OpenSSH 5.7 released
Features added since version 5.6 include the implementation of Elliptic Curve Cryptography modes for key exchange and host / user keys, as specified by RFC5656, although only the mandatory sections of this standard are implemented. The Secure File Transfer Protocol (SFTP) has an added protocol extension to support a hard link operation, the SFTP client is now significantly faster at performing directory listings, and the bandwidth limiting code has been separated from Secure Copy (SCP) and re-written into a generic bandwidth limiter.
SCP has a new option for copy routing and the Secure Shell (SSH) can automatically order hostkeys requested by the client, automatically create the listening MUX socket and add a KexAlgorithms knob to the client and server configuration; this latter is to allow selection of which key exchange methods are used by SSH and SSHD.
Twelve bugs have been fixed in the BSD-only version of OpenSSH and six in the Portable version. The developers ask that any further bugs found in the release are reported following the procedure outlined on the OpenSSL bug report page. Security bugs should be reported directly to firstname.lastname@example.org.
OpenSSH is licensed under a BSD licence and is funded through donations. As the project's home page points out, despite being used extensively by a number of major companies none of them have yet made a donation.
- OpenSSH 5.6 arrives, a report from The H.