
The countermeasures introduced in earlier OpenSSH-2.5.x versions
caused interoperability problems with some other implementations.
Improved countermeasure against "SSH protocol 1.5 session
key recovery vulnerability"
permitopen authorized_keys option to restrict portforwarding.
PreferredAuthentications allows client to specify the order in which
authentication methods are tried.
sftp client supports globbing (get *, put *).
Support for sftp protocol v3 (draft-ietf-secsh-filexfer-01.txt).
Batch file (-b) support for automated transfers
Speedup DH exchange. OpenSSH should now be significantly faster when
connecting use SSH protocol 2.
Preferred SSH protocol 2 cipher is AES with hmac-md5. AES offers
much faster throughput in a well scrutinised cipher.
stderr handling fixes in SSH protocol 2.
The client no longer asks for the the passphrase if the key
will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK)
scp should now work for files > 2GB
ssh-keygen can now generate fingerprints in the "bubble babble"
format for exchanging fingerprints with SSH.COM's SSH protocol 2
Better support for the PRNGd entropy collection daemon. The
--with-egd-pool configure option has been deprecated in favour
of --with-prngd-socket and the new --with-prngd-port options.
The latter allows collection of entropy from a localhost
configure ensures that scp is in the $PATH set by the server
(unless a custom path is specified).
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-announce