This is the mail archive of the cygwin@sources.redhat.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]

[ANN]: Testversion OpenSSH-20010202


Hi,

I have just uploaded a new version of OpenSSH.

**********************************************************************
***            Please note that this is a TEST VERSION.            ***
**********************************************************************

It's not a final version but is created from the current OpenSSH
CVS repository. I have added this version here to allow a bit of
testing what will be new in the next official version of OpenSSH
which will be 2.4.0p1.

To update your installation, click on the "Install Cygwin now" link on
the http://sources.redhat.com/cygwin web page.  This downloads setup.exe
to your system. Run setup and answer all of the questions.

**********************************************************************
*** PLEASE, PLEASE, PLEASE, choose a mirror site for your download ***
**********************************************************************

even if it might take a will until this new archive is propagated
to the mirrors. The 'sources.redhat.com' site is badly overloaded.

Ok, what's new and of interest:

- This is the first Cygwin OpenSSH version compiled using OpenSSL-0.9.6.

- This version is compiled using socketpairs, not pipes.

- ssh-config is now substituted by ssh-host-config and ssh-user-config.

  Read http://cygwin.com/ml/cygwin/2001-01/msg00357.html for more
  information on this.

- F-SECURE 2.0.12 support. This means, that SSH2 authentication
  with F-SECURE is possible now. This should work in both
  directions. Personally I have only tested the client side.

- -R portforwarding using SSH2 protocol.

- New SSH2 RSA authentication.

  ********************************************************************
  *** Note, that the SSH2 RSA keys are not compatible to the SSH2  ***
  *** RSA keys of the previous test version 20001221!!! There's no ***
  *** chance to interoperate between that two versions using the   ***
  *** SSH2 RSA keys. You will have to erase all old SSH2 RSA keys  ***
  *** on your machines and recreate them using the new version of  ***
  *** ssh-keygen. You also have to delete them from all your       ***
  *** authorized_keys2 and known_hosts2 files.                     ***
  *** The reason for that change is to make the SSH2 RSA key       ***
  *** format conforming to the ietf-drafts.                        ***
  ********************************************************************

  The new RSA authentications works similar to the current SSH2 DSA
  keys, but requires a little modification to config files. Currently
  RSA key cannot be shared between SSH1 and SSH2.

  To generate keys, ssh-keygen now has a type '-t' parameter. Valid
  types are 'rsa1' (for SSH1 RSA keys), 'rsa' (SSH2 RSA) and 'dsa'
  (SSH2 DSA). Eg. "ssh-keygen -t rsa -f ~/.ssh/id_rsa" will generate
  a new SSH2 RSA key.

  For public key authentication, just copy the public portion of the
  RSA key into your ~/.ssh/authorized_keys2 file. It is normal for the
  public RSA keys to be shorter than DSA keys.

  SSH2 RSA keys are fully supported by ssh-agent. Keys are tried in the
  order in which they are added to the agent, so 'ssh-add' your RSA key
  first if you want to try it out.

  For the server, all hostkeys are now unified and sshd will
  automatically detect the type of a host key. The 'HostDSAKey'
  option is therefore  deprecated in favor of 'HostKey'. To specify
  RSA and DSA keys for SSH2 use, just use more 'HostKey' options.
  The 'DSAAuthentication' option is  deprecated in favour of the
  general 'PubkeyAuthentication' option.

  The host key section of my sshd_config looks like this:

  HostKey /etc/ssh/ssh_host_key
  HostKey /etc/ssh/ssh_host_rsa_key
  HostKey /etc/ssh/ssh_host_dsa_key

  For the client, the 'IdentityFile2' option is deprecated in favor of
  an autodetecting 'IdentityFile' option. You can specify rsa1, dsa and
  rsa keys using this option.

  RSA pubkey auth seems a little quicker than DSA and it is not
  vulnerable to the problems described in the WARNING.RNG file in
  the source archive.

Have fun,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple


--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]