OpenBSD Journal

OpenSSH 2.5.2 Now Available

Contributed by Dengue on from the Mmmm-blowfish dept.

OpenSSH 2.5.2 has been released. Read Markus Friedl's announcement below for a list of fixes and features.

Subject: OpenSSH-2.5.2
   Date: Thu, 22 Mar 2001 11:49:03 +0100
   From: Markus Friedl


OpenSSH 2.5.2 is now available from the mirror sites
listed at

Security related changes:
	Improved countermeasure against "Passive Analysis of SSH
	(Secure Shell) Traffic"

	The countermeasures introduced in earlier OpenSSH-2.5.x versions
	caused interoperability problems with some other implementations.

	Improved countermeasure against "SSH protocol 1.5 session
	key recovery vulnerability"

New options:
	permitopen authorized_keys option to restrict portforwarding.

	PreferredAuthentications allows client to specify the order in which
	authentication methods are tried.

	sftp client supports globbing (get *, put *).

	Support for sftp protocol v3 (draft-ietf-secsh-filexfer-01.txt).

	Batch file (-b) support for automated transfers

	Speedup DH exchange. OpenSSH should now be significantly faster when
	connecting use SSH protocol 2.

	Preferred SSH protocol 2 cipher is AES with hmac-md5. AES offers
	much faster throughput in a well scrutinised cipher.

	stderr handling fixes in SSH protocol 2.

	Improved interoperability.

	The client no longer asks for the the passphrase if the key
	will not be accepted by the server (SSH2_MSG_USERAUTH_PK_OK)

	scp should now work for files > 2GB

	ssh-keygen can now generate fingerprints in the "bubble babble"
	format for exchanging fingerprints with SSH.COM's SSH protocol 2

Preliminary patches for OpenBSD-2.6 are available on request. 

(Comments are closed)

  1. By jolan () on

    Has anyone had problems with s/key and openssh 2.5.2? I can't seem to get the two to interoperate.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]