ALT Linux Community general discussions
 help / color / mirror / Atom feed
* [mdk-re] I: openssh-2.5.1p1-ipl2mdk
@ 2001-02-22  6:00 Dmitry V. Levin
  0 siblings, 0 replies; only message in thread
From: Dmitry V. Levin @ 2001-02-22  6:00 UTC (permalink / raw)
  To: Linux-Mandrake Russian Edition Mailing List, sisyphus

[-- Attachment #1: Type: text/plain, Size: 7090 bytes --]

Greetings!

Обращаю Ваше внимание на долгожданный релиз очередной верси OpenSSH.

Далее следует анонс разработчиков с перечислением основных изменений и
дополнений, после чего (впервые) полный (надеюсь) перечень отличий и
добавлений, присутствующих в openssh-2.5.1p1-ipl2mdk по сравнению с
original OpenSSH.

----- Forwarded message from Damien Miller <djm@mindrot.org> -----

Date: Tue, 20 Feb 2001 03:00:00 +1100 (EST)
From: djm@mindrot.org (Damien Miller)
To: openssh-unix-announce@mindrot.org, openssh-unix-dev@mindrot.org
Cc: lwn@lwn.net
Subject: Portable OpenSSH 2.5.1p1

Portable OpenSSH 2.5.1p1 has just been uploaded. It will be available 
from the mirrors listed at http://www.openssh.com/portable.html shortly.

OpenSSH is a 100% complete SSH 1.3 & 1.5 protocol implementation and 
a 99% SSH 2 protocol implementation, including sftp client and server
support.

This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).

OpenSSH 2.5.0p1 was skipped because of interoperability issues with 
ssh-1.2.18 => ssh-1.2.22.

We would like to thank the OpenSSH community for their continued support
and encouragement.

Important Changes:
==================

1) Features added to the implementation of the SSH 2 protocol:

    * agent forwarding
    * support for -R forwarding
    * RSA host and userkeys
    * extended support for older SSH 2 protocol implementations

    OpenSSH still lacks support for rekeying, so you have to turn off
    rekeying if your server tries to force this feature.

    The next release of OpenSSH will probably support rekeying.

2) Damien Miller contributed an interactive sftp client.

    The sftp client works for both SSH protocol versions.

3) David Mazieres' ssh-keyscan has been added to the OpenSSH distribution.

4) Now there are three types of keys in OpenSSH:

    RSA1 is used by the SSH 1 protocol only,
    RSA and DSA keys are used by the SSH 2 protocol implementation.

    You can generate RSA keys for use with SSH 2 protocol with:

        $ ssh-keygen -t rsa -f /etc/ssh_host_rsa_key

        To use RSA or DSA keys in SSH 2 protocol, simply
        add the public keys to the .ssh/authorized_keys2 file.

    IdentityFile2, HostDsaKey and DSAAuthentication are obsolete:

    You can use multiple IdentityFile and HostKey options instead, e.g
        HostKey /etc/ssh_host_key
        HostKey /etc/ssh_host_dsa_key
        HostKey /etc/ssh_host_rsa_key
    in /etc/sshd_config

    The option DSAAuthentication has been replaced by PubkeyAuthentication.

    Fingerprinting works for all types of keys:

        $ ssh-keygen -l -f $HOME/.ssh/{authorized_keys,known_hosts}{,2}

5) Important changes in the implementation of SSH 1 protocol:

    The OpenSSH server does not require a privileged source port for
    RhostsRsaAuthentication, since it adds no additional security.

    Interoperation with SSH 1.4 protocol

6) New option HostKeyAlias

    This option allows the user to record the host key under a
    different name. This is useful for tunneling over
    forwarded connections or if you run multiple sshd's on
    different ports on the same machine.

    Alternatively you can use the UserKnownHostsFile or 
    UserKnownHostsFile2 options to specify seperate host key
    files for the connection.

7) The ReverseMappingCheck is now optional in sshd_config.

    If you combine this with the 'sshd -u0' option the server
    will not do DNS lookups when a client connects.

