Return to 64.html CVS log | Up to [local] / www |
version 1.48, 2018/10/14 15:51:00 | version 1.49, 2018/10/14 15:53:25 | ||
---|---|---|---|
|
|
||
<li>OpenSSH 7.8 | <li>OpenSSH 7.8 | ||
<ul> | <ul> | ||
<li>New/changed features: | <li>New features: | ||
<ul> | <ul> | ||
<li> | <li>In most places in <a href="http://man.openbsd.org/ssh.1">ssh(1)</a> | ||
and <a href="http://man.openbsd.org/sshd.8">sshd(8)</a> where port | |||
numbers are used, service names (from /etc/services) can now be used. | |||
<li>The <a href="http://man.openbsd.org/ssh.1">ssh(1)</a> IdentityAgent | |||
configuration directive now accepts environment variable names. This | |||
supports the use of multiple agent sockets without needing to use | |||
fixed paths. | |||
<li>Support signalling sessions via the SSH protocol in | |||
<a href="http://man.openbsd.org/sshd.8">sshd(8)</a>. | |||
<li>"ssh -Q sig" can be used to list supported signature options. | |||
Also "ssh -Q help" will show the full set of supported queries. | |||
<li>The new CASignatureAlgorithms option in <a | |||
href="http://man.openbsd.org/ssh.1">ssh(1)</a> and <a | |||
href="http://man.openbsd.org/sshd.8">sshd(8)</a> controlls the allowed | |||
signature formats for CAs to sign certificates with. For example, this | |||
allows banning CAs that sign certificates using the RSA-SHA1 signature | |||
algorithm. | |||
<li>Key revocation lists (KRLs) can now contain keys specified by SHA256 | |||
hash. These lists are managed by <a | |||
href="http://man.openbsd.org/ssh-keygen.8">ssh-keygen(8)</a>. In | |||
addition, KRLs can now be created from base64-encoded SHA256 | |||
fingerprints, i.e. from only the information contained in <a | |||
href="http://man.openbsd.org/sshd.8">sshd(8)</a> authentication log | |||
messages. | |||
</ul> | </ul> | ||
</ul> | </ul> | ||
<p> | <p> |