Call for testing: OpenSSH 8.3

Jeff Wieland wieland at
Thu May 14 22:05:07 AEST 2020

Using openssh-SNAP-20200514, on Solaris 10 for SPARC, using
Solaris Studio 12.4, and our local build of OpenSSL 1.1.1g,
all tests pass.

Jeff Wieland, UNIX/Network Systems Administrator
Purdue University IT Infrastructure Services UNIX Platforms

Damien Miller wrote:
> Hi,
> OpenSSH 8.3p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
> Snapshot releases for portable OpenSSH are available from
> The OpenBSD version is available in CVS HEAD:
> Portable OpenSSH is also available via git using the
> instructions at
> At or via a mirror at Github:
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> $ ./configure && make tests
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at Security bugs should be reported
> directly to openssh at
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
> Thanks to the many people who contributed to this release.
> Security
> ========
>   * scp(1): when receiving files, scp(1) could be become desynchronised
>     if a utimes(2) system call failed. This could allow file contents
>     to be interpreted as file metadata and thereby permit an adversary
>     to craft a file system that, when copied with scp(1) in a
>     configuration that caused utimes(2) to fail (e.g. under a SELinux
>     policy or syscall sandbox), transferred different file names and
>     contents to the actual file system layout.
>     Exploitation of this is not likely as utimes(2) does not fail under
>     normal circumstances. Successful exploitation is not silent - the
>     output of scp(1) would show transfer errors followed by the actual
>     file(s) that were received.
>     Finally, filenames returned from the peer are (since openssh-8.0)
>     matched against the user's requested destination, thereby
>     disallowing a successful exploit from writing files outside the
>     user's selected target glob (or directory, in the case of a
>     recursive transfer). This ensures that this attack can achieve no
>     more than a hostile peer is already able to do within the scp
>     protocol.
> Potentially-incompatible changes
> ================================
> This release includes a number of changes that may affect existing
> configurations:
>   * sftp(1): reject an argument of "-1" in the same way as ssh(1) and
>     scp(1) do instead of accepting and silently ignoring it.
> Changes since OpenSSH 8.2
> =========================
> The focus of this release is bug fixing.
> New Features
> ------------
>   * sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
>     rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
>     to allow .shosts files but not .rhosts.
>   * sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
>     sshd_config, not just before any Match blocks; bz3148
>   * ssh(1): add %TOKEN percent expansion for the LocalFoward and
>     RemoteForward keywords when used for Unix domain socket forwarding.
>     bz#3014
>   * all: allow loading public keys from the unencrypted envelope of a
>     private key file if no corresponding public key file is present.
>   * ssh(1), sshd(8): prefer to use chacha20 from libcrypto where
>     possible instead of the (slower) portable C implementation included
>     in OpenSSH.
>   * ssh-keygen(1): add ability to dump the contents of a binary key
>     revocation list via "ssh-keygen -lQf /path" bz#3132
> Bugfixes
> --------
>   * ssh(1): fix IdentitiesOnly=yes to also apply to keys loaded from
>     a PKCS11Provider; bz#3141
>   * ssh-keygen(1): avoid NULL dereference when trying to convert an
>     invalid RFC4716 private key.
>   * scp(2): when performing remote-to-remote copies using "scp -3",
>     start the second ssh(1) channel with BatchMode=yes enabled to
>     avoid confusing and non-deterministic ordering of prompts.
>   * ssh(1), ssh-keygen(1): when signing a challenge using a FIDO token,
>     perform hashing of the message to be signed in the middleware layer
>     rather than in OpenSSH code. This permits the use of security key
>     middlewares that perform the hashing implicitly, such as Windows
>     Hello.
>   * ssh(1): fix incorrect error message for "too many known hosts
>     files." bz#3149
>   * ssh(1): make failures when establishing "Tunnel" forwarding
>     terminate the connection when ExitOnForwardFailure is enabled;
>     bz#3116
>   * ssh-keygen(1): fix printing of fingerprints on private keys and add
>     a regression test for same.
>   * sshd(8): document order of checking AuthorizedKeysFile (first) and
>     AuthorizedKeysCommand (subsequently, if the file doesn't match);
>     bz#3134
>   * sshd(8): document that /etc/hosts.equiv and /etc/shosts.equiv are
>     not considered for HostbasedAuthentication when the target user is
>     root; bz#3148
>   * ssh(1), ssh-keygen(1): fix NULL dereference in private certificate
>     key parsing (oss-fuzz #20074).
>   * ssh(1), sshd(8): more consistency between sets of %TOKENS are
>     accepted in various configuration options.
>   * ssh(1), ssh-keygen(1): improve error messages for some common
>     PKCS#11 C_Login failure cases; bz#3130
>   * ssh(1), sshd(8): make error messages for problems during SSH banner
>     exchange consistent with other SSH transport-layer error messages
>     and ensure they include the relevant IP addresses bz#3129
>   * various: fix a number of spelling errors in comments and debug/error
>     messages
>   * ssh-keygen(1), ssh-add(1): when downloading FIDO2 resident keys
>     from a token, don't prompt for a PIN until the token has told us
>     that it needs one. Avoids double-prompting on devices that
>     implement on-device authentication.
>   * sshd(8), ssh-keygen(1): no-touch-required FIDO certificate option
>     should be an extension, not a critical option.
>   * ssh(1), ssh-keygen(1), ssh-add(1): offer a better error message
>     when trying to use a FIDO key function and SecurityKeyProvider is
>     empty.
>   * ssh-add(1), ssh-agent(8): ensure that a key lifetime fits within
>     the values allowed by the wire format (u32). Prevents integer
>     wraparound of the timeout values. bz#3119
>   * ssh(1): detect and prevent trivial configuration loops when using
>      ProxyJump. bz#3057.
> Portability
> -----------
>   * Detect systems where signals flagged with SA_RESTART will interrupt
>     select(2). POSIX permits implementations to choose whether
>     select(2) will return when interrupted with a SA_RESTART-flagged
>     signal, but OpenSSH requires interrupting behaviour.
>   * Several compilation fixes for HP/UX and AIX.
>   * On platforms that do not support setting process-wide routing
>     domains (all excepting OpenBSD at present), fail to accept a
>     configuration attempts to set one at process start time rather than
>     fatally erroring at run time. bz#3126
>   * Improve detection of egrep (used in regression tests) on platforms
>     that offer a poor default one (e.g. Solaris).
>   * A number of shell portability fixes for the regression tests.
>   * Fix theoretical infinite loop in the glob(3) replacement
>     implementation.
>   * Fix seccomp sandbox compilation problems for some Linux
>     configurations bz#3085
>   * Improved detection of libfido2 and some compilation fixes for some
>     configurations when --with-security-key-builtin is selected.
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
> Tim Rice and Ben Lindstrom.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

More information about the openssh-unix-dev mailing list