Commit f1729818 authored by Niels Möller's avatar Niels Möller

Updated for the coming 2.0 release.

Rev: ANNOUNCE:1.10
parent 3debecdc
I'd like to announce a new version of LSH, the GNU implementation of
I'm happy to announce a new version of LSH, the GNU implementation of
the secure shell protocols. LSH includes a client, a server, and a few
scripts and utility programs.
The LSH-1.4 release, and any following LSH-1.4.x updates, are intended
to be stable. New features will be added to LSH-1.5.x.
The LSH-2.0 release, and any following LSH-2.0.x updates, are intended
to be stable. New features will be added to LSH-2.1.x.
FEATURES
The most notable new features in LSH-1.4 are
The most notable changes and new features in LSH-2.0 are:
o Random numbers are generated using the Yarrow pseudorandomness
generator, which improves security in particular on systems without
/dev/random. A new program lsh-make-seed is provided for
initializing the generator.
o Incompatible change to key format, to comply with the latest spki
structure draft. You can use the script lsh-upgrade to copy and
convert the information in the old .lsh/known-hosts to the new file
.lsh/host-acls, and the script lsh-upgrade-key to covnert private
keys to the new format. (This change was made between lsh-1.5 and
lsh-1.5.1).
o Both lsh and lshd now expire session keys and performs
key-reexchange regularly.
o X11 forwarding support in lshd, enabled by default (lsh
doesn't ask for X11 forwarding by default).
o AES is now the default cipher. Faster assembler versions are
included for x86 and sparc.
o Several programs have new default behaviour:
o Client and server support for subsystems.
* lsh-keygen generates RSA rather than DSA keys by default.
o lsh supports X11 forwarding; lshd support is not yet implemented.
* lsh-writekey encrypts the private key by default, using
aes256-cbc. Unless the --server flag is used.
o Implemented handshake timeout.
o Client support for the "keyboard-interactive" user authentication.
o lshd handles SIGHUP by closing its listening socket, and then
waiting for existing connections to be closed before exiting. This
makes it easier to restart lshd in a friendly way.
o SOCKS-style forwarding, using lsh -D. Supports both SOCKS-4 and
SOCKS-5.
o Proper utmp logging.
o Support for keyexchange with
diffie-hellman-group14-sha1/diffie-hellman-group2-sha1 (the
standardized name is at the moment not decided).
o Improved handling of process suspend, and other process related
things.
o The lsh client no longer sets its stdio file descriptors into
non-blocking mode, which should avoid a bunch of problems. As a
consequence, the --cvs-workaround command line option has been
deleted.
o Deleted the --ssh1-fallback option for lshd. I hope ssh1 is dead by
now; if it isn't, you have to run ssh1d and lshd on different
ports.
o Deleted code for bug-compatibility with ancient versions of
Datafellow's SSH2. There are zero bug-compatibility hacks in this
version.
Some of the older (LSH-1.0 and LSH-1.2) features are
o Strong encryption and data authentication.
Some of the older (LSH-1.0, LSH-1.2, LSH-1.4) features are
o Strong host authentication using public key techniques, DSA and RSA
keys.
o Random numbers are generated using the Yarrow pseudorandomness
generator, which improves security in particular on systems without
/dev/random. A new program lsh-make-seed is provided for
initializing the generator.
o User authentication by either ordinary UN*X passwords
or public key techniques.
o AES is now the default cipher. Faster assembler versions are
included for x86 and sparc.
o Spawning of remote shells and commands, including pseudo tty support.
o lshd handles SIGHUP by closing its listening socket, and then
waiting for existing connections to be closed before exiting. This
makes it easier to restart lshd in a friendly way.
o A "gateway" interface, which lets you create a single SSH connection
to a remote host, and reuse that connection for later commands.
Ideal for applications like remote CVS.
o Forwarding of TCP connections, in both directions.
o Zlib compression.
o Limited Kerberos support, comparable to that available for the
original sshd.
......@@ -69,10 +80,9 @@ o A manual.
COMPATIBILITY AND PORTABILITY
LSH implements the secsh protocol as defined by the latest drafts from
the IETF secsh working group. It interoperates with both SSH Inc's
SSH2 products and OpenSSH. Note that LSH is *not* compatible with
SSH1, although the lshd deamon can fall back to an SSH1 implementation
(e.g. OpenSSH or SSH Inc's) when an ssh1 client connects.
the IETF secsh working group, and interoperates with other
implementations, including SSH Inc's SSH2 products and OpenSSH. Note
that LSH is *not* compatible with SSH1.
LSH is reported to have worked at least once on GNU/Linux on Sparc,
Intel, PPC and Alpha, FreeBSD, Solaris and IRIX. There may well be
......@@ -81,25 +91,28 @@ portability problems left, please report them to me.
QUALITY
LSH is provided AS IS, ABSOLUTELY no GUARANTEES, etc. Please report
LSH is provided AS IS, ABSOLUTELY NO GUARANTEES, etc. Please report
any bugs you find.
COPYRIGHT
LSH is distributed under the terms and conditions of the GNU General
Public License. Unlike some other secsh implementations, you can use
LSH freely for any purpose.
Public License.
AVAILABILITY AND FURTHER INFORMATION
The LSH home page at
http://www.lysator.liu.se/~nisse/lsh/
The main LSH archive is located at
ftp://ftp.lysator.liu.se/pub/security/lsh
Discussions about LSH takes place on the psst mailing list. See the
psst home page, http://www.net.lut.ac.uk/psst, for details.
Discussions about LSH takes place on the lsh-bugs mailing list. See
http://lists.lysator.liu.se/mailman/listinfo/lsh-bugs.
Happy hacking,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment