www/50.html - diff

Return to 50.html CVS log

Up to [local] / www

Diff for /www/50.html between version 1.4 and 1.5

-version 1.4, 2011/10/30 16:24:42
+version 1.5, 2011/10/31 22:14:10
 Line 236
 Line 236
 Line 236
      </ul>
  <p>
- <li>OpenSSH 6.0:
+ <li>OpenSSH 5.9:
      <ul>
      <li>New features:
        <ul>
-       <li>Allow cancellation of port forwardings via the multiplexing socket
+       <li>Introduce sandboxing of the pre-auth privsep child using an optional
-         (e.g. "ssh -O cancel -R 2222:127.0.0.1:22 user@host")
+         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
-       <li>Add wildcard support to PermitOpen (e.g. "PermitOpen localhost:*")
+         "UsePrivilegeSeparation=sandbox" mode that enables mandatory
-       <li>A new "ssh-add -k" option to load only plain keys and not
+         restrictions on the syscalls the privsep child can perform.
-         certificates into the agent.
+       <li>Add new SHA256-based HMAC transport integrity modes from
-       <li>ssh-add now supports loading keys from stdin ("program | ssh-add -")
+         http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
-       <li>Allow graceful shutdown of the multiplexing socket (stop listening,
+         These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
-         but don't interrupt existing connections), using "ssh -O stop".
+         and hmac-sha2-512-96, and are available by default in
-       <li>"ssh-keygen -A" will now automatically generate host keys of every
+         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
-         supported type
+         and
-       <li>Deprecated GlobalKnownHostsFile2, UserKnownHostsFile2 and
+         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>.
-         AuthorizedKeysFile2 options.  Instead, the corresponding
+       <li>The pre-authentication
-         GlobalKnownHostsFile UserKnownHostsFile and AuthorizedKeysFile
+         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>
-         options now all accept multiple arguments.
+         privilege separation slave process now logs via a socket shared with
-       <li>Add a RequestTTY option to ssh(1) to allow control over TTY
+         the master process, avoiding the need to maintain /dev/log inside the
-         requests similar to the -t/-tt/-T commandline options.
+         chroot.
-       <li>ssh_config(5) now supports negated host matching. E.g.
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
-         "Host *.example.org !c.example.org" will match "a.example.org",
+         now warns when a server refuses X11 forwarding.
-         "b.example.org", but not "c.example.org"
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>'s
-       <li>Add experimental systrace(4) sandboxing of pre-auth sshd(8),
+         AuthorizedKeysFile now accepts multiple paths, separated by whitespace.
-         enabled using "UsePrivilegeSeparation=sandbox".
+         The undocumented AuthorizedKeysFile2 option is deprecated (though the
-       <li>Add new SHA-2 based HMAC modes for the SSH transport layer from
+         default for AuthorizedKeysFile includes .ssh/authorized_keys2).
-         http://tools.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>:
+         similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by
+         making UserKnownHostsFile and GlobalKnownHostsFile accept multiple
+         options and default to include known_hosts2.
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>'s
+         ControlPath option now expands %L to the host portion of the
+         destination host name.
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>
+         "Host" options now support negated Host matching.
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd_config&sektion=5">sshd_config(5)</a>:
+         a new RequestTTY option provides control over when a TTY is requested
+         for a connection, similar to the existing -t/-tt/-T
+         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
+         commandline options.
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1">ssh-keygen(1)</a>:
+         Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for
+         which host keys do not exist, generate the host keys with the default
+         key file path, an empty passphrase, default bits for the key type, and
+         default comment. This is useful for system initialisation scripts.
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
+         Allow graceful shutdown of multiplexing: request that a mux server
+         removes its listener socket and refuse future multiplexing requests but
+         don't kill existing connections. This may be requested using
+         "ssh -O stop ...".
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1">ssh-add(1)</a>:
+         now accepts keys piped from standard input.
        </ul>
      <li>The following significant bugs have been fixed in this release:
        <ul>
-       <li>Fix hostbased authentication for hosts using ECDSA keys.
+       <li>Retain key comments when loading v.2 keys. These will be visible in
-       <li>Fix corruption of file information in sftp(1)'s ls display.
+         "ssh-add -l" and other places. (bz#439)
-       <li>Fix remote portforwarding with dynamically allocated listen ports.
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>
+         and
+         <a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
+         set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). (bz#1855)
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8">sshd(8)</a>:
+         allow GSSAPI authentication to detect when a server-side failure causes
+         authentication failure and don't count such failures against
+         MaxAuthTries. (bz#1244)
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keysign&sektion=8">ssh-keysign(8)</a>:
+         now signs hostbased authentication challenges correctly using ECDSA
+         keys. (bz#1858)
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=sftp&sektion=1">sftp(1)</a>:
+         document that sftp accepts square brackets to delimit addresses
+         (useful for IPv6). (bz#1847a)
+       <li><a href="http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1">ssh(1)</a>:
+         when using session multiplexing, the master process will change its
+         process title to reflect the control path in use and when a
+         ControlPersist-ed master is waiting to close. (bz#1883 and bz#1911)
+       <li>Other minor bugs fixed: (bz#1849, bz#1861, bz#1862, bz#1869, bz#1875,
+         bz#1878, bz#1879, bz#1892, bz#1900, bz#1905, and bz#1913)
        </ul>
      </ul>
  <p>