Mercurial > dropbear
comparison CHANGES @ 510:b85507ade010
- Update manuals, include section on authorized_keys
- Change default PATH to /usr/bin:/bin
- Mention DEBUG_TRACE in -v help text
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Wed, 05 Nov 2008 14:14:40 +0000 |
| parents | ece7677359d6 |
| children | a3748e54273c |
comparison
equal
deleted
inserted
replaced
| 509:4e251543b941 | 510:b85507ade010 |
|---|---|
| 1 0.52 | |
| 2 | |
| 3 - Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to tunnel | |
| 4 standard input/output to a TCP port-forwarded remote host. | |
| 5 | |
| 6 - Add "proxy command" support to dbclient, to allow using a spawned process for | |
| 7 IO rather than a direct TCP connection. eg | |
| 8 dbclient remotehost | |
| 9 is equivalent to | |
| 10 dbclient -J 'nc remotehost 22' remotehost | |
| 11 (the hostname is still provided purely for looking up saved host keys) | |
| 12 | |
| 13 - Combine netcat-alike and proxy support to allow "multihop" connections, with | |
| 14 comma-separated host syntax. Allows running | |
| 15 dbclient user1@host1,user2@host2,user3@host3 | |
| 16 to end up at host3 via the other two, using SSH TCP forwarding. It's a bit | |
| 17 like onion-routing. All connections are established from the local machine. | |
| 18 The comma-separated syntax can also be used for scp/rsync, eg | |
| 19 scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump . | |
| 20 to bounce through a few hosts. | |
| 21 | |
| 22 - Allow restrictions on authorized_keys logins such as restricting commands | |
| 23 to be run etc. This is a subset of those allowed by OpenSSH, doesn't | |
| 24 yet allow restricting source host. | |
| 25 | |
| 26 - Use vfork() for scp on uClinux | |
| 27 | |
| 28 - Default to PATH=/usr/bin:/bin for shells. | |
| 29 | |
| 30 - Report errors if -R forwarding fails | |
| 31 | |
| 32 - Add counter mode cipher support, which avoids some security problems with the | |
| 33 standard CBC mode. | |
| 34 | |
| 35 - Support [email protected] delayed compression for client/server. It can be | |
| 36 required for the Dropbear server with the '-Z' option. This is useful for | |
| 37 security as it avoids exposing the server to attacks on zlib by | |
| 38 unauthenticated remote users, though requires client side support. | |
| 39 | |
| 40 - options.h has been split into options.h (user-changable) and sysoptions.h | |
| 41 (less commonly changed) | |
| 42 | |
| 43 - Support "dbclient -s sftp" to specify a subsystem | |
| 44 | |
| 45 - Fix a bug in replies to channel requests that could be triggered by recent | |
| 46 versions of PuTTY | |
| 47 | |
| 1 0.51 - Thu 27 March 2008 | 48 0.51 - Thu 27 March 2008 |
| 2 | 49 |
| 3 - Make a copy of password fields rather erroneously relying on getwpnam() | 50 - Make a copy of password fields rather erroneously relying on getwpnam() |
| 4 to be safe to call multiple times | 51 to be safe to call multiple times |
| 5 | 52 |