| version 1.32, 2008/03/11 10:39:37 |
version 1.33, 2008/03/12 12:53:25 |
|
|
| |
|
| <li>OpenSSH 4.8: |
<li>OpenSSH 4.8: |
| <ul> |
<ul> |
| <li>... |
<li>New features: |
| |
<ul> |
| |
<li>Added |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> |
| |
support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>, |
| |
controlled by a new option |
| |
<em>"ChrootDirectory"</em>. Please refer to |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a> |
| |
for details, and |
| |
please use this feature carefully.</li> |
| |
<li>Linked |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a> |
| |
into |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>. The internal sftp server is |
| |
used when the command <em>"internal-sftp"</em> is specified in a Subsystem |
| |
or ForceCommand declaration. When used with <em>ChrootDirectory</em>, the |
| |
internal sftp server requires no special configuration of files |
| |
inside the chroot environment. Please refer to |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a> |
| |
for more information.</li> |
| |
<li>Added a protocol extension method "posix-rename@openssh.com" for |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a> |
| |
to perform POSIX atomic rename() operations.</li> |
| |
<li>Removed the fixed limit of 100 file handles in |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>. |
| |
The server will now dynamically allocate handles up to the number of |
| |
available file descriptors.</li> |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> |
| |
will now skip generation of SSH protocol 1 ephemeral server |
| |
keys when in inetd mode and protocol 2 connections are negotiated. |
| |
This speeds up protocol 2 connections to inetd-mode servers that |
| |
also allow Protocol 1.</li> |
| |
<li>Accept the <em>PermitRootLogin</em> directive in a |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a> |
| |
<em>Match</em> |
| |
block. Allows for, e.g. permitting root only from the local |
| |
network.</li> |
| |
<li>Reworked |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> |
| |
argument splitting and escaping to be more |
| |
internally consistent (i.e. between sftp commands) and more |
| |
consistent with |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sh&sektion=1">sh(1)</a>. |
| |
Please note that this will change the |
| |
interpretation of some quoted strings, especially those with |
| |
embedded backslash escape sequences.</li> |
| |
<li>Support <em>"Banner=none"</em> in |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a> |
| |
to disable sending of a |
| |
pre-login banner (e.g. in a <em>Match</em> block).</li> |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> |
| |
<em>ProxyCommand</em>s are now executed with $SHELL rather than |
| |
/bin/sh.</li> |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)'s</a> |
| |
<em>ConnectTimeout</em> option is now applied to both the TCP |
| |
connection and the SSH banner exchange (previously it just covered |
| |
the TCP connection). This allows callers of |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> |
| |
to better detect |
| |
and deal with stuck servers that accept a TCP connection but don't |
| |
progress the protocol, and also makes <em>ConnectTimeout</em> useful for |
| |
connections via a <em>ProxyCommand</em>.</li> |
| |
<li>Many new regression tests, including interop tests against PuTTY's |
| |
plink</li> |
| |
</ul></li> |
| |
<li>The following significant bugs have been fixed in this release: |
| |
<ul> |
| |
<li>SSH2_MSG_UNIMPLEMENTED packets did not correctly reset the client |
| |
keepalive logic, causing disconnections on servers that did not |
| |
explicitly implement "keepalive@openssh.com".</li> |
| |
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> |
| |
used the obselete SIG DNS RRtype for host keys in DNS, |
| |
instead of the current standard RRSIG.</li> |
| |
<li>Correctly drain ACKs when a |
| |
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> |
| |
upload write fails midway, |
| |
avoids a fatal() exit from what should be a recoverable condition.</li> |
| |
<li>Fixed packet size advertisements. Previously TCP and agent |
| |
forwarding incorrectly advertised the channel window size as the |
| |
packet size, causing fatal errors under some conditions.</li> |
| |
<li><em>Many more bugfixes. Please refer to the |
| |
<a href="http://www.openssh.com/txt/release-4.8">Release Notes</a>.</em> |
| |
</li> |
| |
</ul></li> |
| </ul> |
</ul> |
| <p> |
<p> |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to 43.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www