#
edf85781 |
|
09-Oct-2023 |
Ed Maste <emaste@FreeBSD.org> |
ssh: Update to OpenSSH 9.5p1 Excerpts from the release notes: Potentially incompatible changes -------------------------------- * ssh-keygen(1): generate Ed25519 keys by default. [NOTE: This change was already merged into FreeBSD.] * sshd(8): the Subsystem directive now accurately preserves quoting of subsystem commands and arguments. New features ------------ * ssh(1): add keystroke timing obfuscation to the client. * ssh(1), sshd(8): Introduce a transport-level ping facility. * sshd(8): allow override of Sybsystem directives in sshd Match blocks. Full release notes at https://www.openssh.com/txt/release-9.5 Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
38a52bd3 |
|
19-Oct-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH 9.1p1 Release notes are available at https://www.openssh.com/txt/release-9.1 9.1 contains fixes for three minor memory safety problems; these have lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base system. Some highlights copied from the release notes: Potentially-incompatible changes -------------------------------- * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are now first-match-wins to match other directives. Previously if an environment variable was multiply specified the last set value would have been used. bz3438 * ssh-keygen(8): ssh-keygen -A (generate all default host key types) will no longer generate DSA keys, as these are insecure and have not been used by default for some years. New features ------------ * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA key length. Keys below this length will be ignored for user authentication and for host authentication in sshd(8). * sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. * sftp(1): use "users-groups-by-id@openssh.com" sftp-server extension (when available) to fill in user/group names for directory listings. * sftp-server(8): support the "home-directory" extension request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing "expand-path@openssh.com", but some other clients support it. * ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3" * ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent; bz3429 MFC after: 2 weeks Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
87c1498d |
|
15-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v9.0p1 Release notes are available at https://www.openssh.com/txt/release-9.0 Some highlights: * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key exchange method by default ("sntrup761x25519-sha512@openssh.com"). The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be discovered in the future. The combination ensures that the hybrid exchange offers at least as good security as the status quo. * sftp-server(8): support the "copy-data" extension to allow server- side copying of files/data, following the design in draft-ietf-secsh-filexfer-extensions-00. bz2948 * sftp(1): add a "cp" command to allow the sftp client to perform server-side file copies. This commit excludes the scp(1) change to use the SFTP protocol by default; that change will immediately follow. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
1323ec57 |
|
13-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
557f75e5 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.9p1.
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
a0ee8cc6 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported. MFC after: 1 week
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
e4a9863f |
|
21-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to 6.3p1. Approved by: re (gjb)
|
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
e3ae3b09 |
|
22-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Properly flatten openssh/dist. |
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1. |
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1. |
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1. |
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1. |
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1. |
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1 |
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson |
#
38a52bd3 |
|
19-Oct-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH 9.1p1 Release notes are available at https://www.openssh.com/txt/release-9.1 9.1 contains fixes for three minor memory safety problems; these have lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base system. Some highlights copied from the release notes: Potentially-incompatible changes -------------------------------- * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are now first-match-wins to match other directives. Previously if an environment variable was multiply specified the last set value would have been used. bz3438 * ssh-keygen(8): ssh-keygen -A (generate all default host key types) will no longer generate DSA keys, as these are insecure and have not been used by default for some years. New features ------------ * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA key length. Keys below this length will be ignored for user authentication and for host authentication in sshd(8). * sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. * sftp(1): use "users-groups-by-id@openssh.com" sftp-server extension (when available) to fill in user/group names for directory listings. * sftp-server(8): support the "home-directory" extension request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing "expand-path@openssh.com", but some other clients support it. * ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3" * ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent; bz3429 MFC after: 2 weeks Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
87c1498d |
|
15-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v9.0p1 Release notes are available at https://www.openssh.com/txt/release-9.0 Some highlights: * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key exchange method by default ("sntrup761x25519-sha512@openssh.com"). The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be discovered in the future. The combination ensures that the hybrid exchange offers at least as good security as the status quo. * sftp-server(8): support the "copy-data" extension to allow server- side copying of files/data, following the design in draft-ietf-secsh-filexfer-extensions-00. bz2948 * sftp(1): add a "cp" command to allow the sftp client to perform server-side file copies. This commit excludes the scp(1) change to use the SFTP protocol by default; that change will immediately follow. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
1323ec57 |
|
13-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
557f75e5 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.9p1.
