OpenSSH 3.6 Released

We would like to thank the OpenSSH community for their continued support to the project, especially those who contributed source and bought T-shirts or posters.

We have a new design of T-shirt available, more info on OpenBSD: T-shirts

For international orders use and for European orders, use .eu

Changes since OpenSSH 3.5:
============================

• RSA blinding is now used by ssh(1), sshd(8) and ssh-agent(1). in order to avoid potential timing attacks against the RSA keys. Older versions of OpenSSH have been using RSA blinding in ssh-keysign(1) only.

  Please note that there is no evidence that the SSH protocol is vulnerable to the OpenSSL/TLS timing attack described in stanford

• ssh-agent(1) optionally requires user confirmation if a key gets used, see '-c' in ssh-add(1).
• sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation is enabled.
• sshd(8) now removes X11 cookies when a session gets closed.
• ssh-keysign(8) is disabled by default and only enabled if the new EnableSSHKeysign option is set in the global ssh_config(5) file.
• ssh(1) and sshd(8) now handle 'kex guesses' correctly (key exchange guesses).
• ssh(1) no longer overwrites SIG_IGN. This matches behaviour from rsh(1) and is used by backup tools.
• setting ProxyCommand to 'none' disables the proxy feature, see ssh_config(5).
• scp(1) supports add -1 and -2.
• scp(1) supports bandwidth limiting.
• sftp(1) displays a progressmeter.
• sftp(1) has improved error handling for scripting.

Checksums:
==========

• MD5 (openssh-3.6p1.tar.gz) = 72ef1134d521cb6926c99256dad17fe0
  
• MD5 (openssh-3.6.tgz) = 758822b888c5c3f83a98045aef904254

Reporting Bugs:
===============

• please read OpenSSH: Problem Reports and Bugzilla Main Page

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom.