Manualshelf

HP-UX Secure Shell A.05.60.001, A.05.60.002, and A.05.60.003 Release Notes, October 2010 (5900-1115)

ManualsBrandsHP ManualsSoftwareHP-UX 11i Secure Shell Software
12345678910
Secure Shell Versions on HP-UX
Table 1-1 lists the versions of HP-UX Secure Shell products available for HP-UX 11i V1, HP-UX
11i V2, and HP-UX 11i V3.
Table 1-1 Availability of Secure Shell Versions on HP-UX
VersionSupported Operating System
HP-UX Secure Shell version A.05.60.001HP-UX 11i V1
HP-UX Secure Shell version A.05.60.002HP-UX 11i V2
HP-UX Secure Shell version A.05.60.003HP-UX 11i V3
Support Notice
HP provides software technical support for HP-UX Secure Shell for the latest, currently shipping
version and the immediately prior version of the product.
New Features
HP-UX Secure Shell version A.05.60 is based on OpenSSH 5.6p1. It is mainly a bug fix release
but, some new features have been added. They are:
ControlPersist option added to ssh_config(5). This automatically starts a background ssh(1)
multiplex master when connecting. The connection can stay alive indefinitely or can be set
to automatically close after a user-specified duration of inactivity.
Hostbased authentication enabled to use certificate host keys. CA keys must be specified in
a known_hosts file using the @cert-authority marker as described in sshd(8).
ssh-keygen(1) enabled to support signing certificates using a CA key that has been stored
in a PKCS#11 token.
ssh(1) enabled to log the hostname and address that is connected to at LogLevel=verbose.
It does this after ensuring authentication is successful. This mitigates "phishing" attacks
where servers with trusted keys accept authentication silently and automatically before
presenting fake password and passphrase prompts.
NOTE: Such an attack is successful if the user has disabled StrictHostKeyChecking (enabled
by default) or if an attacker has access to a trusted host key for the destination server.
%h expanded to the hostname in the ssh_config Hostname options. This is useful for working
with unqualified hostnames such as:
— Host *.*
Hostname %h
— Host *
Hostname %h.example.org
ssh-keygen(1) enabled to import (-i) and export (-e) of PEM and PKCS#8 keys in addition
to RFC4716 (SSH.COM) encodings via a new -m option (bz#1749)
sshd(8) enabled to queue debug messages in instances of bad ownership or permissions on
the user's keyfiles. These instances are encountered during authentication and are sent after
authentication has successfully completed. These messages can be viewed in ssh(1) at
LogLevel=debug or higher.
ssh(1) enabled such that connection multiplexing now supports remote forwarding with
dynamic port allocation and reports the allocated port back to the user:
LPORT=`ssh -S muxsocket -R0:localhost:25 -O forward somehost`
8 HP-UX Secure Shell A.05.60