Ssh 1.2.22 release notes SECURITY ======== * Fixed agent socket opening code for suid versions. All users using ssh-agent should upgrade to this version immediately! SSHD ==== * Added {Allow,Deny}groups patch from Jason Ackley . * Added CheckMail patch from Aaron Gowatch . * Added XAuthLocation and kerberos 5 patch from Harry G. McGavran Jr. . * Added OSF C2 user account locked and expired checks, and user default resource limits patch from Joao Castro . * Added BSDI /etc/login.conf and password expiration warning patches from Jason Ackley . AGENT ===== * Fixed ssh-agent dying when it received SIGPIPE when user pressed Ctrl-C in middle of login process. * Implemented -k option for ssh-agent (kill agent) suggested by Charles M. Hannum * Renamed SSH_AUTHENCATION_SOCKET to SSH_AUTH_SOCK, because some environments have limit for environment variable lengths. Note, that this means that the new ssh-client cannot find the agent socket if you have logged in using old sshd. When you login with new sshd, ssh-client will again be able to connect to socket created by sshd. SSH === * Changed authorized_keys file options to be case insensitive. * Added patch from Nick Nibma that will change password from from "foo's password" to foo@bar's password. CONFIGURE ========= * GMP configure patch for FreeBSD/ELF system from Ollivier Robert . GENERAL ======= * Confirmed that ssh is Y2K compliant. The HAVE_USERSEC_H code in login_permitted function in sshd.c file is the only code that has some Y2K problems. The expiration format returned by getuserattr is only yymmddhhmm, and when login_permitted converts it to normalized format that assumes that if yy < 70 then it must be 20yy, otherwise assume it to be 19yy. This means that you cannot now have users whose account expires after year 2070. REMEMBER ======== * Ssh compilation success/failure web-page. You can fill in the reply form about your compilation at . You can query about the success/failure database from .