version 1.32, 2008/03/11 10:39:37 |
version 1.33, 2008/03/12 12:53:25 |
|
|
|
|
<li>OpenSSH 4.8: |
<li>OpenSSH 4.8: |
<ul> |
<ul> |
<li>... |
<li>New features: |
|
<ul> |
|
<li>Added |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=chroot&sektion=2">chroot(2)</a> |
|
support for <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>, |
|
controlled by a new option |
|
<em>"ChrootDirectory"</em>. Please refer to |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a> |
|
for details, and |
|
please use this feature carefully.</li> |
|
<li>Linked |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a> |
|
into |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>. The internal sftp server is |
|
used when the command <em>"internal-sftp"</em> is specified in a Subsystem |
|
or ForceCommand declaration. When used with <em>ChrootDirectory</em>, the |
|
internal sftp server requires no special configuration of files |
|
inside the chroot environment. Please refer to |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a> |
|
for more information.</li> |
|
<li>Added a protocol extension method "posix-rename@openssh.com" for |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a> |
|
to perform POSIX atomic rename() operations.</li> |
|
<li>Removed the fixed limit of 100 file handles in |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp-server&sektion=8">sftp-server(8)</a>. |
|
The server will now dynamically allocate handles up to the number of |
|
available file descriptors.</li> |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> |
|
will now skip generation of SSH protocol 1 ephemeral server |
|
keys when in inetd mode and protocol 2 connections are negotiated. |
|
This speeds up protocol 2 connections to inetd-mode servers that |
|
also allow Protocol 1.</li> |
|
<li>Accept the <em>PermitRootLogin</em> directive in a |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a> |
|
<em>Match</em> |
|
block. Allows for, e.g. permitting root only from the local |
|
network.</li> |
|
<li>Reworked |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> |
|
argument splitting and escaping to be more |
|
internally consistent (i.e. between sftp commands) and more |
|
consistent with |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sh&sektion=1">sh(1)</a>. |
|
Please note that this will change the |
|
interpretation of some quoted strings, especially those with |
|
embedded backslash escape sequences.</li> |
|
<li>Support <em>"Banner=none"</em> in |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a> |
|
to disable sending of a |
|
pre-login banner (e.g. in a <em>Match</em> block).</li> |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> |
|
<em>ProxyCommand</em>s are now executed with $SHELL rather than |
|
/bin/sh.</li> |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)'s</a> |
|
<em>ConnectTimeout</em> option is now applied to both the TCP |
|
connection and the SSH banner exchange (previously it just covered |
|
the TCP connection). This allows callers of |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> |
|
to better detect |
|
and deal with stuck servers that accept a TCP connection but don't |
|
progress the protocol, and also makes <em>ConnectTimeout</em> useful for |
|
connections via a <em>ProxyCommand</em>.</li> |
|
<li>Many new regression tests, including interop tests against PuTTY's |
|
plink</li> |
|
</ul></li> |
|
<li>The following significant bugs have been fixed in this release: |
|
<ul> |
|
<li>SSH2_MSG_UNIMPLEMENTED packets did not correctly reset the client |
|
keepalive logic, causing disconnections on servers that did not |
|
explicitly implement "keepalive@openssh.com".</li> |
|
<li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a> |
|
used the obselete SIG DNS RRtype for host keys in DNS, |
|
instead of the current standard RRSIG.</li> |
|
<li>Correctly drain ACKs when a |
|
<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a> |
|
upload write fails midway, |
|
avoids a fatal() exit from what should be a recoverable condition.</li> |
|
<li>Fixed packet size advertisements. Previously TCP and agent |
|
forwarding incorrectly advertised the channel window size as the |
|
packet size, causing fatal errors under some conditions.</li> |
|
<li><em>Many more bugfixes. Please refer to the |
|
<a href="http://www.openssh.com/txt/release-4.8">Release Notes</a>.</em> |
|
</li> |
|
</ul></li> |
</ul> |
</ul> |
<p> |
<p> |
|
|