OpenSSH 3.0 is out !

La version 3.0 d'OpenSSH, l'implémentation libre de SSH, vient de sortir. Outre les habituelles corrections de bugs, cette version est la première à utiliser le protocole version 2 par défaut.

Le gros changement au niveau utilisation concerne les fichiers /etc/ssh_known_hosts2, ~/.ssh/known_hosts2 et /.ssh/authorized_keys2 qui sont maintenant obsolètes, il faut les renommer en known_hosts et authorized_keys, qui contenaient autrefois les clés associées au protocole version 1. Date: Tue, 6 Nov 2001 22:48:41 +0100
From: Markus Friedl
To: announce@openbsd.org
Subject: OpenSSH 3.0

OpenSSH 3.0 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

This release contains many portability bug-fixes (listed in the
ChangeLog) as well as several new features (listed below).

We would like to thank the OpenSSH community for their continued
support and encouragement.

Important Changes:
==================

1) SSH protocol v2 is now the default protocol version

use the 'Protocol' option from ssh(1) and sshd(8) if
you need to change this.

2) The files
/etc/ssh_known_hosts2
~/.ssh/known_hosts2
~/.ssh/authorized_keys2
are now obsolete, you can use
/etc/ssh_known_hosts
~/.ssh/known_hosts
~/.ssh/authorized_keys
For backward compatibility ~/.ssh/authorized_keys2 will still used for
authentication and hostkeys are still read from the known_hosts2.
However, those deprecated files are considered 'readonly'. Future
releases are likely not to read these files.

3) The CheckMail option in sshd_config is deprecated, as sshd(8) no longer
checks for new mail.

4) X11 cookies are now stored in $HOME.

New Features:
=============

1) Smartcard support in the ssh client and agent based on work by
University of Michigan CITI (http://www.citi.umich.edu/projects/smartcard/).

2) support for Rekeying in protocol version 2

3) improved Kerberos support in protocol v1 (KerbIV and KerbV)

4) backward compatibility with older commercial SSH versions >= 2.0.10

5) getopt(3) is now used by all programs

6) dynamic forwarding (use ssh(1) as your socks server)

7) ClearAllForwardings in ssh(1)

8) ssh(1) now checks the hostkey for localhost (NoHostAuthenticationForLocalhost yes/no).

9) -F option in ssh(1)

10) ssh(1) now has a '-b bindaddress' option

11) scp(1) allows "scp /file localhost:/file"

12) The AuthorizedKeysFile option allows specification of alternative
files that contain the public keys that can be used for user authentication
(e.g. /etc/ssh_keys/%u, see sshd(8))

13) extended AllowUsers user@host syntax in sshd(8)

14) improved challenge-response support (especially for systems supporting BSD_AUTH)

15) sshd(8) can specify time args as 1h, 2h30s etc.

16) sshd(8) transmits the correct exit status for remote execution with protocol version 2.

17) ssh-keygen(1) can import private RSA/DSA keys generated with the commercial version

18) ssh-keyscan(1) supports protocol version 2

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.

Aller plus loin

• La page d'OpenSSH (3 clics)
• Les miroirs FTP pour OpenBSD seulement (4 clics)
• Les miroirs pour les autres Unix (3 clics)