version 1.62, 2019/04/10 15:35:17 |
version 1.63, 2019/04/10 17:21:24 |
|
|
</ul> |
</ul> |
<p> |
<p> |
|
|
|
<li>OpenSSH 8.0 |
|
<ul> |
|
<li>New Features |
|
<ul> |
|
<li>ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in |
|
PKCS#11 tokens. |
|
<li>ssh(1), sshd(8): Add experimental quantum-computing resistant |
|
key exchange method, based on a combination of Streamlined NTRU |
|
Prime 4591^761 and X25519. |
|
<li>ssh-keygen(1): Increase the default RSA key size to 3072 bits, |
|
following NIST Special Publication 800-57's guidance for a |
|
128-bit equivalent symmetric security level. |
|
<li>ssh(1): Allow "PKCS11Provider=none" to override later instances of |
|
the PKCS11Provider directive in ssh_config; bz#2974 |
|
<li>sshd(8): Add a log message for situations where a connection is |
|
dropped for attempting to run a command but a sshd_config |
|
ForceCommand=internal-sftp restriction is in effect; bz#2960 |
|
<li>ssh(1): When prompting whether to record a new host key, accept |
|
the key fingerprint as a synonym for "yes". This allows the user |
|
to paste a fingerprint obtained out of band at the prompt and |
|
have the client do the comparison for you. |
|
<li>ssh-keygen(1): When signing multiple certificates on a single |
|
command-line invocation, allow automatically incrementing the |
|
certificate serial number. |
|
<li>scp(1), sftp(1): Accept -J option as an alias to ProxyJump on |
|
the scp and sftp command-lines. |
|
<li>ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v" |
|
command-line flags to increase the verbosity of output; pass |
|
verbose flags though to subprocesses, such as ssh-pkcs11-helper |
|
started from ssh-agent. |
|
<li>ssh-add(1): Add a "-T" option to allowing testing whether keys in |
|
an agent are usable by performing a signature and a verification. |
|
<li>sftp-server(8): Add a "lsetstat@openssh.com" protocol extension |
|
that replicates the functionality of the existing SSH2_FXP_SETSTAT |
|
operation but does not follow symlinks. bz#2067 |
|
<li>sftp(1): Add "-h" flag to chown/chgrp/chmod commands to request |
|
they do not follow symlinks. |
|
<li>sshd(8): Expose $SSH_CONNECTION in the PAM environment. This makes |
|
the connection 4-tuple available to PAM modules that wish to use |
|
it in decision-making. bz#2741 |
|
<li>sshd(8): Add a ssh_config "Match final" predicate Matches in same |
|
pass as "Match canonical" but doesn't require hostname |
|
canonicalisation be enabled. bz#2906 |
|
<li>sftp(1): Support a prefix of '@' to suppress echo of sftp batch |
|
commands; bz#2926 |
|
<li>ssh-keygen(1): When printing certificate contents using |
|
"ssh-keygen -Lf /path/certificate", include the algorithm that |
|
the CA used to sign the cert. |
|
</ul> |
|
<li>Bugfixes |
|
<ul> |
|
<li>sshd(8): Fix authentication failures when sshd_config contains |
|
"AuthenticationMethods any" inside a Match block that overrides |
|
a more restrictive default. |
|
<li>sshd(8): Avoid sending duplicate keepalives when ClientAliveCount |
|
is enabled. |
|
<li>sshd(8): Fix two race conditions related to SIGHUP daemon restart. |
|
Remnant file descriptors in recently-forked child processes could |
|
block the parent sshd's attempt to listen(2) to the configured |
|
addresses. Also, the restarting parent sshd could exit before any |
|
child processes that were awaiting their re-execution state had |
|
completed reading it, leaving them in a fallback path. |
|
<li>ssh(1): Fix stdout potentially being redirected to /dev/null when |
|
ProxyCommand=- was in use. |
|
<li>sshd(8): Avoid sending SIGPIPE to child processes if they attempt |
|
to write to stderr after their parent processes have exited; |
|
bz#2071 |
|
<li>ssh(1): Fix bad interaction between the ssh_config ConnectTimeout |
|
and ConnectionAttempts directives - connection attempts after the |
|
first were ignoring the requested timeout; bz#2918 |
|
<li>ssh-keyscan(1): Return a non-zero exit status if no keys were |
|
found; bz#2903 |
|
<li>scp(1): Sanitize scp filenames to allow UTF-8 characters without |
|
terminal control sequences; bz#2434 |
|
<li>sshd(8): Fix confusion between ClientAliveInterval and time-based |
|
RekeyLimit that could cause connections to be incorrectly closed. |
|
bz#2757 |
|
<li>ssh(1), ssh-add(1): Correct some bugs in PKCS#11 token PIN |
|
handling at initial token login. The attempt to read the PIN |
|
could be skipped in some cases, particularly on devices with |
|
integrated PIN readers. This would lead to an inability to |
|
retrieve keys from these tokens. bz#2652 |
|
<li>ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set the |
|
CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login after the |
|
C_SignInit operation. bz#2638 |
|
<li>ssh(1): Improve documentation for ProxyJump/-J, clarifying that |
|
local configuration does not apply to jump hosts. |
|
<li>ssh-keygen(1): Clarify manual - ssh-keygen -e only writes |
|
public keys, not private. |
|
<li>ssh(1), sshd(8): be more strict in processing protocol banners, |
|
allowing \r characters only immediately before \n. |
|
<li>Various: fix a number of memory leaks, including bz#2942 and |
|
bz#2938 |
|
<li>scp(1), sftp(1): fix calculation of initial bandwidth limits. |
|
Account for bytes written before the timer starts and adjust the |
|
schedule on which recalculations are performed. Avoids an initial |
|
burst of traffic and yields more accurate bandwidth limits; |
|
bz#2927 |
|
<li>sshd(8): Only consider the ext-info-c extension during the initial |
|
key eschange. It shouldn't be sent in subsequent ones, but if it |
|
is present we should ignore it. This prevents sshd from sending a |
|
SSH_MSG_EXT_INFO for REKEX for buggy these clients. bz#2929 |
|
<li>ssh-keygen(1): Clarify manual that ssh-keygen -F (find host in |
|
authorized_keys) and -R (remove host from authorized_keys) options |
|
may accept either a bare hostname or a [hostname]:port combo. |
|
bz#2935 |
|
<li>ssh(1): Don't attempt to connect to empty SSH_AUTH_SOCK; bz#2936 |
|
<li>sshd(8): Silence error messages when sshd fails to load some of |
|
the default host keys. Failure to load an explicitly-configured |
|
hostkey is still an error, and failure to load any host key is |
|
still fatal. pr/103 |
|
<li>ssh(1): Redirect stderr of ProxyCommands to /dev/null when ssh is |
|
started with ControlPersist; prevents random ProxyCommand output |
|
from interfering with session output. |
|
<li>ssh(1): The ssh client was keeping a redundant ssh-agent socket |
|
(leftover from authentication) around for the life of the |
|
connection; bz#2912 |
|
<li>sshd(8): Fix bug in HostbasedAcceptedKeyTypes and |
|
PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types |
|
were specified, then authentication would always fail for RSA keys |
|
as the monitor checks only the base key (not the signature |
|
algorithm) type against *AcceptedKeyTypes. bz#2746 |
|
<li>ssh(1): Request correct signature types from ssh-agent when |
|
certificate keys and RSA-SHA2 signatures are in use. |
|
</ul> |
|
</ul> |
|
<p> |
|
|
<li>Mandoc 1.14.5 |
<li>Mandoc 1.14.5 |
<ul> |
<ul> |
<li> |
<li> |