OpenSSH 3.5 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.4: ============================ * Improved support for Privilege Separation (Portability, Kerberos, PermitRootLogin handling). * ssh(1) prints out all known host keys for a host if it receives an unknown host key of a different type. * Fixed AES/Rijndael EVP integration for OpenSSL < 0.9.7 (caused problems with bounds checking patches for gcc). * ssh-keysign(8) is disabled by default and only enabled if the HostbasedAuthentication option is enabled in the global ssh_config(5) file. * ssh-keysign(8) uses RSA blinding in order to avoid timing attacks against the RSA host key. * A use-after-free bug was fixed in ssh-keysign(8). This bug broke hostbased authentication on several platforms. * ssh-agent(1) is now installed setgid in order to avoid ptrace(2) attacks. * ssh-agent(1) now restricts the access with getpeereid(2) (or equivalent, where available). * sshd(8) no longer uses the ASN.1 parsing code from libcrypto when verifying RSA signatures. * sshd(8) now sets the SSH_CONNECTION environment variable. * Enhanced "ls" support for the sftp(1) client, including globbing and detailed listings. * ssh(1) now always falls back to uncompressed sessions, if the server does not support compression. * The default behavior of sshd(8) with regard to user settable environ variables has changed: the new option PermitUserEnvironment is disabled by default, see sshd_config(5). * The default value for LoginGraceTime has been changed from 600 to 120 seconds, see sshd_config(5). * Removed erroneous SO_LINGER handling. Checksums: ========= - MD5 (openssh-3.5p1.tar.gz) = 42bd78508d208b55843c84dd54dea848 - MD5 (openssh-3.5.tgz) = 79fc225dbe0fe71ebb6910f449101d23 Reporting Bugs: ============== - please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/ OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom.
OpenSSH 3.5 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.4: ============================ * Improved support for Privilege Separation (Portability, Kerberos, PermitRootLogin handling). * ssh(1) prints out all known host keys for a host if it receives an unknown host key of a different type. * Fixed AES/Rijndael EVP integration for OpenSSL < 0.9.7 (caused problems with bounds checking patches for gcc). * ssh-keysign(8) is disabled by default and only enabled if the HostbasedAuthentication option is enabled in the global ssh_config(5) file. * ssh-keysign(8) uses RSA blinding in order to avoid timing attacks against the RSA host key. * A use-after-free bug was fixed in ssh-keysign(8). This bug broke hostbased authentication on several platforms. * ssh-agent(1) is now installed setgid in order to avoid ptrace(2) attacks. * ssh-agent(1) now restricts the access with getpeereid(2) (or equivalent, where available). * sshd(8) no longer uses the ASN.1 parsing code from libcrypto when verifying RSA signatures. * sshd(8) now sets the SSH_CONNECTION environment variable. * Enhanced "ls" support for the sftp(1) client, including globbing and detailed listings. * ssh(1) now always falls back to uncompressed sessions, if the server does not support compression. * The default behavior of sshd(8) with regard to user settable environ variables has changed: the new option PermitUserEnvironment is disabled by default, see sshd_config(5). * The default value for LoginGraceTime has been changed from 600 to 120 seconds, see sshd_config(5). * Removed erroneous SO_LINGER handling. Checksums: ========= - MD5 (openssh-3.5p1.tar.gz) = 42bd78508d208b55843c84dd54dea848 - MD5 (openssh-3.5.tgz) = 79fc225dbe0fe71ebb6910f449101d23 Reporting Bugs: ============== - please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/ OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom.
that's a bug in 3.5. i'm not sure how to fix this. ssh-keysign(8) does not know about the remote hostname. On Wed, Oct 16, 2002 at 02:57:10PM +0200, Reinhard Zierke wrote:> Markus, > > I've got a problem with OpenSSH 3.5p1: > > > Changes since OpenSSH 3.4: > > ============================ > > ... > > * ssh-keysign(8) is disabled by default and only enabled if the > > HostbasedAuthentication option is enabled in the global ssh_config(5) > > file. > > and the new ssh says: > > zierke at rzdspc81% ssh rzdspc5 > Hostbased authentication not enabled in /etc/ssh/ssh_config > ssh_msg_send: write > zierke at rzdspc81% > > My /etc/ssh/ssh_config basically is > > Host rz?spc? rz?spc?? > ... > HostbasedAuthentication yes > ... > > Host * > ... > HostbasedAuthentication no > ... > > If I change the default entry to "HostbasedAuthentication yes" too, then ssh > works fine. But I want HostbasedAuthentication for local hosts only as it > does work up to version 3.4p1. How can I do this with 3.5p1? > > Regards, > Reinhard > > -- > Reinhard Zierke Universit?t Hamburg, FB Informatik > zierke at informatik.uni-hamburg.de Vogt-K?lln-Stra?e 30, D-22527 Hamburg > postmaster at informatik.uni-hamburg.de Tel.: (040) 42883-2295/2276 Fax: -2241
On Wed, Oct 16, 2002 at 02:57:10PM +0200, Reinhard Zierke wrote:> My /etc/ssh/ssh_config basically is > > Host rz?spc? rz?spc?? > ... > HostbasedAuthentication yes > ... > > Host * > ... > HostbasedAuthentication no > ... > > If I change the default entry to "HostbasedAuthentication yes" too, then ssh > works fine. But I want HostbasedAuthentication for local hosts only as it > does work up to version 3.4p1. How can I do this with 3.5p1?since HostbasedAuthentication defaults to no, you can just use: Host rz?spc? rz?spc?? HostbasedAuthentication yes Host * dont-mention-HostbasedAuthentication
Apparently Analagous Threads
- OpenSSH 3.5 released
- OpenSSH 4.3P1: incorrect wtmpx entries
- Bug? between OpenSSH 6.4p1 and 6.5p1(also 6.6p1)
- broken ssh-keysign for openssh 3.6.1p1 on Solaris 8
- OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?