Tue Apr 1 22:03:00 GMT 2003
I've just updated the version of OpenSSH to 3.6.1p1-1.
This is an official bug fix release as of today. The Cygwin version is
build from the vanilla sources.
Official Release Message:
OpenSSH 3.6.1 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued
support to the project, especially those who contributed source and
bought T-shirts or posters.
We have a new design of T-shirt available, more info on
For international orders use http://https.openbsd.org/cgi-bin/order
and for European orders, use http://https.openbsd.org/cgi-bin/order.eu
Changes since OpenSSH 3.6:
* The 'kex guesses' bugfix from OpenSSH 3.6 triggers a bug
in a few other SSH v2 implementations and causes connections to
stall. OpenSSH 3.6.1 disables this bugfix when interoperating
with these implementations.
Changes between OpenSSH 3.5 and OpenSSH 3.6:
* RSA blinding is now used by ssh(1), sshd(8) and ssh-agent(1).
in order to avoid potential timing attacks against the RSA keys.
Older versions of OpenSSH have been using RSA blinding in
Please note that there is no evidence that the SSH protocol is
vulnerable to the OpenSSL/TLS timing attack described in
* ssh-agent(1) optionally requires user confirmation if a key gets
used, see '-c' in ssh-add(1).
* sshd(8) now handles PermitRootLogin correctly when UsePrivilegeSeparation
* sshd(8) now removes X11 cookies when a session gets closed.
* ssh-keysign(8) is disabled by default and only enabled if the
new EnableSSHKeysign option is set in the global ssh_config(5)
* ssh(1) and sshd(8) now handle 'kex guesses' correctly (key exchange
* ssh(1) no longer overwrites SIG_IGN. This matches behaviour from
rsh(1) and is used by backup tools.
* setting ProxyCommand to 'none' disables the proxy feature, see
* scp(1) supports add -1 and -2.
* scp(1) supports bandwidth limiting.
* sftp(1) displays a progressmeter.
* sftp(1) has improved error handling for scripting.
- MD5 (openssh-3.6.1p1.tar.gz) = d4c2c88b883f097fe88e327cbb4b2e2a
- MD5 (openssh-3.6.1.tgz) = aa2acd2be17dc3fd514a1e09336aab51
- please read http://www.openssh.com/report.html
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
Kevin Steves, Damien Miller and Ben Lindstrom.
To update your installation, click on the "Install Cygwin now" link on
the http://cygwin.com/ web page. This downloads setup.exe to your
system. Once you've downloaded setup.exe, run it and select "Net" and
then click on the appropriate field until the above announced version
number appears if it is not displayed already.
If you have questions or comments, please send them to the Cygwin
mailing list at: email@example.com . I would appreciate it if you would
use this mailing list rather than emailing me directly. This includes
ideas and comments about the setup utility or Cygwin in general.
If you want to make a point or ask a question, the Cygwin mailing list
is the appropriate place.
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
If you need more information on unsubscribing, start reading here:
Please read *all* of the information on unsubscribing that is available
starting at this URL.
I implore you to READ this information before sending email about how
you "tried everything" to unsubscribe. In 100% of the cases where
people were unable to unsubscribe, the problem was that they hadn't
actually read and comprehended the unsubscribe instructions.
If you need to unsubscribe from cygwin-announce or any other mailing
list, reading the instructions at the above URL is guaranteed to
provide you with the info that you need.
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:firstname.lastname@example.org
Red Hat, Inc.
More information about the Cygwin-announce