Ssh 1.2.23 release notes

SECURITY
========

* Fixed no-port-forwarding so that it will also disable local port
 forwardings at the server side.

* Added GatewayPorts option and -g option from Steve Bellovin
 <[email protected]>. After this all port forwardings are bind to
 localhost address only, unless -g option is given.


SSHD
====

* Added .rhosts to understand #-comment in the end of the line.
 Patch from <[email protected]>.

* Added setting of REMOTEUSER environment variable name if remote
 username available.

* Added configure option --with-nologin-allow[=/etc/nologin.allow]
 to have sshd read the given file for a list of usernames exempt from
 /etc/nologin. This allows administrators retain remote access in the
 case of needed maintainence when users needed to not be on the
 system. Jointly created by Philip Kizer <[email protected]> and
 <[email protected]>.

* Added IgnoreRootRhosts option to server config file. Patch from
 Luke Mewburn <[email protected]>.

* Added ssh version 2 compat option. The ssh2 will start ssh1 with -V
 option if the client is not ssh2 client.

* Added code that will ignore the string given to SSH_MSG_IGNORE.
 Bug reported by Bernard Perrot <[email protected]>.

* Check that proxy command isn't empy before starting it. Patch
 from Chuck Goodhart <[email protected]>.

* Added patch from Bill O'Neill <[email protected]>
 that will fix the Digital Unix 4.0 C2 password expiration problems.

* Patch from John P.Speno <[email protected]> to allow osf c2
 resources to be set to 0.

* Added checking of system default lock from John P.Speno
 <[email protected]>.

* Added patch that will force password change if OSF C2 password
 is expired. Patch from Florian Fuchs.

* Added libwrap calls to debug mode sshd also.

* Added code that will set resource limits under BSD/OS. Patch
 from Payl Borman <[email protected]>.

* Added setting of AUTHSTATE and KRB5CCNAME environment variables
 if we have authenticate() in AIX. Patch from Matt Richards
 ([email protected]).

* FreeBSD /etc/login.conf capabilities patches from Steve Birnbaum
 <[email protected]> and [email protected].

* Fixed idle_timeout code in serverloop.c. Patch from Bob Goellner
 <[email protected]>.

* Moved initgroups before closing all filedescriptors. Patch from
 Donald Buczek <[email protected]>.

* Combined two getpwent calls in the ssh.c to get around bug in
 red hat 4.2 nis library.

* Added using of aix authenticate function if it exists from Matt
 Richards ([email protected]).

* Added check that kerberos initialization succeeds from Dima
 Ruban ([email protected]).

* Added check that .rhosts/.shosts file cannot have any other
 control characters except whitespaces.

* includes.h (S_ISLNK): Fixed bug reported by Paul J. Sanchez
 <[email protected]>.


AGENT
=====

* Fixed too early free of authsocket in the authfd.c (reported by
 many people).

* Added grabbing of keyboard in ssh-askpass. Patch from Raymund
 Will <[email protected]>.

* Allow authentication socket to be symlink, if we are not suid.
 Patch from Steve Birnbaum <[email protected]>.


SSH
===

* Configurable password prompt from Maciej W. Rozycki
 <[email protected]>.

* Added setsid patch for -f option in ssh from Garance A Drosehn
 <[email protected]>.

* Disabled TCP_NODELAY and added --enable-tcp-nodelay configure
 option to enable it again (Sean Doran <[email protected]>).


SCP
===

* Fixed 2 GB file handling in scp. Bug reported by Anthony
 Talltree <[email protected]>.


MAKE-KNOWN-HOSTS.PL
===================

* Fixed make-known-hosts.pl so that it will first send SIGINT to
 ssh and then wait 1 second before sending SIGKILL. This will allow
 ssh-client to die cleanly and restore the terminal settings before
 exiting.


CONFIGURE
=========

* Added cray T3E patches from Kaj Mustikkam�ki
 ([email protected]).

* Added socks5 with kerberos patches from E. Jay Berkenbilt
 <[email protected]>.

* Added dectection of ttyslot function in the configure.in. Use it if
 found.

* Added support for X11 socket being in the /var/X/.X11-unix
 instead of /tmp/.X11-unix directory ([email protected]).


GENERAL
=======

* Make make install compatible with ssh-2. It will now install the
 binaries as <program>1 and if the <program>2 already exists it
 doesn't do anything more. If <program>2 does not exists, make
 install will make a symbolic link from <program> to <program>1. This
 means that if you have ssh2 installed then the make install doesn't
 touch ssh-program, it will just install itself as ssh1. You can
 manually change the ssh link to point either ssh1 or ssh2.


REMEMBER
========

* Ssh compilation success/failure web-page. You can fill in the reply
 form about your compilation at
 <URL:http://www.ssh.net/ssh_form.html>. You can query about the
 success/failure database from
 <URL:http://www.ssh.net/ssh_query.html>.

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.