Contributed by jose on from the oops,-that-bug-DID-matter dept.
"1 april joke? Hmm. Anyways, it's released! Check changelog for fixesThere's one change between 3.6.0 and 3.6.1, according to the announcement from Markus :
The 'kex guesses' bugfix from OpenSSH 3.6 triggers a bug in a few other SSH v2 implementations and causes connections to stall. OpenSSH 3.6.1 disables this bugfix when interoperating with these implementations.Looks like some wider release saw this interopability issue appear and get isolated, handled correctly now in OpenSSH 3.6.1. For non-BSD users, 3.6.1p1 is up, as well.
(Comments are closed)
By Anonymous Coward () on
By RC () on
If that is what it sounds like, I'm extremely excited about it! Perhaps the one problem with the agent is the problem that the admin of a system you've connected to (using the ssh-agent) could potentially use the open ssh-agent socket to authenticate a connection to another machine you have access to (scary), or that the admin could possibly use the open socket to break into your own machine (not very likely).
If this is in fact what it sounds like, it could mean the end of password authentication for the most part. No more need to use passwords, or disable agent forwarding on an untrusted system...
Comments
By djm () on
Comments
By RC () on
By coward () on mailto:sorry at susan.com
Comments
By Michael Anuzis () on
$ nslookup www.openssh.org
Server: try11-dns1.try.wideopenwest.com
Address: 64.233.217.2
Non-authoritative answer:
Name: www.openssh.org
Address: 129.128.5.196
$ nslookup www.openssh.com
Server: try11-dns1.try.wideopenwest.com
Address: 64.233.217.2
Non-authoritative answer:
Name: www.openssh.com
Address: 129.128.5.196
Comments
By me_again () on
By Anonymous Coward () on
The openssh.org domain is registered to a dutch guy named Alex DeJoode. Right now it points to the openssh.com server, but he may change that any time he likes. Who guarantees it won't point to some fake openssh.com server one day? Exactly, nobody! I for one, will continue not to trust the openssh.org domain unless it gets handed over to the project.
It's a matter of trust, dead simple.
By Anonymous Coward () on
Domain servers in listed order:
ZEUS.THEOS.COM 199.185.137.1
CS.COLORADO.EDU
CVS.OPENBSD.ORG
domain servers for OPENSSH.ORG
Name Server:DNS0.ZEDZ.NET
Name Server:DNS1.ZEDZ.NET
Name Server:DNS2.ZEDZ.NET
all the offical openbsd domains use pretty much the same set of dns servers.
........................
.org isnt offical :P
the .org was used at one point (and could still possibly be) to datamine
By Anonymous Coward () on
Hoping to not start a flame war or anything:
Some history for the newbies, once upon a time when openssh was very new, Alex Dejoode registered the domain openssh.org, and it remains to be seen if he is hoping to profit from it one day. Theo asked him to transfer it, Alex didn't and there was plenty of bad blood going around. Even made slashdot. At some point slashdot was going to publish a recap of the story (which I think never happened).
Eventually Alex did play ball with the openssh.org domain and pointed it to the official openssh web site, to everyone's benefit. You still see posts on misc@ from Alex every while, and you can make your own judgement on what they mean.
For me, it is not a big issue, since I almost always take the link from www.openbsd.org that points to the openssh page.
I have not checked, but I be the OpenSSH web pages are copyrighted, which means a lawsuit if you try to spoof them on your website. As if Theo had any interest in lawyers.....
nothing of interest here, move along, or keep coding.
By grey () on
http://www.deadly.org/article.php3?sid=20000308154503 (the link this story points to is now gone :( )
http://www.deadly.org/article.php3?sid=20000306151402
http://www.deadly.org/article.php3?sid=20000306030924
http://www.deadly.org/article.php3?sid=20000306023532
Archive.org clarifications of the old debate (you can also see the old site). :)
http://web.archive.org/web/20000817222425/www.openssh.org/org-vs-com/
Comments
By Anonymous Coward () on
'Why didn't you give away openssh.org to openbsd ? '
"Actually I tried. I mailed Theo de Raadt and told him I was willing to give control of the opensh.org to them provided they added links to other open/free ssh projects on 'their openssh.org' page."
Now look at the openssh.com site - look, links not only to other projects, but even openssh-portable (duh). The only other thing he mentioned would be that it would be -nice- to have a public apology from Theo.
Looks to me as though Alex has ulterior motives, or at the least his actions contradict his own claims for how an openssh.org domain ownership transferral would be handled.
By Anonymous Coward () on
What is the next thing to happen?
Will the same thing happen for OpenBSD?
More testing is needed!
Comments
By Sam () on
So how come you missed the bug while testing?
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
but the bug was not in openssh, but
in some other implementations.
openssh 3.6.1 detects these implementations
and adds a workaround.
Comments
By Jedi/Sector One () j@pureftpd.org on http://www.pureftpd.org/
So why use another implementation anyway?
Comments
By markus () on
By W () on
Comments
By Anonymous Coward () on
Comments
By W () on
Comments
By bob () on