=================================================================== RCS file: /cvsrepo/anoncvs/cvs/www/53.html,v retrieving revision 1.36 retrieving revision 1.37 diff -c -r1.36 -r1.37 *** www/53.html 2013/02/22 16:23:22 1.36 --- www/53.html 2013/02/24 12:27:41 1.37 *************** *** 195,206 ****

New features:
- ...
The following significant bugs have been fixed in this release:
- ...

--- 195,313 ----

New features:
- ssh(1) ! and ! sshd(8): ! Added support for AES-GCM authenticated encryption in SSH protocol 2. ! The new cipher is available as "aes128-gcm@openssh.com" and ! "aes256-gcm@openssh.com". It uses an identical packet format to the ! AES-GCM mode specified in RFC 5647, but uses simpler and different ! selection rules during key exchange. !
- ssh(1) ! and ! sshd(8): ! Added support for encrypt-then-mac (EtM) MAC modes for SSH protocol 2. ! These modes alter the packet format and compute the MAC over the ! packet length and encrypted packet rather than over the plaintext ! data. These modes are considered more secure and are used by default ! when available. !
- ssh(1) ! and ! sshd(8): ! Added support for the UMAC-128 MAC as "umac-128@openssh.com" and ! "umac-128-etm@openssh.com". The latter being an encrypt-then-mac mode. !
- sshd(8): ! Added support for multiple required authentication in SSH protocol 2 ! via an AuthenticationMethods option. This option lists one ! or more comma-separated lists of authentication method names. ! Successful completion of all the methods in any list is required for ! authentication to complete. This allows, for example, requiring a ! user having to authenticate via public key or GSSAPI before they are ! offered password authentication. !
- sshd(8) ! and ! ssh-keygen(1): ! Added support for Key Revocation Lists (KRLs), a compact binary ! format to represent lists of revoked keys and certificates that take ! as little as one bit per certificate when revoking by serial number. ! KRLs may be generated using ! ssh-keygen(1) ! and are loaded into ! sshd(8) ! via the existing RevokedKeys ! sshd_config(5) ! option. !
- ssh(1): ! IdentitiesOnly now applies to keys obtained from a ! PKCS11Provider. This allows control of which keys are offered from ! tokens using IdentityFile. !
- sshd(8): ! sshd_config(5)'s ! AllowTcpForwarding now accepts "local" and "remote" ! in addition to its previous "yes"/"no" keywords to ! allow the server to specify whether just local or remote TCP ! forwarding is enabled. !
- sshd(8): ! Added a ! sshd_config(5) ! option AuthorizedKeysCommand to support fetching ! authorized_keys from a command in addition to (or instead of) from ! the filesystem. The command is run under an account specified by an ! AuthorizedKeysCommandUser ! sshd_config(5) ! option. !
- sftp-server(8): ! Now supports a -d option to allow the starting directory to ! be something other than the user's home directory. !
- ssh-keygen(1): ! Now allows fingerprinting of keys hosted in PKCS#11 tokens using ! "ssh-keygen -lD pkcs11_provider". !
- ssh(1): ! When SSH protocol 2 only is selected (the default), ! ssh(1) ! now immediately sends its SSH protocol banner to the server without ! waiting to receive the server's banner, saving time when connecting. !
- ssh(1) ! Added ~v and ~V escape sequences to raise and lower ! the logging level respectively. !
- ssh(1) ! Made the escape command help (~?) context sensitive so that ! only commands that will work in the current session are shown. !
- ssh-keygen(1): ! When deleting host lines from known_hosts using "ssh-keygen -R host", ! ssh-keygen(1) ! now prints details of which lines were removed.
The following significant bugs have been fixed in this release:
- ssh(1): ! Force a clean shutdown of ControlMaster client sessions when the ! ~. escape sequence is used. This means that ~. ! should now work in mux clients even if the server is no longer ! responding. !
- ssh(1): ! Correctly detect errors during local TCP forward setup in multiplexed ! clients. (bz#2055) !
- ssh-add(1): ! Made deleting explicit keys "ssh-add -d" symmetric with adding keys ! with respect to certificates. It now tries to delete the ! corresponding certificate and respects the -k option to ! allow deleting of the key only. !
- sftp(1): ! Fix a number of parsing and command-editing bugs, including bz#1956. !
- ssh(1): ! When muxmaster is run with -N, ensured that it shuts down ! gracefully when a client sends it "-O stop" rather than hanging ! around. (bz#1985) !
- ssh-keygen(1): ! When screening moduli candidates, append to the file rather than ! overwriting to allow resumption. (bz#1957) !
- ssh(1): ! Record "Received disconnect" messages at ERROR rather than INFO ! priority. (bz#2057) !
- ssh(1): ! Loudly warn if explicitly-provided private key is unreadable. ! (bz#1981)

*************** *** 683,689 **** alt="OpenBSD"> www@openbsd.org
! $OpenBSD: 53.html,v 1.36 2013/02/22 16:23:22 brad Exp $ --- 790,796 ---- alt="OpenBSD"> www@openbsd.org
! $OpenBSD: 53.html,v 1.37 2013/02/24 12:27:41 sobrado Exp $