HP-UX Secure Shell A.05.10.006,A.05.10.007, and A.05.10.008 Release Notes HP-UX 11i v1, 11i v2, and 11i v3

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software

• Multiplexed ssh(1) sessions now support a subset of the ~ escapes that are available to a

primary connection.

• ssh(1) connection multiplexing will now fall back to creating a new connection in most error

cases.

Support for the Sftpfilecontrol Patch

HP-UX Secure Shell supports the Sftpfilecontrol patch. This patch enables administrators

to set the umask on sftp sessions and to control whether the client may issue chown and chmod

commands in an sftp session. As a result, the following server configuration directives (/opt/

ssh/etc/sshd_config) related to Sftpfilecontrol are supported in this release:

• #SftpUmask

• #SftpPermitChmod yes

• #SftpPermitChown yes

This patch supersedes the sftplogging patch for HP-UX Secure Shell versions A.04.50 and

higher.

Defects Fixed in OpenSSH5.1p1

This section lists the defects fixed in OpenSSH5.1p1. HP-UX Secure Shell versions A.05.10.006,

A.05.10.007, and A.05.10.008 are based on OpenSSH5.1p1 and include these defect fixes. Table 1-2

lists the defects fixed in OpenSSH5.1p1.

Table 1-2 Defects Fixed in OpenSSH5.1p1

Defect FixDefect Identifier

https://bugzilla.mindrot.org/show_bug.cgi?id=1083

Background Information: Fixed test for locked accounts on HP/UX with shadowed

passwords disabled. In some HP-UX systems sshd lets users to login with public key

authentication even if their accounts are locked. This happens for the systems that

lack shadow password feature and ssh was configured without using the

--without-shadow option.

Bugzilla #1083

https://bugzilla.mindrot.org/show_bug.cgi?id=1199

Background Information: Fix ssh(1) sending invalid TTY modes when a TTY was

forced (ssh -tt) but stdin was not a TTY. In previous OpenSSH versions, when

requesting forced pseudo-terminal allocation (such as ssh -tt) while stdin is not a

terminal, ssh client would send an all-zero terminal info, which might cause

problem in some platforms. Since OpenSSH5.1, we will send an empty list of modes.

Bugzilla #1199

https://bugzilla.mindrot.org/show_bug.cgi?id=1200

Background Information: Strip trailing dot from hostnames when the

sshd_config(5) HostbasedUsesNameFromPacketOnly option is set.

Bugzilla #1200

https://bugzilla.mindrot.org/show_bug.cgi?id=1240

Background Information: Avoid NULL dereferences in ancient sigaction replacement

code. Fix: In openbsd-compat/sigact.c, add handling for NULL dereferences

for sigaction replacement code

Bugzilla #1240

https://bugzilla.mindrot.org/show_bug.cgi?id=1348 Background Information: Merged

duplicate authentication file checks in sshd(8) and refuse to read authorised_keys and

.shosts from non-regular files.

Bugzilla #1348

https://bugzilla.mindrot.org/show_bug.cgi?id=1363

Background Information: Make keepalive timeouts apply while synchronously waiting

for a packet, particularly during key renegotiation.

Bugzilla #1363

https://bugzilla.mindrot.org/show_bug.cgi?id=1384

Background Information: Make ssh(1) deal more gracefully with channel requests

that fail. Previously it would optimistically assume that requests would always succeed,

which could cause hangs if they did not (e.g. when the server runs out of file

descriptors)

Bugzilla #1384

Defects Fixed in OpenSSH5.1p1 7