HP-UX Secure Shell A.05.20.004, A.05.20.005, and A.05.20.006 Release Notes

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software

• HP-UX Secure Shell 5.2 supports the SOCKS4A protocol in ssh(1) dynamic (-D) forwards.

• HP-UX Secure Shell 5.2 supports remote port forwarding with a listen port 0, thereby ensuring

the server dynamically allocates a listen port and reports it to the client.

• sshd(8) supports setting PermitEmptyPasswords and AllowAgentForwarding in

match blocks.

Support for the Sftpfilecontrol Patch

HP-UX Secure Shell supports the Sftpfilecontrol patch. This patch enables administrators

to set the umask on sftp sessions and to control whether the client may issue chown and chmod

commands in an sftp session. As a result, the following server configuration directives (/opt/

ssh/etc/sshd_config) related to Sftpfilecontrol are supported in this release:

• #SftpUmask

• #SftpPermitChmod yes

• #SftpPermitChown yes

This patch supersedes the sftplogging patch for HP-UX Secure Shell versions A.04.50 and

higher.

Defects Fixed in OpenSSH5.2p1

This section lists the defects fixed in OpenSSH5.2p1. HP-UX Secure Shell version A.05.20 is based

on OpenSSH5.2p1 and include these defect fixes. Table 1-2 lists the defects fixed in OpenSSH5.2p1.

Table 1-2 Defects Fixed in OpenSSH5.2p1

Defect FixDefect Identifier

Background Information: Repair a ssh(1) crash introduced in openssh-5.1 when the

client is sent a zero-length banner.

Bugzilla #1496

Background Information: Due to interoperability problems with certain broken SSH

implementations, the eow@openssh.com and no-more-sessions@openssh.com

protocol extensions are sent only to peers that identify themselves as OpenSSH.

—

Background Information: Make ssh(1) send the correct channel number for

SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to

avoid triggering 'Non-public channel' error messages on sshd(8) in OpenSSH-5.1.

—

Background Information: Avoid printing Non-public channel warnings in sshd(8),

because the ssh(1) sends incorrect channel numbers since ~2004 (this reverts a

behavior introduced in openssh-5.1).

—

Background Information: Avoid double-free in ssh(1) ~C escape -L handler.

Bugzilla #1539

Background Information: Correct fail-on-error behavior in sftp(1) batch mode for

remote stat operations.

Bugzilla #1541

Background Information: Disable nonfunctional ssh(1) ~C escape handler in

multiplex slave connections.

Bugzilla #1543

Background Information: Avoid hang in ssh(1) while attempting to connect to a

server that has MaxSessions=0 set.

—

OpenSSH 5.2p1 also includes fixes for some security vulnerabilities.

For more information on these defect fixes, see the Bugzilla Website at: http://bugzilla.mindrot.org.

Defects Fixed in HP-UX Secure Shell A.05.20

HP-UX Secure Shell versions A.05.20. include the following defect fixes:

6 HP-UX Secure Shell A.05.20