version 1.49, 2022/04/15 04:57:20 |
version 1.50, 2022/04/15 05:31:17 |
|
|
<li>Security |
<li>Security |
<ul> |
<ul> |
<!-- OpenSSH 8.9 --> |
<!-- OpenSSH 8.9 --> |
<li>Near miss in sshd(8): |
<li>Near miss in <a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
fix an integer overflow in the user authentication path |
fix an integer overflow in the user authentication path |
that, in conjunction with other logic errors, could have yielded |
that, in conjunction with other logic errors, could have yielded |
unauthenticated access under difficult to exploit conditions.<br> |
unauthenticated access under difficult to exploit conditions.<br> |
|
|
<li>New features |
<li>New features |
<ul> |
<ul> |
<!-- OpenSSH 8.9 --> |
<!-- OpenSSH 8.9 --> |
<li>ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
restricting forwarding and use of keys added to ssh-agent(1) |
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>, |
|
<a href=https://man.openbsd.org/ssh-add.1>ssh-add(1)</a>, |
|
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>: |
|
add a system for restricting forwarding and use of keys added to |
|
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a> |
A detailed description of the feature is available at |
A detailed description of the feature is available at |
https://www.openssh.com/agent-restrict.html and the protocol |
https://www.openssh.com/agent-restrict.html and the protocol |
extensions are documented in the PROTOCOL and PROTOCOL.agent |
extensions are documented in the PROTOCOL and PROTOCOL.agent |
files in the source release. |
files in the source release. |
<li>ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
|
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
add the sntrup761x25519-sha512@openssh.com hybrid |
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the |
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the |
default KEXAlgorithms list (after the ECDH methods but before the |
default KEXAlgorithms list (after the ECDH methods but before the |
prime-group DH ones). |
prime-group DH ones). |
<li>ssh-keygen(1): when downloading resident keys from a FIDO token, |
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>: |
|
when downloading resident keys from a FIDO token, |
pass back the user ID that was used when the key was created and |
pass back the user ID that was used when the key was created and |
append it to the filename the key is written to (if it is not the |
append it to the filename the key is written to (if it is not the |
default). Avoids keys being clobbered if the user created multiple |
default). Avoids keys being clobbered if the user created multiple |
resident keys with the same application string but different user |
resident keys with the same application string but different user |
IDs. |
IDs. |
<li>ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys |
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>, |
|
<a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
|
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>: |
|
better handling for FIDO keys |
on tokens that provide user verification (UV) on the device itself, |
on tokens that provide user verification (UV) on the device itself, |
including biometric keys, avoiding unnecessary PIN prompts. |
including biometric keys, avoiding unnecessary PIN prompts. |
<li>ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to |
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>: add "ssh-keygen -Y match-principals" operation to |
perform matching of principals names against an allowed signers |
perform matching of principals names against an allowed signers |
file. To be used towards a TOFU model for SSH signatures in git. |
file. To be used towards a TOFU model for SSH signatures in git. |
<li>ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added |
<li><a href=https://man.openbsd.org/ssh-add.1>ssh-add(1)</a>, |
to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at |
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>: |
authentication time. |
allow pin-required FIDO keys to be added |
<li>ssh-keygen(1): allow selection of hash at sshsig signing time |
to <a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>. |
|
$SSH_ASKPASS will be used to request the PIN at authentication time. |
|
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>: |
|
allow selection of hash at sshsig signing time |
(either sha512 (default) or sha256). |
(either sha512 (default) or sha256). |
<li>ssh(1), sshd(8): read network data directly to the packet input |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
|
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
read network data directly to the packet input |
buffer instead of indirectly via a small stack buffer. Provides a |
