Cookies op Tweakers

Tweakers is onderdeel van DPG Media en maakt gebruik van cookies, JavaScript en vergelijkbare technologie om je onder andere een optimale gebruikerservaring te bieden. Ook kan Tweakers hierdoor het gedrag van bezoekers vastleggen en analyseren. Door gebruik te maken van deze website, of door op 'Cookies accepteren' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt? Bekijk dan ons cookiebeleid.

Meer informatie

Software-update: OpenSSH 4.2

Zojuist is versie 4.2 van OpenSSH uitgekomen. OpenSSH versleutelt het netwerkverkeer om afluisteren, het overnemen van de verbinding en andere netwerkaanvallen tegen te gaan. Daarnaast bevat het de mogelijkheid om zogenaamde veilige tunnels op te zetten en ondersteunt het verschillende authenticatiemethodes. OpenSSH is primair ontwikkeld voor OpenBSD, gebruikers van andere besturingssystemen kunnen hier terecht. Het changelog van deze release ziet er als volgt uit:

Changes since OpenSSH 4.1:
  • SECURITY: Fix a bug introduced in OpenSSH 4.0 that caused GatewayPorts to be incorrectly activated for dynamic ("-D") port forwardings when no listen address was explicitly specified.
  • SECURITY: sshd in OpenSSH versions prior to 4.2 allow GSSAPI credentials to be delegated to users who log in with methods other than GSSAPI authentication (e.g. public key) when the client requests it. This behaviour has been changed in OpenSSH 4.2 to only delegate credentials to users who authenticate using the GSSAPI method. This eliminates the risk of credentials being inadvertently exposed to an untrusted user/host (though users should not activate GSSAPIDelegateCredentials to begin with when the remote user or host is untrusted)
  • Added a new compression method that delays the start of zlib compression until the user has been authenticated successfully. The new method ("Compression delayed") is on by default in the server. This eliminates the risk of any zlib vulnerability leading to a compromise of the server from unauthenticated users.
    NB. Older OpenSSH (Another round of proactive changes for signed vs unsigned integer bugs has been completed, including changing the atomicio() API to encourage safer programming. This work is ongoing.
  • Added support for the improved arcfour cipher modes from draft-harris-ssh-arcfour-fixes-02. The improves the cipher's resistance to a number of attacks by discarding early keystream output.
  • Increase the default size of new RSA/DSA keys generated by ssh-keygen from 1024 to 2048 bits.
  • Many bugfixes and improvements to connection multiplexing, including:
    • Added ControlMaster=auto/autoask options to support opportunistic multiplexing (see the ssh_config(5) manpage for details).
    • The client will now gracefully fallback to starting a new TCP connection if it cannot connect to a specified multiplexing control socket
    • Added %h (target hostname), %p (target port) and %r (remote username) expansion sequences to ControlPath. Also allow ControlPath=none to disable connection multiplexing.
    • Implemented support for X11 and agent forwarding over multiplexed connections. Because of protocol limitations, the slave connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding their own.
  • Portable OpenSSH: Added support for long passwords (> 8-char) on UnixWare 7.
  • The following bugs from http://bugzilla.mindrot.org/ were closed:
    • #471 - Misleading error message if /dev/tty perms wrong
    • #623 - Don't use $HOME in manpages
    • #829 - Don't allocate a tty if -n option is set
    • #1025 - Correctly handle disabled special character in ttymodes
    • #1033 - Fix compile-time warnings
    • #1046 - AIX 5.3 Garbage on Login
    • #1054 - Don't terminate connection on getpeername() failure
    • #1076 - GSSAPIDelegateCredentials issue mentioned above
  • Lots of other improvements and fixes. Please refer to the ChangeLog for details
[break]
OpenSSH logo
Versienummer 4.2
Besturingssystemen Linux, BSD, macOS, Solaris, UNIX
Website OpenSSH
Download ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH
Licentietype Voorwaarden (GNU/BSD/etc.)

Door Bart van Klaveren

Downloads en Best Buy Guide

02-09-2005 • 10:41

0 Linkedin

Submitter: soczol

Bron: OpenSSH

Update-historie

Meer historie

Reacties

Er zijn nog geen reacties geplaatst

Op dit item kan niet meer gereageerd worden.


Apple iPad Pro (2021) 11" Wi-Fi, 8GB ram Microsoft Xbox Series X LG CX Google Pixel 5a 5G Sony XH90 / XH92 Samsung Galaxy S21 5G Sony PlayStation 5 Nintendo Switch Lite

Tweakers vormt samen met Hardware Info, AutoTrack, Gaspedaal.nl, Nationale Vacaturebank, Intermediair en Independer DPG Online Services B.V.
Alle rechten voorbehouden © 1998 - 2021 Hosting door True