===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/50.html,v
retrieving revision 1.4
retrieving revision 1.5
diff -c -r1.4 -r1.5
*** www/50.html 2011/10/30 16:24:42 1.4
--- www/50.html 2011/10/31 22:14:10 1.5
***************
*** 236,274 ****
!
OpenSSH 6.0:
- New features:
! - Allow cancellation of port forwardings via the multiplexing socket
! (e.g. "ssh -O cancel -R 2222:127.0.0.1:22 user@host")
!
- Add wildcard support to PermitOpen (e.g. "PermitOpen localhost:*")
!
- A new "ssh-add -k" option to load only plain keys and not
! certificates into the agent.
!
- ssh-add now supports loading keys from stdin ("program | ssh-add -")
!
- Allow graceful shutdown of the multiplexing socket (stop listening,
! but don't interrupt existing connections), using "ssh -O stop".
!
- "ssh-keygen -A" will now automatically generate host keys of every
! supported type
!
- Deprecated GlobalKnownHostsFile2, UserKnownHostsFile2 and
! AuthorizedKeysFile2 options. Instead, the corresponding
! GlobalKnownHostsFile UserKnownHostsFile and AuthorizedKeysFile
! options now all accept multiple arguments.
!
- Add a RequestTTY option to ssh(1) to allow control over TTY
! requests similar to the -t/-tt/-T commandline options.
!
- ssh_config(5) now supports negated host matching. E.g.
! "Host *.example.org !c.example.org" will match "a.example.org",
! "b.example.org", but not "c.example.org"
!
- Add experimental systrace(4) sandboxing of pre-auth sshd(8),
! enabled using "UsePrivilegeSeparation=sandbox".
!
- Add new SHA-2 based HMAC modes for the SSH transport layer from
! http://tools.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
- The following significant bugs have been fixed in this release:
! - Fix hostbased authentication for hosts using ECDSA keys.
!
- Fix corruption of file information in sftp(1)'s ls display.
!
- Fix remote portforwarding with dynamically allocated listen ports.
--- 236,318 ----
!
OpenSSH 5.9:
- New features:
! - Introduce sandboxing of the pre-auth privsep child using an optional
! sshd_config(5)
! "UsePrivilegeSeparation=sandbox" mode that enables mandatory
! restrictions on the syscalls the privsep child can perform.
!
- Add new SHA256-based HMAC transport integrity modes from
! http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
! These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512,
! and hmac-sha2-512-96, and are available by default in
! ssh(1)
! and
! sshd(8).
!
- The pre-authentication
! sshd(8)
! privilege separation slave process now logs via a socket shared with
! the master process, avoiding the need to maintain /dev/log inside the
! chroot.
!
- ssh(1)
! now warns when a server refuses X11 forwarding.
!
- sshd_config(5)'s
! AuthorizedKeysFile now accepts multiple paths, separated by whitespace.
! The undocumented AuthorizedKeysFile2 option is deprecated (though the
! default for AuthorizedKeysFile includes .ssh/authorized_keys2).
!
- sshd_config(5):
! similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by
! making UserKnownHostsFile and GlobalKnownHostsFile accept multiple
! options and default to include known_hosts2.
!
- sshd_config(5)'s
! ControlPath option now expands %L to the host portion of the
! destination host name.
!
- sshd_config(5)
! "Host" options now support negated Host matching.
!
- sshd_config(5):
! a new RequestTTY option provides control over when a TTY is requested
! for a connection, similar to the existing -t/-tt/-T
! ssh(1)
! commandline options.
!
- ssh-keygen(1):
! Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for
! which host keys do not exist, generate the host keys with the default
! key file path, an empty passphrase, default bits for the key type, and
! default comment. This is useful for system initialisation scripts.
!
- ssh(1):
! Allow graceful shutdown of multiplexing: request that a mux server
! removes its listener socket and refuse future multiplexing requests but
! don't kill existing connections. This may be requested using
! "ssh -O stop ...".
!
- ssh-add(1):
! now accepts keys piped from standard input.
- The following significant bugs have been fixed in this release:
! - Retain key comments when loading v.2 keys. These will be visible in
! "ssh-add -l" and other places. (bz#439)
!
- ssh(1)
! and
! sshd(8):
! set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). (bz#1855)
!
- sshd(8):
! allow GSSAPI authentication to detect when a server-side failure causes
! authentication failure and don't count such failures against
! MaxAuthTries. (bz#1244)
!
- ssh-keysign(8):
! now signs hostbased authentication challenges correctly using ECDSA
! keys. (bz#1858)
!
- sftp(1):
! document that sftp accepts square brackets to delimit addresses
! (useful for IPv6). (bz#1847a)
!
- ssh(1):
! when using session multiplexing, the master process will change its
! process title to reflect the control path in use and when a
! ControlPersist-ed master is waiting to close. (bz#1883 and bz#1911)
!
- Other minor bugs fixed: (bz#1849, bz#1861, bz#1862, bz#1869, bz#1875,
! bz#1878, bz#1879, bz#1892, bz#1900, bz#1905, and bz#1913)
***************
*** 725,731 ****
alt="OpenBSD">
www@openbsd.org
! $OpenBSD: 50.html,v 1.4 2011/10/30 16:24:42 nick Exp $