Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


OpenSSH-2.5.2 released

Mar 22, 2001, 20:24 (2 Talkback[s])
(Other stories by Markus Friedl)
Date: Thu, 22 Mar 2001 11:49:03 +0100
From: Markus Friedl Markus.Friedl@informatik.uni-erlangen.de
To: announce@openbsd.org
Subject: OpenSSH-2.5.2

OpenSSH 2.5.2 is now available from the mirror sites
listed at http://www.openssh.com/

Security related changes:
        Improved countermeasure against "Passive Analysis of SSH
        (Secure Shell) Traffic"
        http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt

        The countermeasures introduced in earlier OpenSSH-2.5.x versions
        caused interoperability problems with some other implementations.

        Improved countermeasure against "SSH protocol 1.5 session
        key recovery vulnerability"
        http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm

New options:
        permitopen authorized_keys option to restrict portforwarding.

        PreferredAuthentications allows client to specify the order in which
        authentication methods are tried.

Sftp:
        sftp client supports globbing (get *, put *).

        Support for sftp protocol v3 (draft-ietf-secsh-filexfer-01.txt).

        Batch file (-b) support for automated transfers

Performance:
        Speedup DH exchange. OpenSSH should now be significantly faster when
        connecting use SSH protocol 2.

        Preferred SSH protocol 2 cipher is AES with hmac-md5. AES offers
        much faster throughput in a well scrutinised cipher.

Bugfixes:
        stderr handling fixes in SSH protocol 2.

        Improved interoperability.

Client:
        The client no longer asks for the the passphrase if the key
        will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK)

Miscellaneous:
        scp should now work for files > 2GB

        ssh-keygen can now generate fingerprints in the "bubble babble"
        format for exchanging fingerprints with SSH.COM's SSH protocol 2
        implementation.

Preliminary patches for OpenBSD-2.6 are available on request.