Languagesx
English Deutsch
Subscribe
Home Open SSH 5.9 Released

Open SSH 5.9 Released

OpenSSH (or OpenBSD Secure Shell), the network communications security utility suite has been updated to version 5.9. Here’s the complete changelog since OpenSSH 5.8.

Features

  • Sandboxing of the pre-authorized privilege separated child: An optional sshd_config(5) “UsePrivilegeSeparation=sandbox” mode has been introduced that enables mandatory restrictions on the syscalls the privsep child can perform. You can select from three concrete sandbox implementations at the time of configuration.
  • New SHA256-based HMAC transport integrity modes. You can add these modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
  • No need to maintain /dev/log inside the chroot for the pre-authentication sshd(8) privilege separation slave process anymore. It now logs automatically via a socket shared with the master process.
  • Warning from ssh(1) when a server refuses X11 forwarding.
  • Multiple paths for sshd_config(5)’s AuthorizedKeysFile, UserKnownHostsFile and GlobalKnownHostsFile. AuthorizedKeysFile2, UserKnownHostsFile2 and GlobalKnownHostsFile2 are belittled.
  • Retention of key comments when loading v.2 keys, visible in “ssh-add -l”.
  • Set IPv6 traffic class from IPQoS as well as IPv4 ToS/DSCP in ssh(1) and sshd(8).
  • Expanding ControlPath option for ssh_config(5).
  • Support for negated Host matching by ssh_config(5).
  • Introduction of a new RequestTTY option for ssh_config(5).
  • sshd(8) now allows GSSAPI authentication to detect a server failures.
  • Option to generate the host keys for each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist.
  • ssh(1) now allows shutdown of multiplexing without killing the existing documents.
  • ssh-add(1) now accepts keys through standard input.
  • Removed support for ssh-rand-helper. OpenSSH now obtains its random numbers directly from OpenSSL or from a PRNGd/EGD instance specified at configure time.
  • Updated .spec and init files for Linux.
  • Added ECDSA key generation to the Cygwin ssh-{host,user}-config scripts.

Bug Fixes

  • SELinux support code compilation error.
  • Fix build errors on platforms without dlopen().
  • Improved SELinux error messages in context change failures.
  • Improved suppress error messages when attempting to change from the “unconfined_t” type.
  • sshd(8) now resets the SELinux process execution context before executing passwd for password changes.
  • gcc 4 or higher now tests only the corresponding “-W-option”.

So this is a huge changelog and that means SSH has worked big time to improve network security. However, there always remains room for improvement and correspondingly, it is possible that there still remains some bugs in this latest bulid. OpenSSH welcomes constructive feedback and if you find any bugs, you can report them directly to OpenSSH.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

tags

Related News

A product image of the Apple Vision Pro, which resembles a large pair of black goggles.
Apple Vision Pro app developers are blocked from certain data, but users should be grateful
Rachael Davies
Around 45k Jenkins servers still vulnerable to attacks due to critical flaw. Hacker in black hoodie on laptop with Jenkins butler logo image on screen and room of servers in the background.
Around 45k Jenkins servers still vulnerable to attacks due to critical flaw
Suswati Basu
Cubic Telecoms chief executive Barry Napier, left, and chief operating officer Shane Sorohan
Cubic Telecom: SoftBank buys 51% stake in Irish firm
Graeme Hanna
Unlock AdTech tools
Unlock AdTech with 7 best AI tools in 2023 and beyond
Arpit Jain
Remote Developers
The Rise of Remote Developers: Trends and Statistics
Elijahj Williams

Most Popular Tech Stories

Latest News

A photograph of Creality's K1C with the Space Pi Filament Dryer
AR/VR

How to make your own Meta Quest 3 3D printed accessories on Creality's K1C 3D Printer
Paul McNally13 hours

We have covered various aspects of 3D printing here at Readwrite over the last few months, looking mainly at how to use different 3D printers for different projects to create...

Popular TopicsArrow right.svg

AI
AI
AR / VR
AR / VR
Cryptocurrency
Cryptocurrency
Gaming
Gaming
Smartphone
Smartphone
Gambling
Gambling
Wearables
Wearables
Web
Web

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.