Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSH 5.4 Released

Posted by timothy on from the but-it's-secret dept.

HipToday writes "As posted on the OpenBSD Journal, OpenSSH 5.4 has been released: 'Some highlights of this release are the disabling of protocol 1 by default, certificate authentication, a new "netcat mode," many changes on the sftp front (both client and server) and a collection of assorted bugfixes. The new release can already be found on a large number of mirrors and of course on www.openssh.com.'"

4 of 127 comments (clear)

  1. Cygwin's package was updated, too by klui · · Score: 4, Interesting

    The read-only feature of sftp makes it almost a replacement for anonymous ftp. Too bad it appears to be a global setting.

    1. Re:Cygwin's package was updated, too by Sancho · · Score: 4, Interesting

      Could you not do this with a combination of Match User and ForceCommand directives? Something like:

      Match User anonymous
              ForceCommand sftp-server -R
              ChrootDirectory /home/anonymous

  2. Please note: by Anonymous Coward · · Score: 5, Interesting

    A brief quote from the project's home page:
    Please take note of our Who uses it page, which list just some of the vendors who incorporate OpenSSH into their own products -- as a critically important security / access feature -- instead of writing their own SSH implementation or purchasing one from another vendor. This list specifically includes companies like Cisco, Juniper, Apple, Red Hat, and Novell; but probably includes almost all router, switch or unix-like operating system vendors. In the 10 years since the inception of the OpenSSH project, these companies have contributed not even a dime of thanks in support of the OpenSSH project (despite numerous requests).

    So go and DONATE, as i've just done.

  3. Re:Thank you Open SSH devs by overlordofmu · · Score: 3, Interesting

    In my case, they block YouTube with a bogus DNS resolution. Internal DNS gives a intranet IP address (which gives a default intranet page) and my home server DNS gives the correct IP address(es). I tested this again, just now, and YouTube only works for me with that setting ("network.proxy.socks_remote_dns" as true) and is blocked if it is changed to false (which I believe is the default).

    I am using Firefox version 3.5.8, 32-bit, for x86.

    It seems, within Firefox itself, that your DNS queries with SOCKS 5 proxies still use the system default DNS and not the proxy DNS, but I could not say for sure without testing your machine. In my case, I am certain that Firefox is using the system DNS unless I change this setting from its default in Firefox. (I am certain because I just tested it 5 minutes ago.) Also, YouTube works without a proxy if I use the OpenDNS.org DNS servers in my Windows TCP/IP settings. (But then no intranet DNS queries work because OpenDNS knows nothing of our 10.*.*.* intranet.)

    Again, I am only speculating, but please consider than your DNS queries are not being proxied and are evidence of where you surf even if your traffic is SSHed.

    A final note, when I am really feeling paranoid about my surfing there is the AES 256-bit loopback block device that hold a Linux install on the work laptop. That way, there is no browser history to be searched by corporate. Hell, there is no Linux to be found; it looks like a whole partition of garbage without the decryption keys. It won't boot without them. However, I am developing for Windows on Windows, so the Linux boots are a rarity these days.