diff --git a/ANNOUNCE b/ANNOUNCE index 674523af6f5f640a6314f34e10b6f454dfd2f640..4e2581d5f8d507162ea4a4f07507cc01e318c403 100644 --- a/ANNOUNCE +++ b/ANNOUNCE @@ -2,35 +2,54 @@ I'd like to announce a new version of LSH, the GNU implementation of the secure shell protocols. LSH includes a client, a server, and a few scripts and utility programs. -The LSH-1.2 release, and any following LSH-1.2.x updates, are intended -to be stable. New features will be added to LSH-1.3.x. +The LSH-1.4 release, and any following LSH-1.4.x updates, are intended +to be stable. New features will be added to LSH-1.5.x. FEATURES -The most notable new features in LSH-1.2 are +The most notable new features in LSH-1.4 are -o Support for RSA keys, for both host and user authentication. +o Random numbers are generated using the Yarrow pseudorandomness + generator, which improves security in particular on systems without + /dev/random. A new program lsh-make-seed is provided for + initializing the generator. -o The "gateway" mode of operation, implemented by lsh -G and lshg. +o Both lsh and lshd now expire session keys and performs + key-reexchange regularly. -o Limited Kerberos support, comparable to that available for the - original sshd. +o AES is now the default cipher. A faster assembler version for sparc + is included. x86 code is included as well, but it needs some more + work before it can be enabled. + +o Client and server support for subsystems. + +o lsh supports X11 forwarding; lshd support is not yet implemented. + +o Implemented handshake timeout. -o An improved randomness generator that works also on systems that - lack /dev/random. - -Some of the older (LSH-1.0) features are +o lshd handles SIGHUP by closing its listening socket, and then + waiting for existing connections to be closed before exiting. This + makes it easier to restart lshd in a friendly way. + +o Proper utmp logging. + +o Improved handling of process suspend, and other process related + things. + + +Some of the older (LSH-1.0 and LSH-1.2) features are o Strong encryption and data authentication. -o Strong host authentication using public key techniques. +o Strong host authentication using public key techniques, DSA and RSA + keys. o User authentication by either ordinary UN*X passwords or public key techniques. o Spawning of remote shells and commands, including pseudo tty support. -o A "gateway" interface, that lets you create a single SSH connection +o A "gateway" interface, which lets you create a single SSH connection to a remote host, and reuse that connection for later commands. Ideal for applications like remote CVS. @@ -38,11 +57,14 @@ o Forwarding of TCP connections, in both directions. o Zlib compression. +o Limited Kerberos support, comparable to that available for the + original sshd. + o Experimental support for Secure Remote Password (SRP) authentication. o Experimental support for IPv6. -o A draft manual. +o A manual. COMPATIBILITY AND PORTABILITY @@ -64,20 +86,6 @@ LSH is provided AS IS, ABSOLUTELY no GUARANTEES, etc. Please report any bugs you find. -PLANNED FEATURES - -Some features that are planned but not yet implemented are - -o Forwarding of X, ssh-agent, UDP. - -o Support for SPKI certificates, for both authorization and host - authentication. - -o Kerberos authentication. - -o A file transfer service. - - LICENSE LSH is distributed under the terms and conditions of the GNU General