Contributed by jose on from the more-cyprto-stuff dept.
The official announcement mail follows.
Date: Tue, 24 Feb 2004 17:29:34 +0100 From: Markus FriedlSubject: OpenSSH 3.8 released OpenSSH 3.8 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or posters. We have a new design of T-shirt available, more info on http://www.openbsd.org/tshirts.html#18 For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu Changes since OpenSSH 3.7.1: ============================ * sshd(8) now supports forced changes of expired passwords via /usr/bin/passwd or keyboard-interactive authentication. Note for AIX: sshd will now deny password access to accounts with passwords expired longer than their maxexpired attribute. For details, see the AIX section in README.platform. * ssh(1) now uses untrusted cookies for X11-Forwarding. Some X11 applications might need full access to the X11 server, see ForwardX11Trusted in ssh(1) and xauth(1) for more information. * ssh(1) now supports sending application layer keep-alive messages to the server. See ServerAliveInterval in ssh(1) for more information. * Improved sftp(1) batch file support. * New KerberosGetAFSToken option for sshd(8). * Updated /etc/moduli file and improved performance for protocol version 2. * Support for host keys in DNS (draft-ietf-secsh-dns-xx.txt). Please see README.dns in the source distribution for details. * Fix a number of memory leaks. * The experimental "gssapi" support has been replaced with the "gssapi-with-mic" to fix possible MITM attacks. The two versions are not compatible. Checksums: ========== - MD5 (openssh-3.8.tgz) = 7d5590a333d8f8aa1fa6f19e24938700 - MD5 (openssh-3.8p1.tar.gz) = 7861a4c0841ab69a6eec5c747daff6fb Reporting Bugs: =============== - please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/ OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller, Ben Lindstrom, Darren Tucker and Tim Rice.
(Comments are closed)
By Anthony () on
Comments
By Ray () ray@cyth.net on mailto:ray@cyth.net
Comments
By Anthony () on
By djm () on
If the exploits don't work, then what do you care?
BTW, why did you need to adjust it anyway? 3.7.1p2 has no known problems.
Comments
By Anthony () on
By Anonymous Coward () on
Comments
By marklar () marklar_@hotmail.com on mailto:marklar_@hotmail.com
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Anonymous Coward () on
Quite a while. I've not seen any knocking on the port I use for sshd.
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anthony () on
By gizz () on
Kiddies are attacking his box _because_ port 22 is open, they are not going to scan his machine to find other open ports .. and even nmap uses some time to scan the whole range of tcp ports over a normal connection, you dont wanna be too agressive, that can seem suspicious.
By Alejandro Belluscio () baldusi@hotmail.com on mailto:baldusi@hotmail.com
http://www.benzedrine.cx/pf/msg04164.html
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By djm () on
Comments
By Anonymous Coward () on
Comments
By djm () on
When has it changed? The default (since 1.x) has been to default X11Forwarding to off at both client and server. This has not changed in several years.
By clvrmnky () on http://www.clevermonkey.org/
Don't use "Ugh". Use "diff".
Seriously, don't you move your existing *_config out of the way, first? I never overwrite any of my precious, precious config files in /etc.
Truth be told, I have most of my /etc files under RCS. I just made sure to lock these two files before overwriting them, and then did a quick rcsdiff and edit before checking it in again.
Using RCS to manage config files is a good habit to get into
By someone () on
Comments
By Leon Yendor () on
As an IBM Linux instructor I am amazed by the sloppy versioning of some distros where they do their own patches, when bugs are known and patches issued, and don't rev the version numbers to match the OSSH tree.
The patches don't always match the OSSH ones either because there are some smartarses who always know better. Hhmpf! I bring my Linux versions up to date from the source, thankyou. I don't seem to have too much trouble with that method.
OTOH all the remote systems I maintain are accessed via OpenBSD firewalls so I can ssh into the FW and hop to any Linux boxes from there without a direct exposure to the 'net for them.
I am happier with that than worrying about just how well their sshd is working.
By djm () on
Some older version of PuTTY had issues against sshd, but nothing recently. 2.6.1 is very old.
Comments
By someone () on
Comments
By strgout () strgout@unixjunkie.com on mailto:strgout@unixjunkie.com
If that doesn't help maybe try
disabling privsep (just to test)
btw you did make sure pam support was enabled when you compiled from src right?
Comments
By someone () on
Oh well, I'll try again sometime in near future, I am very well aware how outdated 2.6.1 is.
By maniac () maniac@localhost.sk on mailto:maniac@localhost.sk
By Anonymous Coward () on
http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/?only_with_tag=OPENBSD_3_4
Comments
By Brad () brad at comstyle dot com on mailto:brad at comstyle dot com