OpenSSH server and client version 5.1 has just been released and available for download. New features in OpenSSH 5.1:
=> Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1) and ssh-keygen(1).
=> sshd now support CIDR address/masklen matching.
=> Added an extended test mode (-T) to sshd(8) to request that it write its effective configuration to stdout and exit.
=> ssh(1) now prints the number of bytes transferred and the overall connection throughput for SSH protocol 2 sessions when in verbose mode.
=> Added a MaxSessions option to sshd_config(5) to allow control of the number of multiplexed sessions supported over a single TCP connection.
Download OpenSSH 5.1
=> Visit offical site to grab latest OpenSSH 5.1
There was random number generator vulnerability in Debian OpenSSL package and similar packages in derived distributions such as Ubuntu / others. Many of our regular readers would like to know:
Can bug present in the Debian OpenSSL packages affect Red Hat / FreeBSD / CentOS Linux workstation / server users?
Short answer, yes.
All keys generated using Debian OpenSSL package must be replaced on other system including FreeBSD / CentOS / RHEL etc as all keys considered as compromized. OpenSSL, OpenSSH and OpenVPN are badly effected. For example, if you use OpenSSH key to get into other Linux / UNIX servers and if key-pair is generated with a vulnerable OpenSSL library, you are at the risk as the key can be reproduced easily.
Bottom, line you need to update keys on other boxes too.
Firefox 3.0 has been released and available for immediate download. Mozilla foundation is aiming to set a world record for the most downloads in 24 hours. IE’s lack of compliance with web standards and security issue made Firefox more popular among the techsavy / geek users.
For past 34 month Mozilla engineers have been working and perfecting Firefox v3.0. Now almost 15% of Internet users surf the web with Firefox. Mozilla Foundation aims to try and set a world record for the most downloads in a day. It needs to beat its own record set by Firefox version 2.0. It was downloaded 1.6 million times in Oct-2006. The attempt to break the record will begin at 10:30PM IST (10:00am PDT i.e. 17:00 GMT). Good Luck, Mozilla Team!
Download FireFox Final Version 3.0 For Windows / Linux / Mac OS X
Firefox 3.0 in Action
(Fig.01: Mozilla Firefox 3.0 Picture / Screenshot [Click to Enlarge image])
Firefox final 3 working plugins:
Following plugins working without any problems :)
- Google toolbar
- Stumble upon toolbar
- No script plugin
- Firefox adblock plug and few others
Related: How to Install FireFox version 3.0 tar.gz file under Linux operating system.
Firefox 3 release candidate 1 (RC1) is available for download from official project web site. Firefox 3 is based upon Gecko 1.9 engine, which has more than 14,000 updates including some major re-architecting to provide improved performance, stability, rendering correctness, and code simplification and sustainability. Firefox 3 has been built on top of this new platform resulting in a more secure, easier to use, more personal product with a lot more under the hood to offer website and Firefox add-on developers.
Quick Firefox 3 RC1 Installation
Type the following command at a shell prompt:
$ cd /tmp && wget 'http://download.mozilla.org/?product=firefox-3.0rc1&os=linux&lang=en-US'
$ tar -jxvf firefox-3.0rc1.tar.bz2
Backup existing settings:
$ mkdir ~/backup
$ cp -avr ~/.mozilla/ ~/backup/
Now install new firefox at /opt:
$ sudo tar -jxvf firefox-3.0rc1.tar.bz2 -C /opt/
$ /opt/firefox/firefox &
(Fig.01: Firefox 3 in action [click to enlarge image])
Download FireFox 3 RC1 for Windows / Linux / OS X
A word about addons
Following addons are not compatible with FF3:
- Firebug (beta version should work with FF3, see comments below)
- Google toolbar
- Stumble toolbar
Updated for accuracy!
One of my client has server node located at north America, Asia and Europe data centers. All servers are connected using 1000Mbps links. They transfers lots of data between all nodes over ssh session using scp / sftp. However, performance was horrible. After some research I came across High Performance SSH/SCP – HPN-SSH patch for OpenSSH:
SCP and the underlying SSH2 protocol implementation in OpenSSH is network performance limited by statically defined internal flow control buffers. These buffers often end up acting as a bottleneck for network throughput of SCP, especially on long and high bandwith network links.
Modifying the ssh code to allow the buffers to be defined at run time eliminates this bottleneck. We have created a patch that will remove the bottlenecks in OpenSSH and is fully interoperable with other servers and clients. In addition HPN clients will be able to download faster from non HPN servers, and HPN servers will be able to receive uploads faster from non HPN clients. However, the host receiving the data must have a properly tuned TCP/IP stack.
The amount of improvement any specific user will see is dependent on a number of issues. Transfer rates cannot exceed the capacity of the network nor the throughput of the I/O subsystem including the disk and memory speed. The improvement will also be highly influenced by the capacity of the processor to perform the encryption and decryption. Less computational expensive ciphers will often provide better throughput than more complex ciphers.
You can download HPN-SSH patch here. This patch improved our performance. You also need to tweak Linux TCP/IP networking settings. Here is my sysctl.conf file ( read this TCP tunning Linux guide for detailed explanation) :
# optimization start
# increase TCP max buffer size setable using setsockopt()
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 87380 8388608
# increase Linux auto tuning TCP buffer limits
# min, default, and max number of bytes to use
# set max to at least 4MB, or higher if you use very high BDP paths
net.core.rmem_max = 8388608
net.core.wmem_max = 8388608
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_window_scaling = 1
# optimization end
Intelligent Platform Management Interface (IPMI) is a hardware level interface specification that defines a common, abstracted, message-based interface to platform monitoring and control functions. Both IPMI and KVM over IP can be used in emergency situations.
[click to continue…]
OpenBSD 4.3 has been released and available for download. From the announcement page:
We remain proud of OpenBSD’s record of more than ten years with only two remote holes in the default install. As in our previous releases, 4.3 provides significant improvements, including new features, in nearly all areas of the system:
=> New/extended platforms
=> Hardware and driver support
=> Over 4,500 ports and much more
Download OpenBSD 4.3
Visit the offical project web site to grab installation media. You can also order CD from official web site.