This is the first release in the new development series. There may
still be some bugfix releases of lsh-1.4.x, e.g. the setsid bug fixed
in 1.5 may be serious enough to warrant a new 1.4.x release.
News for the 1.5 release
Implemented the server side of X11 forwarding. Try lshd
--x11-forward. There's one known bug: The server may start
sending data on the sessioc channel (typically your first
shell prompt) before it has sent the reply to the client's
"shell" or "exec" request. lsh will complain about, and ignore
that data.
As part of the X11 hacking, the socket code have been
reorganized.
Deleted one of the ipv6 configure tests. Now lsh will happily
build ipv6 support even if ipv6 is not available at run-time
on the build machine.
Fixed bug preventing -c none from working.
Another bug fix, call setsid even in the non-pty case.
Various bug fixes.
Get it at the usual places,
http://www.lysator.liu.se/~nisse/archive/lsh-1.5.tar.gz
ftp://ftp.lysator.liu.se/pub/security/lsh/lsh-1.5.tar.gz
I'd also like to announce the new, quite minimalistic, LSH homepage.
See <URL: http://www.lysator.liu.se/~nisse/lsh>. Some of the material,
inparticular the link list at the end, is copied from Martin's psst
pages. Comments welcome.
Regards,
/Niels
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[Please preserve the CC to 160588-forwarded(a)bugs.debian.org, this
archives messages in the Debian BTS]
Hi lsh-dev's ...
I just recieved this "feature request" bug ...
- ---------- Forwarded Message ----------
Subject: Bug#160588: lsh-utils:~/.lsh/authorized keys sha1/* not
human-readable (so no comments)
Date: Wed, 11 Sep 2002 18:00:30 -0400
From: "David B Harris" <eelf(a)sympatico.ca>
To: "Debian Bug Tracking System" <submit(a)bugs.debian.org>
Package: lsh-utils
Version: 1.4.2-1
Severity: minor
Hey there :)
I installed lsh-utils to see how the project is coming along (quite
well, actually; I may run it as my sshd(8) when X11 forwarding is
available on the serverside, to help test things).
Aaanyways, I do have one fairly serious problem (despite the severity
of this bug report ;). The files in ~/.lsh/authorized_keys_sha1/
aren't human-readable, and lsh-authorize doesn't store key comments
anywhere else. This might actually be a security concern; if I can't
figure out which key to delete now that a host I connect from is
decommissioned, I'll leave it there.
So, I guess this feature request is just for (yet another) lsh- util
that'll read the comment stored in the non-human-readable file. Dunno
if one's stored right now, but it's probably worth doing ;)
The option is to have lsh-authorize keep its own little listing in
~/.lsh/ somewhere. That's allright too.
- -- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux willow 2.4.19-xfs-a2 #1 Sat Aug 31 12:46:32 EDT 2002 i686
Locale: LANG=en_CA, LC_CTYPE=en_CA
Versions of packages lsh-utils depends on:
ii libc6 2.2.5-14.1 GNU C Library: Shared
libraries an ii libgmp3 4.0.1-3
Multiprecision arithmetic library ii libncurses5
5.2.20020112a-8 Shared libraries for terminal hand ii liboop3
0.8-2 Event loop management library di libpam0g
0.72-35 Pluggable Authentication Modules l ii
libreadline4 4.3-4 GNU readline and history
libraries ii libwrap0 7.6-ipv6.1-3 Wietse Venema's
TCP wrappers libra ii zlib1g 1:1.1.4-3
compression library - runtime
- -- no debconf information
- -------------------------------------------------------
- --
Timshel Knoll <timshel(a)pobox.com>, Debian email: <timshel(a)debian.org>
Debian GNU/Linux developer: http://people.debian.org/~timshel/
GnuPG public key: finger timshel(a)debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9gTkBXfqTkd4+iqcRAi3YAJ9CpH6j2rA4yy0Si9UWABvpsC8HmQCfc6Eg
fHFXffBugYTTfWRYoIQj+EY=
=MYde
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I've noticed in my Debian packaging exploits of lsh that IPv6 support is
built only if the build-time kernel has IPv6 available. Really it
should be OK to build with IPv6 support assuming all the appropriate
headers and libraries are available at build time, since the IPv6 code
simply fails and fall back to the IPv4 code, doesn't it? The reason I
ask this is that I would like to "force enable" building of IPv6
support in the Debian packages, since they end up running on boxes that
they are not built on, and my guess is that not all the Debian build
machines have IPv6 support (I'm not entirely sure on this,however).
If this isn't suitable as the default, maybe an option flag such as
- --enable-force-ipv6 or similar ... ?
Cheers,
Timshel
- --
Timshel Knoll <timshel(a)pobox.com>, Debian email: <timshel(a)debian.org>
Debian GNU/Linux developer: http://people.debian.org/~timshel/
GnuPG public key: finger timshel(a)debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9YvDnXfqTkd4+iqcRAoH6AJ928Y53fKGF2U4p+8A+4DRQftjFOgCfV4Iv
Gcn1O+jHBst/7NjHMUxhIi4=
=X/DG
-----END PGP SIGNATURE-----