diff options
Diffstat (limited to 'lib/ssh/doc/src/notes.xml')
| -rw-r--r-- | lib/ssh/doc/src/notes.xml | 838 |
1 files changed, 827 insertions, 11 deletions
diff --git a/lib/ssh/doc/src/notes.xml b/lib/ssh/doc/src/notes.xml index 0d88cbda7a..9d498c0fdc 100644 --- a/lib/ssh/doc/src/notes.xml +++ b/lib/ssh/doc/src/notes.xml @@ -4,20 +4,21 @@ <chapter> <header> <copyright> - <year>2004</year><year>2013</year> + <year>2004</year><year>2014</year> <holder>Ericsson AB. All Rights Reserved.</holder> </copyright> <legalnotice> - The contents of this file are subject to the Erlang Public License, - Version 1.1, (the "License"); you may not use this file except in - compliance with the License. You should have received a copy of the - Erlang Public License along with this software. If not, it can be - retrieved online at http://www.erlang.org/. - - Software distributed under the License is distributed on an "AS IS" - basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See - the License for the specific language governing rights and limitations - under the License. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. </legalnotice> @@ -29,6 +30,821 @@ <file>notes.xml</file> </header> +<section><title>Ssh 4.0</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Ssh crashed if a message was sent on a channel with + packet_size = 0.</p> + <p> + A new option for ssh:daemon is also introduced: + <c>minimal_remote_max_packet_size</c>. This option sets + the least max packet size declaration that the daemon + will accept from a client. The default value is 0 to + maintain compatibility with OpenSSH and the rfc:s.</p> + <p> + Own Id: OTP-12645 Aux Id: seq12816 </p> + </item> + <item> + <p> + Included test of the 'e' and 'f' parameters in + diffie-hellman key exchange as specified in rfc 4253 + section 8.</p> + <p> + Own Id: OTP-12649</p> + </item> + <item> + <p> + Fixes the bug that once the <c>rekey_limit</c> bytes (by + default, 1GB) had been transmitted the connection was + rekeyed every minute, not after the next transferred + 'rekey_limit' chunk.</p> + <p> + Thanks to Simon Cornish for the report and the fix!</p> + <p> + Own Id: OTP-12692</p> + </item> + <item> + <p> + Fixes a bug that causes an SFTP connection to always fail + when {timeout, Timeout} option is used with + ssh_sftp:start_channel.</p> + <p> + Thanks to Simon Cornish</p> + <p> + Own Id: OTP-12708</p> + </item> + <item> + <p> + Fix various ssh key exchange problems.</p> + <p> + Thanks to Simon Cornish</p> + <p> + Own Id: OTP-12760 Aux Id: <a + href="https://github.com/erlang/otp/pull/715">pull req + 715</a> </p> + </item> + <item> + <p> + The options <c>system_dir</c> and <c>user_dir</c> assumes + that the value is a path to a directory which is + readable. This is now checked early, so <c>ssh:daemon</c> + and <c>ssh:connect</c> will fail with an error message + immediately.</p> + <p> + Own Id: OTP-12788</p> + </item> + <item> + <p> + A daemon now checks that a client doesn't try to + authorize with methods not in the option auth_methods.</p> + <p> + Own Id: OTP-12790</p> + </item> + <item> + <p> + Disconnectfun now should trigger on all disconnects.</p> + <p> + Own Id: OTP-12811</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Better usage of binary matching in ssh_auth.erl and + ssh_message.erl</p> + <p> + Own Id: OTP-11697</p> + </item> + <item> + <p> + A new option 'preferred_algorithms' is available for + <c>ssh:daemon</c> and <c>ssh:connect</c>.</p> + <p> + This option defines the algorithms presented to the peer + in the algorithm negotiation phase of the ssh protocol. </p> + <p> + The default list can be obtained from the new function + <c>ssh:default_algorithms/0</c>.</p> + <p> + *** INCOMPATIBILITY with removed undocumented options + 'role' and 'compression' ***</p> + <p> + Own Id: OTP-12029</p> + </item> + <item> + <p> + The internal group to user_drv protocol has been changed + to be synchronous in order to guarantee that output sent + to a process implementing the user_drv protocol is + printed before replying. This protocol is used by the + standard_output device and the ssh application when + acting as a client. </p> + <p> + This change changes the previous unlimited buffer when + printing to standard_io and other devices that end up in + user_drv to 1KB.</p> + <p> + *** POTENTIAL INCOMPATIBILITY ***</p> + <p> + Own Id: OTP-12240</p> + </item> + <item> + <p> + If ssh_connection:subsystem/4 fails we do not want to + crash but rather terminate gracefully.</p> + <p> + Own Id: OTP-12648 Aux Id: seq12834 </p> + </item> + <item> + <p> + New option <c>id_string</c> for <c>ssh:daemon</c> and + <c>ssh:connect</c> for limiting banner grabbing attempts.</p> + <p> + The possible values are: <c>{id_string,string()}</c> and + <c>{id_string,random}</c>. The latter will make ssh + generate a random nonsence id-string for each new + connection.