Open（Open Secure Shell）是使用SSH透过加密通讯的实现。它是取代由SSH Communications Security所提供的商用版本的方案。目前是的子计划。

远程登录工具OpenSSH 6.7发布。2014-10-07 上个版本是2014-03-16的6.6 新特性有支持上传,支持Unix domain socket转发,新的PermitUserRC参数,支持ED25519类型的SSHFP DNS记录等.

完全改进：

OpenSSH 6.7 has just been released. It will be available from the

mirrors listed at shortly.

OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0

implementation and includes sftp client and server support.

Once again, we would like to thank the OpenSSH community for their

continued support of the project, especially those who contributed

code or patches, reported bugs, tested snapshots or donated to the

project. More information on donations may be found at:

donations.html

Changes since OpenSSH 6.6

=========================

Potentially-incompatible changes

* sshd(8): The default set of ciphers and MACs has been altered to

remove unsafe algorithms. In particular, CBC ciphers and arcfour*

are disabled by default.

The full set of algorithms remains available if configured

explicitly via the Ciphers and MACs sshd_config options.

* sshd(8): Support for tcpwrappers/libwrap has been removed.

* OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections

using the curve25519-sha256@libssh.org KEX exchange method to fail

when connecting with something that implements the specification

correctly. OpenSSH 6.7 disables this KEX method when speaking to

one of the affected versions.

New Features

* Major internal refactoring to begin to make part of OpenSSH usable

as a library. So far the wire parsing, key handling and KRL code

has been refactored. Please note that we do not consider the API

stable yet, nor do we offer the library in separable form.

* ssh(1), sshd(8): Add support for Unix domain socket forwarding.

A remote TCP port may be forwarded to a local Unix domain socket

and vice versa or both ends may be a Unix domain socket.

* ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for

ED25519 key types.

* sftp(1): Allow resumption of interrupted uploads.

* ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it

is the same as the one sent during initial key exchange; bz#2154

* sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind

addresses when GatewayPorts=no; allows client to choose address

family; bz#2222

* sshd(8): Add a sshd_config PermitUserRC option to control whether

~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys

option; bz#2160

* ssh(1): Add a %C escape sequence for LocalCommand and ControlPath

that expands to a unique identifer based on a hash of the tuple of

(local host, remote user, hostname, port). Helps avoid exceeding

miserly pathname limits for Unix domain sockets in multiplexing

control paths; bz#2220

* sshd(8): Make the "Too many authentication failures" message

include the user, source address, port and protocol in a format

similar to the authentication success / failure messages; bz#2199

* Added unit and fuzz tests for refactored code. These are run

automatically in portable OpenSSH via the "make tests" target.

Bugfixes

* sshd(8): Fix remote forwarding with the same listen port but

different listen address.

* ssh(1): Fix inverted test that caused PKCS#11 keys that were

explicitly listed in ssh_config or on the commandline not to be

preferred.

* ssh-keygen(1): Fix bug in KRL generation: multiple consecutive

revoked certificate serial number ranges could be serialised to an

invalid format. Readers of a broken KRL caused by this bug will

fail closed, so no should-have-been-revoked key will be accepted.

* ssh(1): Reflect stdio-forward ("ssh -W host:port ...") failures in

exit status. Previously we were always returning 0; bz#2255

* ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly in the

randomart border; bz#2247

* ssh-agent(1): Only cleanup agent socket in the main agent process

and not in any subprocesses it may have started (e.g. forked

askpass). Fixes agent sockets being zapped when askpass processes

fatal(); bz#2236

* ssh-add(1): Make stdout line-buffered; saves partial output getting

lost when ssh-add fatal()s part-way through (e.g. when listing keys

from an agent that supports key types that ssh-add doesn't);

bz#2234

* ssh-keygen(1): When hashing or removing hosts, don't choke on

@revoked markers and don't remove @cert-authority markers; bz#2241

* ssh(1): Don't fatal when hostname canonicalisation fails and a

ProxyCommand is in use; continue and allow the ProxyCommand to

connect anyway (e.g. to a host with a name outside the DNS behind

a bastion)

* scp(1): When copying local->remote fails during read, don't send

uninitialised heap to the remote end.

* sftp(1): Fix fatal "el_insertstr failed" errors when tab-completing

filenames with a single quote char somewhere in the string;

bz#2238

* ssh-keyscan(1): Scan for Ed25519 keys by default.

* ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver, down-

convert any certificate keys to plain keys and attempt SSHFP

resolution. Prevents a server from skipping SSHFP lookup and

forcing a new-hostkey dialog by offering only certificate keys.

* sshd(8): Avoid crash at exit via NULL pointer reference; bz#2225

* Fix some strict-alignment errors.

Portable OpenSSH

* Portable OpenSSH now supports building against libressl-portable.

* Portable OpenSSH now requires openssl 0.9.8f or greater. Older

versions are no longer supported.

* In the OpenSSL version check, allow fix version upgrades (but not

downgrades. Debian bug #748150.

* sshd(8): On Cygwin, determine privilege separation user at runtime,

since it may need to be a domain account.

* sshd(8): Don't attempt to use vhangup on Linux. It doesn't work for

non-root users, and for them it just messes up the tty settings.

* Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is

available. It considers time spent suspended, thereby ensuring

timeouts (e.g. for expiring agent keys) fire correctly. bz#2228

* Add support for ed25519 to opensshd.init init script.

* sftp-server(8): On platforms that support it, use prctl() to

prevent sftp-server from accessing /proc/self/{mem,maps}

下载：ftp://ftp.openbsd.com/pub/OpenBSD/OpenSSH/portable/openssh-6.7p1.tar.gz

如果想深入体验LINUX系统的新手，也可以先下载一个方德Linux软件中心试用一下。

免费下载地址：