buffer instead of indirectly via a small stack buffer. Provides a |
modest performance improvement. |
modest performance improvement. |
<li>ssh(1), sshd(8): read data directly to the channel input buffer, |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
|
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
read data directly to the channel input buffer, |
providing a similar modest performance improvement. |
providing a similar modest performance improvement. |
<li>ssh(1): extend the PubkeyAuthentication configuration directive to |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>: |
|
extend the PubkeyAuthentication configuration directive to |
accept yes|no|unbound|host-bound to allow control over one of the |
accept yes|no|unbound|host-bound to allow control over one of the |
protocol extensions used to implement agent-restricted keys. |
protocol extensions used to implement agent-restricted keys. |
<!-- OpenSSH 9.0 --> |
<!-- OpenSSH 9.0 --> |
<li>ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
|
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
use the hybrid Streamlined NTRU Prime + x25519 key |
exchange method by default ("sntrup761x25519-sha512@openssh.com"). |
exchange method by default ("sntrup761x25519-sha512@openssh.com"). |
The NTRU algorithm is believed to resist attacks enabled by future |
The NTRU algorithm is believed to resist attacks enabled by future |
quantum computers and is paired with the X25519 ECDH key exchange |
quantum computers and is paired with the X25519 ECDH key exchange |
|
|
later" attacks where an adversary who can record and store SSH |
later" attacks where an adversary who can record and store SSH |
session ciphertext would be able to decrypt it once a sufficiently |
session ciphertext would be able to decrypt it once a sufficiently |
advanced quantum computer is available. |
advanced quantum computer is available. |
<li>sftp-server(8): support the "copy-data" extension to allow server- |
<li><a href=https://man.openbsd.org/sftp-server.8>sftp-server(8)</a>: |
|
support the "copy-data" extension to allow server- |
side copying of files/data, following the design in |
side copying of files/data, following the design in |
draft-ietf-secsh-filexfer-extensions-00. |
draft-ietf-secsh-filexfer-extensions-00. |
<li>sftp(1): add a "cp" command to allow the sftp client to perform |
<li><a href=https://man.openbsd.org/sftp.1>sftp(1)</a>: |
|
add a "cp" command to allow the sftp client to perform |
server-side file copies. |
server-side file copies. |
</ul> |
</ul> |
</ul> |
|
|
|
<li>Bugfixes |
<li>Bugfixes |
<ul> |
<ul> |
<!-- OpenSSH 8.9 --> |
<!-- OpenSSH 8.9 --> |
<li>sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and |
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
document that CASignatureAlgorithms, ExposeAuthInfo and |
PubkeyAuthOptions can be used in a Match block. |
PubkeyAuthOptions can be used in a Match block. |
<li>sshd(8): fix possible string truncation when constructing paths to |
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
fix possible string truncation when constructing paths to |
.rhosts/.shosts files with very long user home directory names. |
.rhosts/.shosts files with very long user home directory names. |
<li>ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512 |
<li>ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512 |
exchange hashes |
exchange hashes |
<li>ssh(1): don't put the TTY into raw mode when SessionType=none, |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>: |
|
don't put the TTY into raw mode when SessionType=none, |
avoids ^C being unable to kill such a session. |
avoids ^C being unable to kill such a session. |
<li>scp(1): fix some corner-case bugs in SFTP-mode handling of |
<li><a href=https://man.openbsd.org/scp.1>scp(1)</a>: |
|
fix some corner-case bugs in SFTP-mode handling of |
~-prefixed paths. |
~-prefixed paths. |
<li>ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>: |
|
unbreak hostbased auth using RSA keys. Allow |
|
<a href=https://man.openbsd.org/ssh.1>ssh(1)</a> to |
select RSA keys when only RSA/SHA2 signature algorithms are |
select RSA keys when only RSA/SHA2 signature algorithms are |
configured (this is the default case). Previously RSA keys were |
configured (this is the default case). Previously RSA keys were |
not being considered in the default case. |
not being considered in the default case. |
<li>ssh-keysign(1): make ssh-keysign use the requested signature |
<li>ssh-keysign(1): make ssh-keysign use the requested signature |
algorithm and not the default for the key type. Part of unbreaking |
algorithm and not the default for the key type. Part of unbreaking |
hostbased auth for RSA/SHA2 keys. |
hostbased auth for RSA/SHA2 keys. |
