Call for testing: OpenSSH 7.4

Damien Miller djm at
Wed Dec 14 11:53:32 AEDT 2016


OpenSSH 7.4 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release contains some
substantial new features and a number of bugfixes.

Snapshot releases for portable OpenSSH are available from

The OpenBSD version is available in CVS HEAD:

Portable OpenSSH is also available via anonymous CVS using the
instructions at or
via Git at or via a
mirror at Github:

Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:

$ ./configure && make tests

Live testing on suitable non-production systems is also
appreciated. Please send reports of success or failure to
openssh-unix-dev at

Below is a summary of changes. More detail may be found in the ChangeLog
in the portable OpenSSH tarballs.

Thanks to the many people who contributed to this release.

Potentially-incompatible changes

This release includes a number of changes that may affect existing

 * This release removes server support for the SSH v.1 protocol.

 * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
   block ciphers are not safe in 2016 and we don't want to wait until
   attacks like SWEET32 are extended to SSH. As 3des-cbc was the
   only mandatory cipher in the SSH RFCs, this may cause problems
   connecting to older devices using the default configuration,
   but it's highly likely that such devices already need explicit
   configuration for key exchange and hostkey algorithms already
 * sshd(8): Remove support for pre-authentication compression.
   Doing compression early in the protocol probably seemed reasonable
   in the 1990s, but today it's clearly a bad idea in terms of both
   cryptography (cf. multiple compression oracle attacks in TLS) and
   attack surface. Pre-auth compression support has been disabled by
   default for >10 years. Support remains in the client.
 * ssh-agent will refuse to load PKCS#11 modules outside a whitelist
   of trusted paths by default. The path whitelist may be specified
   at run-time.

 * sshd(8): When a forced-command appears in both a certificate and
   an authorized keys/principals command= restriction, sshd will now
   refuse to accept the certificate unless they are identical.
   The previous (documented) behaviour of having the certificate
   forced-command override the other could be a bit confusing and
 * sshd(8): Remove the UseLogin configuration directive and support
   for having /bin/login manage login sessions.
Changes since OpenSSH 7.3

This is primarily a bugfix release.

New Features

 * ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by the
   version in PuTTY by Simon Tatham. This allows a multiplexing
   client to communicate with the master process using a subset of
   the SSH packet and channels protocol over a Unix-domain socket,
   with the main process acting as a proxy that translates channel
   IDs, etc.  This allows multiplexing mode to run on systems that
   lack file- descriptor passing (used by current multiplexing
   code) and potentially, in conjunction with Unix-domain socket
   forwarding, with the client and multiplexing master process on
   different machines. Multiplexing proxy mode may be invoked using
   "ssh -O proxy ..."

 * sshd(8): Add a sshd_config DisableForwaring option that disables
   X11, agent, TCP, tunnel and Unix domain socket forwarding, as well
   as anything else we might implement in the future. Like the
   'restrict' authorized_keys flag, this is intended to be a simple
   and future-proof way of restricting an account.

 * sshd(8), ssh(1): Support the "curve25519-sha256" key exchange
   method. This is identical to the currently-support method named
   "curve25519-sha256 at".

 * sshd(8): Improve handling of SIGHUP by checking to see if sshd is
   already daemonised at startup and skipping the call to daemon(3)
   if it is. This ensures that a SIGHUP restart of sshd(8) will
   retain the same process-ID as the initial execution. sshd(8) will
   also now unlink the PidFile prior to SIGHUP restart and re-create
   it after a successful restart, rather than leaving a stale file in
   the case of a configuration error. bz#2641

 * sshd(8): Allow ClientAliveInterval and ClientAliveCountMax
   directives to appear in sshd_config Match blocks.

 * sshd(8): Add %-escapes to AuthorizedPrincipalsCommand to match
   those supported by AuthorizedKeysCommand (key, key type,
   fingerprint, etc.) and a few more to provide access to the
   contents of the certificate being offered.

 * Added regression tests for string matching, address matching and
   string sanitisation functions.

 * Improved the key exchange fuzzer harness.

 * ssh(1): Allow IdentityFile to successfully load and use
   certificates that have no corresponding bare public key. bz#2617
   certificate (and no

 * ssh(1): Fix public key authentication when multiple
   authentication is in use and publickey is not just the first
   method attempted. bz#2642

 * regress: Allow the PuTTY interop tests to run unattended. bz#2639
 * ssh-agent(1), ssh(1): improve reporting when attempting to load
   keys from PKCS#11 tokens with fewer useless log messages and more
   detail in debug messages. bz#2610

 * ssh(1): When tearing down ControlMaster connections, don't
   pollute stderr when LogLevel=quiet.

 * sftp(1): On ^Z wait for underlying ssh(1) to suspend before
   suspending sftp(1) to ensure that ssh(1) restores the terminal mode
   correctly if suspended during a password prompt.

 * ssh(1): Avoid busy-wait when ssh(1) is suspended during a password

 * ssh(1), sshd(8): Correctly report errors during sending of ext-
   info messages.

 * sshd(8): fix NULL-deref crash if sshd(8) received an out-of-
   sequence NEWKEYS message.

 * sshd(8): Correct list of supported signature algorithms sent in
   the server-sig-algs extension. bz#2547

 * sshd(8): Fix sending ext_info message if privsep is disabled.

 * sshd(8): more strictly enforce the expected ordering of privilege
   separation monitor calls used for authentication and allow them
   only when their respective authentication methods are enabled
   in the configuration

 * sshd(8): Fix uninitialised optlen in getsockopt() call; harmless
   on Unix/BSD but potentially crashy on Cygwin.

 * Fix false positive reports caused by explicit_bzero(3) not being
   recognised as a memory initialiser when compiled with
 * sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet for
   configuration examples.


 * On environments configured with Turkish locales, fall back to the
   C/POSIX locale to avoid errors in configuration parsing caused by
   that locale's unique handling of the letters 'i' and 'I'. bz#2643

 * sftp-server(8), ssh-agent(1): Deny ptrace on OS X using
   ptrace(PT_DENY_ATTACH, ..)

 * ssh(1), sshd(8): Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL.

 * Fix compilation for libcrypto compiled without RIPEMD160 support.

 * contrib: Add a gnome-ssh-askpass3 with GTK+3 support. bz#2640
 * sshd(8): Improve PRNG reseeding across privilege separation and
   force libcrypto to obtain a high-quality seed before chroot or

 * All: Explicitly test for broken strnvis. NetBSD added an strnvis
   and unfortunately made it incompatible with the existing one in
   OpenBSD and Linux's libbsd (the former having existed for over ten
   years). Try to detect this mess, and assume the only safe option
   if we're cross compiling.

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.

More information about the openssh-unix-dev mailing list