Mailing List Archive

OpenSSH 3.6 released
OpenSSH 3.6 has just been released. It will be available from the
mirrors listed at shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued
support to the project, especially those who contributed source and
bought T-shirts or posters.

We have a new design of T-shirt available, more info on

For international orders use
and for European orders, use

Changes since OpenSSH 3.5:

* RSA blinding is now used by ssh(1), sshd(8) and ssh-agent(1).
in order to avoid potential timing attacks against the RSA keys.
Older versions of OpenSSH have been using RSA blinding in
ssh-keysign(1) only.

Please note that there is no evidence that the SSH protocol is
vulnerable to the OpenSSL/TLS timing attack described in

* ssh-agent(1) optionally requires user confirmation if a key gets
used, see '-c' in ssh-add(1).

* sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation
is enabled.

* sshd(8) now removes X11 cookies when a session gets closed.

* ssh-keysign(8) is disabled by default and only enabled if the
new EnableSSHKeysign option is set in the global ssh_config(5)

* ssh(1) and sshd(8) now handle 'kex guesses' correctly (key exchange

* ssh(1) no longer overwrites SIG_IGN. This matches behaviour from
rsh(1) and is used by backup tools.

* setting ProxyCommand to 'none' disables the proxy feature, see

* scp(1) supports add -1 and -2.

* scp(1) supports bandwidth limiting.

* sftp(1) displays a progressmeter.

* sftp(1) has improved error handling for scripting.


- MD5 (openssh-3.6p1.tar.gz) = 72ef1134d521cb6926c99256dad17fe0
- MD5 (openssh-3.6.tgz) = 758822b888c5c3f83a98045aef904254

Reporting Bugs:

- please read

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.