Download OpenSSH 4.7

OpenSSH is a software suite for the SSH protocol with which a higher security can be achieved. Applications such as telnet, rlogin and ftp send data unencrypted over the network, the login data can then be read out in a simple way. With OpenSSH, this data is sent encrypted, so that eavesdropping, connection hijacking and other network-level attacks are no longer possible. In addition, various secure tunneling options and authentication methods are also available. Version 4.7 has recently been released and includes the following announcement:

Security bugs resolved in this release:

• Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec.

Other changes, new functionality and fixes in this release:

• sshd(8) in new installations defaults to SSH Protocol 2 only. Existing installations are unchanged.
• The SSH channel window size has been increased, and both ssh(1) sshd(8) now send window updates more aggressively. These improves performance on high-BDP (Bandwidth Delay Product) networks.
• ssh(1) and sshd(8) now preserve MAC contexts between packets, which saves 2 hash calls per packet and results in 12-16% speedup for arcfour256/hmac-md5.
• A new MAC algorithm has been added, UMAC-64 (RFC4418) as “umac-64 at openssh.com”. UMAC-64 has been measured to be approximately 20% faster than HMAC-MD5.
• A -K flag was added to ssh(1) to set GSSAPIAuthentication=Yes
• Failure to establish a ssh(1) TunnelForward is now treated as a fatal error when the ExitOnForwardFailure option is set.
• ssh(1) returns a sensible exit status if the control master goes away without passing the full exit status. (see #1261)

The following bugs have been fixed in this release:

• When using a ProxyCommand in ssh(1), set the outgoing hostname with gethostname(2), allowing hostbased authentication to work (bz #616)
• Make scp(1) skip FIFOs rather than hanging (bz #856)
• Encode non-printing characters in scp(1) filenames. these could cause copies to be aborted with a “protocol error” (bz #891)
• Handle SIGINT in sshd(8) privilege separation child process to ensure that wtmp and lastlog records are correctly updated (bz #1196)
• Report GSSAPI mechanism in errors, for libraries that support multiple mechanisms (bz #1220)
• Improve documentation for ssh-add(1)’s -d option (bz #1224)
• Rearrange and tidy GSSAPI code, removing server-only code being linked into the client. (see #1225)
• Delay execution of ssh(1)’s LocalCommand until after all forwadings have been established. (see #1232)
• In scp(1), do not truncate non-regular files (bz #1236)
• Improve exit message from ControlMaster clients. (see #1262)
• Prevent sftp-server(8) from reading until it runs out of buffer space, whereupon it would exit with a fatal error. (see #1286)

Portable OpenSSH bug fixed:

• Fix multiple inclusion of paths.h on AIX 5.1 systems. (see #1243)
• Implement getpeerid for Solaris using getpeerucred. Solaris systems will now refuse ssh-agent(1) and ssh(1) ControlMaster clients from different, non-root users (bz #1287)
• Fix compilation warnings by including string.h if found. (see #1294)
• Remove redefinition of _res in getrrsetbyname.c for platforms that already define it. (see #1299)
• Fix spurious “chan_read_failed for istate 3” errors from sshd(8), a side-effect of the “hang on exit” fix introduced in 4.6p1. (see #1306)
• pam_end() was not being called if authentication failed (bz #1322)
• Fix SELinux support when SELinux is in permissive mode. Previously sshd(8) was treating SELinux errors as always fatal. (see #1325)
• Ensure that pam_setcred(…, PAM_ESTABLISH_CRED) is called before pam_setcred(…, PAM_REINITIALIZE_CRED), fixing pam_dhkeys. (see #1339)
• Fix privilege separation on QNX – pre-auth only, this platform does not support file descriptior passing needed for post-auth privilege separation. (see #1343)

[break]