The following two things are highlights for me:<p><pre><code> * ssh(1): Add a ssh_config(5) "Match" keyword that allows
conditional configuration to be applied by matching on hostname,
user and result of arbitrary commands.
* ssh(1): Add support for client-side hostname canonicalisation
using a set of DNS suffixes and rules in ssh_config(5). This
allows unqualified names to be canonicalised to fully-qualified
domain names to eliminate ambiguity when looking up keys in
known_hosts or checking host certificate names.</code></pre>
Bold move, defaulting to Curve25519 ECDH.<p>I'm not saying DH/DLP is broken, but the NSA declines to include non-EC DH (or RSA, for that matter) in their Suite B of algorithms approved for internal applications. It's nice to have the option of ECDH for day to day use.<p><a href="http://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography" rel="nofollow">http://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography</a>
* Add a new private key format that uses a bcrypt KDF to better
protect keys at rest.<p>This is pretty important to me: Keys are much less of a hazard if taken off a stolen laptop/disk.
OpenSSH-HPN's patchset really needs to be merged into the mainline. There's no excuse for not at least incorporating dynamic window scaling into the core protocol since it's such a ridiculous omission at this point.
Wonderful to see them using a modern, time-hard KDF finally.<p>One wonders where the kickstarter to get a proper time- and memory- hard KDF patched into GnuPG is? It's not even really that much of a compatibility issue, either (unless you are sharing private key files between many machines)...<p>You'd really think the tinfoil-hat paranoids that (until Snowden) comprise(d) the bulk of the pgp userbase would care about the keys used to keep their log-term keys on disk private. I was flabbergasted to see the (relatively) tiny number of iterations in use in the GnuPG kdf.
More than a few people requested Github and Bitbucket to support more than RSA keys but they've both ignored the request for ECDSA for the last few years. The changes in 6.5 should inspire them to skip ECDSA and add Ed25519 as an option. Please Github and Bitbucket do everyone a favor and support modern keys. Next step is to save cpu cycles by using Curve25519 when available in the client. It's illogical not to.
I'm very happy to see djb's crypto work being supported in openssh!<p>Does anyone know offhand why ChaCha was chosen instead of XSalsa20, which is used in NaCl?
it also has:<p>* sshd(8): Add support for pre-authentication sandboxing using the
Capsicum API introduced in FreeBSD 10.<p>Capsicum is a nice way to drop privs that shipped in FreeBSD 10 and is also being worked on for Linux.