Updated: OpenSSH-6.3p1-1

Corinna Vinschen corinna-cygwin@cygwin.com
Fri Oct 18 10:41:00 GMT 2013

I've just updated the Cygwin version of OpenSSH to 6.3p1-1.

The official upstream release message for 6.3p1:

Changes since OpenSSH 6.2

This release is predominantly a bugfix release:


 * sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted hostkeys,
   or hostkeys on smartcards.

 * ssh(1)/sshd(8): allow optional time-based rekeying via a second argument
   to the existing RekeyLimit option. RekeyLimit is now supported in
   sshd_config as well as on the client.

 * sshd(8): standardise logging of information during user authentication.

   The presented key/cert and the remote username (if available) is now
   logged in the authentication success/failure message on the same log
   line as the local username, remote host/port and protocol in use.
   Certificates contents and the key fingerprint of the signing CA are
   logged too.

   Including all relevant information on a single line simplifies log
   analysis as it is no longer necessary to relate information scattered
   across multiple log entries.

 * ssh(1): add the ability to query which ciphers, MAC algorithms, key
   types and key exchange methods are supported in the binary.

 * ssh(1): support ProxyCommand=- to allow support cases where stdin and
   stdout already point to the proxy.

 * ssh(1): allow IdentityFile=none

 * ssh(1)/sshd(8): add -E option to ssh and sshd to append debugging logs
   to a specified file instead of stderr or syslog.

 * sftp(1): add support for resuming partial downloads using the "reget"
   command and on the sftp commandline or on the "get" commandline using
   the "-a" (append) option.

 * ssh(1): add an "IgnoreUnknown" configuration option to selectively
   suppress errors arising from unknown configuration directives.

 * sshd(8): add support for submethods to be appended to required
   authentication methods listed via AuthenticationMethods.


 * sshd(8): fix refusal to accept certificate if a key of a different type
   to the CA key appeared in authorized_keys before the CA key.

 * ssh(1)/ssh-agent(1)/sshd(8): Use a monotonic time source for timers so
   that things like keepalives and rekeying will work properly over clock
 * sftp(1): update progressmeter when data is acknowledged, not when it's
   sent. bz#2108

 * ssh(1)/ssh-keygen(1): improve error messages when the current user does
   not exist in /etc/passwd; bz#2125

 * ssh(1): reset the order in which public keys are tried after partial
   authentication success.

 * ssh-agent(1): clean up socket files after SIGINT when in debug mode;

 * ssh(1) and others: avoid confusing error messages in the case of broken
   system resolver configurations; bz#2122

 * ssh(1): set TCP nodelay for connections started with -N; bz#2124

 * ssh(1): correct manual for permission requirements on ~/.ssh/config;

 * ssh(1): fix ControlPersist timeout not triggering in cases where TCP
   connections have hung. bz#1917

 * ssh(1): properly deatch a ControlPersist master from its controlling

 * sftp(1): avoid crashes in libedit when it has been compiled with multi-
   byte character support. bz#1990

 * sshd(8): when running sshd -D, close stderr unless we have explicitly
   requested logging to stderr. bz#1976,

 * ssh(1): fix incomplete bzero; bz#2100

 * sshd(8): log and error and exit if ChrootDirectory is specified and
   running without root privileges.

 * Many improvements to the regression test suite. In particular log files
   are now saved from ssh and sshd after failures.

 * Fix a number of memory leaks. bz#1967 bz#2096 and others

 * sshd(8): fix public key authentication when a :style is appended to
   the requested username.

 * ssh(1): do not fatally exit when attempting to cleanup multiplexing-
   created channels that are incompletely opened. bz#2079

Portable OpenSSH:

 * Major overhaul of contrib/cygwin/README

 * Fix unaligned accesses in umac.c for strict-alignment architectures.

 * Enable -Wsizeof-pointer-memaccess if the compiler supports it. bz#2100

 * Fix broken incorrect commandline reporting errors. bz#1448

 * Only include SHA256 and ECC-based key exchange methods if libcrypto has
   the required support.

 * Fix crash in SOCKS5 dynamic forwarding code on strict-alignment

 * A number of portability fixes for Android:
   * Don't try to use lastlog on Android; bz#2111
   * Fall back to using openssl's DES_crypt function on platorms that don't
     have a native crypt() function; bz#2112
   * Test for fd_mask, howmany and NFDBITS rather than trying to enumerate
     the plaforms that don't have them. bz#2085
   * Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is.
   * Add a null implementation of endgrent for platforms that don't have
     it (eg Android) bz#2087
   * Support platforms, such as Android, that lack struct passwd.pw_gecos.


 - SHA1 (openssh-6.3.tar.gz) = 8a6ef99ffc80c19e9afe9fe1e857370f6adcf450
 - SHA1 (openssh-6.3p1.tar.gz) = 70845ca79474258cab29dbefae13d93e41a83ccb

Reporting Bugs:

- Please read http://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
Ben Lindstrom.

To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page.  This downloads setup.exe to your
system.  Then, run setup and answer all of the questions.


If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:


If you need more information on unsubscribing, start reading here:


Please read *all* of the information on unsubscribing that is available
starting at this URL.

Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

More information about the Cygwin-announce mailing list