Call for testing: OpenSSH 8.5

Volker Diels-Grabsch v at
Fri Feb 26 11:58:10 AEDT 2021

Dear Damien,

Is it still possible to include the ssh_config improvements which I proposed last Sunday on this mailing list?

For your convenience, I also created a pull request:

Best regards,

Damien Miller wrote:
> Hi,
> OpenSSH 8.5p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
> Snapshot releases for portable OpenSSH are available from
> The OpenBSD version is available in CVS HEAD:
> Portable OpenSSH is also available via git using the
> instructions at
> At or via a mirror at Github:
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> $ ./configure && make tests
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at Security bugs should be reported
> directly to openssh at
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
> Thanks to the many people who contributed to this release.
> Security
> ========
>  * Portable sshd(8): Prevent excessively long username going to PAM.
>    This is a mitigation for a buffer overflow in Solaris' PAM username
>    handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
>    implementations.  This is not a problem in sshd itself, it only
>    prevents sshd from being used as a vector to attack Solaris' PAM.
>    It does not prevent the bug in PAM from being exploited via some
>    other PAM application. GHPR#212
> Potentially-incompatible changes
> ================================
> This release includes a number of changes that may affect existing
> configurations:
>  * ssh(1), sshd(8): this release changes the first-preference signature
>    algorithm from ECDSA to ED25519.
>  * ssh(1), sshd(8): set the TOS/DSCP specified in the configuration
>    for interactive use prior to TCP connect. The connection phase of
>    the SSH session is time-sensitive and often explicitly interactive.
>    The ultimate interactive/bulk TOS/DSCP will be set after
>    authentication completes.
>  * ssh(1), sshd(8): remove the pre-standardization cipher
>    rijndael-cbc at It is an alias for aes256-cbc before
>    it was standardized in RFC4253 (2006), has been deprecated and
>    disabled by default since OpenSSH 7.2 (2016) and was only briefly
>    documented in ssh.1 in 2001.
>  * ssh(1), sshd(8): update/replace the experimental post-quantum
>    hybrid key exchange method based on Streamlined NTRU Prime coupled
>    with X25519.
>    The previous sntrup4591761x25519-sha512 at method is
>    replaced with sntrup761x25519-sha512 at Per its
>    designers, the sntrup4591761 algorithm was superseded almost two
>    years ago by sntrup761.
>    (note this both the updated method and the one that it replaced are
>    disabled by default)
>  * ssh(1): disable CheckHostIP by default. It provides insignificant
>    benefits while making key rotation significantly more difficult,
>    especially for hosts behind IP-based load-balancers.
> Changes since OpenSSH 8.4
> =========================
> New features
> ------------
>  * ssh(1): this release enables UpdateHostkeys by default subject to
>    some conservative preconditions:
>     - The key was matched in the UserKnownHostsFile (and not in the
>       GlobalKnownHostsFile).
>     - The same key does not exist under another name.
>     - A certificate host key is not in use.
>     - known_hosts contains no matching wildcard hostname pattern.
>     - VerifyHostKeyDNS is not enabled.
>    We expect some of these conditions will be modified or relaxed in
>    future.
>  * ssh(1), sshd(8): add a new LogVerbose configuration directive for
>    that allows forcing maximum debug logging by file/function/line
>    pattern-lists.
>  * ssh(1): when prompting the user to accept a new hostkey, display
>    any other host names/addresses already associated with the key.
>  * ssh(1): allow UserKnownHostsFile=none to indicate that no
>    known_hosts file should be used to identify host keys.
>  * ssh(1): add a ssh_config KnownHostsCommand that allows the client
>    to obtain known_hosts data from a command in addition to the usual
>    files.
>  * ssh(1): for FIDO keys, if a signature operation fails with a
>    "incorrect PIN" reason and no PIN was initially requested from the
>    user, then request a PIN and retry the operation. This supports
>    some biometric devices that fall back to requiring PIN when reading
>    of the biometric failed, and devices that require PINs for all
>    hosted credentials.
>  * sshd(8): implement client address-based rate-limiting via new
>    sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize
>    directives that fine-grained control than the global MaxStartups
>    limit.
> Bugfixes
> --------
>  * ssh(1): Prefix keyboard interactive prompts with "(user at host)" to
>    make it easier to determine which connection they are associated
>    with in cases like scp -3, ProxyJump, etc. bz#3224
>  * sshd(8): fix sshd_config SetEnv directives located inside Match
>    blocks. GHPR#201
>  * ssh(1): when requesting a FIDO token touch on stderr, inform the
>    user once the touch has been recorded.
>  * ssh(1): prevent integer overflow when ridiculously large
>    ConnectTimeout values are specified, capping the effective value
>    (for most platforms) at 24 days. bz#3229
>  * ssh(1): consider the ECDSA key subtype when ordering host key
>    algorithms in the client,
>  * ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
>    PubkeyAcceptedAlgorithms. The previous name incorrectly suggested
>    that it control allowed key algorithms, when this option actually
>    specifies the signature algorithms that are accepted. The previous
>    name remains available as an alias. bz#3253
>  * ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
>    HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.
>  * sftp-server(8): add missing lsetstat at documentation
>    and advertisement in the server's SSH2_FXP_VERSION hello packet.
>  * ssh(1), sshd(8): more strictly enforce KEX state-machine by
>    banning packet types once they are received. Fixes memleak caused
>    by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
>  * sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
>    platforms instead of being limited by LONG_MAX. bz#3206
>  * Minor man page fixes (capitalization, commas, etc.) bz#3223
>  * sftp(1): when doing an sftp recursive upload or download of a
>    read-only directory, ensure that the directory is created with
>    write and execute permissions in the interim so that the transfer
>    can actually complete, then set the directory permission as the
>    final step. bz#3222
>  * ssh-keygen(1): document the -Z, check the validity of its argument
>    earlier and provide a better error message if it's not correct.
>    bz#2879
>  * ssh(1): ignore comments at the end of config lines in ssh_config,
>    similar to what we already do for sshd_config. bz#2320
>  * sshd_config(5): mention that DisableForwarding is valid in a
>    sshd_config Match block. bz3239
>  * sftp(1): fix incorrect sorting of "ls -ltr" under some
>    circumstances. bz3248.
>  * ssh(1), sshd(8): fix potential integer truncation of (unlikely)
>    timeout values. bz#3250
>  * ssh(1): make hostbased authentication send the signature algorithm
>    in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
>    This make HostbasedAcceptedAlgorithms do what it is supposed to -
>    filter on signature algorithm and not key type.
> Portability
> -----------
>  * sshd(8): add a number of platform-specific syscalls to the Linux
>    seccomp-bpf sandbox. bz#3232 bz#3260
>  * sshd(8): remove debug message from sigchld handler that could cause
>    deadlock on some platforms. bz#3259
>  * Sync contrib/ssh-copy-id with upstream.
>  * unittests: add a hostname function for systems that don't have it.
>    Some systems don't have a hostname command (it's not required by
>    POSIX). The do have uname -n (which is), but not all of those have
>    it report the FQDN.
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
> Tim Rice and Ben Lindstrom.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

Volker Diels-Grabsch

More information about the openssh-unix-dev mailing list