* New upstream release (http://www.openssh.org/txt/release-5.7):

  - Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
    and host/user keys (ECDSA) as specified by RFC5656.  ECDH and ECDSA
    offer better performance than plain DH and DSA at the same equivalent
    symmetric key length, as well as much shorter keys.
  - sftp(1)/sftp-server(8): add a protocol extension to support a hard
    link operation.  It is available through the "ln" command in the
    client.  The old "ln" behaviour of creating a symlink is available
    using its "-s" option or through the preexisting "symlink" command.
  - scp(1): Add a new -3 option to scp: Copies between two remote hosts
    are transferred through the local host (closes: #508613).
  - ssh(1): "atomically" create the listening mux socket by binding it on
    a temporary name and then linking it into position after listen() has
    succeeded.  This allows the mux clients to determine that the server
    socket is either ready or stale without races (closes: #454784).
    Stale server sockets are now automatically removed (closes: #523250).
  - ssh(1): install a SIGCHLD handler to reap expired child process
    (closes: #594687).
  - ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent
    temporary directories (closes: #357469, although only if you arrange
    for ssh-agent to actually see $TMPDIR since the setgid bit will cause
    it to be stripped off).

1 files changed, 18 insertions, 14 deletions

diff --git a/sshd.0 b/sshd.0
index a5d40c4d8..bb01b7164 100644
--- a/sshd.0
+++ b/sshd.0
@@ -78,10 +78,10 @@ DESCRIPTION
              be given if sshd is not run as root (as the normal host key files
              are normally not readable by anyone but root).  The default is
              /etc/ssh/ssh_host_key for protocol version 1, and
-             /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for
-             protocol version 2.  It is possible to have multiple host key
-             files for the different protocol versions and host key
-             algorithms.
+             /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key and
+             /etc/ssh/ssh_host_rsa_key for protocol version 2.  It is possible
+             to have multiple host key files for the different protocol
+             versions and host key algorithms.
 
      -i      Specifies that sshd is being run from inetd(8).  sshd is normally
              not run from inetd because it needs to generate the server key
@@ -143,8 +143,8 @@ DESCRIPTION
 AUTHENTICATION
      The OpenSSH SSH daemon supports SSH protocols 1 and 2.  The default is to
      use protocol 2 only, though this can be changed via the Protocol option
-     in sshd_config(5).  Protocol 2 supports both RSA and DSA keys; protocol 1
-     only supports RSA keys.  For both protocols, each host has a host-
+     in sshd_config(5).  Protocol 2 supports DSA, ECDSA and RSA keys; protocol
+     1 only supports RSA keys.  For both protocols, each host has a host-
      specific key, normally 2048 bits, used to identify the host.
 
      Forward security for protocol 1 is provided through an additional server
@@ -273,13 +273,15 @@ AUTHORIZED_KEYS FILE FORMAT
      exponent, modulus, and comment fields give the RSA key for protocol
      version 1; the comment field is not used for anything (but may be
      convenient for the user to identify the key).  For protocol version 2 the
-     keytype is ``ssh-dss'' or ``ssh-rsa''.
+     keytype is ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'',
+     ``ecdsa-sha2-nistp521'', ``ssh-dss'' or ``ssh-rsa''.
 
      Note that lines in this file are usually several hundred bytes long
      (because of the size of the public key encoding) up to a limit of 8
      kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
      kilobits.  You don't want to type them in; instead, copy the
-     identity.pub, id_dsa.pub, or the id_rsa.pub file and edit it.
+     identity.pub, id_dsa.pub, id_ecdsa.pub, or the id_rsa.pub file and edit
+     it.
 
      sshd enforces a minimum RSA key modulus size for protocol 1 and protocol
      2 keys of 768 bits.
@@ -504,11 +506,11 @@ FILES
              for the user, and not accessible by others.
 
      ~/.ssh/authorized_keys
-             Lists the public keys (RSA/DSA) that can be used for logging in
-             as this user.  The format of this file is described above.  The
-             content of the file is not highly sensitive, but the recommended
-             permissions are read/write for the user, and not accessible by
-             others.
+             Lists the public keys (DSA/ECDSA/RSA) that can be used for
+             logging in as this user.  The format of this file is described
+             above.  The content of the file is not highly sensitive, but the
+             recommended permissions are read/write for the user, and not
+             accessible by others.
 
              If this file, the ~/.ssh directory, or the user's home directory
              are writable by other users, then the file could be modified or
@@ -565,6 +567,7 @@ FILES
 
      /etc/ssh/ssh_host_key
      /etc/ssh/ssh_host_dsa_key
+     /etc/ssh/ssh_host_ecdsa_key
      /etc/ssh/ssh_host_rsa_key
              These three files contain the private parts of the host keys.
              These files should only be owned by root, readable only by root,
@@ -573,6 +576,7 @@ FILES
 
      /etc/ssh/ssh_host_key.pub
      /etc/ssh/ssh_host_dsa_key.pub
+     /etc/ssh/ssh_host_ecdsa_key.pub
      /etc/ssh/ssh_host_rsa_key.pub
              These three files contain the public parts of the host keys.
              These files should be world-readable but writable only by root.
@@ -627,4 +631,4 @@ CAVEATS
      System security is not improved unless rshd, rlogind, and rexecd are
      disabled (thus completely disabling rlogin and rsh into the machine).
 
-OpenBSD 4.8                     August 4, 2010                     OpenBSD 4.8
+OpenBSD 4.8                    October 28, 2010                    OpenBSD 4.8