ANNOUNCE 3.87 KB
Newer Older
1
I'm happy to announce a new version of LSH, the GNU implementation of
Niels Möller's avatar
Niels Möller committed
2
3
4
the secure shell protocols. LSH includes a client, a server, and a few
scripts and utility programs.

5
6
The LSH-2.0 release, and any following LSH-2.0.x updates, are intended
to be stable. New features will be added to LSH-2.1.x.
Niels Möller's avatar
Niels Möller committed
7
8
9

FEATURES

10
The most notable changes and new features in LSH-2.0 are:
11

12
13
14
o  Incompatible change to key format, to comply with the latest spki
   structure draft. You can use the script lsh-upgrade to copy and
   convert the information in the old .lsh/known-hosts to the new file
Niels Möller's avatar
Niels Möller committed
15
   .lsh/host-acls, and the script lsh-upgrade-key to convert private
16
17
   keys to the new format. (This change was made between lsh-1.5 and
   lsh-1.5.1).
18

19
20
o  X11 forwarding support in lshd, enabled by default (lsh 
   doesn't ask for X11 forwarding by default).
21

22
o  Several programs have new default behaviour:
23

24
   * lsh-keygen generates RSA rather than DSA keys by default.
25

26
27
   * lsh-writekey encrypts the private key by default, using
     aes256-cbc. Unless the --server flag is used.
28

Niels Möller's avatar
Niels Möller committed
29
30
o  Client support for the "keyboard-interactive" user authentication
   method.
31

32
33
o  SOCKS-style forwarding, using lsh -D. Supports both SOCKS-4 and
   SOCKS-5.
34

35
36
37
o  Support for keyexchange with
   diffie-hellman-group14-sha1/diffie-hellman-group2-sha1 (the
   standardized name is at the moment not decided).
38

39
40
41
42
o  The lsh client no longer sets its stdio file descriptors into
   non-blocking mode, which should avoid a bunch of problems. As a
   consequence, the --cvs-workaround command line option has been
   deleted.
43

Niels Möller's avatar
Niels Möller committed
44
45
o  Includes x86 assembler code for arcfour and sha1.

46
47
48
49
50
51
52
o  Deleted the --ssh1-fallback option for lshd. I hope ssh1 is dead by
   now; if it isn't, you have to run ssh1d and lshd on different
   ports.
	
o  Deleted code for bug-compatibility with ancient versions of
   Datafellow's SSH2. There are zero bug-compatibility hacks in this
   version.
53

Niels Möller's avatar
Niels Möller committed
54

55
Some of the older (LSH-1.0, LSH-1.2, LSH-1.4) features are
Niels Möller's avatar
Niels Möller committed
56

57
58
59
60
o  Random numbers are generated using the Yarrow pseudorandomness
   generator, which improves security in particular on systems without
   /dev/random. A new program lsh-make-seed is provided for
   initializing the generator.
Niels Möller's avatar
Niels Möller committed
61

62
63
o  AES is now the default cipher. Faster assembler versions are
   included for x86 and sparc.
Niels Möller's avatar
Niels Möller committed
64

65
66
67
o  lshd handles SIGHUP by closing its listening socket, and then
   waiting for existing connections to be closed before exiting. This
   makes it easier to restart lshd in a friendly way.
Niels Möller's avatar
Niels Möller committed
68

69
o  A "gateway" interface, which lets you create a single SSH connection
70
71
72
   to a remote host, and reuse that connection for later commands.
   Ideal for applications like remote CVS.

73
74
75
o  Limited Kerberos support, comparable to that available for the
   original sshd.

76
o  Experimental support for Secure Remote Password (SRP) authentication.
Niels Möller's avatar
Niels Möller committed
77
78
79

o  Experimental support for IPv6.

80
o  A manual.
Niels Möller's avatar
Niels Möller committed
81
82
83
84
85


COMPATIBILITY AND PORTABILITY

LSH implements the secsh protocol as defined by the latest drafts from
86
87
88
the IETF secsh working group, and interoperates with other
implementations, including SSH Inc's SSH2 products and OpenSSH. Note
that LSH is *not* compatible with SSH1.
Niels Möller's avatar
Niels Möller committed
89

Niels Möller's avatar
Niels Möller committed
90
91
92
93
94
95
96
97
98
99
LSH is intended to be portable. LSH-2.0 compiles and works on at least

  * GNU/Linux (x86, x86_64, ia64, alpha)
  
  * Solaris (sparc)

  * Darwin/MacOS X (ppc)
  
The current version probably does not work out of the box on AIX and
HPUX.
Niels Möller's avatar
Niels Möller committed
100
101
102
103


QUALITY

104
LSH is provided AS IS, ABSOLUTELY NO GUARANTEES, etc. Please report
105
any bugs you find.
Niels Möller's avatar
Niels Möller committed
106
107


Niels Möller's avatar
Niels Möller committed
108
COPYRIGHT
Niels Möller's avatar
Niels Möller committed
109
110

LSH is distributed under the terms and conditions of the GNU General
111
Public License.
Niels Möller's avatar
Niels Möller committed
112
113
114
115


AVAILABILITY AND FURTHER INFORMATION

116
117
118
119
The LSH home page at

  http://www.lysator.liu.se/~nisse/lsh/

Niels Möller's avatar
Niels Möller committed
120
121
The main LSH archive is located at

Niels Möller's avatar
Niels Möller committed
122
  ftp://ftp.lysator.liu.se/pub/security/lsh
Niels Möller's avatar
Niels Möller committed
123

124
125
Discussions about LSH takes place on the lsh-bugs mailing list. See
http://lists.lysator.liu.se/mailman/listinfo/lsh-bugs.
Niels Möller's avatar
Niels Möller committed
126
127
128
129


Happy hacking,
/Niels Möller, <nisse@lysator.liu.se>