8) Stricter Hostkey Checking

9) Option Change Summary:

    a) New or changed:

        ChallengeResponseAuthentication
        MACs
        PubkeyAuthentication

        HostkeyAlias        (Client only)

        Banner              (Server only)
        ReverseMappingCheck (Server only)

        PermitRootLogin     {yes,without-password,forced-commands-only,no}

        {Allow,Deny}Groups  now support supplementary groups

        sshd -D             for monitoring scripts or inittab
        ssh -t              multiple -t force tty allocation

    b) Obsolete:

        DsaAuthentication   (use PubkeyAuthentication instead)
        HostDsaKey          (use HostKey)
        Identityfile2       (use Identityfile or -i)
        SkeyAuthentication  (use ChallengeResponseAuthentication)
        TisAuthentication   (use ChallengeResponseAuthentication)

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.

-d

-- 
| Damien Miler <djm@mindrot.org> \ ``E-mail attachments are the poor man's 
| http://www.mindrot.org         /   distributed filesystem'' - Dan Geer

----- End forwarded message -----

Перечень отличий и добавлений, присутствующих в openssh*-2.5.1p1-ipl2mdk,
по сравнению с original OpenSSH (большая их часть присутствует и в
предыдущих версиях наших пакетов openssh):

+ новые опции sshd: -t, -L;
+ новые параметры sshd: TransmitInterlude, SshVersion;
+ новые параметры ssh: SshVersion;
+ новые параметры authorized_keys: restricted-forwarding-to;
+ новая возможность хранения authorized keys пользователей в системных
  каталогах, имя файла строится по правилу
  /etc/openssh/authorized_keys{,2}/username;
+ все сокеты имеют uid того пользователя, которого они обслуживают; это
  можно использовать для персонализированного учета трафика;
+ новая утилита: rescp;
+ улучшенный вариант утилиты ssh-copy-id;
+ изменен порядок выбора протокола в пользу SSH2;
+ изменен порядок выбора алгоритма шифрования в пользу blowfish
  (вместо 3des);
+ sshd: по умолчанию выключены: RhostsAuthentication,
  RhostsRSAAuthentication, PermitRootLogin;
+ sshd: по умолчанию включены: X11Forwarding, CheckMail;
+ ssh: по умолчанию выключены: UsePrivilegedPort;
+ ssh-add: по умолчанию добавляются все стандартные identity-файлы;
+ sshd: включена подсистема sftp-server.

Все новые параметры программ документированы в соответствующих manpages.

При обновлении пакета openssh-server воспользуйтесь "sshd -t", чтобы
проверить корректность конфигурации сервера.

Исходный пакет и пакеты для установки можно найти, как всегда, по адресам
rsync://linuxteam.iplabs.ru::MandrakeRE/Sisyphus/SRPMS/
ftp://linuxteam.iplabs.ru/pub/distributions/MandrakeRE/Sisyphus/SRPMS/
openssh-2.5.1p1-ipl2mdk.src.rpm

rsync://linuxteam.iplabs.ru::MandrakeRE/Sisyphus/i586/Mandrake/RPMS/
ftp://linuxteam.iplabs.ru/pub/distributions/MandrakeRE/Sisyphus/i586/Mandrake/RPMS/
openssh-2.5.1p1-ipl2mdk.i586.rpm
openssh-askpass-gnome-2.5.1p1-ipl2mdk.i586.rpm
openssh-askpass-x11-2.5.1p1-ipl2mdk.i586.rpm
openssh-clients-2.5.1p1-ipl2mdk.i586.rpm
openssh-server-2.5.1p1-ipl2mdk.i586.rpm


Regards,
	Dmitry

+-------------------------------------------------------------------------+
Dmitry V. Levin     mailto://ldv@fandra.org
Software Engineer   PGP pubkey http://www.fandra.org/users/ldv/pgpkeys.html
IPLabs Linux Team   http://linux.iplabs.ru
Fandra Project      http://www.fandra.org
+-------------------------------------------------------------------------+
UNIX is user friendly. It's just very selective about who its friends are.

[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2001-02-22  6:00 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-02-22  6:00 [mdk-re] I: openssh-2.5.1p1-ipl2mdk Dmitry V. Levin

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git