Manualshelf

HP-UX Secure Shell A.05.00.012, A.05.00.013, and A.05.00.014 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
12345678910
New Features
The following new features are introduced in OpenSSH5.0p1. HP-UX Secure Shell
versions A.05.00.012, A.05.00.013, and A.05.00.014 are based on OpenSSH5.0p1 and
include these new features:
Added chroot support for the sshd daemon. This feature can be configured
using the new ChrootDirectory option in the sshd_config file.
Linked sftp-server with the sshd daemon. The internal sftp server is used
when the command internal-sftp is specified in a Subsystem or
ForceCommand declaration. When used in conjunction with the
ChrootDirectory option, the internal sftp server does not require any extra
configuration of files within the chroot environment.
Added a no-user-rc option for authorized_keys to disable execution of
~/.ssh/rc.
Added a protocol extension method "posix-rename@openssh.com" for
sftp-server to perform POSIX atomic rename() operations.
Removed the fixed limit of 100 file handles in sftp-server. The server now
dynamically allocates handles up to the number of available file descriptors.
The ssh client now skips generation of SSH protocol 1 ephemeral server keys when
in inetd mode and protocol 2 connections are negotiated. This speeds up protocol
2 connections to inetd-mode servers that also allow SSH Protocol 1.
Accepts the PermitRootLogin directive in the sshd_config Match block. This
enables administrators to configure actions such as root access only from the the
local network.
Supports the Banner=none option in the sshd_config file to disable sending
of a pre-login banner (for example, in a Match block).
The ProxyCommand option in the ssh_config file is now executed with $SHELL
rather than /bin/sh.
The ConnectTimeout option in the ssh_config file is now applied to both the
TCP connection and the SSH banner exchange (previously it just applied to the
TCP connection). This allows ssh administrators to detect and fix issues where
servers accept a TCP connection but do not process the protocol. This feature also
makes ConnectTimeout useful when connecting using a ProxyCommand.
Support for the Sftpfilecontrol Patch
HP-UX Secure Shell supports the Sftpfilecontrol patch. This patch enables
administrators to set the umask on sftp sessions and to control whether the client
may issue chown and chmod commands in an sftp session. As a result, the following
6 HP-UX Secure Shell A.05.00.012, A.05.00.013, and A.05.00.014