diff options
author | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2007-12-24 10:29:57 +0000 |
commit | c3e531b12b2335b7fa5a6bcc9a309d3c523ff64b (patch) | |
tree | b72c0867348e7e7914d64af6fc5e25c728922e03 /ssh_config.0 | |
parent | 6b222fdf3cb54c11a446df38e027fe7acf2220cb (diff) | |
parent | 70847d299887abb96f8703ca99db6d817b78960e (diff) |
* New upstream release (closes: #453367).
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
creation of an untrusted cookie fails; found and fixed by Jan Pechanec
(closes: #444738).
- sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
installations are unchanged.
- The SSH channel window size has been increased, and both ssh(1)
sshd(8) now send window updates more aggressively. These improves
performance on high-BDP (Bandwidth Delay Product) networks.
- ssh(1) and sshd(8) now preserve MAC contexts between packets, which
saves 2 hash calls per packet and results in 12-16% speedup for
arcfour256/hmac-md5.
- A new MAC algorithm has been added, UMAC-64 (RFC4418) as
"umac-64@openssh.com". UMAC-64 has been measured to be approximately
20% faster than HMAC-MD5.
- Failure to establish a ssh(1) TunnelForward is now treated as a fatal
error when the ExitOnForwardFailure option is set.
- ssh(1) returns a sensible exit status if the control master goes away
without passing the full exit status.
- When using a ProxyCommand in ssh(1), set the outgoing hostname with
gethostname(2), allowing hostbased authentication to work.
- Make scp(1) skip FIFOs rather than hanging (closes: #246774).
- Encode non-printing characters in scp(1) filenames. These could cause
copies to be aborted with a "protocol error".
- Handle SIGINT in sshd(8) privilege separation child process to ensure
that wtmp and lastlog records are correctly updated.
- Report GSSAPI mechanism in errors, for libraries that support multiple
mechanisms.
- Improve documentation for ssh-add(1)'s -d option.
- Rearrange and tidy GSSAPI code, removing server-only code being linked
into the client.
- Delay execution of ssh(1)'s LocalCommand until after all forwardings
have been established.
- In scp(1), do not truncate non-regular files.
- Improve exit message from ControlMaster clients.
- Prevent sftp-server(8) from reading until it runs out of buffer space,
whereupon it would exit with a fatal error (closes: #365541).
- pam_end() was not being called if authentication failed
(closes: #405041).
- Manual page datestamps updated (closes: #433181).
Diffstat (limited to 'ssh_config.0')
-rw-r--r-- | ssh_config.0 | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/ssh_config.0 b/ssh_config.0 index 2ca4ee31b..381c1ba0a 100644 --- a/ssh_config.0 +++ b/ssh_config.0 | |||
@@ -200,9 +200,9 @@ DESCRIPTION | |||
200 | 200 | ||
201 | ExitOnForwardFailure | 201 | ExitOnForwardFailure |
202 | Specifies whether ssh(1) should terminate the connection if it | 202 | Specifies whether ssh(1) should terminate the connection if it |
203 | cannot set up all requested dynamic, local, and remote port for- | 203 | cannot set up all requested dynamic, tunnel, local, and remote |
204 | wardings. The argument must be ``yes'' or ``no''. The default | 204 | port forwardings. The argument must be ``yes'' or ``no''. The |
205 | is ``no''. | 205 | default is ``no''. |
206 | 206 | ||
207 | ForwardAgent | 207 | ForwardAgent |
208 | Specifies whether the connection to the authentication agent (if | 208 | Specifies whether the connection to the authentication agent (if |
@@ -365,8 +365,10 @@ DESCRIPTION | |||
365 | MACs Specifies the MAC (message authentication code) algorithms in or- | 365 | MACs Specifies the MAC (message authentication code) algorithms in or- |
366 | der of preference. The MAC algorithm is used in protocol version | 366 | der of preference. The MAC algorithm is used in protocol version |
367 | 2 for data integrity protection. Multiple algorithms must be | 367 | 2 for data integrity protection. Multiple algorithms must be |
368 | comma-separated. The default is: ``hmac-md5,hmac-sha1,hmac- | 368 | comma-separated. The default is: |
369 | ripemd160,hmac-sha1-96,hmac-md5-96''. | 369 | |
370 | hmac-md5,hmac-sha1,umac-64@openssh.com, | ||
371 | hmac-ripemd160,hmac-sha1-96,hmac-md5-96 | ||
370 | 372 | ||
371 | NoHostAuthenticationForLocalhost | 373 | NoHostAuthenticationForLocalhost |
372 | This option can be used if the home directory is shared across | 374 | This option can be used if the home directory is shared across |
@@ -642,4 +644,4 @@ AUTHORS | |||
642 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 644 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
643 | versions 1.5 and 2.0. | 645 | versions 1.5 and 2.0. |
644 | 646 | ||
645 | OpenBSD 4.1 September 25, 1999 10 | 647 | OpenBSD 4.2 August 15, 2007 10 |