version 1.32, 2021/04/13 17:02:15 |
version 1.33, 2021/04/13 20:09:32 |
|
|
</ul> |
</ul> |
|
|
<li>OpenSSH 8.5 |
<li>OpenSSH 8.5 |
|
|
<ul> |
<ul> |
|
<li>Security fixes |
|
<ul> |
|
<li><a href="https://man.openbsd.org/ssh-agent.1">ssh-agent(1)</a>: |
|
fixed a double-free memory corruption that was introduced in OpenSSH |
|
8.2 . We treat all such memory faults as potentially exploitable. This |
|
bug could be reached by an attacker with access to the agent socket.<br> |
|
|
<!-- XXX taken from plus.html, not sorted into categories yet |
On modern operating systems where the OS can provide information |
<li>Preferred ed25519 signature algorithm variants over ECDSA in <a |
about the user identity connected to a socket, OpenSSH ssh-agent and |
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> and <a |
sshd limit agent socket access only to the originating user and root. |
href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>. |
Additional mitigation may be afforded by the system's |
<li>Enabled <a |
malloc(3)/free(3) implementation, if it detects double-free |
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> |
conditions.<br> |
UpdateHostkeys by default when the configuration has not overridden |
|
UserKnownHostFile. |
|
<li>Prefixed <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
|
keyboard interactive prompts with "user@host" for easier |
|
identification of connections. |
|
<li>Displayed any other hostnames/addresses associated with a new |
|
hostkey when <a href="https://man.openbsd.org/ssh.1">ssh(1)</a> |
|
prompts the user to accept it. |
|
<li>When doing an <a href="https://man.openbsd.org/sftp.1">sftp(1)</a> |
|
recursive upload or download of a read-only directory, ensured that |
|
the directory was created with write and execute permissions in the |
|
interim to allow the transfer. |
|
<li>Set the specified TOS/DSCP for interactive use prior to TCP |
|
connect in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>. |
|
<li>CLeaned up passing of struct passwd from monitor to preauth |
|
privsep process in <a href="https://man.openbsd.org/ssh.1">ssh(1)</a>. |
|
<li>Added an <a |
|
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> |
|
KnownHostsCommand that allows the client to obtain known_hosts data |
|
from a command in addition to the usual files. |
|
<li>Made CheckHostIP default to "no" in <a |
|
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a>. |
|
<li>Added PerSourceMaxStartups and PerSourceNetBlockSize options to |
|
<a href="https://man.openbsd.org/sshd.8">sshd(8)</a>. |
|
<li>Renamed the PubkeyAcceptedKeyTypes keyword to |
|
PubkeyAcceptedAlgorithms in <a |
|
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> and <a |
|
href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>. |
|
<li>Renamed the HostbasedKeyTypes keyword in <a |
|
href="https://man.openbsd.org/ssh_config.5">ssh_config(5)</a> and the |
|
HostbasedAcceptedKeyTypes keyword in <a |
|
href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> to |
|
HostbasedAcceptedAlgorithms. |
|
<li>Added PermitRemoteOpen to <a |
|
href="https://man.openbsd.org/ssh.1">ssh(1)</a> for remote dynamic |
|
forwarding with SOCKS. |
|
<li>Released <a href="https://www.openssh.com/txt/release-8.5">OpenSSH 8.5</a>. |
|
--> |
|
|
|
|
The most likely scenario for exploitation is a user forwarding an |
|
agent either to an account shared with a malicious user or to a host |
|
with an attacker holding root access. |
|
</ul> |
<li>Potentially incompatible changes. |
<li>Potentially incompatible changes. |
<ul> |
<ul> |
<li>... |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, <a |
|
href="https://man.openbsd.org/sshd.8">sshd(8)</a>: this release |
|
changes the first-preference signature algorithm from ECDSA to |
|
ED25519. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, <a |
|
href="https://man.openbsd.org/sshd.8">sshd(8)</a>: set the TOS/DSCP |
|
specified in the configuration for interactive use prior to TCP |
|
connect. The connection phase of the SSH session is time-sensitive and |
|
often explicitly interactive. The ultimate interactive/bulk TOS/DSCP |
|
will be set after authentication completes. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, <a |
|
href="https://man.openbsd.org/sshd.8">sshd(8)</a>: remove the |
|
pre-standardization cipher rijndael-cbc@lysator.liu.se. It is an alias |
|
for aes256-cbc before it was standardized in RFC4253 (2006), has been |
|
deprecated and disabled by default since OpenSSH 7.2 (2016) and was |
|
only briefly documented in ssh.1 in 2001. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, <a |
|
href="https://man.openbsd.org/sshd.8">sshd(8)</a>: update/replace the |
|
experimental post-quantum hybrid key exchange method based on |
|
Streamlined NTRU Prime coupled with X25519.<br> |
|
|
|
The previous sntrup4591761x25519-sha512@tinyssh.org method is |
|
replaced with sntrup761x25519-sha512@openssh.com. Per its designers, |
|
the sntrup4591761 algorithm was superseded almost two years ago by |
|
sntrup761. |
|
(note this both the updated method and the one that it replaced are |
|
disabled by default) |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: disable |
|
CheckHostIP by default. It provides insignificant benefits while |
|
making key rotation significantly more difficult, especially for hosts |
|
behind IP-based load-balancers. |
</ul> |
</ul> |
<li>New Features |
<li>New Features |
<ul> |
<ul> |
<li>... |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: this release |
|
enables UpdateHostkeys by default subject to some conservative |
|
preconditions: |
|
<ul> |
|
<li>The key was matched in the UserKnownHostsFile (and not in the |
|
GlobalKnownHostsFile). |
|
<li>The same key does not exist under another name. |
|
<li>A certificate host key is not in use. |
|
<li>known_hosts contains no matching wildcard hostname pattern. |
|