<li>ssh(1): stricter UpdateHostkey signature verification logic on |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>: |
|
stricter UpdateHostkey signature verification logic on |
the client- side. Require RSA/SHA2 signatures for RSA hostkeys |
the client- side. Require RSA/SHA2 signatures for RSA hostkeys |
except when RSA/SHA1 was explicitly negotiated during initial |
except when RSA/SHA1 was explicitly negotiated during initial |
KEX |
KEX |
<li>ssh(1), sshd(8): fix signature algorithm selection logic for |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
|
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
fix signature algorithm selection logic for |
UpdateHostkeys on the server side. The previous code tried to |
UpdateHostkeys on the server side. The previous code tried to |
prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some |
prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some |
cases. This will use RSA/SHA2 signatures for RSA keys if the |
cases. This will use RSA/SHA2 signatures for RSA keys if the |
client proposed these algorithms in initial KEX. |
client proposed these algorithms in initial KEX. |
<li>All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2). |
<li>All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2). |
This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1) |
This includes the mainloops in |
and sftp-server(8), as well as the sshd(8) listen loop and all |
<a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
|
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>, |
|
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a> |
|
and <a href=https://man.openbsd.org/sftp-server.8>sftp-server(8)</a>, |
|
as well as the <a href=https://man.openbsd.org/sshd.8>sshd(8)</a> |
|
listen loop and all |
other FD read/writability checks. On platforms with missing or |
other FD read/writability checks. On platforms with missing or |
broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is |
broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is |
available. |
available. |
<li>ssh-keygen(1): the "-Y find-principals" command was verifying key |
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>: |
|
the "-Y find-principals" command was verifying key |
validity when using ca certs but not with simple key lifetimes |
validity when using ca certs but not with simple key lifetimes |
within the allowed signers file. |
within the allowed signers file. |
<li>ssh-keygen(1): make sshsig verify-time argument parsing optional |
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>: |
<li>sshd(8): fix truncation in rhosts/shosts path construction. |
make sshsig verify-time argument parsing optional |
<li>ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA |
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
fix truncation in rhosts/shosts path construction. |
|
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
|
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>: |
|
avoid xmalloc(0) for PKCS#11 keyid for ECDSA |
keys (we already did this for RSA keys). Avoids fatal errors for |
keys (we already did this for RSA keys). Avoids fatal errors for |
PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B |
PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B |
"cryptoauthlib" |
"cryptoauthlib" |
<li>ssh(1), ssh-agent(1): improve the testing of credentials against |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
|
<a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>: |
|
improve the testing of credentials against |
inserted FIDO: ask the token whether a particular key belongs to |
inserted FIDO: ask the token whether a particular key belongs to |
it in cases where the token supports on-token user-verification |
it in cases where the token supports on-token user-verification |
(e.g. biometrics) rather than just assuming that it will accept it.<br> |
(e.g. biometrics) rather than just assuming that it will accept it.<br> |
Will reduce spurious "Confirm user presence" notifications for key |
Will reduce spurious "Confirm user presence" notifications for key |
handles that relate to FIDO keys that are not currently inserted in at |
handles that relate to FIDO keys that are not currently inserted in at |
least some cases. |
least some cases. |
<li>ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
|
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
correct value for IPTOS_DSCP_LE. It needs to |
allow for the preceding two ECN bits. |
allow for the preceding two ECN bits. |
<li>ssh-keygen(1): add missing -O option to usage() for the "-Y sign" |
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>: |
option. |
add missing -O option to usage() for the "-Y sign" option. |
