HP-UX Secure Shell A.04.40.005

Audit logging of login and logout events, and system calls for HP-UX 11.0 and 11iv1

Enforcement of the max-bad-login-attempt limit for key-based authentication methods

Modified utmp(s) log record with a telnet-compatible ut_id format

New zlib version 1.2.3

High Performance Enabled SSH/SCP patch

New configuration directives in the server:

Inclusion of the Auth Selection patch

Increase in the default size of RSA and DSA keys

Delayed compression

Support for improved Arcfour cipher modes

Modified ControlPath client configuration directive

Support for X11 and agent forwarding over multiplexed connections

Provides an sftponly solution in a chroot environment

HP-UX Secure Shell’s usage of TCP Wrappers support IPv6

Implemented conditional configuration in the sshd_config file using the 'Match' directive. This allows you to selectively override some configuration options if specific criteria (based on user, group, hostname or address) are met.

Added a ForceCommand configuration directive to sshd_config(5). Similar to the command='...' option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new “Match” directive.

Added a “PermitOpen” directive to sshd_config(5). This mirrors the permitopen='...' authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish.

Enabled optional logging of transactions to sftp-server.

Added an ExitOnForwardFailure option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings are not established.

Extended sshd_config “SubSystem” declarations to allow the specification of command-line arguments.

Replaced all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents.

Modified ssh behavior so that ssh(1) now records port numbers for hosts stored in ~/.ssh/known_hosts when a non-standard port has been requested.

Provides an sftponly solution in a chroot environment

HP-UX Secure Shell’s usage of TCP Wrappers support IPv6

Implemented conditional configuration in the sshd_config file using the “Match” directive. This allows you to selectively override some configuration options if specific criteria (based on user, group, hostname or address) are met.

Added a ForceCommand configuration directive to sshd_config(5). Similar to the command='...' option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new “Match” directive.

Added a “PermitOpen” directive to sshd_config(5). This mirrors the permitopen='...' authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish.

Enabled optional logging of transactions to sftp-server.

Added an ExitOnForwardFailure option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings are not established.

Extended sshd_config “SubSystem” declarations to allow the specification of command-line arguments.

Replaced all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents.

Modified ssh behavior so that ssh(1) now records port numbers for hosts stored in ~/.ssh/known_hosts when a non-standard port has been requested.