ssh(1): extend the PubkeyAuthentication configuration directive to accept yes|no|unbound|host-bound to allow control over one of the protocol extensions used to implement agent-restricted keys.
ssh(1), sshd(8): read data directly to the channel input buffer, providing a similar modest performance improvement.
Provides a modest performance improvement.
ssh(1), sshd(8): read network data directly to the packet input buffer instead indirectly via a small stack buffer.
ssh-keygen(1): allow selection of hash at sshsig signing time (either sha512 (default) or sha256).
$SSH_ASKPASS will be used to request the PIN at authentication time.
ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added to ssh-agent(1).
To be used towards a TOFU model for SSH signatures in git.
ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to perform matching of principals names against an allowed signers file.
#MAC FREE SSH CLIENT VERIFICATION#
ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys on tokens that provide user verification (UV) on the device itself, including biometric keys, avoiding unnecessary PIN prompts.
Avoids keys being clobbered if the user created multiple resident keys with the same application string but different user IDs.
ssh-keygen(1): when downloading resident keys from a FIDO token, pass back the user ID that was used when the key was created and append it to the filename the key is written to (if it is not the default).
The next release of OpenSSH is likely to make this key exchange the default method.
ssh(1), sshd(8): add the hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones).
A detailed description of the feature is available at and the protocol extensions are documented in the PROTOCOL and PROTOCOL.agent files in the source release.
ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1).
0 kommentar(er)
