=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/50.html,v retrieving revision 1.4 retrieving revision 1.5 diff -c -r1.4 -r1.5 *** www/50.html 2011/10/30 16:24:42 1.4 --- www/50.html 2011/10/31 22:14:10 1.5 *************** *** 236,274 ****

OpenSSH 6.0:

New features:
- Allow cancellation of port forwardings via the multiplexing socket ! (e.g. "ssh -O cancel -R 2222:127.0.0.1:22 user@host") !
- Add wildcard support to PermitOpen (e.g. "PermitOpen localhost:*") !
- A new "ssh-add -k" option to load only plain keys and not ! certificates into the agent. !
- ssh-add now supports loading keys from stdin ("program | ssh-add -") !
- Allow graceful shutdown of the multiplexing socket (stop listening, ! but don't interrupt existing connections), using "ssh -O stop". !
- "ssh-keygen -A" will now automatically generate host keys of every ! supported type !
- Deprecated GlobalKnownHostsFile2, UserKnownHostsFile2 and ! AuthorizedKeysFile2 options. Instead, the corresponding ! GlobalKnownHostsFile UserKnownHostsFile and AuthorizedKeysFile ! options now all accept multiple arguments. !
- Add a RequestTTY option to ssh(1) to allow control over TTY ! requests similar to the -t/-tt/-T commandline options. !
- ssh_config(5) now supports negated host matching. E.g. ! "Host *.example.org !c.example.org" will match "a.example.org", ! "b.example.org", but not "c.example.org" !
- Add experimental systrace(4) sandboxing of pre-auth sshd(8), ! enabled using "UsePrivilegeSeparation=sandbox". !
- Add new SHA-2 based HMAC modes for the SSH transport layer from ! http://tools.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt
The following significant bugs have been fixed in this release:
- Fix hostbased authentication for hosts using ECDSA keys. !
- Fix corruption of file information in sftp(1)'s ls display. !
- Fix remote portforwarding with dynamically allocated listen ports.

--- 236,318 ----

OpenSSH 5.9:

New features:
- Introduce sandboxing of the pre-auth privsep child using an optional ! sshd_config(5) ! "UsePrivilegeSeparation=sandbox" mode that enables mandatory ! restrictions on the syscalls the privsep child can perform. !
- Add new SHA256-based HMAC transport integrity modes from ! http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt ! These modes are hmac-sha2-256, hmac-sha2-256-96, hmac-sha2-512, ! and hmac-sha2-512-96, and are available by default in ! ssh(1) ! and ! sshd(8). !
- The pre-authentication ! sshd(8) ! privilege separation slave process now logs via a socket shared with ! the master process, avoiding the need to maintain /dev/log inside the ! chroot. !
- ssh(1) ! now warns when a server refuses X11 forwarding. !
- sshd_config(5)'s ! AuthorizedKeysFile now accepts multiple paths, separated by whitespace. ! The undocumented AuthorizedKeysFile2 option is deprecated (though the ! default for AuthorizedKeysFile includes .ssh/authorized_keys2). !
- sshd_config(5): ! similarly deprecate UserKnownHostsFile2 and GlobalKnownHostsFile2 by ! making UserKnownHostsFile and GlobalKnownHostsFile accept multiple ! options and default to include known_hosts2. !
- sshd_config(5)'s ! ControlPath option now expands %L to the host portion of the ! destination host name. !
- sshd_config(5) ! "Host" options now support negated Host matching. !
- sshd_config(5): ! a new RequestTTY option provides control over when a TTY is requested ! for a connection, similar to the existing -t/-tt/-T ! ssh(1) ! commandline options. !
- ssh-keygen(1): ! Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for ! which host keys do not exist, generate the host keys with the default ! key file path, an empty passphrase, default bits for the key type, and ! default comment. This is useful for system initialisation scripts. !
- ssh(1): ! Allow graceful shutdown of multiplexing: request that a mux server ! removes its listener socket and refuse future multiplexing requests but ! don't kill existing connections. This may be requested using ! "ssh -O stop ...". !
- ssh-add(1): ! now accepts keys piped from standard input.
The following significant bugs have been fixed in this release:
- Retain key comments when loading v.2 keys. These will be visible in ! "ssh-add -l" and other places. (bz#439) !
- ssh(1) ! and ! sshd(8): ! set IPv6 traffic class from IPQoS (as well as IPv4 ToS/DSCP). (bz#1855) !
- sshd(8): ! allow GSSAPI authentication to detect when a server-side failure causes ! authentication failure and don't count such failures against ! MaxAuthTries. (bz#1244) !
- ssh-keysign(8): ! now signs hostbased authentication challenges correctly using ECDSA ! keys. (bz#1858) !
- sftp(1): ! document that sftp accepts square brackets to delimit addresses ! (useful for IPv6). (bz#1847a) !
- ssh(1): ! when using session multiplexing, the master process will change its ! process title to reflect the control path in use and when a ! ControlPersist-ed master is waiting to close. (bz#1883 and bz#1911) !
- Other minor bugs fixed: (bz#1849, bz#1861, bz#1862, bz#1869, bz#1875, ! bz#1878, bz#1879, bz#1892, bz#1900, bz#1905, and bz#1913)

*************** *** 725,731 **** alt="OpenBSD"> www@openbsd.org
! $OpenBSD: 50.html,v 1.4 2011/10/30 16:24:42 nick Exp $ --- 769,775 ---- alt="OpenBSD"> www@openbsd.org
! $OpenBSD: 50.html,v 1.5 2011/10/31 22:14:10 djm Exp $