OpenBSD Journal

OpenSSH 3.0 released

Contributed by Dengue on from the New-fishy-fish dept.

Auguste Personage writes : " markus@ announced OpenSSH 3.0. This release contains portability fixes and interesting new features too numerous to mention. The announcement notes Smartcard support in the ssh client and agent, based on research at University of Michigan CITI ."
  • SSH v2 is now the default protocol.
  • Usage of known_hosts2/authorized_keys2 is deprecated.
  • The CheckMail option is deprecated.
  • X11 cookies are now stored in $HOME.
For completeness, I have included markus@ original message below:


Subject: OpenSSH 3.0
   Date: Tue, 6 Nov 2001 22:48:41 +0100
   From: Markus Friedl

     To: openssh-unix-announce@mindrot.org,
         openssh-unix-dev@mindrot.org
     CC: lwn@lwn.net, announce@openbsd.org,
	 misc@openbsd.org, dengue@deadly.org




OpenSSH 3.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).

We would like to thank the OpenSSH community for their continued
support and encouragement.

Important Changes:
==================

1) SSH protocol v2 is now the default protocol version

        use the 'Protocol' option from ssh(1) and sshd(8) if
        you need to change this.

2) The files
        /etc/ssh_known_hosts2
        ~/.ssh/known_hosts2
        ~/.ssh/authorized_keys2
   are now obsolete, you can use
        /etc/ssh_known_hosts
        ~/.ssh/known_hosts
        ~/.ssh/authorized_keys
   For backward compatibility ~/.ssh/authorized_keys2 will still used for
   authentication and hostkeys are still read from the known_hosts2.
   However, those deprecated files are considered 'readonly'.  Future
   releases are likely not to read these files.

3) The CheckMail option in sshd_config is deprecated, as sshd(8) no longer
   checks for new mail.

4) X11 cookies are now stored in $HOME.

New Features:
=============

1) Smartcard support in the ssh client and agent based on work by
   University of Michigan CITI (http://www.citi.umich.edu/projects/smartcard/).

2) support for Rekeying in protocol version 2

3) improved Kerberos support in protocol v1 (KerbIV and KerbV)

4) backward compatibility with older commercial SSH versions >= 2.0.10

5) getopt(3) is now used by all programs

6) dynamic forwarding (use ssh(1) as your socks server)

7) ClearAllForwardings in ssh(1)

8) ssh(1) now checks the hostkey for localhost (NoHostAuthenticationForLocalhost yes/no).

9) -F option in ssh(1)

10) ssh(1) now has a '-b bindaddress' option

11) scp(1) allows "scp /file localhost:/file"

12) The AuthorizedKeysFile option allows specification of alternative
    files that contain the public keys that can be used for user authentication
    (e.g. /etc/ssh_keys/%u, see sshd(8))

13) extended AllowUsers user@host syntax in sshd(8)

14) improved challenge-response support (especially for systems supporting BSD_AUTH)

15) sshd(8) can specify time args as 1h, 2h30s etc.

16) sshd(8) transmits the correct exit status for remote execution with protocol version 2.

17) ssh-keygen(1) can import private RSA/DSA keys generated with the commercial version

18) ssh-keyscan(1) supports protocol version 2

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.

(Comments are closed)


Comments
  1. By Cabal () on

    I really liked it, every other form of login I've come across launches something similar on login. That's a shame.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]