OpenSSH 3.2.2 has just been released please use the mirrors listed at
www.openssh.com
. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
The release announcement follows
Subject: OpenSSH 3.2.2 released
Date: Fri, 17 May 2002 00:35:38 +0200
From: Markus Friedl
To: dengue@deadly.org
OpenSSH 3.2.2 has just been released. It will be available from the
mirrors listed at
http://www.openssh.com
shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued
support and encouragement.
Security Changes:
=================
- fixed buffer overflow in Kerberos/AFS token passing
- fixed overflow in Kerberos client code
- sshd no longer auto-enables Kerberos/AFS
- experimental support for privilege separation,
see UsePrivilegeSeparation in sshd(8) and
http://www.citi.umich.edu/u/provos/ssh/privsep.html
for more information.
- only accept RSA keys of size SSH_RSA_MINIMUM_MODULUS_SIZE (768) or larger
Other Changes:
==============
- improved smartcard support (including support for OpenSC, see www.opensc.org)
- improved Kerberos support (including support for MIT-Kerberos V)
- fixed stderr handling in protocol v2
- client reports failure if -R style TCP forwarding fails in protocol v2
- support configuration of TCP forwarding during interactive sessions (~C)
- improved support for older sftp servers
- improved support for importing old DSA keys (from ssh.com software).
- client side suport for PASSWD_CHANGEREQ in protocol v2
- fixed waitpid race conditions
- record correct lastlogin time
Reporting Bugs:
===============
- please read
http://www.openssh.com/report.html
and
http://bugzilla.mindrot.org/
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.
(Comments are closed)
Comments
By
Anonymous Coward ()
on
will this be merged into 3.1-STABLE?
Comments
By
mirabile ()
on
Of course it will be merged into the last
two releases, that are, 2.9 and 3.0
3.1 isn't released yet, but it will be merged
therein, too - and as soon as 3.1 is released,
2.9 will be deprecated, i.e. the OpenSSH 3.2.2
merge will be one of - if not The - last commits
into 2.9
It will be merged into 2.9, 3.0 and 3.1. Just because 3.1 hasn't been released on the FTP site doesn't mean work isn't being done on the 3.1-stable branch.
I think this is really cool and should prevent many potential exploits. I hope other sub-port 1024 daemons learn from OpenSSH and start to employ this design.
Great stuff, OpenSSH team!
Comments
By
Anonymous Coward ()
on
OpenSSH was the last service I had running as root, in fact the rest I run stopped using it years ago. What's left?
By
RC ()
on
OpenSSH has just about everything I could want in a secure communications package... All but one feature that is.
I'm sick of NFS, ASF only works well in a Kerberos setting, and SFTP functionality is on just about every SSH server out there...
So. Why not create a 'mount_sftp' ???
Public-key encryption, with several algorythms. Built-in compression (although I've never understood why libbzip2 is left out in the cold), compatability with PGP, etc.. So if we could just mount ssh servers as local volumes, I'd be happy, and I think we'd finally be rid of NFS.
Comments
By
Sacha ()
on
Wasn't sftp a hacked ftp client?
Then mount_sftp would be consist out of hacking the existing mount_ftp tool..
Comments
By
Hmm ()
on
mount_ftp tool? What? Where? Thank you! :-)
By
Hmm ()
on
mount_ftp tool? What? Where? Thank you! :-)
By
mra ()
on
There was work done to use SSH tunneling to encrypt NFS traffic. It was all on Linux, and required NFS to use TCP vs UDP, but it has been done, and probably could be ported without too much trouble.
SysAdmin had a great article about it back in March. http://www.samag.com/documents/s=4072/sam0203d/
Comments
By
RC ()
on
It's easy to tunnel NFS traffic... However, I wish tunneling NFS was unnecessary. SFTP can transfer files, why require the use of NFS as well?
Comments
By
Anonymous Coward ()
on
mmm...
file locking, buffering and caching come to mind...
Comments
By
Sacha ()
on
So some SNFS should be invented soon? Not hacked NFS versions.
Comments
By
RC ()
on
Why not? I'm merely suggesting it not be some entirely new protocol. Why not just allow people to make servers using SFTP look like part of the local filesystem.
By
Chris ()
on
Not sure if this is like what you are looking for:
http://sourceforge.net/projects/lufs/
Let me start by saying that i know ssh is doing the right thing here and waiting for open file descriptors to be closed before it exits but this doesn't change the fact that it is still a major pain in the ass. The 1.2.27 (i think) never had this issue under Solaris and running openssh has been a major improvement except for this one amazingly annoying problem. I was hoping the openssh development team would come up with a command line option to ignore the open file descriptors (again i know it is doing what it supposed to do). Fixing all the software that i run that is "broke" is just not an option in my current situation. Does anyone have a workaround for this that works? I have tried the "shopt -s huponexit" in bash but that doesn't work and i can't redirect to /dev/null because the daemons/utilites that i am having trouble with require me to enter passwords/keys when they start up (Netscape Web server, sudo, etc.). Anybody have anything that will work for me?
