Call for testing: openssh-9.8

Predrag Zečević predrag.zecevic.1961 at googlemail.com
Tue Jun 18 17:12:04 AEST 2024 

Hi all,

It compiles on OpenIndiana, GCC 13, with custom OpenSSL 3.2:

:; ssh -V
OpenSSH_9.7p1-snap20240618, OpenSSL 3.2.1 30 Jan 2024

Did not checked everything yet...
Thanks

On 2024-06-18 04:46, Damien Miller wrote:
> Hi,
> 
> OpenSSH 9.8p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
> 
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
> 
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
> 
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
> 
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> 
> $ ./configure && make tests
> 
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at mindrot.org. Security bugs should be reported
> directly to openssh at openssh.com.
> 
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
> 
> Thanks to the many people who contributed to this release.
> 
> Future deprecation notice
> =========================
> 
> OpenSSH plans to remove support for the DSA signature algorithm in
> early 2025. This release disables DSA by default at compile time.
> 
> DSA, as specified in the SSHv2 protocol, is inherently weak - being
> limited to a 160 bit private key and use of the SHA1 digest. Its
> estimated security level is only 80 bits symmetric equivalent.
> 
> OpenSSH has disabled DSA keys by default since 2015 but has retained
> run-time optional support for them. DSA was the only mandatory-to-
> implement algorithm in the SSHv2 RFCs, mostly because alternative
> algorithms were encumbered by patents when the SSHv2 protocol was
> specified.
> 
> This has not been the case for decades at this point and better
> algorithms are well supported by all actively-maintained SSH
> implementations. We do not consider the costs of maintaining DSA
> in OpenSSH to be justified and hope that removing it from OpenSSH
> can accelerate its wider deprecation in supporting cryptography
> libraries.
> 
> This release, and its deactivation of DSA by default at compile-time,
> marks the second step in our timeline to finally deprecate DSA. The
> final step of removing DSA support entirely is planned for the first
> OpenSSH release of 2025.
> 
> Potentially-incompatible changes
> --------------------------------
> 
>   * all: as mentioned above, the DSA signature algorithm is now
>     disabled at compile time.
> 
>   * sshd(8): the server will now block client addresses that
>     repeatedly fail authentication, repeatedly connect without ever
>     completing authentication or that crash the server. See the
>     discussion of PerSourcePenalties below for more information.
>     Operators of servers that accept connections from many users, or
>     servers that accept connections from addresses behind NAT or
>     proxies may need to consider these settings.
> 
>   * sshd(8): the server has been split into a listener binary, sshd(8),
>     and a per-session binary "sshd-session". This allows for a much
>     smaller listener binary, as it no longer needs to support the SSH
>     protocol. As part of this work, support for disabling privilege
>     separation (which previously required code changes to disable) and
>     disabling re-execution of sshd(8) has been removed. Further
>     separation of sshd-session into additional, minimal binaries is
>     planned for the future.
> 
>   * sshd(8): several log messages have changed. In particular, some
>     log messages will be tagged with as originating from a process
>     named "sshd-session" rather than "sshd".
> 
>   * ssh-keyscan(1): this tool previously emitted comment lines
>     containing the hostname and SSH protocol banner to standard error.
>     This release now emits them to standard output, but adds a new
>     "-q" flag to silence them altogether.
> 
>   * sshd(8): (portable OpenSSH only) sshd will no longer use argv[0]
>     as the PAM service name. A new "PAMServiceName" sshd_config(5)
>     directive allows selecting the service name at runtime. This
>     defaults to "sshd". bz2101
> 
> Changes since OpenSSH 9.7
> =========================
> 
> This release contains mostly bugfixes.
> 
> New features
> ------------
> 
>   * sshd(8): add the ability to penalise client addresses that, for
>     various reasons, do not successfully complete authentication.
>     sshd(8) will now identify situations where the session did not
>     authenticate as expected. These conditions include when the client
>     repeatedly attempted authentication unsucessfully (possibly
>     indicating an attack against one or more accounts, e.g. password
>     guessing), or when client behaviour caused sshd to crash (possibly
>     indicating attempts to exploit sshd).
> 
>     When such a condition is observed, sshd will record a penalty of
>     some duration (e.g. 30 seconds) against the client's address. If
>     this time is above a minimum configurable threshold, then all
>     connections from the client address will be refused (along with any
>     others in the same PerSourceNetBlockSize CIDR range).
> 
>     Repeated offenses by the same client address will accrue greater
>     penalties, up to a configurable maximum. Address ranges may be
>     exempted from penalties using the PerSourcePenaltyExemptList
>     option.
> 
>     We hope these options will make it significantly more difficult for
>     attackers to find accounts with weak/guessable passwords or exploit
>     bugs in sshd(8) itself. This option is enabled by default.
> 
>   * ssh(8): allow the HostkeyAlgorithms directive to disable the
>     implicit fallback from certificate host key to plain host keys.
> 
> Bugfixes
> --------
> 
>   * misc: fix a number of inaccuracies in the PROTOCOL.*
>     documentation. GHPR430 GHPR487
> 
>   * all: switch to strtonum(3) for more robust integer parsing in most
>     places.
> 
>   * ssh(1), sshd(8): correctly restore sigprocmask around ppoll()
> 
>   * ssh-keysign(8): stricter validation of messaging socket fd GHPR492
> 
>   * sftp(1): flush stdout after writing "sftp>" prompt when not using
>     editline. GHPR480
> 
>   * sftp-server(8): fix home-directory extension implementation, it
>     previously always returned the current user's home directory
>     contrary to the spec. GHPR477
> 
>   * ssh-keyscan(1): do not close stdin in any case to prevent error
>     messages when stdin is read multiple times. E.g.
>      echo localhost | ssh-keyscan -f - -f -
> 
>   * regression tests: fix rekey test that was testing the same KEX
>     algorithm repeatedly instead of testing all of them. bz3692
> 
>   * ssh_config(5), sshd_config(5): clarify the KEXAlgorithms directive
>     documentation, especially around what is supported vs available.
>     bz3701.
> 
> Portability
> -----------
> 
>   * sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules
>     unconditionally. The previous behaviour was to expose it only when
>     particular authentication methods were in use.
> 
>   * build: fix OpenSSL ED25519 support detection. An incorrect function
>     signature in configure.ac previously prevented enabling the recently
>     added support for ED25519 private keys in PEM PKCS8 format.
> 
>   * ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY
>     environment variable to enable SSH_ASKPASS, similarly to the X11
>     DISPLAY environment variable. GHPR479
> 
>   * build: improve detection of the -fzero-call-used-regs compiler
>     flag. bz3673.
> 
>   * build: relax OpenSSL version check to accept all OpenSSL 3.x
>     versions.
> 
>   * sshd(8): add support for notifying systemd on server listen and
>     reload, using a standalone implementation that doesn't depend on
>     libsystemd. bz2641
> 
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
> Tim Rice and Ben Lindstrom.
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 
Predrag Zečević

More information about the openssh-unix-dev mailing list