Call for testing: OpenSSH 7.4

Peter Moody mindrot at
Wed Dec 14 12:55:53 AEDT 2016

Hey Damien, my special snowflake cert tests seem to work fine on osx sierra
(OpenSSH_7.3p1-snap20161214, OpenSSL 1.0.2j  26 Sep 2016).


On Tue, Dec 13, 2016 at 4:53 PM, Damien Miller <djm at> wrote:
> Hi,
> OpenSSH 7.4 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This release contains some
> substantial new features and a number of bugfixes.
> Snapshot releases for portable OpenSSH are available from
> The OpenBSD version is available in CVS HEAD:
> Portable OpenSSH is also available via anonymous CVS using the
> instructions at or
> via Git at or via a
> mirror at Github:
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> $ ./configure && make tests
> Live testing on suitable non-production systems is also
> appreciated. Please send reports of success or failure to
> openssh-unix-dev at
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
> Thanks to the many people who contributed to this release.
> Potentially-incompatible changes
> ================================
> This release includes a number of changes that may affect existing
> configurations:
>  * This release removes server support for the SSH v.1 protocol.
>  * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
>    block ciphers are not safe in 2016 and we don't want to wait until
>    attacks like SWEET32 are extended to SSH. As 3des-cbc was the
>    only mandatory cipher in the SSH RFCs, this may cause problems
>    connecting to older devices using the default configuration,
>    but it's highly likely that such devices already need explicit
>    configuration for key exchange and hostkey algorithms already
>    anyway.
>  * sshd(8): Remove support for pre-authentication compression.
>    Doing compression early in the protocol probably seemed reasonable
>    in the 1990s, but today it's clearly a bad idea in terms of both
>    cryptography (cf. multiple compression oracle attacks in TLS) and
>    attack surface. Pre-auth compression support has been disabled by
>    default for >10 years. Support remains in the client.
>  * ssh-agent will refuse to load PKCS#11 modules outside a whitelist
>    of trusted paths by default. The path whitelist may be specified
>    at run-time.
>  * sshd(8): When a forced-command appears in both a certificate and
>    an authorized keys/principals command= restriction, sshd will now
>    refuse to accept the certificate unless they are identical.
>    The previous (documented) behaviour of having the certificate
>    forced-command override the other could be a bit confusing and
>    error-prone.
>  * sshd(8): Remove the UseLogin configuration directive and support
>    for having /bin/login manage login sessions.
> Changes since OpenSSH 7.3
> =========================
> This is primarily a bugfix release.
> New Features
> ------------
>  * ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by the
>    version in PuTTY by Simon Tatham. This allows a multiplexing
>    client to communicate with the master process using a subset of
>    the SSH packet and channels protocol over a Unix-domain socket,
>    with the main process acting as a proxy that translates channel
>    IDs, etc.  This allows multiplexing mode to run on systems that
>    lack file- descriptor passing (used by current multiplexing
>    code) and potentially, in conjunction with Unix-domain socket
>    forwarding, with the client and multiplexing master process on
>    different machines. Multiplexing proxy mode may be invoked using
>    "ssh -O proxy ..."
>  * sshd(8): Add a sshd_config DisableForwaring option that disables
>    X11, agent, TCP, tunnel and Unix domain socket forwarding, as well
>    as anything else we might implement in the future. Like the
>    'restrict' authorized_keys flag, this is intended to be a simple
>    and future-proof way of restricting an account.
>  * sshd(8), ssh(1): Support the "curve25519-sha256" key exchange
>    method. This is identical to the currently-support method named
>    "curve25519-sha256 at".
>  * sshd(8): Improve handling of SIGHUP by checking to see if sshd is
>    already daemonised at startup and skipping the call to daemon(3)
>    if it is. This ensures that a SIGHUP restart of sshd(8) will
>    retain the same process-ID as the initial execution. sshd(8) will
>    also now unlink the PidFile prior to SIGHUP restart and re-create
>    it after a successful restart, rather than leaving a stale file in
>    the case of a configuration error. bz#2641
>  * sshd(8): Allow ClientAliveInterval and ClientAliveCountMax
>    directives to appear in sshd_config Match blocks.
>  * sshd(8): Add %-escapes to AuthorizedPrincipalsCommand to match
>    those supported by AuthorizedKeysCommand (key, key type,
>    fingerprint, etc.) and a few more to provide access to the
>    contents of the certificate being offered.
>  * Added regression tests for string matching, address matching and
>    string sanitisation functions.
>  * Improved the key exchange fuzzer harness.
> Bugfixes
> --------
>  * ssh(1): Allow IdentityFile to successfully load and use
>    certificates that have no corresponding bare public key. bz#2617
>    certificate (and no
>  * ssh(1): Fix public key authentication when multiple
>    authentication is in use and publickey is not just the first
>    method attempted. bz#2642
>  * regress: Allow the PuTTY interop tests to run unattended. bz#2639
>  * ssh-agent(1), ssh(1): improve reporting when attempting to load
>    keys from PKCS#11 tokens with fewer useless log messages and more
>    detail in debug messages. bz#2610
>  * ssh(1): When tearing down ControlMaster connections, don't
>    pollute stderr when LogLevel=quiet.
>  * sftp(1): On ^Z wait for underlying ssh(1) to suspend before
>    suspending sftp(1) to ensure that ssh(1) restores the terminal mode
>    correctly if suspended during a password prompt.
>  * ssh(1): Avoid busy-wait when ssh(1) is suspended during a password
>    prompt.
>  * ssh(1), sshd(8): Correctly report errors during sending of ext-
>    info messages.
>  * sshd(8): fix NULL-deref crash if sshd(8) received an out-of-
>    sequence NEWKEYS message.
>  * sshd(8): Correct list of supported signature algorithms sent in
>    the server-sig-algs extension. bz#2547
>  * sshd(8): Fix sending ext_info message if privsep is disabled.
>  * sshd(8): more strictly enforce the expected ordering of privilege
>    separation monitor calls used for authentication and allow them
>    only when their respective authentication methods are enabled
>    in the configuration
>  * sshd(8): Fix uninitialised optlen in getsockopt() call; harmless
>    on Unix/BSD but potentially crashy on Cygwin.
>  * Fix false positive reports caused by explicit_bzero(3) not being
>    recognised as a memory initialiser when compiled with
>    -fsanitize-memory.
>  * sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet for
>    configuration examples.
> Portability
> -----------
>  * On environments configured with Turkish locales, fall back to the
>    C/POSIX locale to avoid errors in configuration parsing caused by
>    that locale's unique handling of the letters 'i' and 'I'. bz#2643
>  * sftp-server(8), ssh-agent(1): Deny ptrace on OS X using
>    ptrace(PT_DENY_ATTACH, ..)
>  * ssh(1), sshd(8): Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL.
>  * Fix compilation for libcrypto compiled without RIPEMD160 support.
>  * contrib: Add a gnome-ssh-askpass3 with GTK+3 support. bz#2640
>  * sshd(8): Improve PRNG reseeding across privilege separation and
>    force libcrypto to obtain a high-quality seed before chroot or
>    sandboxing.
>  * All: Explicitly test for broken strnvis. NetBSD added an strnvis
>    and unfortunately made it incompatible with the existing one in
>    OpenBSD and Linux's libbsd (the former having existed for over ten
>    years). Try to detect this mess, and assume the only safe option
>    if we're cross compiling.
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
> Tim Rice and Ben Lindstrom.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

More information about the openssh-unix-dev mailing list