: Log in!


ウェブ 検索
トップ  >  Linux13歩  >  2013-09-15 opensshのupdate
20130915 openssh-6.3p1にupdateしました

デフォルトの設定ファイルの変更(6.2p2 ~ 6.3p1)

diff -urp ssh62/ssh_config ssh63/ssh_config
--- ssh62/ssh_config	2013-03-24 12:52:49.000000000 +0900
+++ ssh63/ssh_config	2013-09-14 12:05:17.000000000 +0900
@@ -1,4 +1,4 @@
-#	$OpenBSD: ssh_config,v 1.26 2010/01/11 01:39:46 dtucker Exp $
+#	$OpenBSD: ssh_config,v 1.27 2013/05/16 02:00:34 dtucker Exp $
 # This is the ssh client system-wide configuration file.  See
 # ssh_config(5) for more information.  This file provides defaults for
@@ -45,3 +45,4 @@
 #   PermitLocalCommand no
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
+#   RekeyLimit 1G 1h
diff -urp ssh62/sshd_config ssh63/sshd_config
--- ssh62/sshd_config	2013-03-24 12:52:49.000000000 +0900
+++ ssh63/sshd_config	2013-09-14 12:05:17.000000000 +0900
@@ -1,4 +1,4 @@
-#	$OpenBSD: sshd_config,v 1.89 2013/02/06 00:20:42 dtucker Exp $
+#	$OpenBSD: sshd_config,v 1.90 2013/05/16 04:09:14 dtucker Exp $
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -29,6 +29,9 @@
 #KeyRegenerationInterval 1h
 #ServerKeyBits 1024
+# Ciphers and keying
+#RekeyLimit default none
 # Logging
 # obsoletes QuietMode and FascistLogging
 #SyslogFacility AUTH


Changes since OpenSSH 6.2

This release is predominantly a bugfix release:


 * sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
   or hostkeys on smartcards.

 * ssh(1)/sshd(8): allow optional time-based rekeying via a second argument
   to the existing RekeyLimit option. RekeyLimit is now supported in
   sshd_config as well as on the client.

 * sshd(8): standardise logging of information during user authentication.

   The presented key/cert and the remote username (if available) is now
   logged in the authentication success/failure message on the same log
   line as the local username, remote host/port and protocol in use.
   Certificates contents and the key fingerprint of the signing CA are
   logged too.

   Including all relevant information on a single line simplifies log
   analysis as it is no longer necessary to relate information scattered
   across multiple log entries.

 * ssh(1): add the ability to query which ciphers, MAC algorithms, key
   types and key exchange methods are supported in the binary.

 * ssh(1): support ProxyCommand=- to allow support cases where stdin and
   stdout already point to the proxy.

 * ssh(1): allow IdentityFile=none

 * ssh(1)/sshd(8): add -E option to ssh and sshd to append debugging logs
   to a specified file instead of stderr or syslog.

 * sftp(1): add support for resuming partial downloads using the "reget"
   command and on the sftp commandline or on the "get" commandline using
   the "-a" (append) option.

 * ssh(1): add an "IgnoreUnknown" configuration option to selectively
   suppress errors arising from unknown configuration directives.

 * sshd(8): add support for submethods to be appended to required
   authentication methods listed via AuthenticationMethods.


投票数:27 平均点:4.07
2013-09-09 phpmyadminのupdate
2013-09-20 bindのupdate