<li>ssh-keygen(1): fix a NULL deref when using the find-principals |
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>: |
|
fix a NULL deref when using the find-principals |
function, when matching an allowed_signers line that contains a |
function, when matching an allowed_signers line that contains a |
namespace restriction, but no restriction specified on the |
namespace restriction, but no restriction specified on the |
command-line |
command-line |
<li>ssh-agent(1): fix memleak in process_extension(); oss-fuzz |
<li><a href=https://man.openbsd.org/ssh-agent.1>ssh-agent(1)</a>: |
issue #42719 |
fix memleak in process_extension(); oss-fuzz issue #42719 |
<li>ssh(1): suppress "Connection to xxx closed" messages when LogLevel |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>: |
|
suppress "Connection to xxx closed" messages when LogLevel |
is set to "error" or above. |
is set to "error" or above. |
<li>ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
compressed packet data. |
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
<li>scp(1): when recursively transferring files in SFTP mode, create the |
use correct zlib flags when inflate(3)-ing compressed packet data. |
destination directory if it doesn't already exist to match scp(1) in |
<li><a href=https://man.openbsd.org/scp.1>scp(1)</a>: |
|
when recursively transferring files in SFTP mode, create the |
|
destination directory if it doesn't already exist to match |
|
<a href=https://man.openbsd.org/scp.1>scp(1)</a> in |
legacy RCP mode behaviour. |
legacy RCP mode behaviour. |
<li>scp(1): many improvements in error message consistency between scp(1) |
<li><a href=https://man.openbsd.org/scp.1>scp(1)</a>: |
|
many improvements in error message consistency between |
|
<a href=https://man.openbsd.org/scp.1>scp(1)</a> |
in SFTP mode vs legacy RCP mode. |
in SFTP mode vs legacy RCP mode. |
<li>sshd(8): fix potential race in SIGTERM handling |
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
<li>ssh(1), ssh(8): since DSA keys are deprecated, move them to the |
fix potential race in SIGTERM handling |
end of the default list of public keys so that they will be tried |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
last. |
<a href=https://man.openbsd.org/sshd.8>sshd(8))</a>: |
<li>ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match |
since DSA keys are deprecated, move them to the end of the default |
|
list of public keys so that they will be tried last. |
|
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>: |
|
allow 'ssh-keygen -Y find-principals' to match |
wildcard principals in allowed_signers files |
wildcard principals in allowed_signers files |
<!-- OpenSSH 9.0 --> |
<!-- OpenSSH 9.0 --> |
<li>ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output |
<li><a href=https://man.openbsd.org/ssh.1>ssh(1)</a>, |
|
<a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
upstream: fix poll(2) spin when a channel's output |
fd closes without data in the channel buffer. |
fd closes without data in the channel buffer. |
<li>sshd(8): pack pollfd array in server listen/accept loop. Could |
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
pack pollfd array in server listen/accept loop. Could |
cause the server to hang/spin when MaxStartups > RLIMIT_NOFILE |
cause the server to hang/spin when MaxStartups > RLIMIT_NOFILE |
<li>ssh-keygen(1): avoid NULL deref via the find-principals and |
<li><a href=https://man.openbsd.org/ssh-keygen.1>ssh-keygen(1)</a>: |
check-novalidate operations. |
avoid NULL deref via the find-principals and check-novalidate operations. |
<li>scp(1): fix a memory leak in argument processing. |
<li><a href=https://man.openbsd.org/scp.1>scp(1)</a>: |
<li>sshd(8): don't try to resolve ListenAddress directives in the sshd |
fix a memory leak in argument processing. |
|
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
don't try to resolve ListenAddress directives in the sshd |
re-exec path. They are unused after re-exec and parsing errors |
re-exec path. They are unused after re-exec and parsing errors |
(possible for example if the host's network configuration changed) |
(possible for example if the host's network configuration changed) |
could prevent connections from being accepted. |
could prevent connections from being accepted. |
<li>sshd(8): when refusing a public key authentication request from a |
<li><a href=https://man.openbsd.org/sshd.8>sshd(8)</a>: |
|
when refusing a public key authentication request from a |
client for using an unapproved or unsupported signature algorithm |
client for using an unapproved or unsupported signature algorithm |
include the algorithm name in the log message to make debugging |
include the algorithm name in the log message to make debugging |
easier. |
easier. |