[ssh_x509] PKIX-SSH release 11.4

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Fri Aug 24 23:49:56 EEST 2018

Hello all,

First major release 11.4 after push of source code into public 
repository is ready for download./The complete list of changes could be 
viewed here:
  https://gitlab.com/secsh/pkixssh/commits/master .

//Release includes ////following //important evolution//:
* IPQoS defaults
/    Change defaults IPQoS in client and daemon to DSCP(differentiated 
services code point):
     - AF21: for interactive and
     - CS1: for bulk traffic
* //ssh-askpass alternatives
/Update information for ssh-askpass alternatives. Also added shell 
script that wraps KDialog.
* //limit agent connections
/Authentication agent postpone accepting new connections when maximum 
number of file descriptor is exceeded.
* //algorithms for keyscan
/Command keyscan uses -t argument as algorithm filter (pattern-list).
* //SendEnv arguments
/Use pattern-list for client option SendEnv. Note option allows negated 
* //new option SetEnv
/New client and daemon option SetEnv. Processing of user environment 
settings in daemon is updated do not allow user to override server settings.
*//PermitUserEnvironment arguments
/Daemon option PermitUserEnvironment accepts in addition a pattern-list 
of "white-listed" environment variable names.
* //new option PermitListen
/New daemon option PermitListen that controls client requests for remote 
forwarding (ssh -R).
* //expansion of user id
/User id is available as a %-expansion everywhere that the user name is 
available currently (%i for client and %U for daemon).
* //keysign use
/Hostbased authentication always uses ssh-keysign. This avoids one of 
reasons for "setuid" root client.
* //no "setuid" client
/Removed support for running client "setuid". Also deprecate client 
option UsePrivilegedPort.
* //without "S/Key"
/Removed support for "S/Key" authentication

/* //private key formats
/"ssh-keygen" command option -m PEM with -p flag could be used to 
convert private keys in widely used and more portable PEM format. Not 
applicable for ed25519 keys yet. Those keys still use proprietary format.

Roumen Petrov

More information about the ssh_x509 mailing list