</p> + <p> + Own Id: OTP-12659</p> + </item> + <item> + <p> + To enable the ssh daemon to run in a virtualized + environment, where there can be more that one server that + has the same ip-address and port, we add a new option + profile.</p> + <p> + Own Id: OTP-12675</p> + </item> + <item> + <p> + Upgrade test suite added.</p> + <p> + Own Id: OTP-12676</p> + </item> + <item> + <p> + A new option for handling the SSH_MSG_DEBUG message's + printouts. A fun could be given in the options that will + be called whenever the SSH_MSG_DEBUG message arrives. + This enables the user to format the printout or just + discard it.</p> + <p> + Own Id: OTP-12738 Aux Id: seq12860 </p> + </item> + <item> + <p> + Testcase improvements and corrections:</p> + <p> + * Add testcases for the <c>disconnectfun</c> option on + both server and client sides</p> + <p> + * Timeout testcases adjusted for slow machines where they + sometimes failed</p> + <p> + Own Id: OTP-12786</p> + </item> + <item> + <p> + The option <c>disconnectfun</c> can now be used both on + the client and server side.</p> + <p> + Own Id: OTP-12789</p> + </item> + <item> + <p> + A new option unknown_msgfun/2 for ssh:connect and + ssh:daemon for handling unknown messages. With the option + it is possible to intercept before an INFO log message is + generated.</p> + <p> + One usage is to filter out messages that are not wanted + in the error logger as info reports. An example of such a + message is the 'etimedout' tcp error message that will be + received if a connection has keep_alive and the peer is + restarted.</p> + <p> + Own Id: OTP-12813 Aux Id: seq12881 </p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.2.4</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Gracefully terminate if sockets is unexpectedly closed.</p> + <p> + Own Id: OTP-12782</p> + </item> + <item> + <p> + Made Codenomicon Defensics test suite pass: <list> + <item>limit number of algorithms in kexinit + message</item> <item>check 'e' and 'f' parameters in + kexdh</item> <item>implement 'keyboard-interactive' user + authentication on server side</item> <item> return plain + text message to bad version exchange message</item> + </list></p> + <p> + Own Id: OTP-12784</p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.2.3</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + A new option for handling the SSH_MSG_DEBUG message's + printouts. A fun could be given in the options that will + be called whenever the SSH_MSG_DEBUG message arrives. + This enables the user to format the printout or just + discard it.</p> + <p> + Own Id: OTP-12738 Aux Id: seq12860 </p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.2.2</title> + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + New option <c>id_string</c> for <c>ssh:daemon</c> and + <c>ssh:connect</c> for limiting banner grabbing attempts.</p> + <p> + The possible values are: <c>{id_string,string()}</c> and + <c>{id_string,random}</c>. The latter will make ssh + generate a random nonsence id-string for each new + connection.</p> + <p> + Own Id: OTP-12659</p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.2.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Ssh crashed if a message was sent on a channel with + packet_size = 0.</p> + <p> + A new option for ssh:daemon is also introduced: + <c>minimal_remote_max_packet_size</c>. This option sets + the least max packet size declaration that the daemon + will accept from a client. The default value is 0 to + maintain compatibility with OpenSSH and the rfc:s.</p> + <p> + Own Id: OTP-12645 Aux Id: seq12816 </p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.2</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + If a channel is closed by the peer while using a function + with call semantics in ssh_connection.erl return {error, + closed}. Document that the functions can return {error, + timeout | closed} and not only ssh_request_status()</p> + <p> + Own Id: OTP-12004</p> + </item> + <item> + <p> + Bug that causes ssh:connect to return + <c>{error,int()}</c> instead of <c>{error,timeout}</c> + when ssh handshake takes too long time.</p> + <p> + Own Id: OTP-12369</p> + </item> + <item> + <p> + Documentation corrections. (Thanks to Rabbe Fogelholm)</p> + <p> + Own Id: OTP-12399</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Example of ssh_connection:exec added.</p> + <p> + Own Id: OTP-12558</p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Make sure the clean rule for ssh, ssl, eunit and otp_mibs + actually removes generated files.