OpenSSH 5.4 Released

← Back to Stories (view on slashdot.org)

Posted by timothy on Wednesday March 10, 2010 @08:40AM from the but-it's-secret dept.

HipToday writes "As posted on the OpenBSD Journal, OpenSSH 5.4 has been released: 'Some highlights of this release are the disabling of protocol 1 by default, certificate authentication, a new "netcat mode," many changes on the sftp front (both client and server) and a collection of assorted bugfixes. The new release can already be found on a large number of mirrors and of course on www.openssh.com.'"

5 of 127 comments (clear)

Min score:

Reason:

Sort:

SFTP improvements by Ponga · 2010-03-10 08:51 · Score: 3, Informative

FTFA:

* Many improvements to the sftp(1) client, many of which were implemented by Carlos Silva through the Google Summer of Code program:...

... - Add recursive transfer support for get/put and on the commandline
(Alas!!)

Whole host of other improvements and bugfixes; give it read if SSH is pertinent to your environment....
Re:New, Problematic Protocol Introduced by OttoM · 2010-03-10 09:11 · Score: 3, Informative

No X.509 certificates are used. Please study the changes before you comment based on false assumptions. Also, the agent protocol exists for quite a while now, it is not new.
Thank you Open SSH devs by overlordofmu · 2010-03-10 09:15 · Score: 5, Informative

I am reading this article and posting to it through a ssh tunnel using OpenSSH on a Gentoo Linux server at home and putty.exe on a work laptop running XP Pro at work.

Firefox sees it as a SOCKS 5 proxy at localhost. The tricky part was setting the config key in Firefox called "network.proxy.socks_remote_dns" to true. (Navigate to about:config and filter for "proxy" to find this setting quickly). The corporate network admins use bogus DNS resolution as a firewall.

I love you, OpenSSH devs. I sincerely thank you.
1. Re:Thank you Open SSH devs by Sancho · 2010-03-10 10:03 · Score: 2, Informative
  
  Are you sure they're going through the proxy out of the box? My Firefox had that configuration knob set to "false" by default, and DNS queries are definitely hitting my company's DNS server.
  If I tune the knob to true, they go through the proxy.
  Both cases verified with tcpdump.
history of FTP by Anonymous Coward · 2010-03-10 11:16 · Score: 2, Informative

FTP is a fucking mess, I hate it, I wish I could kill it today everywhere. It is a disaster to manage with a firewall. The horrendous idea of using separate random ports for data connection vs control connections, the active/passive methods, it's is pure evil.
At the time of its invention FTP's design made sense.
TCP allows bi-directional traffic on a port, but TCP was not invented when FTP was first created (1971). The protocol that was around only allowed one-way transmission of data on any connection. So when you FTPed into a machine, and server had to open a connection back to the client to return any data.
Also remember that firewalls were also not invented until the late '80s (earlier '90s?), so the blocking of connections back to the client weren't an issue. It was only later on (mid-'90s) where the combination of active/passive modes and security lock downs became a headache.
By that time there was a large amount of inertial behind FTP--and remember that HTTP was mostly still young in the '90s as well, and the read/write web wasn't that all that popular (and even things like WebDAV isn't used a lot even now).
So while I fell your pain (I'm a sys admin), there aren't / weren't that many alternatives.