OpenSSH is a BSD/Linux implementation of SSH1 and SSH2 for encrypted terminal connections, tunneling and file transfers.It includes the sshd server, scp and sftp, and various utility tools such as ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen, and the sftp-server.
minor feature: New featuresSsh(1), ssh-keygen(1): support for FIDO keys that require a PIN for.Each use. These keys may be generated using ssh-keygen using a newverify-required" option. When a PIN-required key is used, the user.Will be prompted for a PIN to complete the signature operation.Sshd(8): authorized_keys now supports a new "verify-required".Option to require FIDO signatures assert that the token verifiedThat the user was present before making the signature. The FIDOProtocol supports multiple methods for user-verification, butCurrently OpenSSH only supports PIN verification.Sshd(8), ssh-keygen(1): add support for verifying FIDO webauthn.Signatures. Webauthn is a standard for using FIDO keys in webBrowsers. These signatures are a slightly different format to plainFIDO signatures and thus require explicit support.Ssh(1): allow some keywords to expand shell-style ENV .Environment variables. The supported keywords are CertificateFile,ControlPath, IdentityAgent and IdentityFile, plus LocalForward andRemoteForward when used for Unix domain socket paths. bz#3140.Ssh(1), ssh-agent(1): allow some additional control over the use of.Ssh-askpass via a new SSH_ASKPASS_REQUIRE environment variable,Including forcibly enabling and disabling its use. bz#69Ssh(1): allow ssh_config(5)'s AddKeysToAgent keyword accept a time.Limit for keys in addition to its current flag options. Time-Limited keys will automatically be removed from ssh-agent afterTheir expiry time has passed.Scp(1), sftp(1): allow the -A flag to explicitly enable agent.Forwarding in scp and sftp. The default remains to not forward anAgent, even when ssh_config enables it.Ssh(1): add a ' k' TOKEN that expands to the effective HostKey of.The destination. This allows, e.g. keeping host keys in individualFiles using "UserKnownHostsFile /.ssh/known_hosts.d/ k". bz#1654Ssh(1): add -TOKEN, environment variable and tilde expansion to.The UserKnownHostsFile directive, allowing the path to beComplet