</p> + <p> + Own Id: OTP-12200</p> + </item> + <item> + <p> + Improved Property Tests (Thanks to Thomas, John and + Tobias at QuviQ)</p> + <p> + Own Id: OTP-12256</p> + </item> + <item> + <p> + Correct typo of renegotiate that could cause rekeying to + fail</p> + <p> + Own Id: OTP-12277 Aux Id: seq12736 </p> + </item> + <item> + <p> + The {timeout, Timeout} option passed to + ssh_sftp:start_channel was not applied to the early + phases of the SSH protocol. This patch passes the Timeout + through to ssh:connect. In case the timeout occurs during + these phases, {error, timeout} is returned. (Thanks to + Simon Cornish)</p> + <p> + Own Id: OTP-12306</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Added API functions ptty_alloc/3 and ptty_alloc/4, to + allocate a pseudo tty.</p> + <p> + Own Id: OTP-11542 Aux Id: seq12493, OTP-11631 </p> + </item> + <item> + <p> + Supports tar file creation on other media than file + systems mounted on the local machine.</p> + <p> + The <c>erl_tar</c> api is extended with + <c>erl_tar:init/3</c> that enables usage of user provided + media storage routines. A ssh-specific set of such + routines is hidden in the new function + <c>ssh_sftp:open_tar/3</c> to simplify creating a tar + archive on a remote ssh server.</p> + <p> + A chunked file reading option is added to + <c>erl_tar:add/3,4</c> to save memory on e.g small + embedded systems. The size of the slices read from a file + in that case can be specified.</p> + <p> + Own Id: OTP-12180 Aux Id: seq12715 </p> + </item> + <item> + <p> + Always send SSH_DISCONNECT protocol messages when peer + sends corrupt messages.</p> + <p> + Own Id: OTP-12185</p> + </item> + <item> + <p> + Hooks for funs that can change binaries sent to remote + sites from erl_tar for renote tar file creation are + added. See <c>ssh_sftp:open_tar/3,4</c> for details. The + hooks could also be used to read remote tar files that + need transformation before file extraction.</p> + <p> + Those hooks are intended for encryption and decryption of + tar files. Effort is put into memory, disk and network + resource economy.</p> + <p> + Own Id: OTP-12312 Aux Id: OTP-12180 </p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.0.8</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Fixes of login blocking after port scanning.</p> + <p> + Own Id: OTP-12247 Aux Id: seq12726 </p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.0.7</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Add option sftp_vsn to SFTP</p> + <p> + Own Id: OTP-12227</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Fix option user_interaction to work as expected. When + password authentication is implemented with ssh + keyboard-interactive method and the password is already + supplied, so that we do not need to query user, then + connections should succeed even though user_interaction + option is set to false.</p> + <p> + Own Id: OTP-11329 Aux Id: seq12420, seq12335 </p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.0.6</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Gracefully handle bad data from the client when expecting + ssh version exchange.</p> + <p> + Own Id: OTP-12157 Aux Id: seq12706 </p> + </item> + <item> + <p> + When restarting an ssh daemon, that was stopped with + ssh:stop_listner/ [1,2] new options given shall replace + old ones.</p> + <p> + Own Id: OTP-12168 Aux Id: seq12711 </p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + ssh now has a format_status function to avoid printing + sensitive information in error loggs.</p> + <p> + Own Id: OTP-12030</p> + </item> + </list> + </section> + + + <section><title>Known Bugs and Problems</title> + <list> + <item> + <p> + The option <c>parallel_login</c> didn't work with the + value <c>true</c>. All logins were serial.</p> + <p> + Own Id: OTP-12194</p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.0.5</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + When starting an ssh-daemon giving the option + {parallel_login, true}, the timeout for authentication + negotiation ({negotiation_timeout, integer()}) was never + removed.</p> + <p> + This caused the session to always be terminated after the + timeout if parallel_login was set.</p> + <p> + Own Id: OTP-12057 Aux Id: seq12663 </p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Warning: this is experimental and may disappear or change + without previous warning.</p> + <p> + Experimental support for running Quickcheck and PropEr + tests from common_test suites is added to common_test. + See the reference manual for the new module + <c>ct_property_testing</c>.</p> + <p> + Experimental property tests are added under + <c>lib/{inet,ssh}/test/property_test</c>. They can be run + directly or from the commont_test suites + <c>inet/ftp_property_test_SUITE.erl</c> and + <c>ssh/test/ssh_property_test_SUITE.erl</c>.</p> + <p> + See the code in the <c>test</c> directories and the man + page for details.</p> + <p> + (Thanks to Tuncer Ayaz for a patch adding Triq)</p> + <p> + Own Id: OTP-12119</p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.0.4</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + When starting an ssh-daemon giving the option + {parallel_login, true}, the timeout for authentication + negotiation ({negotiation_timeout, integer()}) was never + removed.