diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2008-11-05 14:14:40 +0000 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2008-11-05 14:14:40 +0000 |
| commit | e80f8e8c09dab7cece30660a33e2a2bfd5d5f571 (patch) | |
| tree | 5d3757992e1b286d85f687dab687d007946156dd /CHANGES | |
| parent | 1fdfa2ecfdf4d6be72319390cbbfa6ac0cc9d34f (diff) | |
- Update manuals, include section on authorized_keys
- Change default PATH to /usr/bin:/bin
- Mention DEBUG_TRACE in -v help text
--HG--
extra : convert_revision : cdcc3c729e29544e8b98a408e2dc60e4483dfd2a
Diffstat (limited to 'CHANGES')
| -rw-r--r-- | CHANGES | 47 |
1 files changed, 47 insertions, 0 deletions
@@ -1,3 +1,50 @@ +0.52 + +- Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to tunnel + standard input/output to a TCP port-forwarded remote host. + +- Add "proxy command" support to dbclient, to allow using a spawned process for + IO rather than a direct TCP connection. eg + dbclient remotehost + is equivalent to + dbclient -J 'nc remotehost 22' remotehost + (the hostname is still provided purely for looking up saved host keys) + +- Combine netcat-alike and proxy support to allow "multihop" connections, with + comma-separated host syntax. Allows running + dbclient user1@host1,user2@host2,user3@host3 + to end up at host3 via the other two, using SSH TCP forwarding. It's a bit + like onion-routing. All connections are established from the local machine. + The comma-separated syntax can also be used for scp/rsync, eg + scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump . + to bounce through a few hosts. + +- Allow restrictions on authorized_keys logins such as restricting commands + to be run etc. This is a subset of those allowed by OpenSSH, doesn't + yet allow restricting source host. + +- Use vfork() for scp on uClinux + +- Default to PATH=/usr/bin:/bin for shells. + +- Report errors if -R forwarding fails + +- Add counter mode cipher support, which avoids some security problems with the + standard CBC mode. + +- Support zlib@openssh.com delayed compression for client/server. It can be + required for the Dropbear server with the '-Z' option. This is useful for + security as it avoids exposing the server to attacks on zlib by + unauthenticated remote users, though requires client side support. + +- options.h has been split into options.h (user-changable) and sysoptions.h + (less commonly changed) + +- Support "dbclient -s sftp" to specify a subsystem + +- Fix a bug in replies to channel requests that could be triggered by recent + versions of PuTTY + 0.51 - Thu 27 March 2008 - Make a copy of password fields rather erroneously relying on getwpnam() |