Portable OpenSSH 2.5.2p2 is now available from the mirror sites listed at http://www.openssh.com/portable.html Security related changes: Improved countermeasure against "Passive Analysis of SSH (Secure Shell) Traffic" http://openwall.com/advisories/OW-003-ssh-traffic-analysis.txt The countermeasures introduced in earlier OpenSSH-2.5.x versions caused interoperability problems with some other implementations. Improved countermeasure against "SSH protocol 1.5 session key recovery vulnerability" http://www.core-sdi.com/advisories/ssh1_sessionkey_recovery.htm New options: permitopen authorized_keys option to restrict portforwarding. PreferredAuthentications allows client to specify the order in which authentication methods are tried. Sftp: sftp client supports globbing (get *, put *). Support for sftp protocol v3 (draft-ietf-secsh-filexfer-01.txt). Batch file (-b) support for automated transfers Performance: Speedup DH exchange. OpenSSH should now be significantly faster when connecting use SSH protocol 2. Preferred SSH protocol 2 cipher is AES with hmac-md5. AES offers much faster throughput in a well scrutinised cipher. Bugfixes: stderr handling fixes in SSH protocol 2. Improved interoperability. Client: The client no longer asks for the the passphrase if the key will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK) Miscellaneous: scp should now work for files > 2GB ssh-keygen can now generate fingerprints in the "bubble babble" format for exchanging fingerprints with SSH.COM's SSH protocol 2 implementation. Portable version: Better support for the PRNGd[1] entropy collection daemon. The --with-egd-pool configure option has been deprecated in favour of --with-prngd-socket and the new --with-prngd-port options. The latter allows collection of entropy from a localhost socket. configure ensures that scp is in the $PATH set by the server (unless a custom path is specified). -d [1] http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/prngd.html