Date: Thu, 22 Mar 2001 11:49:03 +0100
From: Markus Friedl Markus.Friedl@informatik.uni-erlangen.de
OpenSSH 2.5.2 is now available from the mirror sites
listed at http://www.openssh.com/
Security related changes:
Improved countermeasure against "Passive Analysis of SSH
(Secure Shell) Traffic"
The countermeasures introduced in earlier OpenSSH-2.5.x versions
caused interoperability problems with some other implementations.
Improved countermeasure against "SSH protocol 1.5 session
key recovery vulnerability"
permitopen authorized_keys option to restrict portforwarding.
PreferredAuthentications allows client to specify the order in which
authentication methods are tried.
sftp client supports globbing (get *, put *).
Support for sftp protocol v3 (draft-ietf-secsh-filexfer-01.txt).
Batch file (-b) support for automated transfers
Speedup DH exchange. OpenSSH should now be significantly faster when
connecting use SSH protocol 2.
Preferred SSH protocol 2 cipher is AES with hmac-md5. AES offers
much faster throughput in a well scrutinised cipher.
stderr handling fixes in SSH protocol 2.
The client no longer asks for the the passphrase if the key
will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK)
scp should now work for files > 2GB
ssh-keygen can now generate fingerprints in the "bubble babble"
format for exchanging fingerprints with SSH.COM's SSH protocol 2
Preliminary patches for OpenBSD-2.6 are available on request.