Ssh 1.2.20 release notes SSHD ==== * Fixed pty release code so it will not trust shutdown to work on pipes/ptys. * Added waitpid loop to main_sigchld_handler if we have waitpid call. This should make sure all children of sshd are collected even when several SIGCHLD signals arrives at the same time. * Fixed allow_tcp_forwarding default to yes. Because of this bug all remote forwardings ware denied unless you set this option. AGENT ===== * Fixed putenvs in the xstrdup (reported by several people). SSH === * Changed StrictHostKeyChecking to have three states: yes/no/ask. Idea from Markus Linnala . Default value is ask (as in 1.2.18 and 1.2.19). Setting it to no will not ask anything (good for scripts etc, this was the setting before 1.2.18). Setting it to yes dont allow you to connect host which hostkey is not known or which hostkey have changed. * Added ClearAllForwardings option. It clears all forwardings after all configig files and command line options are read. This can be used to disable forwardings specified in the config file (for example scp will use this to disable port forwardings). * Added NumberOfPasswordPrompts option. If password is incorrect ssh will ask password again until this limit is reached. Note that server also limits passwords attempts to some hard limit (currently 5). CONFIGURE ========= * Added checks for SIGINFO. In dynix it is macro that will take p_siginfo from some struct. * Added check that getpseudotty function exists before using, configure cannot assume it exists if /dev/getpty exists, because some dynix systems have /dev/getpty but no getpseudotty function. * Added checks that spwd struct have sp_expire and sp_inact fields, before doing password expiration and inactivity checks. * Moved libwrap libraries to WRAPLIBS define, and add that only to ssh and sshd. * Added --enable-deprecated-linux-pw-encrypt option to configure. Use it if you use deprecated pw_encrypt function to encrypt your passwords. * Fixed mv sshd sshd.old to use correct directory (sbindir). GENERAL ======= * Fixed make-ssh-known-hosts.pl to use 3des instead of rc4, because rc4 is disabled by default. * Added -p option to ssh-add (read passphrase from pipe). Idea from Charles Karney . SCP === * Added -S option. It can be used to specify path to ssh program. * Added -o option. It is passed directly to ssh executed by scp. * scp now adds "-oClearAllForwardings yes" to ssh command lines, so now you can use scp even when your config file forwards some ports. REMEMBER ======== * Ssh compilation success/failure web-page. You can fill in the reply form about your compilation at . You can query about the success/failure database from .