1.100. openssh

Updated openssh packages that fix various bugs and add enhancements are now available for Red Hat Enterprise Linux 5.

OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.

These updated packages fix the following bugs:

* When the ~/.bashrc startup file contained a command that produced an output to standard error (STDERR), the sftp utility was unable to log in to that account. This bug has been fixed, and the output to STDERR no longer prevents sftp from establishing the connection. ( BZ#576765)

* Due to the limitations of the data type that was used to store user identifier (UID), the lastlog record was not created for users with UID larger than 2147483647. With this update, this data type has been changed to unsigned long integer, and the /var/log/lastlog database is now updated as expected. ( BZ#616396)

* Although the OpenSSH update RHSA-2009:1287 mentioned the change of the cipher preference, the openssh packages did not actually include this adjustment. This update changes the cipher preference as announced, so that CTR mode ciphers are now preferred to CBC mode. ( BZ#661716)

As well, this update adds the following enhancements:

* The "ForceCommand" directive has been added as a valid /etc/ssh/sshd_config option, making it possible to force the execution of the supplied command regardless of user input. ( BZ#532559)

* The OpenSSL dynamic engine loading support has been added, so that the ibmca engine can now use Central Processor Assist for Cryptographic Function (CPACF). ( BZ#594815)

* When a key authentication is used to log in to a machine, the same information as the one that is logged when using Pluggable Authentication Modules (PAM) is written to the log file, including the information about the key type and size, and a fingerprint. Additionally, when an encrypted tunnel is being established, the sshd daemon now logs the result of the cipher negotiation, that is, the type and the key size. ( BZ#632402,

BZ#659242, BZ#661669)

All OpenSSH users are advised to upgrade to these updated packages, which resolve these issues and add these enhancements.

Updated openssh packages that add an enhancement are now available.

OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server.

These updated packages add the following enhancement:

* The OpenSSL dynamic engine loading support has been added, so that the ibmca engine can now use Central Processor Assist for Cryptographic Function (CPACF). ( BZ#629509)

All OpenSSH users are advised to upgrade to these updated packages, which add this enhancement.