OpenSSH is a free version of the SSH suite of tools that are fully compatible with the three existing SSH protocols. They`re free of the commercial use licensing restriction of the original SSH 2.x products, and can be built and installed with a minimum of fuss.
OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on.
Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is.
OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other similar network-level attacks.
Here are some key features of "OpenSSH":
· Open Source Project
· Free Licensing
· Strong Encryption (3DES, Blowfish, AES, Arcfour)
· X11 Forwarding (encrypt X Window System traffic)
· Port Forwarding (encrypted channels for legacy protocols)
· Strong Authentication (Public Key, One-Time Password and Kerberos Authentication)
· Agent Forwarding (Single-Sign-On)
· Interoperability (Compliance with SSH 1.3, 1.5, and 2.0 protocol Standards)
· SFTP client and server support in both SSH1 and SSH2 protocols.
· Kerberos and AFS Ticket Passing
· Data Compression.
What`s New in This Release: [ read full changelog ]
Security:
· Fix vulnerability in legacy certificate signing introduced in OpenSSH-5.6 and found by Mateusz Kocielski.
· Legacy certificates signed by OpenSSH 5.6 or 5.7 included data from the stack in place of a random nonce field. The contents of the stack do not appear to contain private data at this point, but this cannot be stated with certainty for all platform, library and compiler combinations. In particular, there exists a risk that some bytes from the privileged CA key may be accidentally included.
· A full advisory for this issue is available at: http://www.openssh.com/txt/legacy-cert.adv
Portable OpenSSH Bugfixes:
· Fix compilation failure when enableing SELinux support.
· Do not attempt to call SELinux functions when SELinux is disabled. bz#1851