[The is an announcement to the developers list only, please give the new version a try overnight and I will announce it to the wider community tomorrow.] This is to announce the release of openssh-2.1.0, the first stable release of portable OpenSSH to incorporate support for the SSH2 protocol. The SSH2 protocol offers a number of advantages over the SSH1 protocol including standards compliance (SSH2 is on the IETF standards track[1]), improved security and operation without RSA (which is patented in some countries). The SSH2 support in OpenSSH has been developed by Markus Friedl, with support from the OpenBSD team. This is also the first version of the portable version of OpenSSH to offer built-in entropy collection. This removes the requirement for EGD on systems that lack a /dev/random driver. As a result, OpenSSH-2.1.0 now requires a recent version of OpenSSL[2] to compile (version 0.9.5 or later). NB. The portable version of OpenSSH is currently in the process of merging its webpages with the official OpenBSD project. Please use http://www.openssh.com/ from now on. Distribution files are also available from the mirrors listed at http://violet.ibs.com.au/openssh/files/MIRRORS.html Please read http://www.openssh.com/report.html before reporting bugs. Patches, bug reports, developer and user queries are welcome on the mailing list (http://www.openssh.com/list.html). Regards, Damien Miller [1] http://www.ietf.org/html.charters/secsh-charter.html [2] http://www.openssl.org/ -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
This is regarding the rpm binary files... On Tue, May 09, 2000 at 10:37:37PM +1000, Damien Miller wrote:> [The is an announcement to the developers list only, please give > the new version a try overnight and I will announce it to the wider > community tomorrow.]> This is to announce the release of openssh-2.1.0, the first stable > release of portable OpenSSH to incorporate support for the SSH2 > protocol.Why is rpm >= 3.0.3 required for openssh-server-2.1.0-1.i386.rpm and openssh-2.1.0-1.i386.rpm? That causes a problem on RedHat 6.0 systems with rpm 3.0.2. I tried using --no-deps and it installs just fine and all the scripts seem to work. So what's the deal with just those two (the others don't complain)? What is suppose to be missing or not working under those circumstances? [...]> Regards, > Damien Miller > > [1] http://www.ietf.org/html.charters/secsh-charter.html > [2] http://www.openssl.org/ > > -- > | "Bombay is 250ms from New York in the new world order" - Alan Cox > | Damien Miller - http://www.mindrot.org/ > | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)Mike -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Damien Miller wrote:> > This is to announce the release of openssh-2.1.0, the first stable > release of portable OpenSSH to incorporate support for the SSH2 > protocol.Sorry if i don't get it: why 2.1.0 and not 2.0.0 ? -- Florin Andrei mailto:florin at linuxstart.com http://members.linuxstart.com/~florin/ tel: +40-93-261162
really nice job ;) One curiousity comes to mind. What direction is ssh-agent going to take? Right now it supports RSA keys only. Will 2 different ssh-agents be needed for each flavor of key or will there be a way to use both DSA and RSA keys from within a single ssh-agent? Cheers, Chris -- Chris Green <cmg at dok.org> <grapeape at uab.edu> "Yeah, but you're taking the universe out of context."
On Tue, May 09, 2000 at 02:20:59PM -0500, Chris Green wrote:> really nice job ;) One curiousity comes to mind. What direction is > ssh-agent going to take? Right now it supports RSA keys only. Will 2 > different ssh-agents be needed for each flavor of key or will there be > a way to use both DSA and RSA keys from within a single ssh-agent?feel free to send me patches :) of course, only one agent will be needed, but a protocol needs to be defined first...
I just upgraded one box from 2.0.0beta2 and another from 1.2.27-4i via RPM. (I compiled the src.rpm on each box myself; no errors were reported.) It went mostly OK. On the box which was still at 1.2.27, sshd would not restart; the ssh_config and sshd_config files were not replaced; the new ones were named *.rpmnew rather than the old ones saved as *.rpmsave. Happily, since I was doing it over an ssh connection, the existing sessions were not killed when sshd(8) was. This allowed me to fix it and get the server up. :) Small bug, though. From README.openssh2, I tried: cd ~/.ssh ssh-keygen -f authorized_keys -X >>authorized_keys2 where ~/.ssh/authorized_keys only contained one key. I got in return: buffer_get: trying to get more bytes than in buffer and an empty authorized_keys2 (to be expected since bash had already created the file before exec(2)ing ssh-keygen). So I used ssh-keygen -d to create new id_dsa{,.pub} files, transfered the .pubs over and added them to each authorized_keys2 file. But it is still defaulting to protocol 1 even though I have 2,1 in the sshd_config files. Finally, ssh -2 -v is unusable for interactive use; it prints debug messages for all data transfered; this does not occur when using protocol 1.*. -JimC -- James H. Cloos, Jr. <URL:http://jhcloos.com/public_key> 1024D/ED7DAEA6 <cloos at jhcloos.com> E9E9 F828 61A4 6EA9 0F2B 63E7 997A 9F17 ED7D AEA6 Check out TGC: <URL:http://jhcloos.com/go?tgc>