[cryptography] PuTTY 0.61 (ssh-keys only and EKE for web too (Re: preventing protocol failings))
marsh at extendedsubset.com
Wed Jul 13 13:11:11 EDT 2011
I normally wouldn't post about any old software release, but with the
recent discussion of SSH and authentication these release notes from
PuTTY seem appropriate.
> It's been more than four years since 0.60 was released, and we've had
> quite a lot of email asking if PuTTY was still under development, and
> occasionally asking if we were even still alive. Well, we are, and it
> has been! Sorry about the long wait.
> New features in 0.61 include:
> - Support for SSH-2 authentication using GSSAPI, on both Windows and
> Unix. Users in a Kerberos realm should now be able to use their
> existing Kerberos single sign-on in their PuTTY SSH connections.
> (While this has been successfully deployed in several realms, some
> small gaps are known to exist in this functionality, and we would
> welcome further testing and advice from Kerberos experts.)
> - On Windows: PuTTY's X11 forwarding can now authenticate with the
> local X server, if you point it at an X authority file where it can
> find the authentication details. So you can now use Windows PuTTY
> with X forwarding and not have to open your X server up to all
> connections from localhost.
> - A small but important feature: you can now manually tell PuTTY the
> name of the host you expect to end up talking to, in cases where
> that differs from where it's physically connecting to (e.g. when
> port forwarding). If you do this, the host key will be looked up
> and cached under the former name.
> - Assorted optimisation and speedup work. SSH key exchange should be
> faster by about a factor of three compared to 0.60; SSH-2
> connections are started up in a way that reduces the number of
> network round trip delays; SSH-2 window management has also been
> revised to reduce round trip delays during any large-volume data
> transfer (including port forwardings as well as SFTP/SCP).
> - Support for OpenSSH's security-tweaked form of SSH compression (so
> PuTTY can now use compression again when talking to modern OpenSSH
More information about the cryptography