Download

More Information

lsh

Changes: A denial of service bug in lshd has been fixed. A bug in lsh-make-seed that could make the program go into an infinite loop on read errors has been fixed. lsh now asks for passwords also in quiet (-q) mode, as described in the manual. Control character filtering used to sometimes consider newlines as dangerous control characters. Now newlines should be displayed normally.

Changes: Several programs have new default behaviour: lshd enables X11 forwarding by default (lsh still does not). lsh-keygen generates RSA rather than DSA keys by default. lsh-writekey encrypts the private key by default, using aes256-cbc (unless the --server flag is used). The lcp script has been improved, and it is now installed by default. The client side of "keyboard-interactive" user authentication has been implemented. Key exchange with diffie-hellman-group14-sha1 is supported. There are fixes to the UTF-8 encoder, and in particular interactions between UTF-8 and control character filtering.

Changes: New SOCKS-style proxying was implemented in lsh and lshg, supporting both SOCKS-4 and SOCKS-5. The lsh client no longer sets its stdio file descriptors into non-blocking mode, which should avoid a bunch of problems. As a consequence, the --cvs-workaround command line option has been removed. The --ssh1-fallback option for lshd was removed, and bug-compatibility hacks for ancient versions of Datafellow's SSH2 were removed. There are no bug-compatibility hacks in this version.

Changes: Logging of TCP/IP forward requests has been added. nettle 1.9 is included, which has some portability fixes and optimizations. In particular, arcfour on x86 should be much faster. Flow control on the raw SSH connection has been implemented. Limits are enforced on the amount of buffered data waiting to be written to the socket. General simplification and cleanup of the code.

Changes: First release after verified interoperability against OpenSSH with GSSAPI patches.