<li>VerifyHostKeyDNS is not enabled. |
|
<li>The default UserKnownHostsFile is in use. |
|
</ul> |
|
We expect some of these conditions will be modified or relaxed in |
|
future. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, <a |
|
href="https://man.openbsd.org/sshd.8">sshd(8)</a>: add a new |
|
LogVerbose configuration directive for that allows forcing maximum |
|
debug logging by file/function/line pattern-lists. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: when |
|
prompting the user to accept a new hostkey, display any other host |
|
names/addresses already associated with the key. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: allow |
|
UserKnownHostsFile=none to indicate that no known_hosts file should be |
|
used to identify host keys. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: add a |
|
ssh_config KnownHostsCommand option that allows the client to obtain |
|
known_hosts data from a command in addition to the usual files. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: add a |
|
ssh_config PermitRemoteOpen option that allows the client to restrict |
|
the destination when RemoteForward is used with SOCKS. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: for FIDO |
|
keys, if a signature operation fails with a "incorrect PIN" reason and |
|
no PIN was initially requested from the user, then request a PIN and |
|
retry the operation. This supports some biometric devices that fall |
|
back to requiring PIN when reading of the biometric failed, and |
|
devices that require PINs for all hosted credentials. |
|
|
|
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: implement |
|
client address-based rate-limiting via new <a |
|
href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a> |
|
PerSourceMaxStartups and PerSourceNetBlockSize directives that provide |
|
more fine-grained control on a per-origin address basis than the |
|
global MaxStartups limit. |
</ul> |
</ul> |
<li>Bugfixes |
<li>Bugfixes |
<ul> |
<ul> |
<li>... |
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: Prefix |
|
keyboard interactive prompts with "(user@host)" to make it easier to |
|
determine which connection they are associated with in cases like scp |
|
-3, ProxyJump, etc. bz#3224 |
|
|
|
<li><a href="https://man.openbsd.org/sshd.8">sshd(8)</a>: fix |
|
sshd_config SetEnv directives located inside Match blocks. GHPR#201 |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: when |
|
requesting a FIDO token touch on stderr, inform the user once the |
|
touch has been recorded. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: prevent |
|
integer overflow when ridiculously large ConnectTimeout values are |
|
specified, capping the effective value (for most platforms) at 24 |
|
days. bz#3229 |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: consider the |
|
ECDSA key subtype when ordering host key algorithms in the client. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, <a |
|
href="https://man.openbsd.org/sshd.8">sshd(8)</a>: rename the |
|
PubkeyAcceptedKeyTypes keyword to PubkeyAcceptedAlgorithms. The |
|
previous name incorrectly suggested that it control allowed key |
|
algorithms, when this option actually specifies the signature |
|
algorithms that are accepted. The previous name remains available as |
|
an alias. bz#3253 |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, <a |
|
href="https://man.openbsd.org/sshd.8">sshd(8)</a>: similarly, rename |
|
HostbasedKeyTypes (ssh) and HostbasedAcceptedKeyTypes (sshd) to |
|
HostbasedAcceptedAlgorithms. |
|
|
|
<li><a |
|
href="https://man.openbsd.org/sftp-server.8">sftp-server(8)</a>: add |
|
missing lsetstat@openssh.com documentation and advertisement in the |
|
server's SSH2_FXP_VERSION hello packet. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, <a |
|
href="https://man.openbsd.org/sshd.8">sshd(8)</a>: more strictly |
|
enforce KEX state-machine by banning packet types once they are |
|
received. Fixes memleak caused by duplicate |
|
SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078). |
|
|
|
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>: allow the |
|
full range of UIDs/GIDs for chown/chgrp on 32bit platforms instead of |
|
being limited by LONG_MAX. bz#3206 |
|
|
|
<li>Minor man page fixes (capitalization, commas, etc.) bz#3223 |
|
|
|
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>: when doing |
|
an sftp recursive upload or download of a read-only directory, ensure |
|
that the directory is created with write and execute permissions in |
|
the interim so that the transfer can actually complete, then set the |
|
directory permission as the final step. bz#3222 |
|
|
|
<li><a href="https://man.openbsd.org/ssh-keygen.1">ssh-keygen(1)</a>: |
|
document the -Z, check the validity of its argument earlier and |
|
provide a better error message if it's not correct. bz#2879 |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: ignore |
|
comments at the end of config lines in ssh_config, similar to what we |
|
already do for sshd_config. bz#2320 |
|
|
|
<li><a |
|
href="https://man.openbsd.org/sshd_config.5">sshd_config(5)</a>: |
|
mention that DisableForwarding is valid in a sshd_config Match block. |
|
bz3239 |
|
|
|
<li><a href="https://man.openbsd.org/sftp.1">sftp(1)</a>: fix |
|
incorrect sorting of "ls -ltr" under some circumstances. bz3248. |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>, <a |
|
href="https://man.openbsd.org/sshd.8">sshd(8)</a>: fix potential |
|
integer truncation of (unlikely) timeout values. bz#3250 |
|
|
|
<li><a href="https://man.openbsd.org/ssh.1">ssh(1)</a>: make |
|
hostbased authentication send the signature algorithm in its |
|
SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This make |
|
HostbasedAcceptedAlgorithms do what it is supposed to - filter on |
|
signature algorithm and not key type. |
</ul> |
</ul> |
</ul> |
</ul> |
|
|