===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/53.html,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- www/53.html 2013/02/22 16:23:22 1.36
+++ www/53.html 2013/02/24 12:27:41 1.37
@@ -195,12 +195,119 @@
- New features:
-
- - ...
+
- ssh(1)
+ and
+ sshd(8):
+ Added support for AES-GCM authenticated encryption in SSH protocol 2.
+ The new cipher is available as "aes128-gcm@openssh.com" and
+ "aes256-gcm@openssh.com". It uses an identical packet format to the
+ AES-GCM mode specified in RFC 5647, but uses simpler and different
+ selection rules during key exchange.
+
- ssh(1)
+ and
+ sshd(8):
+ Added support for encrypt-then-mac (EtM) MAC modes for SSH protocol 2.
+ These modes alter the packet format and compute the MAC over the
+ packet length and encrypted packet rather than over the plaintext
+ data. These modes are considered more secure and are used by default
+ when available.
+
- ssh(1)
+ and
+ sshd(8):
+ Added support for the UMAC-128 MAC as "umac-128@openssh.com" and
+ "umac-128-etm@openssh.com". The latter being an encrypt-then-mac mode.
+
- sshd(8):
+ Added support for multiple required authentication in SSH protocol 2
+ via an AuthenticationMethods option. This option lists one
+ or more comma-separated lists of authentication method names.
+ Successful completion of all the methods in any list is required for
+ authentication to complete. This allows, for example, requiring a
+ user having to authenticate via public key or GSSAPI before they are
+ offered password authentication.
+
- sshd(8)
+ and
+ ssh-keygen(1):
+ Added support for Key Revocation Lists (KRLs), a compact binary
+ format to represent lists of revoked keys and certificates that take
+ as little as one bit per certificate when revoking by serial number.
+ KRLs may be generated using
+ ssh-keygen(1)
+ and are loaded into
+ sshd(8)
+ via the existing RevokedKeys
+ sshd_config(5)
+ option.
+
- ssh(1):
+ IdentitiesOnly now applies to keys obtained from a
+ PKCS11Provider. This allows control of which keys are offered from
+ tokens using IdentityFile.
+
- sshd(8):
+ sshd_config(5)'s
+ AllowTcpForwarding now accepts "local" and "remote"
+ in addition to its previous "yes"/"no" keywords to
+ allow the server to specify whether just local or remote TCP
+ forwarding is enabled.
+
- sshd(8):
+ Added a
+ sshd_config(5)
+ option AuthorizedKeysCommand to support fetching
+ authorized_keys from a command in addition to (or instead of) from
+ the filesystem. The command is run under an account specified by an
+ AuthorizedKeysCommandUser
+ sshd_config(5)
+ option.
+
- sftp-server(8):
+ Now supports a -d option to allow the starting directory to
+ be something other than the user's home directory.
+
- ssh-keygen(1):
+ Now allows fingerprinting of keys hosted in PKCS#11 tokens using
+ "ssh-keygen -lD pkcs11_provider".
+
- ssh(1):
+ When SSH protocol 2 only is selected (the default),
+ ssh(1)
+ now immediately sends its SSH protocol banner to the server without
+ waiting to receive the server's banner, saving time when connecting.
+
- ssh(1)
+ Added ~v and ~V escape sequences to raise and lower
+ the logging level respectively.
+
- ssh(1)
+ Made the escape command help (~?) context sensitive so that
+ only commands that will work in the current session are shown.
+
- ssh-keygen(1):
+ When deleting host lines from known_hosts using "ssh-keygen -R host",
+ ssh-keygen(1)
+ now prints details of which lines were removed.
- The following significant bugs have been fixed in this release:
- - ...
+
- ssh(1):
+ Force a clean shutdown of ControlMaster client sessions when the
+ ~. escape sequence is used. This means that ~.
+ should now work in mux clients even if the server is no longer
+ responding.
+
- ssh(1):
+ Correctly detect errors during local TCP forward setup in multiplexed
+ clients. (bz#2055)
+
- ssh-add(1):
+ Made deleting explicit keys "ssh-add -d" symmetric with adding keys
+ with respect to certificates. It now tries to delete the
+ corresponding certificate and respects the -k option to
+ allow deleting of the key only.
+
- sftp(1):
+ Fix a number of parsing and command-editing bugs, including bz#1956.
+
- ssh(1):
+ When muxmaster is run with -N, ensured that it shuts down
+ gracefully when a client sends it "-O stop" rather than hanging
+ around. (bz#1985)
+
- ssh-keygen(1):
+ When screening moduli candidates, append to the file rather than
+ overwriting to allow resumption. (bz#1957)
+
- ssh(1):
+ Record "Received disconnect" messages at ERROR rather than INFO
+ priority. (bz#2057)
+
- ssh(1):
+ Loudly warn if explicitly-provided private key is unreadable.
+ (bz#1981)
@@ -683,7 +790,7 @@
alt="OpenBSD">
www@openbsd.org
-$OpenBSD: 53.html,v 1.36 2013/02/22 16:23:22 brad Exp $
+$OpenBSD: 53.html,v 1.37 2013/02/24 12:27:41 sobrado Exp $