设为首页 - 加入收藏 焦点技术网
热搜:java
当前位置:首页 >

OpenSSH 6.7 发布 开源ssh服务器软件

2016-04-01 09:49:42.0 java  
导读:本文Foundation给大家介绍 OpenSSH 6.7 发布 开源ssh服务器软件。OpenSSH(Open Secure Shell)是使用SSH透过计算机网络加密通讯的实现。它是取代由SSH Comm。。。

OpenSSH(Open Secure Shell)是使用SSH透过计算机网络加密通讯的实现。它是取代由SSH Communications Security所提供的商用版本的开放源代码方案。目前OpenSSHOpenBSD的子计划。


远程登录工具OpenSSH 6.7发布。2014-10-07 上个版本是2014-03-16的6.6 新特性有sftp支持上传断点续传,支持Unix domain socket转发,新的PermitUserRC参数,支持ED25519类型的SSHFP DNS记录等.


完全改进:


OpenSSH 6.7 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.


OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.


Once again, we would like to thank the OpenSSH community for their

continued support of the project, especially those who contributed

code or patches, reported bugs, tested snapshots or donated to the

project. More information on donations may be found at:

http://www.openssh.com/donations.html


Changes since OpenSSH 6.6

=========================


Potentially-incompatible changes


 * sshd(8): The default set of ciphers and MACs has been altered to

   remove unsafe algorithms. In particular, CBC ciphers and arcfour*

   are disabled by default.


   The full set of algorithms remains available if configured

   explicitly via the Ciphers and MACs sshd_config options.


 * sshd(8): Support for tcpwrappers/libwrap has been removed.


 * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections

   using the curve25519-sha256@libssh.org KEX exchange method to fail

   when connecting with something that implements the specification

   correctly. OpenSSH 6.7 disables this KEX method when speaking to

   one of the affected versions.


New Features


 * Major internal refactoring to begin to make part of OpenSSH usable

   as a library. So far the wire parsing, key handling and KRL code

   has been refactored. Please note that we do not consider the API

   stable yet, nor do we offer the library in separable form.


 * ssh(1), sshd(8): Add support for Unix domain socket forwarding.

   A remote TCP port may be forwarded to a local Unix domain socket

   and vice versa or both ends may be a Unix domain socket.


 * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for

   ED25519 key types.


 * sftp(1): Allow resumption of interrupted uploads.


 * ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it

   is the same as the one sent during initial key exchange; bz#2154


 * sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind

   addresses when GatewayPorts=no; allows client to choose address

   family; bz#2222


 * sshd(8): Add a sshd_config PermitUserRC option to control whether

   ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys

   option; bz#2160


 * ssh(1): Add a %C escape sequence for LocalCommand and ControlPath

   that expands to a unique identifer based on a hash of the tuple of

   (local host, remote user, hostname, port). Helps avoid exceeding

   miserly pathname limits for Unix domain sockets in multiplexing

   control paths; bz#2220


 * sshd(8): Make the "Too many authentication failures" message

   include the user, source address, port and protocol in a format

   similar to the authentication success / failure messages; bz#2199


 * Added unit and fuzz tests for refactored code. These are run

   automatically in portable OpenSSH via the "make tests" target.


Bugfixes


 * sshd(8): Fix remote forwarding with the same listen port but

   different listen address.


 * ssh(1): Fix inverted test that caused PKCS#11 keys that were

   explicitly listed in ssh_config or on the commandline not to be

   preferred.


 * ssh-keygen(1): Fix bug in KRL generation: multiple consecutive

   revoked certificate serial number ranges could be serialised to an

   invalid format. Readers of a broken KRL caused by this bug will

   fail closed, so no should-have-been-revoked key will be accepted.


 * ssh(1): Reflect stdio-forward ("ssh -W host:port ...") failures in

   exit status. Previously we were always returning 0; bz#2255


 * ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly in the

   randomart border; bz#2247


 * ssh-agent(1): Only cleanup agent socket in the main agent process

   and not in any subprocesses it may have started (e.g. forked

   askpass). Fixes agent sockets being zapped when askpass processes

   fatal(); bz#2236


 * ssh-add(1): Make stdout line-buffered; saves partial output getting

   lost when ssh-add fatal()s part-way through (e.g. when listing keys

   from an agent that supports key types that ssh-add doesn't);

   bz#2234


 * ssh-keygen(1): When hashing or removing hosts, don't choke on

   @revoked markers and don't remove @cert-authority markers; bz#2241


 * ssh(1): Don't fatal when hostname canonicalisation fails and a

   ProxyCommand is in use; continue and allow the ProxyCommand to

   connect anyway (e.g. to a host with a name outside the DNS behind

   a bastion)


 * scp(1): When copying local->remote fails during read, don't send

   uninitialised heap to the remote end.


 * sftp(1): Fix fatal "el_insertstr failed" errors when tab-completing

   filenames with  a single quote char somewhere in the string;

   bz#2238


 * ssh-keyscan(1): Scan for Ed25519 keys by default.


 * ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver, down-

   convert any certificate keys to plain keys and attempt SSHFP

   resolution.  Prevents a server from skipping SSHFP lookup and

   forcing a new-hostkey dialog by offering only certificate keys.

     

 * sshd(8): Avoid crash at exit via NULL pointer reference; bz#2225


 * Fix some strict-alignment errors.


Portable OpenSSH


 * Portable OpenSSH now supports building against libressl-portable.


 * Portable OpenSSH now requires openssl 0.9.8f or greater. Older

   versions are no longer supported.


 * In the OpenSSL version check, allow fix version upgrades (but not

   downgrades. Debian bug #748150.


 * sshd(8): On Cygwin, determine privilege separation user at runtime,

   since it may need to be a domain account.


 * sshd(8): Don't attempt to use vhangup on Linux. It doesn't work for

   non-root users, and for them it just messes up the tty settings.


 * Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is

   available. It considers time spent suspended, thereby ensuring

   timeouts (e.g. for expiring agent keys) fire correctly.  bz#2228


 * Add support for ed25519 to opensshd.init init script.


 * sftp-server(8): On platforms that support it, use prctl() to

   prevent sftp-server from accessing /proc/self/{mem,maps}

下载:ftp://ftp.openbsd.com/pub/OpenBSD/OpenSSH/portable/openssh-6.7p1.tar.gz

如果想深入体验LINUX系统的新手,也可以先下载一个方德Linux软件中心试用一下。

免费下载地址:http://www.nfs-cloud.cn:81/appCenter/open/softcenter

(编辑: Foundation)

网友评论
相关文章