===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/53.html,v
retrieving revision 1.36
retrieving revision 1.37
diff -c -r1.36 -r1.37
*** www/53.html 2013/02/22 16:23:22 1.36
--- www/53.html 2013/02/24 12:27:41 1.37
***************
*** 195,206 ****
- New features:
- The following significant bugs have been fixed in this release:
--- 195,313 ----
- New features:
! - ssh(1)
! and
! sshd(8):
! Added support for AES-GCM authenticated encryption in SSH protocol 2.
! The new cipher is available as "aes128-gcm@openssh.com" and
! "aes256-gcm@openssh.com". It uses an identical packet format to the
! AES-GCM mode specified in RFC 5647, but uses simpler and different
! selection rules during key exchange.
!
- ssh(1)
! and
! sshd(8):
! Added support for encrypt-then-mac (EtM) MAC modes for SSH protocol 2.
! These modes alter the packet format and compute the MAC over the
! packet length and encrypted packet rather than over the plaintext
! data. These modes are considered more secure and are used by default
! when available.
!
- ssh(1)
! and
! sshd(8):
! Added support for the UMAC-128 MAC as "umac-128@openssh.com" and
! "umac-128-etm@openssh.com". The latter being an encrypt-then-mac mode.
!
- sshd(8):
! Added support for multiple required authentication in SSH protocol 2
! via an AuthenticationMethods option. This option lists one
! or more comma-separated lists of authentication method names.
! Successful completion of all the methods in any list is required for
! authentication to complete. This allows, for example, requiring a
! user having to authenticate via public key or GSSAPI before they are
! offered password authentication.
!
- sshd(8)
! and
! ssh-keygen(1):
! Added support for Key Revocation Lists (KRLs), a compact binary
! format to represent lists of revoked keys and certificates that take
! as little as one bit per certificate when revoking by serial number.
! KRLs may be generated using
! ssh-keygen(1)
! and are loaded into
! sshd(8)
! via the existing RevokedKeys
! sshd_config(5)
! option.
!
- ssh(1):
! IdentitiesOnly now applies to keys obtained from a
! PKCS11Provider. This allows control of which keys are offered from
! tokens using IdentityFile.
!
- sshd(8):
! sshd_config(5)'s
! AllowTcpForwarding now accepts "local" and "remote"
! in addition to its previous "yes"/"no" keywords to
! allow the server to specify whether just local or remote TCP
! forwarding is enabled.
!
- sshd(8):
! Added a
! sshd_config(5)
! option AuthorizedKeysCommand to support fetching
! authorized_keys from a command in addition to (or instead of) from
! the filesystem. The command is run under an account specified by an
! AuthorizedKeysCommandUser
! sshd_config(5)
! option.
!
- sftp-server(8):
! Now supports a -d option to allow the starting directory to
! be something other than the user's home directory.
!
- ssh-keygen(1):
! Now allows fingerprinting of keys hosted in PKCS#11 tokens using
! "ssh-keygen -lD pkcs11_provider".
!
- ssh(1):
! When SSH protocol 2 only is selected (the default),
! ssh(1)
! now immediately sends its SSH protocol banner to the server without
! waiting to receive the server's banner, saving time when connecting.
!
- ssh(1)
! Added ~v and ~V escape sequences to raise and lower
! the logging level respectively.
!
- ssh(1)
! Made the escape command help (~?) context sensitive so that
! only commands that will work in the current session are shown.
!
- ssh-keygen(1):
! When deleting host lines from known_hosts using "ssh-keygen -R host",
! ssh-keygen(1)
! now prints details of which lines were removed.
- The following significant bugs have been fixed in this release:
! - ssh(1):
! Force a clean shutdown of ControlMaster client sessions when the
! ~. escape sequence is used. This means that ~.
! should now work in mux clients even if the server is no longer
! responding.
!
- ssh(1):
! Correctly detect errors during local TCP forward setup in multiplexed
! clients. (bz#2055)
!
- ssh-add(1):
! Made deleting explicit keys "ssh-add -d" symmetric with adding keys
! with respect to certificates. It now tries to delete the
! corresponding certificate and respects the -k option to
! allow deleting of the key only.
!
- sftp(1):
! Fix a number of parsing and command-editing bugs, including bz#1956.
!
- ssh(1):
! When muxmaster is run with -N, ensured that it shuts down
! gracefully when a client sends it "-O stop" rather than hanging
! around. (bz#1985)
!
- ssh-keygen(1):
! When screening moduli candidates, append to the file rather than
! overwriting to allow resumption. (bz#1957)
!
- ssh(1):
! Record "Received disconnect" messages at ERROR rather than INFO
! priority. (bz#2057)
!
- ssh(1):
! Loudly warn if explicitly-provided private key is unreadable.
! (bz#1981)
***************
*** 683,689 ****
alt="OpenBSD">
www@openbsd.org
! $OpenBSD: 53.html,v 1.36 2013/02/22 16:23:22 brad Exp $