Call for testing: OpenSSH 7.4
mindrot at hda3.com
Wed Dec 14 12:55:53 AEDT 2016
Hey Damien, my special snowflake cert tests seem to work fine on osx sierra
(OpenSSH_7.3p1-snap20161214, OpenSSL 1.0.2j 26 Sep 2016).
On Tue, Dec 13, 2016 at 4:53 PM, Damien Miller <djm at mindrot.org> wrote:
> OpenSSH 7.4 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This release contains some
> substantial new features and a number of bugfixes.
> Snapshot releases for portable OpenSSH are available from
> The OpenBSD version is available in CVS HEAD:
> Portable OpenSSH is also available via anonymous CVS using the
> instructions at http://www.openssh.com/portable.html#cvs or
> via Git at https://anongit.mindrot.org/openssh.git/ or via a
> mirror at Github: https://github.com/openssh/openssh-portable
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> $ ./configure && make tests
> Live testing on suitable non-production systems is also
> appreciated. Please send reports of success or failure to
> openssh-unix-dev at mindrot.org.
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
> Thanks to the many people who contributed to this release.
> Potentially-incompatible changes
> This release includes a number of changes that may affect existing
> * This release removes server support for the SSH v.1 protocol.
> * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
> block ciphers are not safe in 2016 and we don't want to wait until
> attacks like SWEET32 are extended to SSH. As 3des-cbc was the
> only mandatory cipher in the SSH RFCs, this may cause problems
> connecting to older devices using the default configuration,
> but it's highly likely that such devices already need explicit
> configuration for key exchange and hostkey algorithms already
> * sshd(8): Remove support for pre-authentication compression.
> Doing compression early in the protocol probably seemed reasonable
> in the 1990s, but today it's clearly a bad idea in terms of both
> cryptography (cf. multiple compression oracle attacks in TLS) and
> attack surface. Pre-auth compression support has been disabled by
> default for >10 years. Support remains in the client.
> * ssh-agent will refuse to load PKCS#11 modules outside a whitelist
> of trusted paths by default. The path whitelist may be specified
> at run-time.
> * sshd(8): When a forced-command appears in both a certificate and
> an authorized keys/principals command= restriction, sshd will now
> refuse to accept the certificate unless they are identical.
> The previous (documented) behaviour of having the certificate
> forced-command override the other could be a bit confusing and
> * sshd(8): Remove the UseLogin configuration directive and support
> for having /bin/login manage login sessions.
> Changes since OpenSSH 7.3
> This is primarily a bugfix release.
> New Features
> * ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by the
> version in PuTTY by Simon Tatham. This allows a multiplexing
> client to communicate with the master process using a subset of
> the SSH packet and channels protocol over a Unix-domain socket,
> with the main process acting as a proxy that translates channel
> IDs, etc. This allows multiplexing mode to run on systems that
> lack file- descriptor passing (used by current multiplexing
> code) and potentially, in conjunction with Unix-domain socket
> forwarding, with the client and multiplexing master process on
> different machines. Multiplexing proxy mode may be invoked using
> "ssh -O proxy ..."
> * sshd(8): Add a sshd_config DisableForwaring option that disables
> X11, agent, TCP, tunnel and Unix domain socket forwarding, as well
> as anything else we might implement in the future. Like the
> 'restrict' authorized_keys flag, this is intended to be a simple
> and future-proof way of restricting an account.
> * sshd(8), ssh(1): Support the "curve25519-sha256" key exchange
> method. This is identical to the currently-support method named
> "curve25519-sha256 at libssh.org".
> * sshd(8): Improve handling of SIGHUP by checking to see if sshd is
> already daemonised at startup and skipping the call to daemon(3)
> if it is. This ensures that a SIGHUP restart of sshd(8) will
> retain the same process-ID as the initial execution. sshd(8) will
> also now unlink the PidFile prior to SIGHUP restart and re-create
> it after a successful restart, rather than leaving a stale file in
> the case of a configuration error. bz#2641
> * sshd(8): Allow ClientAliveInterval and ClientAliveCountMax
> directives to appear in sshd_config Match blocks.
> * sshd(8): Add %-escapes to AuthorizedPrincipalsCommand to match
> those supported by AuthorizedKeysCommand (key, key type,
> fingerprint, etc.) and a few more to provide access to the
> contents of the certificate being offered.
> * Added regression tests for string matching, address matching and
> string sanitisation functions.
> * Improved the key exchange fuzzer harness.
> * ssh(1): Allow IdentityFile to successfully load and use
> certificates that have no corresponding bare public key. bz#2617
> certificate id_rsa-cert.pub (and no id_rsa.pub).
> * ssh(1): Fix public key authentication when multiple
> authentication is in use and publickey is not just the first
> method attempted. bz#2642
> * regress: Allow the PuTTY interop tests to run unattended. bz#2639
> * ssh-agent(1), ssh(1): improve reporting when attempting to load
> keys from PKCS#11 tokens with fewer useless log messages and more
> detail in debug messages. bz#2610
> * ssh(1): When tearing down ControlMaster connections, don't
> pollute stderr when LogLevel=quiet.
> * sftp(1): On ^Z wait for underlying ssh(1) to suspend before
> suspending sftp(1) to ensure that ssh(1) restores the terminal mode
> correctly if suspended during a password prompt.
> * ssh(1): Avoid busy-wait when ssh(1) is suspended during a password
> * ssh(1), sshd(8): Correctly report errors during sending of ext-
> info messages.
> * sshd(8): fix NULL-deref crash if sshd(8) received an out-of-
> sequence NEWKEYS message.
> * sshd(8): Correct list of supported signature algorithms sent in
> the server-sig-algs extension. bz#2547
> * sshd(8): Fix sending ext_info message if privsep is disabled.
> * sshd(8): more strictly enforce the expected ordering of privilege
> separation monitor calls used for authentication and allow them
> only when their respective authentication methods are enabled
> in the configuration
> * sshd(8): Fix uninitialised optlen in getsockopt() call; harmless
> on Unix/BSD but potentially crashy on Cygwin.
> * Fix false positive reports caused by explicit_bzero(3) not being
> recognised as a memory initialiser when compiled with
> * sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet for
> configuration examples.
> * On environments configured with Turkish locales, fall back to the
> C/POSIX locale to avoid errors in configuration parsing caused by
> that locale's unique handling of the letters 'i' and 'I'. bz#2643
> * sftp-server(8), ssh-agent(1): Deny ptrace on OS X using
> ptrace(PT_DENY_ATTACH, ..)
> * ssh(1), sshd(8): Unbreak AES-CTR ciphers on old (~0.9.8) OpenSSL.
> * Fix compilation for libcrypto compiled without RIPEMD160 support.
> * contrib: Add a gnome-ssh-askpass3 with GTK+3 support. bz#2640
> * sshd(8): Improve PRNG reseeding across privilege separation and
> force libcrypto to obtain a high-quality seed before chroot or
> * All: Explicitly test for broken strnvis. NetBSD added an strnvis
> and unfortunately made it incompatible with the existing one in
> OpenBSD and Linux's libbsd (the former having existed for over ten
> years). Try to detect this mess, and assume the only safe option
> if we're cross compiling.
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
> Tim Rice and Ben Lindstrom.
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
More information about the openssh-unix-dev