Comments
By
Anonymous Coward ()
on
~. is always an option
By
Anonymous Coward ()
on
-install openbsd 3.0 from cd
-install openssh 3.2.2
-apply openssh patch for 3.0
-apply openBSD 3.0 patches except for those dealing
with openssh ??
From the source code it looks like openssh 3.2.2
deprecates ALL prior patches relating to the openssh
on the 3.0 CD.
corectemundo?
Comments
By
Anonymous Coward ()
on
yes, correct
Comments
By
Anonymous Coward ()
on
I feel like I am getting a hint of a CS degree. As
a windows refugee, let me say that after one year
of working with openBSD I just have really learned
to appreciate the structure of this OS.
Windows*, os2-4, linux*, freebsd 4.2, OpenBSD 2.9.
When I say windows refugee, I really mean 100% GUI
centric, if its not intuitive stop wasting my time,
kind of windows user.
-- Only in the past 2 years have I been able to free
myself from the windows universe. And it has not been
an easy road to hoe. Definitely there have been
some headbanging moments, but it has all been worth
it. I have learned that if someone says an OS is
intuitive that almost always means that a developer
has put a layer of complexity between myself and
the guts of the OS. Sometimes it is easier, but ofter
times that layer of complexity hinders my progress
once I know what I need to do and how I need to do it.
Never again. I have the source code.
I am king of my little universe.
--oh yea, thanks for the confirmation. Sometimes I
still need help connecting the dots.
Thank you openbsd team!!!
Comments
By
Roo ()
on
That warms the cockles of my black heart. I didn't think that people ever bothered to leave what was comfy and try something new...
I think you are discovering the payoffs of "Occam's Razor"... Basically it amounts to Keep It Simple Stupid. Windows is too bloody complicated to work properly in the first place...
The history of Computer Science is littered with the bloated corpses of "sophisticated" dinosaurs. :)
By Anonymous Coward () on
Comments
By mirabile () on
two releases, that are, 2.9 and 3.0
3.1 isn't released yet, but it will be merged
therein, too - and as soon as 3.1 is released,
2.9 will be deprecated, i.e. the OpenSSH 3.2.2
merge will be one of - if not The - last commits
into 2.9
Comments
By Brad () brad@comstyle.com on mailto:brad@comstyle.com
By Niall O'Higgins () on http://www.sig11.com
Great stuff, OpenSSH team!
Comments
By Anonymous Coward () on
By RC () on
I'm sick of NFS, ASF only works well in a Kerberos setting, and SFTP functionality is on just about every SSH server out there...
So. Why not create a 'mount_sftp' ???
Public-key encryption, with several algorythms. Built-in compression (although I've never understood why libbzip2 is left out in the cold), compatability with PGP, etc.. So if we could just mount ssh servers as local volumes, I'd be happy, and I think we'd finally be rid of NFS.
Comments
By Sacha () on
Then mount_sftp would be consist out of hacking the existing mount_ftp tool..
Comments
By Hmm () on
By Hmm () on
By mra () on
Comments
By RC () on
Comments
By Anonymous Coward () on
file locking, buffering and caching come to mind...
Comments
By Sacha () on
Comments
By RC () on
By Chris () on
http://sourceforge.net/projects/lufs/
By Your Mama () me@privacy.net on mailto:me@privacy.net
Comments
By Anonymous Coward () on
By Anonymous Coward () on
-install openssh 3.2.2
-apply openssh patch for 3.0
-apply openBSD 3.0 patches except for those dealing
with openssh ??
From the source code it looks like openssh 3.2.2
deprecates ALL prior patches relating to the openssh
on the 3.0 CD.
corectemundo?
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
a windows refugee, let me say that after one year
of working with openBSD I just have really learned
to appreciate the structure of this OS.
Windows*, os2-4, linux*, freebsd 4.2, OpenBSD 2.9.
When I say windows refugee, I really mean 100% GUI
centric, if its not intuitive stop wasting my time,
kind of windows user.
-- Only in the past 2 years have I been able to free
myself from the windows universe. And it has not been
an easy road to hoe. Definitely there have been
some headbanging moments, but it has all been worth
it. I have learned that if someone says an OS is
intuitive that almost always means that a developer
has put a layer of complexity between myself and
the guts of the OS. Sometimes it is easier, but ofter
times that layer of complexity hinders my progress
once I know what I need to do and how I need to do it.
Never again. I have the source code.
I am king of my little universe.
--oh yea, thanks for the confirmation. Sometimes I
still need help connecting the dots.
Thank you openbsd team!!!
Comments
By Roo () on
I think you are discovering the payoffs of "Occam's Razor"... Basically it amounts to Keep It Simple Stupid. Windows is too bloody complicated to work properly in the first place...
The history of Computer Science is littered with the bloated corpses of "sophisticated" dinosaurs. :)
-Roo.