| version 1.11, 2023/10/10 21:33:54 |
version 1.12, 2023/10/10 21:40:23 |
|
|
| </ul> |
</ul> |
| </ul> |
</ul> |
| |
|
| <li>OpenSSH XXX.YYY |
<li>OpenSSH 9.5 |
| <ul> |
<ul> |
| <li>Security |
<li>Potentially incompatible changes |
| <ul> |
<ul> |
| <li>... |
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>: |
| |
generate Ed25519 keys by default. Ed25519 public keys |
| |
are very convenient due to their small size. Ed25519 keys are |
| |
specified in RFC 8709 and OpenSSH has supported them since version 6.5 |
| |
(January 2014). |
| |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
| |
the Subsystem directive now accurately preserves quoting of |
| |
subsystem commands and arguments. This may change behaviour for exotic |
| |
configurations, but the most common subsystem configuration |
| |
(sftp-server) is unlikely to be affected. |
| </ul> |
</ul> |
| <li>Potentially-incompatible changes |
<li>New features |
| <ul> |
<ul> |
| <li>... |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
| |
add keystroke timing obfuscation to the client. This attempts |
| |
to hide inter-keystroke timings by sending interactive traffic at |
| |
fixed intervals (default: every 20ms) when there is only a small |
| |
amount of data being sent. It also sends fake "chaff" keystrokes for |
| |
a random interval after the last real keystroke. These are |
| |
controlled by a new ssh_config ObscureKeystrokeTiming keyword. |
| |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, |
| |
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
| |
Introduce a transport-level ping facility. This adds |
| |
a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to |
| |
implement a ping capability. These messages use numbers in the "local |
| |
extensions" number space and are advertised using a "ping@openssh.com" |
| |
ext-info message with a string version number of "0". |
| |
<li>sshd(8): allow override of Subsystem directives in sshd Match blocks. |
| </ul> |
</ul> |
| <li>Bugfixes |
<li>Bugfixes |
| <ul> |
<ul> |
| <li>... |
<li><a href="https://man.openbsd.org/scp.1">scp(1)</a>: |
| |
fix scp in SFTP mode recursive upload and download of |
| |
directories that contain symlinks to other directories. In scp mode, |
| |
the links would be followed, but in SFTP mode they were not. |
| |
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>: |
| |
handle cr+lf (instead of just cr) line endings in |
| |
sshsig signature files. |
| |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: |
| |
interactive mode for ControlPersist sessions if they |
| |
originally requested a tty. |
| |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
| |
make PerSourceMaxStartups first-match-wins |
| |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
| |
limit artificial login delay to a reasonable maximum (5s) |
| |
and don't delay at all for the "none" authentication mechanism. |
| |
<li>sshd(8): Log errors in kex_exchange_identification() with level |
| |
verbose instead of error to reduce preauth log spam. All of those |
| |
get logged with a more generic error message by sshpkt_fatal(). |
| |
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: |
| |
correct math for ClientAliveInterval that caused the probes |
| |
to be sent less frequently than configured. |
| |
<li>fix regression in OpenSSH 9.4 (mux.c r1.99) that caused |
| |
multiplexed sessions to ignore SIGINT under some circumstances. |
| </ul> |
</ul> |
| </ul> |
</ul> |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to 74.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www