web analytics
It runs on Linux

OpenSSH 6.9

The OpenSSH team has released version 6.9 of OpenSSH. This is primarily a bugfix release, with some new features.

OpenSSH

OpenSSH

OpenSSH is a 100% complete SSH protocol (version 1.3, 1.5 and 2.0) implementation and includes server support and sftp.

Release notes

Security

  • ssh(1): when forwarding X11 connections with ForwardX11Trusted=no,
    connections made after ForwardX11Timeout expired could be permitted
    and no longer subject to XSECURITY restrictions because of an
    ineffective timeout check in ssh(1) coupled with “fail open”
    behaviour in the X11 server when clients attempted connections with
    expired credentials. This problem was reported by Jann Horn.
  • ssh-agent(1): fix weakness of agent locking (ssh-add -x) to
    password guessing by implementing an increasing failure delay,
    storing a salted hash of the password rather than the password
    itself and using a timing-safe comparison function for verifying
    unlock attempts. This problem was reported by Ryan Castellucci.

New Features

  • ssh(1), sshd(8): promote chacha20-poly1305@openssh.com to be the
    default cipher
  • sshd(8): support admin-specified arguments to AuthorizedKeysCommand;
    bz#2081
  • sshd(8): add AuthorizedPrincipalsCommand that allows retrieving
    authorized principals information from a subprocess rather than
    a file.
  • ssh(1), ssh-add(1): support PKCS#11 devices with external PIN
    entry devices bz#2240
  • sshd(8): allow GSSAPI host credential check to be relaxed for
    multihomed hosts via GSSAPIStrictAcceptorCheck option; bz#928
  • ssh-keygen(1): support “ssh-keygen -lF hostname” to search
    known_hosts and print key hashes rather than full keys.
  • ssh-agent(1): add -D flag to leave ssh-agent in foreground without
    enabling debug mode; bz#2381

 

Version 7 is expected to be released later this month.

For more info and download links head over here.