</p> + <p> + This caused the session to always be terminated after the + timeout if parallel_login was set.</p> + <p> + Own Id: OTP-12057 Aux Id: seq12663 </p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.0.3</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Removed mail address from error reports and corrected + spelling error (Stacktace -> stacktrace)</p> + <p> + Own Id: OTP-11883 Aux Id: seq12586 </p> + </item> + <item> + <p> + Decode/encode fixes in SSH_MSG_IGNORE and + SSH_MSG_UNIMPLEMENTED.</p> + <p> + Own Id: OTP-11983</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Accepts that some older OpenSSH clients sends incorrect + disconnect messages.</p> + <p> + Own Id: OTP-11972</p> + </item> + <item> + <p> + Handle inet and inet6 option correctly</p> + <p> + Own Id: OTP-11976</p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.0.2</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Fixed timeout bug in ssh:connect.</p> + <p> + Own Id: OTP-11908</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Option <c>max_sessions</c> added to + <c>ssh:daemon/{2,3}</c>. This option, if set, limits the + number of simultaneous connections accepted by the + daemon.</p> + <p> + Own Id: OTP-11885</p> + </item> + </list> + </section> + +</section> + +<section><title>Ssh 3.0.1</title> + + <section><title>Fixed Bugs and Malfunctions</title> + <list> + <item> + <p> + Fixes the problem that ssh_cli in some cases could delay + the prompt if a tty was not requested by the client.</p> + <p> + Own Id: OTP-10732</p> + </item> + <item> + <p> + The variable NewCol is now correctly calculated allowing + for tab-completion of function calls even when preceded + with blank space (Thanks to Alexander Demidenko)</p> + <p> + Own Id: OTP-11566</p> + </item> + <item> + <p> + Fix incorrect dialyzer spec and types, also enhance + documentation. </p> + <p> + Thanks to Ayaz Tuncer.</p> + <p> + Own Id: OTP-11627</p> + </item> + <item> + <p> + Fixed a bug when ssh:exec executes a linux command on a + linux ssh daemon. If the result is sent back from + standard error, the length information was not stripped + off correctly.</p> + <p> + Own Id: OTP-11667</p> + </item> + <item> + <p> + Fixed a bug with the ssh file 'known_hosts' which made + the file grow with many equal entries.</p> + <p> + Own Id: OTP-11671</p> + </item> + <item> + <p> + Some local implementations of removing the last element + from a list are replaced by <c>lists:droplast/1</c>. Note + that this requires at least <c>stdlib-2.0</c>, which is + the stdlib version delivered in OTP 17.0. (Thanks to Hans + Svensson)</p> + <p> + Own Id: OTP-11678</p> + </item> + <item> + <p> + Bug fix for <c>ssh:daemon/2,3</c> so that the failfun is + called when it should.</p> + <p> + Own Id: OTP-11680</p> + </item> + <item> + <p> + Fixed bug which crashed ssh when SSH_MSG_KEX_DH_GEX_GROUP + is received. This could cause a vm-crash for eheap_alloc + during garbage collect.</p> + <p> + Own Id: OTP-11696 Aux Id: 12547, 12532 </p> + </item> + <item> + <p> + Fixes a bug that breaks keyboard-interactive + authentication. Thanks to Simon Cornish for reporting and + suggesting a fix.</p> + <p> + Own Id: OTP-11698</p> + </item> + <item> + <p> + dialyzer specs are now correct for <c>ssh:start/0</c>, + <c>ssh:start/1</c>, <c>ssh:stop/0</c> and + <c>ssh_connection_handler:open_channel/5</c>. (Thanks to + Johannes Weißl )</p> + <p> + Own Id: OTP-11705</p> + </item> + <item> + <p> + Application upgrade (appup) files are corrected for the + following applications: </p> + <p> + <c>asn1, common_test, compiler, crypto, debugger, + dialyzer, edoc, eldap, erl_docgen, et, eunit, gs, hipe, + inets, observer, odbc, os_mon, otp_mibs, parsetools, + percept, public_key, reltool, runtime_tools, ssh, + syntax_tools, test_server, tools, typer, webtool, wx, + xmerl</c></p> + <p> + A new test utility for testing appup files is added to + test_server. This is now used by most applications in + OTP.</p> + <p> + (Thanks to Tobias Schlager)</p> + <p> + Own Id: OTP-11744</p> + </item> + <item> + <p> + Fixed dialyzer warning for <c>ssh_connection:send</c>.</p> + <p> + Own Id: OTP-11821</p> + </item> + <item> + <p> + <c>ssh:daemon/2,3</c> : Added options + <c>negotiation_timeout</c> and <c>parallel_login</c> to + tune the authentication behaviour.</p> + <p> + Own Id: OTP-11823</p> + </item> + </list> + </section> + + + <section><title>Improvements and New Features</title> + <list> + <item> + <p> + Ssh now fully supports unicode filenames, filecontents, + shell and cli. Please note that the underlying os and + emulator must also give support for unicode. You may want + to start the emulator with "<c>erl +fnu</c>" on Linux.</p> + <p> + Own Id: OTP-10953</p> + </item> + </list> + </section> + +</section> + <section><title>Ssh 3.0</title> <section><title>Fixed Bugs and Malfunctions</title> |