OpenSSH 5.6 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly.
* Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity.
* Hostbased authentication may now use certificate host keys. CA keys must be specified in a known_hosts file using the @cert-authority marker as described in sshd(8).
* ssh-keygen(1) now supports signing certificate using a CA key that has been stored in a PKCS#11 token.
* ssh(1) will now log the hostname and address that we connected to at LogLevel=verbose after authentication is successful to mitigate “phishing” attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts.
Note that, for such an attack to be successful, the user must have disabled StrictHostKeyChecking (enabled by default) or an attacker must have access to a trusted host key for the destination server.
* Expand %h to the hostname in ssh_config Hostname options. While this sounds useless, it is actually handy for working with unqualified