Slashdot Mirror


OpenSSH 5.4 Released

HipToday writes "As posted on the OpenBSD Journal, OpenSSH 5.4 has been released: 'Some highlights of this release are the disabling of protocol 1 by default, certificate authentication, a new "netcat mode," many changes on the sftp front (both client and server) and a collection of assorted bugfixes. The new release can already be found on a large number of mirrors and of course on www.openssh.com.'"

6 of 127 comments (clear)

  1. New, Problematic Protocol Introduced by jfjfjdk · · Score: -1, Troll
    Available here. What's missing from this PROTOCOL.agent document?
    • Any sign it's been reviewed by competent cryptographers.
    • Any discussion of weaknesses, implementation errors to avoid, etc.
    • Any plausible arguments that the extra lines of code needed for X.509 really outweigh the benefits of 22 years of review and practice.

    Use at your own risk.

  2. Re:Please note: by Anonymous Coward · · Score: 0, Troll

    Of course the license document included with this software spells out exactly what conditions the devs have placed on distribution, preparation of derivative works, etc. If they had wanted to, they could have required these companies to pay, or to provide source code, or whatever. They already made their choice; it's not really fair to whine about it now.

  3. Re:Please note: by FuckingNickName · · Score: -1, Troll

    They have donated by giving credibility to the project by choosing to use it; this in turn increases the number of eyes testing and contributing towards bug fixes and improvements. This is precisely the way that BSD-derived licenses work: the only thing you can expect is acknowledgement, and the only thing you can hope for is patches. To release under a licence which makes no accommodation whatever for financial compensation then write what comes down to a complaint that people aren't paying you is quite unreasonable.

    If it bothers you that Apple, Red Hat, Cisco, Juniper, and Novell aren't sending you a check in the mail, how about you change your license to make them pay: if it is cheaper for them than forking your code, they'll do it.

    I, for one, would much prefer to contribute toward effort on security at the lower levels rather than a single big tunnel. ssh it is almost as obnoxious as nat in this respect. I also got a bad taste from openssh ever since they disabled the "none" encryption - the amateur radio bands do not allow message encryption, but authentication/signing remains acceptable and useful.

  4. Re:Thank you Open SSH devs by Anonymous Coward · · Score: -1, Troll

    443 from XS4ALL is an SSL (well HTTPS) daemon, not an SSH daemon. Please hand in your wannabe sysadmin badge leave slashdot.

  5. Re:Cygwin's package was updated, too by roman_mir · · Score: 0, Troll

    Who is complaining? I am told here; you are not using OpenBSD when I am in fact. There are no obvious errors showing up in the log files, yes, that's my problem. And yes, I had someone look at it who is more experienced that I am in setting up OpenBSD as a firewall and it is a valid thing to do, have another pair of eyes look at it, or are you infallible and never miss something that is obvious for someone else sometimes at the first glance? Geez, to talk to you people here, you are gods.

  6. Re:Cygwin's package was updated, too by roman_mir · · Score: 0, Troll

    yes, thank you, Sherlock, what would I ever do without random advice from /. To think, how did I manage to have an OpenBSD box as a firewall since August and never needed to look at the log files through tcpdump? That's it, you have solved it for me.