OpenSSH 6.0 released

[Stauffenberg]

OpenSSH 6.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html


Changes since OpenSSH 5.9
=========================

This is primarily a bugfix release.

Features:

* ssh-keygen(1): Add optional checkpoints for moduli screening
* ssh-add(1): new -k option to load plain keys (skipping certificates)
* sshd(8): Add wildcard support to PermitOpen, allowing things like
"PermitOpen localhost:*". bz #1857
* ssh(1): support for cancelling local and remote port forwards via the
multiplex socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host"
to request the cancellation of the specified forwardings
* support cancellation of local/dynamic forwardings from ~C commandline

Bugfixes:

* ssh(1): ensure that $DISPLAY contains only valid characters before
using it to extract xauth data so that it can't be used to play local
shell metacharacter games.
* ssh(1): unbreak remote portforwarding with dynamic allocated listen ports
* scp(1): uppress adding '--' to remote commandlines when the first
argument does not start with '-'. saves breakage on some
difficult-to-upgrade embedded/router platforms
* ssh(1)/sshd(8): fix typo in IPQoS parsing: there is no "AF14" class,
but there is an "AF21" class
* ssh(1)/sshd(8): do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during
rekeying
* ssh(1): skip attempting to create ~/.ssh when -F is passed
* sshd(8): unbreak stdio forwarding when ControlPersist is in use; bz#1943
* sshd(1): send tty break to pty master instead of (probably already
closed) slave side; bz#1859
* sftp(1): silence error spam for "ls */foo" in directory with files;
bz#1683
* Fixed a number of memory and file descriptor leaks

Portable OpenSSH:

* Add a new privilege separation sandbox implementation for Linux's
new seccomp sandbox, automatically enabled on platforms that support
it. (Note: privilege separation sandboxing is still experimental)
* Fix compilation problems on FreeBSD, where libutil contained openpty()
but not login().
* ssh-keygen(1): don't fail in -A on platforms that don't support ECC
* Add optional support for LDNS, a BSD licensed DNS resolver library
which supports DNSSEC
* Relax OpenSSL version check to allow running OpenSSH binaries on
systems with OpenSSL libraries with a newer "fix" or "patch" level
than the binaries were originally compiled on (previous check only
allowed movement within "patch" releases). bz#1991
* Fix builds using contributed Redhat spec file. bz#1992

[Dmitry Shurupov]

В ночь на минувшее воскресенье было объявлено об очередном релизе популярнейшей свободной реализации протокола SSH — OpenSSH 6.0. Несмотря на крупное изменение номера версии (оно связано с принятым подходом к нумерации, когда за версией «[x].9» следует «[x+1].0»), в релизе OpenSSH 6.0 представлены незначительные изменения и исправления обнаруженных за последнее время проблем. Среди новшеств:

• в ssh-keygen(1) появились дополнительные контрольные точки (checkpoints) для экранирования модулей;
• в ssh-add(1) добавлена опция -k, позволяющая загружать ключи, пропуская сертификаты;
• в директиве PermitOpen в sshd(8) стали поддерживаться звездочки — например, «PermitOpen localhost:*»;
• в ssh(1) представлена поддержка отмены локального и удаленного проброса портов с помощью мультиплексированного сокета — например, «ssh -O cancel -L xx:xx:xx -R yy:yy:yy user at host»;
• в portable SSH добавлена реализация разделения привилегий по песочницам (появилась в OpenSSH 5.9) с помощью seccomp sandbox для Linux (по умолчанию включена).

оригинал на www.nixp.ru