Cookies op Tweakers

Tweakers maakt gebruik van cookies, onder andere om de website te analyseren, het gebruiksgemak te vergroten en advertenties te tonen. Door gebruik te maken van deze website, of door op 'Ga verder' te klikken, geef je toestemming voor het gebruik van cookies. Wil je meer informatie over cookies en hoe ze worden gebruikt, bekijk dan ons cookiebeleid.

Meer informatie

Software-update: OpenSSH 4.3

OpenSSH is een software suite voor het SSH-protocol waarmee een hogere security bereikt kan worden. Applicaties zoals telnet, rlogin en ftp versturen gegevens onversleuteld over het netwerk, de login gegevens zijn dan op een eenvoudige manier uit te lezen. Met OpenSSH worden deze gegevens versleuteld verstuurd waardoor er geen eavesdropping, connection hijacking en andere netwerk-level aanvallen meer mogelijk zijn. Daarnaast zijn er ook verschillende beveiligde tunneling-opties en authenticatie methodes aanwezig. Het ontwikkelteam heeft onlangs versie 4.3 naar buiten gebracht met de volgende release notes:

Security bugs resolved in this release:
  • CVE-2006-0225: scp (as does rcp, on which it is based) invoked a subshell to perform local to local, and remote to remote copy operations. This subshell exposed filenames to shell expansion twice; allowing a local attacker to create filenames containing shell metacharacters that, if matched by a wildcard, could lead to execution of attacker-specified commands with the privilege of the user running scp (Bugzilla #1094)
This is primarily a bug-fix release, only one new feature has been added:
  • Add support for tunneling arbitrary network packets over a connection between an OpenSSH client and server via tun(4) virtual network interfaces. This allows the use of OpenSSH (4.3+) to create a true VPN between the client and server providing real network connectivity at layer 2 or 3. This feature is experimental and is currently supported on OpenBSD, Linux, NetBSD (IPv4 only) and FreeBSD. Other operating systems with tun/tap interface capability may be added in future portable OpenSSH releases. Please refer to the README.tun file in the source distribution for further details and usage examples.
Some of the other bugs resolved and internal improvements are:
  • Reduce default key length for new DSA keys generated by ssh-keygen back to 1024 bits. DSA is not specified for longer lengths and does not fully benefit from simply making keys longer. As per FIPS 186-2 Change Notice 1, ssh-keygen will refuse to generate a new DSA key smaller or larger than 1024 bits
  • Fixed X forwarding failing to start when a the X11 client is executed in background at the time of session exit (Bugzilla #1086)
  • Change ssh-keygen to generate a protocol 2 RSA key when invoked without arguments (Bugzilla #1064)
  • Fix timing variance for valid vs. invalid accounts when attempting Kerberos authentication (Bugzilla #975)
  • Ensure that ssh always returns code 255 on internal error (Bugzilla #1137)
  • Cleanup wtmp files on SIGTERM when not using privsep (Bugzilla #1029)
  • Set SO_REUSEADDR on X11 listeners to avoid problems caused by lingering sockets from previous session (X11 applications can sometimes not connect to (Bugzilla #1076)
  • Ensure that fds 0, 1 and 2 are always attached in all programs, by duping /dev/null to them if necessary.
  • Xauth list invocation had bogus "." argument (Bugzilla #1082)
  • Remove internal assumptions on key exchange hash algorithm and output length, preparing OpenSSH for KEX methods with alternate hashes.
  • Ignore junk sent by a server before it sends the "SSH-" banner (Bugzilla #1067)
  • The manpages has been significantly improves and rearranged, in addition to other specific manpage fixes:
    • #1037 - Man page entries for -L and -R should mention -g.
    • #1077 - Descriptions for "ssh -D" and DynamicForward should mention they can specify "bind_address" optionally.
    • #1088 - Incorrect descriptions in ssh_config man page for ControlMaster=no.
    • #1121 - Several corrections for ssh_agent manpages
  • Lots of cleanups, including fixes to memory leaks on error paths (Bugzilla #1109, #1110, #1111 and more) and possible crashes (#1092)
  • Portable OpenSSH-specific fixes:
    • Pass random seed during re-exec for each connection: speeds up processing of new connections on platforms using the OpenSSH's builtin entropy collector (ssh-rand-helper)
    • PAM fixes and improvements:
      • #1045 - Missing option for ignoring the /etc/nologin file
      • #1087 - Show PAM password expiry message from LDAP on login
      • #1028 - Forward final non-query conversations to client
      • #1126 - Prevent user from being forced to change an expired password repeatedly on AIX in some PAM configurations.
      • #1045 - Do not check /etc/nologin when PAM is enabled, instead allow PAM to handle it. Note that on platforms using PAM, the pam_nologin module should be used in sshd's session stack in order to maintain past behaviour
    • Portability-related fixes:
      • #989 - Fix multiplexing regress test on Solaris
      • #1097 - Cross-compile fixes.
      • #1096 - ssh-keygen broken on HPUX.
      • #1098 - $MAIL being set incorrectly for HPUX server login.
      • #1104 - Compile error on Tru64 Unix 4.0f
      • #1106 - Updated .spec file and startup for SuSE.
      • #1122 - Use _GNU_SOURCE define in favor of __USE_GNU, fixing compilation problems on glibc 2.4
[break]OpenSSH is binnen te halen in twee smaken, namelijk één speciaal voor OpenBSD en één voor de overigen besturingssystemen:
* OpenSSH 4.3 - OpenBSD
* OpenSSH 4.3 - Portable (Linux, Solaris, FreeBSD, NetBSD, AIX, IRIX, HP-UX, Mac OS X)
Versienummer 4.3
Besturingssystemen Linux, BSD, macOS, Solaris, UNIX
Website OpenSSH
Licentietype Voorwaarden (GNU/BSD/etc.)

Door Japke Rosink


03-02-2006 • 12:48

0 Linkedin Google+

Bron: OpenSSH


Meer historie


Er zijn nog geen reacties geplaatst

Op dit item kan niet meer gereageerd worden.

Apple iPhone XS Red Dead Redemption 2 LG W7 Google Pixel 3 XL OnePlus 6T FIFA 19 Samsung Galaxy S10 Google Pixel 3

Tweakers vormt samen met Tweakers Elect, Hardware.Info, Autotrack, Nationale Vacaturebank en Intermediair de Persgroep Online Services B.V.
Alle rechten voorbehouden © 1998 - 2018 Hosting door True