Testing wanted: OpenSSH 4.8

Damien Miller djm at mindrot.org
Thu Mar 13 11:50:25 EST 2008


Hi,

We are preparing to make the release of OpenSSH 4.8 soon, so we would
greatly appreciate testing of snapshot releases in as many environments
and on as many operating systems as possible.

The highlights of this release are:

  * Added chroot(2) support for sshd(8), controlled by a new option
    "ChrootDirectory". Please refer to sshd_config(5) for details, and
    please use this feature carefully. (bz#177 bz#1352)
  * Linked sftp-server(8) into sshd(8). The internal sftp server is
    used when the command "internal-sftp" is specified in a Subsystem
    or ForceCommand declaration. When used with ChrootDirectory, the
    internal sftp server requires no special configuration of files
    inside the chroot environment. Please refer to sshd_config(5) for
    more information.
  * Added a protocol extension method "posix-rename at openssh.com" for
    sftp-server(8) to perform POSIX atomic rename() operations.
    (bz#1400)
  * Removed the fixed limit of 100 file handles in sftp-server(8). The
    server will now dynamically allocate handles up to the number of
    available file descriptors. (bz#1397)
  * ssh(8) will now skip generation of SSH protocol 1 ephemeral server
    keys when in inetd mode and protocol 2 connections are negotiated.
    This speeds up protocol 2 connections to inetd-mode servers that
    also allow Protocol 1 (bz#440)
  * Accept the PermitRootLogin directive in a sshd_config(5) Match
    block. Allows for, e.g. permitting root only from the local
    network.
  * Reworked sftp(1) argument splitting and escaping to be more
    internally consistent (i.e. between sftp commands) and more
    consistent with sh(1). Please note that this will change the
    interpretation of some quoted strings, especially those with
    embedded backslash escape sequences. (bz#778)
  * Support "Banner=none" in sshd_config(5) to disable sending of a
    pre-login banner (e.g. in a Match block).
  * ssh(1) ProxyCommands are now executed with $SHELL rather than
    /bin/sh.
  * ssh(1)'s ConnectTimeout option is now applied to both the TCP
    connection and the SSH banner exchange (previously it just covered
    the TCP connection). This allows callers of ssh(1) to better detect
    and deal with stuck servers that accept a TCP connection but don't
    progress the protocol, and also makes ConnectTimeout useful for
    connections via a ProxyCommand.
  * Many new regression tests, including interop tests against PuTTY's
    plink.
  * Support BSM auditing on Mac OS X

This release also contains many bugfixes. Please refer to the tracking bug
https://bugzilla.mindrot.org/show_bug.cgi?id=1353 for a partial list.
The ChangeLog file in the portable OpenSSH tarballs contains a full list.

Please fetch and test the release that is appropriate for your platform:

If you are running OpenBSD the latest version is available in CVS HEAD,
as described at http://www.openbsd.org/anoncvs.html

Otherwise, portable snapshots are available from
http://www.mindrot.org/openssh_snap/ and also by anonymous CVS. CVS
instructions are here: http://www.openssh.com/portable.html#cvs

Running the regression tests supplied with Portable does not require
installation and is a simply:

$ ./configure && make tests

This release includes some interoperability tests against PuTTY's
plink(1). These tests may be run using "make interop-tests" if you
have plink(1) installed.

Testing on suitable non-production systems is also appreciated.
Please send reports of success or failure to
openssh-unix-dev at mindrot.org.



More information about the openssh-unix-dev mailing list