version 1.101, 2019/05/27 22:55:18 |
version 1.102, 2019/05/31 13:15:31 |
|
|
<em>"ChrootDirectory"</em>. Please refer to |
<em>"ChrootDirectory"</em>. Please refer to |
<a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> |
<a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> |
for details, and |
for details, and |
please use this feature carefully.</li> |
please use this feature carefully. |
<li>Linked |
<li>Linked |
<a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a> |
<a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a> |
into |
into |
|
|
internal sftp server requires no special configuration of files |
internal sftp server requires no special configuration of files |
inside the chroot environment. Please refer to |
inside the chroot environment. Please refer to |
<a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> |
<a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> |
for more information.</li> |
for more information. |
<li>Added a protocol extension method "posix-rename@openssh.com" for |
<li>Added a protocol extension method "posix-rename@openssh.com" for |
<a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a> |
<a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a> |
to perform POSIX atomic rename() operations.</li> |
to perform POSIX atomic rename() operations. |
<li>Removed the fixed limit of 100 file handles in |
<li>Removed the fixed limit of 100 file handles in |
<a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>. |
<a href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>. |
The server will now dynamically allocate handles up to the number of |
The server will now dynamically allocate handles up to the number of |
available file descriptors.</li> |
available file descriptors. |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
will now skip generation of SSH protocol 1 ephemeral server |
will now skip generation of SSH protocol 1 ephemeral server |
keys when in inetd mode and protocol 2 connections are negotiated. |
keys when in inetd mode and protocol 2 connections are negotiated. |
This speeds up protocol 2 connections to inetd-mode servers that |
This speeds up protocol 2 connections to inetd-mode servers that |
also allow Protocol 1.</li> |
also allow Protocol 1. |
<li>Accept the <em>PermitRootLogin</em> directive in a |
<li>Accept the <em>PermitRootLogin</em> directive in a |
<a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> |
<a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> |
<em>Match</em> |
<em>Match</em> |
block. Allows for, e.g. permitting root only from the local |
block. Allows for, e.g. permitting root only from the local |
network.</li> |
network. |
<li>Reworked |
<li>Reworked |
<a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
<a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
argument splitting and escaping to be more |
argument splitting and escaping to be more |
|
|
<a href="https://man.openbsd.org/sh.1">sh(1)</a>. |
<a href="https://man.openbsd.org/sh.1">sh(1)</a>. |
Please note that this will change the |
Please note that this will change the |
interpretation of some quoted strings, especially those with |
interpretation of some quoted strings, especially those with |
embedded backslash escape sequences.</li> |
embedded backslash escape sequences. |
<li>Support <em>"Banner=none"</em> in |
<li>Support <em>"Banner=none"</em> in |
<a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> |
<a href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> |
to disable sending of a |
to disable sending of a |
pre-login banner (e.g. in a <em>Match</em> block).</li> |
pre-login banner (e.g. in a <em>Match</em> block). |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
<em>ProxyCommand</em>s are now executed with $SHELL rather than |
<em>ProxyCommand</em>s are now executed with $SHELL rather than |
/bin/sh.</li> |
/bin/sh. |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)'s</a> |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)'s</a> |
<em>ConnectTimeout</em> option is now applied to both the TCP |
<em>ConnectTimeout</em> option is now applied to both the TCP |
connection and the SSH banner exchange (previously it just covered |
connection and the SSH banner exchange (previously it just covered |
|
|
to better detect |
to better detect |
and deal with stuck servers that accept a TCP connection but don't |
and deal with stuck servers that accept a TCP connection but don't |
progress the protocol, and also makes <em>ConnectTimeout</em> useful for |
progress the protocol, and also makes <em>ConnectTimeout</em> useful for |
connections via a <em>ProxyCommand</em>.</li> |
connections via a <em>ProxyCommand</em>. |
<li>Many new regression tests, including interop tests against PuTTY's |
<li>Many new regression tests, including interop tests against PuTTY's |
plink.</li> |
plink. |
</ul></li> |
</ul> |
<li>The following significant bugs have been fixed in this release: |
<li>The following significant bugs have been fixed in this release: |
<ul> |
<ul> |
<li>SSH2_MSG_UNIMPLEMENTED packets did not correctly reset the client |
<li>SSH2_MSG_UNIMPLEMENTED packets did not correctly reset the client |
keepalive logic, causing disconnections on servers that did not |
keepalive logic, causing disconnections on servers that did not |
explicitly implement "keepalive@openssh.com".</li> |
explicitly implement "keepalive@openssh.com". |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
used the obsolete SIG DNS RRtype for host keys in DNS, |
used the obsolete SIG DNS RRtype for host keys in DNS, |
instead of the current standard RRSIG.</li> |
instead of the current standard RRSIG. |
<li>Correctly drain ACKs when a |
<li>Correctly drain ACKs when a |
<a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
<a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
upload write fails midway, |
upload write fails midway, |
avoids a fatal() exit from what should be a recoverable condition.</li> |
avoids a fatal() exit from what should be a recoverable condition. |
<li>Fixed packet size advertisements. Previously TCP and agent |
<li>Fixed packet size advertisements. Previously TCP and agent |
forwarding incorrectly advertised the channel window size as the |
forwarding incorrectly advertised the channel window size as the |
packet size, causing fatal errors under some conditions.</li> |
packet size, causing fatal errors under some conditions. |
<li><em>Many more bugfixes. Please refer to the |
<li><em>Many more bugfixes. Please refer to the |
<a href="https://www.openssh.com/txt/release-4.8">Release Notes</a>.</em> |
<a href="https://www.openssh.com/txt/release-4.8">Release Notes</a>.</em> |
</li> |
|
</ul></li> |
</ul> |
</ul> |
</ul> |
<p> |
<p> |
|
|