Home Open SSH 5.9 Released

Open SSH 5.9 Released

OpenSSH (or OpenBSD Secure Shell), the network communications security utility suite has been updated to version 5.9. Here’s the complete changelog since OpenSSH 5.8.


  • Sandboxing of the pre-authorized privilege separated child: An optional sshd_config(5) “UsePrivilegeSeparation=sandbox” mode has been introduced that enables mandatory restrictions on the syscalls the privsep child can perform. You can select from three concrete sandbox implementations at the time of configuration.
  • New SHA256-based HMAC transport integrity modes. You can add these modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
  • No need to maintain /dev/log inside the chroot for the pre-authentication sshd(8) privilege separation slave process anymore. It now logs automatically via a socket shared with the master process.
  • Warning from ssh(1) when a server refuses X11 forwarding.
  • Multiple paths for sshd_config(5)’s AuthorizedKeysFile, UserKnownHostsFile and GlobalKnownHostsFile. AuthorizedKeysFile2, UserKnownHostsFile2 and GlobalKnownHostsFile2 are belittled.
  • Retention of key comments when loading v.2 keys, visible in “ssh-add -l”.
  • Set IPv6 traffic class from IPQoS as well as IPv4 ToS/DSCP in ssh(1) and sshd(8).
  • Expanding ControlPath option for ssh_config(5).
  • Support for negated Host matching by ssh_config(5).
  • Introduction of a new RequestTTY option for ssh_config(5).
  • sshd(8) now allows GSSAPI authentication to detect a server failures.
  • Option to generate the host keys for each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist.
  • ssh(1) now allows shutdown of multiplexing without killing the existing documents.
  • ssh-add(1) now accepts keys through standard input.
  • Removed support for ssh-rand-helper. OpenSSH now obtains its random numbers directly from OpenSSL or from a PRNGd/EGD instance specified at configure time.
  • Updated .spec and init files for Linux.
  • Added ECDSA key generation to the Cygwin ssh-{host,user}-config scripts.

Bug Fixes

  • SELinux support code compilation error.
  • Fix build errors on platforms without dlopen().
  • Improved SELinux error messages in context change failures.
  • Improved suppress error messages when attempting to change from the “unconfined_t” type.
  • sshd(8) now resets the SELinux process execution context before executing passwd for password changes.
  • gcc 4 or higher now tests only the corresponding “-W-option”.

So this is a huge changelog and that means SSH has worked big time to improve network security. However, there always remains room for improvement and correspondingly, it is possible that there still remains some bugs in this latest bulid. OpenSSH welcomes constructive feedback and if you find any bugs, you can report them directly to OpenSSH.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.