scp(1): fix some corner-case bugs in SFTP-mode handling of ~-prefixed paths. ssh(1): don't put the TTY into raw mode when SessionType=none, avoids ^C being unable to kill such a session. ssh-keysign(1): unbreak for KEX algorithms that use SHA384/51 exchange hashes. rhosts/.shosts files with very long user home directory names. sshd(8): fix possible string truncation when constructing paths to. sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and PubkeyAuthOptions can be used in a Match block. ssh(1): extend the PubkeyAuthentication configuration directive to accept yes|no|unbound|host-bound to allow control over one of the protocol extensions used to implement agent-restricted keys. ssh(1), sshd(8): read data directly to the channel input buffer, providing a similar modest performance improvement. 
Provides a modest performance improvement.
ssh(1), sshd(8): read network data directly to the packet input buffer instead indirectly via a small stack buffer. ssh-keygen(1): allow selection of hash at sshsig signing time (either sha512 (default) or sha256). $SSH_ASKPASS will be used to request the PIN at authentication time. ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added to ssh-agent(1). To be used towards a TOFU model for SSH signatures in git. ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to perform matching of principals names against an allowed signers file. #FREE SSH CLIENT MAC VERIFICATION#
ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys on tokens that provide user verification (UV) on the device itself, including biometric keys, avoiding unnecessary PIN prompts. Avoids keys being clobbered if the user created multiple resident keys with the same application string but different user IDs. 
ssh-keygen(1): when downloading resident keys from a FIDO token, pass back the user ID that was used when the key was created and append it to the filename the key is written to (if it is not the default). 
The next release of OpenSSH is likely to make this key exchange the default method.
ssh(1), sshd(8): add the hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). A detailed description of the feature is available at and the protocol extensions are documented in the PROTOCOL and PROTOCOL.agent files in the source release. ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1).
0 kommentar(er)
