OpenSSH 3.6 released

OpenSSH 3.6 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or posters.

We have a new design of T-shirt available, more info on

        http://www.openbsd.org/tshirts.html#18

For international orders use http://https.openbsd.org/cgi-bin/order and for European orders, use http://https.openbsd.org/cgi-bin/order.eu

Changes since OpenSSH 3.5:

• RSA blinding is now used by ssh(1), sshd(8) and ssh-agent(1). in order to avoid potential timing attacks against the RSA keys. Older versions of OpenSSH have been using RSA blinding in ssh-keysign(1) only.

  Please note that there is no evidence that the SSH protocol is   vulnerable to the OpenSSL/TLS timing attack described in

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

        http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf

• ssh-agent(1) optionally requires user confirmation if a key gets used, see '-c' in ssh-add(1).
• sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation is enabled.
• sshd(8) now removes X11 cookies when a session gets closed.
• ssh-keysign(8) is disabled by default and only enabled if the new EnableSSHKeysign option is set in the global ssh_config(5) file.
• ssh(1) and sshd(8) now handle 'kex guesses' correctly (key exchange guesses).
• ssh(1) no longer overwrites SIG_IGN. This matches behaviour from rsh(1) and is used by backup tools.
• setting ProxyCommand to 'none' disables the proxy feature, see ssh_config(5).
• scp(1) supports add -1 and -2.
• scp(1) supports bandwidth limiting.
• sftp(1) displays a progressmeter.
• sftp(1) has improved error handling for scripting.

Checksums:

• MD5 (openssh-3.6p1.tar.gz) = 72ef1134d521cb6926c99256dad17fe0
• MD5 (openssh-3.6.tgz) = 758822b888c5c3f83a98045aef904254

Reporting Bugs:

• please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom. Received on Mon Mar 31 12:26:33 2003