Dropbear 0.52

Wed, 12 Nov 2008 05:32:24 -0800 

Hi all.

I've put together a release for Dropbear 0.52. It mostly has
new features, as well as a few bugfixes.

The client has gained a few new additions including the
ability to "onion-route" through a few SSH servers, all
established from the local host. Performance connecting to
an OpenSSH server with dbclient should improve now that
the [EMAIL PROTECTED] compression mode is supported.

The website http:/matt.ucc.asn.au/dropbear/dropbear.html 
has releases as usual.

Matt

0.52 - Wed 12 November 2008

- Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to tunnel
  standard input/output to a TCP port-forwarded remote host.

- Add "proxy command" support to dbclient, to allow using a spawned process for
  IO rather than a direct TCP connection. eg
          dbclient remotehost
  is equivalent to
          dbclient -J 'nc remotehost 22' remotehost
  (the hostname is still provided purely for looking up saved host keys)

- Combine netcat-alike and proxy support to allow "multihop" connections, with
  comma-separated host syntax.  Allows running

          dbclient [EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]

  to end up at host3 via the other two, using SSH TCP forwarding. It's a bit
  like onion-routing. All connections are established from the local machine.
  The comma-separated syntax can also be used for scp/rsync, eg

          rsync -a -e dbclient [EMAIL PROTECTED],[EMAIL 
PROTECTED],martello:/home/matt/ ~/backup/

  to bounce through a few hosts.

- Add -I "idle timeout" option (contributed by Farrell Aultman)

- Allow restrictions on authorized_keys logins such as restricting commands
  to be run etc. This is a subset of those allowed by OpenSSH, doesn't
  yet allow restricting source host.

- Use vfork() for scp on uClinux

- Default to PATH=/usr/bin:/bin for shells.

- Report errors if -R forwarding fails

- Add counter mode cipher support, which avoids some security problems with the
  standard CBC mode.

- Support [EMAIL PROTECTED] delayed compression for client/server. It can be
  required for the Dropbear server with the '-Z' option. This is useful for
  security as it avoids exposing the server to attacks on zlib by
  unauthenticated remote users, though requires client side support.

- options.h has been split into options.h (user-changable) and sysoptions.h
  (less commonly changed)

- Support "dbclient -s sftp" to specify a subsystem

- Fix a bug in replies to channel requests that could be triggered by recent
  versions of PuTTY

Reply via email to