|Reported by:||Owned by:|
- sshd(8) now supports forced changes of expired passwords via /usr/bin/passwd or keyboard-interactive authentication.
Note for AIX: sshd will now deny password access to accounts with passwords expired longer than their maxexpired attribute. For details, see the AIX section in README.platform.
- ssh(1) now uses untrusted cookies for X11-Forwarding. Some X11 applications might need full access to the X11 server, see ForwardX11Trusted in ssh(1) and xauth(1) for more information.
- ssh(1) now supports sending application layer keep-alive messages to the server. See ServerAliveInterval in ssh(1) for more information.
- Improved sftp(1) batch file support.
- New KerberosGetAFSToken option for sshd(8).
- Updated /etc/moduli file and improved performance for protocol version 2.
- Support for host keys in DNS (draft-ietf-secsh-dns-xx.txt). Please see README.dns in the source distribution for details.
- Fix a number of memory leaks.
- The experimental "gssapi" support has been replaced with the "gssapi-with-mic" to fix possible MITM attacks. The two versions are not compatible.