Mailing List Archive

OpenSSH 3.8 released
OpenSSH 3.8 has just been released. It will be available from the
mirrors listed at shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.

We would like to thank the OpenSSH community for their continued
support to the project, especially those who contributed source and
bought T-shirts or posters.

We have a new design of T-shirt available, more info on

For international orders use
and for European orders, use

Changes since OpenSSH 3.7.1:

* sshd(8) now supports forced changes of expired passwords via
/usr/bin/passwd or keyboard-interactive authentication.

Note for AIX: sshd will now deny password access to accounts with
passwords expired longer than their maxexpired attribute. For
details, see the AIX section in README.platform.

* ssh(1) now uses untrusted cookies for X11-Forwarding.
Some X11 applications might need full access to the X11 server,
see ForwardX11Trusted in ssh(1) and xauth(1) for more information.

* ssh(1) now supports sending application layer
keep-alive messages to the server. See ServerAliveInterval
in ssh(1) for more information.

* Improved sftp(1) batch file support.

* New KerberosGetAFSToken option for sshd(8).

* Updated /etc/moduli file and improved performance for
protocol version 2.

* Support for host keys in DNS (draft-ietf-secsh-dns-xx.txt).
Please see README.dns in the source distribution for details.

* Fix a number of memory leaks.

* The experimental "gssapi" support has been replaced with
the "gssapi-with-mic" to fix possible MITM attacks.
The two versions are not compatible.


- MD5 (openssh-3.8.tgz) = 7d5590a333d8f8aa1fa6f19e24938700
- MD5 (openssh-3.8p1.tar.gz) = 7861a4c0841ab69a6eec5c747daff6fb

Reporting Bugs:

- please read

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller, Ben Lindstrom, Darren Tucker and Tim Rice.