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
a0ee8cc6 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported. MFC after: 1 week
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
e4a9863f |
|
21-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to 6.3p1. Approved by: re (gjb)
|
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
e3ae3b09 |
|
22-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Properly flatten openssh/dist. |
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1. |
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1. |
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1. |
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1. |
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1. |
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1 |
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson |
#
87c1498d |
|
15-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v9.0p1 Release notes are available at https://www.openssh.com/txt/release-9.0 Some highlights: * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key exchange method by default ("sntrup761x25519-sha512@openssh.com"). The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be discovered in the future. The combination ensures that the hybrid exchange offers at least as good security as the status quo. * sftp-server(8): support the "copy-data" extension to allow server- side copying of files/data, following the design in draft-ietf-secsh-filexfer-extensions-00. bz2948 * sftp(1): add a "cp" command to allow the sftp client to perform server-side file copies. This commit excludes the scp(1) change to use the SFTP protocol by default; that change will immediately follow. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
1323ec57 |
|
13-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
557f75e5 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.9p1.
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
a0ee8cc6 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported. MFC after: 1 week
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
e4a9863f |
|
21-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to 6.3p1. Approved by: re (gjb)
|
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
e3ae3b09 |
|
22-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Properly flatten openssh/dist. |
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1. |
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1. |
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1. |
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1. |
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1. |
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1 |
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson |
#
1323ec57 |
|
13-Apr-2022 |
Ed Maste <emaste@FreeBSD.org> |
ssh: update to OpenSSH v8.9p1 Release notes are available at https://www.openssh.com/txt/release-8.9 Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar. Future deprecation notice ========================= A near-future release of OpenSSH will switch scp(1) from using the legacy scp/rcp protocol to using SFTP by default. Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. "scp host:* .") through the remote shell. This has the side effect of requiring double quoting of shell meta-characters in file names included on scp(1) command-lines, otherwise they could be interpreted as shell commands on the remote side. MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation
|
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
557f75e5 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.9p1.
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
a0ee8cc6 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported. MFC after: 1 week
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
e4a9863f |
|
21-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to 6.3p1. Approved by: re (gjb)
|
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
e3ae3b09 |
|
22-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Properly flatten openssh/dist. |
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1. |
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1. |
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1. |
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1. |
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1. |
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1 |
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson |
#
19261079 |
|
07-Sep-2021 |
Ed Maste <emaste@FreeBSD.org> |
openssh: update to OpenSSH v8.7p1 Some notable changes, from upstream's release notes: - sshd(8): Remove support for obsolete "host/port" syntax. - ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes". - ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. - ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures. - ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one). - ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions. - scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default. - scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used. Additional integration work is needed to support FIDO/U2F in the base system. Deprecation Notice ------------------ OpenSSH will disable the ssh-rsa signature scheme by default in the next release. Reviewed by: imp MFC after: 1 month Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D29985
|
#
acc1a9ef |
|
10-Mar-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 7.2p2.
|
#
557f75e5 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.9p1.
|
#
bc5531de |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.8p1.
|
#
a0ee8cc6 |
|
19-Jan-2016 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.7p1, retaining libwrap support (which has been removed upstream) and a number of security fixes which we had already backported. MFC after: 1 week
|
#
f7167e0e |
|
31-Jan-2014 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 6.5p1.
|
#
e4a9863f |
|
21-Sep-2013 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to 6.3p1. Approved by: re (gjb)
|
#
4a421b63 |
|
04-May-2011 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.8p2.
|
#
b15c8340 |
|
09-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.4p1. MFC after: 1 month
|
#
d4af9e69 |
|
31-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Upgrade to OpenSSH 5.1p1. I have worked hard to reduce diffs against the vendor branch. One notable change in that respect is that we no longer prefer DSA over RSA - the reasons for doing so went away years ago. This may cause some surprises, as ssh will warn about unknown host keys even for hosts whose keys haven't changed. MFC after: 6 weeks
|
#
e3ae3b09 |
|
22-Jul-2008 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Properly flatten openssh/dist. |
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1. |
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1. |
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1. |
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1. |
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1. |
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1 |
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson |
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
124981e1 |
|
21-Apr-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
MFH OpenSSH 5.4p1
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
043840df |
|
03-Sep-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.2p1.
|
#
5e8dbd04 |
|
05-Jun-2005 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 4.0p1.
|
#
efcad6b7 |
|
26-Feb-2004 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.8p1.
|
#
4b17dab0 |
|
29-Oct-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH-portable 3.5p1.
|
#
ee21a45f |
|
29-Jun-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.4p1.
|
#
ae1f160d |
|
18-Mar-2002 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Vendor import of OpenSSH 3.1
|
#
1e8db6e2 |
|
03-May-2001 |
Brian Feldman <green@FreeBSD.org> |
Say "hi" to the latest in the OpenSSH series, version 2.9! Happy birthday to: rwatson
|