version 1.49, 2018/10/14 15:53:25 |
version 1.50, 2018/10/14 15:55:39 |
|
|
<ul> |
<ul> |
<li>New features: |
<li>New features: |
<ul> |
<ul> |
<li>In most places in <a href="http://man.openbsd.org/ssh.1">ssh(1)</a> |
<li>In most places |
and <a href="http://man.openbsd.org/sshd.8">sshd(8)</a> where port |
in <a href="http://man.openbsd.org/ssh.1">ssh(1)</a> |
numbers are used, service names (from /etc/services) can now be used. |
and <a href="http://man.openbsd.org/sshd.8">sshd(8)</a> where |
<li>The <a href="http://man.openbsd.org/ssh.1">ssh(1)</a> IdentityAgent |
port numbers are used, service names (from /etc/services) can |
configuration directive now accepts environment variable names. This |
now be used. |
supports the use of multiple agent sockets without needing to use |
<li>The <a href="http://man.openbsd.org/ssh.1">ssh(1)</a> |
fixed paths. |
IdentityAgent configuration directive now accepts environment |
|
variable names. This supports the use of multiple agent |
|
sockets without needing to use fixed paths. |
<li>Support signalling sessions via the SSH protocol in |
<li>Support signalling sessions via the SSH protocol in |
<a href="http://man.openbsd.org/sshd.8">sshd(8)</a>. |
<a href="http://man.openbsd.org/sshd.8">sshd(8)</a>. |
<li>"ssh -Q sig" can be used to list supported signature options. |
<li>"ssh -Q sig" can be used to list supported signature |
Also "ssh -Q help" will show the full set of supported queries. |
options. Also "ssh -Q help" will show the full set of |
<li>The new CASignatureAlgorithms option in <a |
supported queries. |
href="http://man.openbsd.org/ssh.1">ssh(1)</a> and <a |
<li>The new CASignatureAlgorithms option |
href="http://man.openbsd.org/sshd.8">sshd(8)</a> controlls the allowed |
in <a href="http://man.openbsd.org/ssh.1">ssh(1)</a> |
signature formats for CAs to sign certificates with. For example, this |
and <a href="http://man.openbsd.org/sshd.8">sshd(8)</a> |
allows banning CAs that sign certificates using the RSA-SHA1 signature |
controlls the allowed signature formats for CAs to sign |
algorithm. |
certificates with. For example, this allows banning CAs that |
<li>Key revocation lists (KRLs) can now contain keys specified by SHA256 |
sign certificates using the RSA-SHA1 signature algorithm. |
hash. These lists are managed by <a |
<li>Key revocation lists (KRLs) can now contain keys specified |
href="http://man.openbsd.org/ssh-keygen.8">ssh-keygen(8)</a>. In |
by SHA256 hash. These lists are managed |
|
by <a href="http://man.openbsd.org/ssh-keygen.8">ssh-keygen(8)</a>. In |
addition, KRLs can now be created from base64-encoded SHA256 |
addition, KRLs can now be created from base64-encoded SHA256 |
fingerprints, i.e. from only the information contained in <a |
fingerprints, i.e. from only the information contained |
href="http://man.openbsd.org/sshd.8">sshd(8)</a> authentication log |
in <a href="http://man.openbsd.org/sshd.8">sshd(8)</a> |
messages. |
authentication log messages. |
</ul> |
</ul> |
</ul> |
</ul> |
<p> |
<p> |