Call for testing: OpenSSH 8.5
v at njh.eu
Fri Feb 26 11:58:10 AEDT 2021
Is it still possible to include the ssh_config improvements which I proposed last Sunday on this mailing list?
For your convenience, I also created a pull request:
Damien Miller wrote:
> OpenSSH 8.5p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
> Snapshot releases for portable OpenSSH are available from
> The OpenBSD version is available in CVS HEAD:
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> $ ./configure && make tests
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at mindrot.org. Security bugs should be reported
> directly to openssh at openssh.com.
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
> Thanks to the many people who contributed to this release.
> * Portable sshd(8): Prevent excessively long username going to PAM.
> This is a mitigation for a buffer overflow in Solaris' PAM username
> handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
> implementations. This is not a problem in sshd itself, it only
> prevents sshd from being used as a vector to attack Solaris' PAM.
> It does not prevent the bug in PAM from being exploited via some
> other PAM application. GHPR#212
> Potentially-incompatible changes
> This release includes a number of changes that may affect existing
> * ssh(1), sshd(8): this release changes the first-preference signature
> algorithm from ECDSA to ED25519.
> * ssh(1), sshd(8): set the TOS/DSCP specified in the configuration
> for interactive use prior to TCP connect. The connection phase of
> the SSH session is time-sensitive and often explicitly interactive.
> The ultimate interactive/bulk TOS/DSCP will be set after
> authentication completes.
> * ssh(1), sshd(8): remove the pre-standardization cipher
> rijndael-cbc at lysator.liu.se. It is an alias for aes256-cbc before
> it was standardized in RFC4253 (2006), has been deprecated and
> disabled by default since OpenSSH 7.2 (2016) and was only briefly
> documented in ssh.1 in 2001.
> * ssh(1), sshd(8): update/replace the experimental post-quantum
> hybrid key exchange method based on Streamlined NTRU Prime coupled
> with X25519.
> The previous sntrup4591761x25519-sha512 at tinyssh.org method is
> replaced with sntrup761x25519-sha512 at openssh.com. Per its
> designers, the sntrup4591761 algorithm was superseded almost two
> years ago by sntrup761.
> (note this both the updated method and the one that it replaced are
> disabled by default)
> * ssh(1): disable CheckHostIP by default. It provides insignificant
> benefits while making key rotation significantly more difficult,
> especially for hosts behind IP-based load-balancers.
> Changes since OpenSSH 8.4
> New features
> * ssh(1): this release enables UpdateHostkeys by default subject to
> some conservative preconditions:
> - The key was matched in the UserKnownHostsFile (and not in the
> - The same key does not exist under another name.
> - A certificate host key is not in use.
> - known_hosts contains no matching wildcard hostname pattern.
> - VerifyHostKeyDNS is not enabled.
> We expect some of these conditions will be modified or relaxed in
> * ssh(1), sshd(8): add a new LogVerbose configuration directive for
> that allows forcing maximum debug logging by file/function/line
> * ssh(1): when prompting the user to accept a new hostkey, display
> any other host names/addresses already associated with the key.
> * ssh(1): allow UserKnownHostsFile=none to indicate that no
> known_hosts file should be used to identify host keys.
> * ssh(1): add a ssh_config KnownHostsCommand that allows the client
> to obtain known_hosts data from a command in addition to the usual
> * ssh(1): for FIDO keys, if a signature operation fails with a
> "incorrect PIN" reason and no PIN was initially requested from the
> user, then request a PIN and retry the operation. This supports
> some biometric devices that fall back to requiring PIN when reading
> of the biometric failed, and devices that require PINs for all
> hosted credentials.
> * sshd(8): implement client address-based rate-limiting via new
> sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize
> directives that fine-grained control than the global MaxStartups
> * ssh(1): Prefix keyboard interactive prompts with "(user at host)" to
> make it easier to determine which connection they are associated
> with in cases like scp -3, ProxyJump, etc. bz#3224
> * sshd(8): fix sshd_config SetEnv directives located inside Match
> blocks. GHPR#201
> * ssh(1): when requesting a FIDO token touch on stderr, inform the
> user once the touch has been recorded.
> * ssh(1): prevent integer overflow when ridiculously large
> ConnectTimeout values are specified, capping the effective value
> (for most platforms) at 24 days. bz#3229
> * ssh(1): consider the ECDSA key subtype when ordering host key
> algorithms in the client,
> * ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
> PubkeyAcceptedAlgorithms. The previous name incorrectly suggested
> that it control allowed key algorithms, when this option actually
> specifies the signature algorithms that are accepted. The previous
> name remains available as an alias. bz#3253
> * ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
> HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.
> * sftp-server(8): add missing lsetstat at openssh.com documentation
> and advertisement in the server's SSH2_FXP_VERSION hello packet.
> * ssh(1), sshd(8): more strictly enforce KEX state-machine by
> banning packet types once they are received. Fixes memleak caused
> by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
> * sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
> platforms instead of being limited by LONG_MAX. bz#3206
> * Minor man page fixes (capitalization, commas, etc.) bz#3223
> * sftp(1): when doing an sftp recursive upload or download of a
> read-only directory, ensure that the directory is created with
> write and execute permissions in the interim so that the transfer
> can actually complete, then set the directory permission as the
> final step. bz#3222
> * ssh-keygen(1): document the -Z, check the validity of its argument
> earlier and provide a better error message if it's not correct.
> * ssh(1): ignore comments at the end of config lines in ssh_config,
> similar to what we already do for sshd_config. bz#2320
> * sshd_config(5): mention that DisableForwarding is valid in a
> sshd_config Match block. bz3239
> * sftp(1): fix incorrect sorting of "ls -ltr" under some
> circumstances. bz3248.
> * ssh(1), sshd(8): fix potential integer truncation of (unlikely)
> timeout values. bz#3250
> * ssh(1): make hostbased authentication send the signature algorithm
> in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
> This make HostbasedAcceptedAlgorithms do what it is supposed to -
> filter on signature algorithm and not key type.
> * sshd(8): add a number of platform-specific syscalls to the Linux
> seccomp-bpf sandbox. bz#3232 bz#3260
> * sshd(8): remove debug message from sigchld handler that could cause
> deadlock on some platforms. bz#3259
> * Sync contrib/ssh-copy-id with upstream.
> * unittests: add a hostname function for systems that don't have it.
> Some systems don't have a hostname command (it's not required by
> POSIX). The do have uname -n (which is), but not all of those have
> it report the FQDN.
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
> Tim Rice and Ben Lindstrom.
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
More information about the openssh-unix-dev