2019獨角獸企業重金招聘Python工程師標準>>>

OpenSSH（Open Secure Shell）是使用SSH透過計算機網絡加密通訊的實現。它是取代由SSH Communications Security所提供的商用版本的開放源代碼方案。目前OpenSSH是OpenBSD的子計劃。

遠程登錄工具OpenSSH 6.7發布。2014-10-07 上個版本是2014-03-16的6.6 新特性有sftp支持上傳斷點續傳,支持Unix domain socket轉發,新的PermitUserRC參數,支持ED25519類型的SSHFP DNS記錄等.

完全改進：

OpenSSH 6.7 has just been released. It will be available from the

mirrors listed at http://www.openssh.com/ shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their

continued support of the project, especially those who contributed

code or patches, reported bugs, tested snapshots or donated to the

project. More information on donations may be found at:

http://www.openssh.com/donations.html

Changes since OpenSSH 6.6

=========================

Potentially-incompatible changes

?* sshd(8): The default set of ciphers and MACs has been altered to

? ?remove unsafe algorithms. In particular, CBC ciphers and arcfour*

? ?are disabled by default.

? ?The full set of algorithms remains available if configured

? ?explicitly via the Ciphers and MACs sshd_config options.

?* sshd(8): Support for tcpwrappers/libwrap has been removed.

?* OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections

? ?using the curve25519-sha256@libssh.org KEX exchange method to fail

? ?when connecting with something that implements the specification

? ?correctly. OpenSSH 6.7 disables this KEX method when speaking to

? ?one of the affected versions.

New Features

?* Major internal refactoring to begin to make part of OpenSSH usable

? ?as a library. So far the wire parsing, key handling and KRL code

? ?has been refactored. Please note that we do not consider the API

? ?stable yet, nor do we offer the library in separable form.

?* ssh(1), sshd(8): Add support for Unix domain socket forwarding.

? ?A remote TCP port may be forwarded to a local Unix domain socket

? ?and vice versa or both ends may be a Unix domain socket.

?* ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for

? ?ED25519 key types.

?* sftp(1): Allow resumption of interrupted uploads.

?* ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it

? ?is the same as the one sent during initial key exchange; bz#2154

?* sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind

? ?addresses when GatewayPorts=no; allows client to choose address

? ?family; bz#2222

?* sshd(8): Add a sshd_config PermitUserRC option to control whether

? ?~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys

? ?option; bz#2160

?* ssh(1): Add a %C escape sequence for LocalCommand and ControlPath

? ?that expands to a unique identifer based on a hash of the tuple of

? ?(local host, remote user, hostname, port). Helps avoid exceeding

? ?miserly pathname limits for Unix domain sockets in multiplexing

? ?control paths; bz#2220

?* sshd(8): Make the "Too many authentication failures" message

? ?include the user, source address, port and protocol in a format

? ?similar to the authentication success / failure messages; bz#2199

?* Added unit and fuzz tests for refactored code. These are run

? ?automatically in portable OpenSSH via the "make tests" target.

Bugfixes

?* sshd(8): Fix remote forwarding with the same listen port but

? ?different listen address.

?* ssh(1): Fix inverted test that caused PKCS#11 keys that were

? ?explicitly listed in ssh_config or on the commandline not to be

? ?preferred.

?* ssh-keygen(1): Fix bug in KRL generation: multiple consecutive

? ?revoked certificate serial number ranges could be serialised to an

? ?invalid format. Readers of a broken KRL caused by this bug will

? ?fail closed, so no should-have-been-revoked key will be accepted.

?* ssh(1): Reflect stdio-forward ("ssh -W host:port ...") failures in

? ?exit status. Previously we were always returning 0; bz#2255

?* ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly in the

? ?randomart border; bz#2247

?* ssh-agent(1): Only cleanup agent socket in the main agent process

? ?and not in any subprocesses it may have started (e.g. forked

? ?askpass). Fixes agent sockets being zapped when askpass processes

? ?fatal(); bz#2236

?* ssh-add(1): Make stdout line-buffered; saves partial output getting

? ?lost when ssh-add fatal()s part-way through (e.g. when listing keys

? ?from an agent that supports key types that ssh-add doesn't);

? ?bz#2234

?* ssh-keygen(1): When hashing or removing hosts, don't choke on

? ?@revoked markers and don't remove @cert-authority markers; bz#2241

?* ssh(1): Don't fatal when hostname canonicalisation fails and a

? ?ProxyCommand is in use; continue and allow the ProxyCommand to

? ?connect anyway (e.g. to a host with a name outside the DNS behind

? ?a bastion)

?* scp(1): When copying local->remote fails during read, don't send

? ?uninitialised heap to the remote end.

?* sftp(1): Fix fatal "el_insertstr failed" errors when tab-completing

? ?filenames with ?a single quote char somewhere in the string;

? ?bz#2238

?* ssh-keyscan(1): Scan for Ed25519 keys by default.

?* ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver, down-

? ?convert any certificate keys to plain keys and attempt SSHFP

? ?resolution. ?Prevents a server from skipping SSHFP lookup and

? ?forcing a new-hostkey dialog by offering only certificate keys.

? ? ?

?* sshd(8): Avoid crash at exit via NULL pointer reference; bz#2225

?* Fix some strict-alignment errors.

Portable OpenSSH

?* Portable OpenSSH now supports building against libressl-portable.

?* Portable OpenSSH now requires openssl 0.9.8f or greater. Older

? ?versions are no longer supported.

?* In the OpenSSL version check, allow fix version upgrades (but not

? ?downgrades. Debian bug #748150.

?* sshd(8): On Cygwin, determine privilege separation user at runtime,

? ?since it may need to be a domain account.

?* sshd(8): Don't attempt to use vhangup on Linux. It doesn't work for

? ?non-root users, and for them it just messes up the tty settings.

?* Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is

? ?available. It considers time spent suspended, thereby ensuring

? ?timeouts (e.g. for expiring agent keys) fire correctly. ?bz#2228

?* Add support for ed25519 to opensshd.init init script.

?* sftp-server(8): On platforms that support it, use prctl() to

? ?prevent sftp-server from accessing /proc/self/{mem,maps}

下載：ftp://ftp.openbsd.com/pub/OpenBSD/OpenSSH/portable/openssh-6.7p1.tar.gz

如果想深入體驗LINUX系統的新手，也可以先下載一個方德Linux軟件中心試用一下。

免費下載地址：http://www.nfs-cloud.cn:81/appCenter/open/softcenter

轉載于:https://my.oschina.net/foundation00523wuxi/blog/651144

總結

以上是生活随笔為你收集整理的OpenSSH 6.7 发布 开源ssh服务器软件的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。