ANNOUNCE 3.09 KB
Newer Older
Niels Möller's avatar
Niels Möller committed
1
2
3
4
I'd like to announce a new version of LSH, the GNU implementation of
the secure shell protocols. LSH includes a client, a server, and a few
scripts and utility programs.

5
6
The LSH-1.4 release, and any following LSH-1.4.x updates, are intended
to be stable. New features will be added to LSH-1.5.x.
Niels Möller's avatar
Niels Möller committed
7
8
9

FEATURES

10
The most notable new features in LSH-1.4 are
11

12
13
14
15
o  Random numbers are generated using the Yarrow pseudorandomness
   generator, which improves security in particular on systems without
   /dev/random. A new program lsh-make-seed is provided for
   initializing the generator.
16

17
18
o  Both lsh and lshd now expire session keys and performs
   key-reexchange regularly. 
19

Niels Möller's avatar
Niels Möller committed
20
21
o  AES is now the default cipher. Faster assembler versions are
   included for x86 and sparc.
22
23
24
25
26
27

o  Client and server support for subsystems.

o  lsh supports X11 forwarding; lshd support is not yet implemented.

o  Implemented handshake timeout.
28

29
30
31
32
33
34
35
36
37
38
39
o  lshd handles SIGHUP by closing its listening socket, and then
   waiting for existing connections to be closed before exiting. This
   makes it easier to restart lshd in a friendly way.

o  Proper utmp logging.

o  Improved handling of process suspend, and other process related
   things. 


Some of the older (LSH-1.0 and LSH-1.2) features are
Niels Möller's avatar
Niels Möller committed
40
41
42

o  Strong encryption and data authentication.

43
44
o  Strong host authentication using public key techniques, DSA and RSA
   keys. 
Niels Möller's avatar
Niels Möller committed
45
46
47
48

o  User authentication by either ordinary UN*X passwords
   or public key techniques.

Niels Möller's avatar
Niels Möller committed
49
50
o  Spawning of remote shells and commands, including pseudo tty support.

51
o  A "gateway" interface, which lets you create a single SSH connection
52
53
54
   to a remote host, and reuse that connection for later commands.
   Ideal for applications like remote CVS.

Niels Möller's avatar
Niels Möller committed
55
56
o  Forwarding of TCP connections, in both directions.

Niels Möller's avatar
Niels Möller committed
57
58
o  Zlib compression.

59
60
61
o  Limited Kerberos support, comparable to that available for the
   original sshd.

62
o  Experimental support for Secure Remote Password (SRP) authentication.
Niels Möller's avatar
Niels Möller committed
63
64
65

o  Experimental support for IPv6.

66
o  A manual.
Niels Möller's avatar
Niels Möller committed
67
68
69
70
71


COMPATIBILITY AND PORTABILITY

LSH implements the secsh protocol as defined by the latest drafts from
Niels Möller's avatar
Niels Möller committed
72
73
the IETF secsh working group. It interoperates with both SSH Inc's
SSH2 products and OpenSSH. Note that LSH is *not* compatible with
Niels Möller's avatar
Niels Möller committed
74
SSH1, although the lshd deamon can fall back to an SSH1 implementation
75
(e.g. OpenSSH or SSH Inc's) when an ssh1 client connects.
Niels Möller's avatar
Niels Möller committed
76

Niels Möller's avatar
Niels Möller committed
77
LSH is reported to have worked at least once on GNU/Linux on Sparc,
Niels Möller's avatar
Niels Möller committed
78
Intel, PPC and Alpha, FreeBSD, Solaris and IRIX. There may well be
Niels Möller's avatar
Niels Möller committed
79
portability problems left, please report them to me.
Niels Möller's avatar
Niels Möller committed
80
81
82
83


QUALITY

84
85
LSH is provided AS IS, ABSOLUTELY no GUARANTEES, etc. Please report
any bugs you find.
Niels Möller's avatar
Niels Möller committed
86
87


Niels Möller's avatar
Niels Möller committed
88
COPYRIGHT
Niels Möller's avatar
Niels Möller committed
89
90

LSH is distributed under the terms and conditions of the GNU General
Niels Möller's avatar
Niels Möller committed
91
92
Public License. Unlike some other secsh implementations, you can use
LSH freely for any purpose.
Niels Möller's avatar
Niels Möller committed
93
94
95
96
97
98


AVAILABILITY AND FURTHER INFORMATION

The main LSH archive is located at

Niels Möller's avatar
Niels Möller committed
99
  ftp://ftp.lysator.liu.se/pub/security/lsh
Niels Möller's avatar
Niels Möller committed
100
101
102
103
104
105
106

Discussions about LSH takes place on the psst mailing list. See the
psst home page, http://www.net.lut.ac.uk/psst, for details.


Happy hacking,
/Niels Möller, <nisse@lysator.liu.se>