‘.’) in hostname canonicalisation – treat them as already canonical and remove the trailing ‘.’ before matching ssh_config. * ssh(1): better handle anchored FQDNs (e.g. * ssh-keygen(1): support multiple certificates (one per line) and reading from standard input (using “-f -“) for “ssh-keygen -L” * ssh-keyscan(1): add “ssh-keyscan -c …” flag to allow fetching certificates instead of plain keys. Useful inside Match blocks to override a global default. * sshd(8): support “none” as an argument for sshd_config Foreground and ChrootDirectory. “ssh-keygen -lf ~/.ssh/authorized_keys” bz#1319 * ssh-keygen(1): allow fingerprinting multiple public keys in a file, e.g. * ssh-keygen(1): allow fingerprinting from standard input, e.g. * ssh-keygen(1): allow ssh-keygen to change the key comment for all supported formats. * ssh(1): add ssh_config CertificateFile option to explicitly list certificates. This simplifies the task of setting up restricted keys and ensures they are maximally-restricted, regardless of any permissions we might implement in the future. Also add permissive versions of the existing restrictions, e.g. * sshd(8): add a new authorized_keys option “restrict” that includes all current and future key restrictions (no-*-forwarding, etc.). When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to ‘confirm’). * ssh(1): Add an AddKeysToAgent client option which can be set to ‘yes’, ‘no’, ‘ask’, or ‘confirm’, and defaults to ‘no’. * all: add support for RSA signatures using SHA-256/512 hash algorithms based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt. * sshd(8): pre-auth sandboxing is now enabled by default (previous releases enabled it for new installations via sshd_config). * ssh(1), sshd(8): increase the minimum modulus size supported for diffie-hellman-group-exchange to 2048 bits. * ssh(1): eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension. * ssh(1), sshd(8): remove unfinished and unused roaming code (was already forcibly disabled in OpenSSH 7.1p2). This release disables a number of legacy cryptographic algorithms by default in ssh: OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. It will be available from the mirrors listed at shortly.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |