ProHoster > Blog > internet news > OpenSSH 8.0 release

OpenSSH 8.0 release

After five months of development submitted Release OpenSSH 8.0, an open implementation of the client and server for working over the SSH 2.0 and SFTP protocols.

Major changes:

  • Experimental support has been added to ssh and sshd for a key exchange method that is resistant to brute force on a quantum computer. Quantum computers are drastically faster in solving the problem of decomposing a natural number into prime factors, which underlies modern asymmetric encryption algorithms and cannot be effectively solved on classical processors. The proposed method is based on the algorithm NTRU Prime (function ntrup4591761) developed for post-quantum cryptosystems and the elliptic curve key exchange method X25519;
  • sshd's ListenAddress and PermitOpen directives have deprecated support for the deprecated "host/port" syntax introduced in 2001 as an alternative to "host:port" to make IPv6 easier to handle. In today's IPv6 environment, the "[::1]:22" syntax is well established, and "host/port" is often confused with a subnet specification (CIDR);
  • Key support implemented in ssh, ssh-agent and ssh-add ECDSA in PKCS#11 tokens;
  • In ssh-keygen, the default RSA key size has been increased to 3072 bits, in line with the new NIST guidelines;
  • ssh allows using the "PKCS11Provider=none" setting to override the PKCS11Provider directive set in ssh_config;
  • In sshd, the situation is provided in the log when the connection is terminated when trying to execute commands blocked by the "ForceCommand=internal-sftp" restriction in sshd_config;
  • In ssh, when displaying a request to confirm the receipt of a new host key, instead of the answer "yes", the correct fingerprint of the key is now accepted (in response to an invitation to confirm the connection, the user can copy the received reference hash separately through the clipboard, so as not to manually compare it);
  • ssh-keygen provides automatic incrementing of the certificate sequence number when creating digital signatures for multiple certificates on the command line;
  • A new "-J" option has been added to scp and sftp, equivalent to the ProxyJump setting;
  • Added processing of "-v" command line option to ssh-agent, ssh-pkcs11-helper and ssh-add to increase the information content of the output (if specified, this option is also passed to child processes, for example, when ssh-pkcs11-helper is called from ssh-agent );
  • Added "-T" option to ssh-add to test whether keys in ssh-agent are suitable for performing digital signature creation and verification operations;
  • sftp-server now supports the "lsetstat at openssh.com" protocol extension, which adds support for the SSH2_FXP_SETSTAT operation to SFTP, but without following symbolic links;
  • Added "-h" option to sftp to run chown/chgrp/chmod commands with requests that do not use symlinks;
  • sshd provides setting the $SSH_CONNECTION environment variable for PAM;
  • Added "Match final" matching mode to ssh_config for sshd, similar to "Match canonical" but without requiring hostname normalization to be enabled;
  • Added support for the '@' prefix to sftp to disable translation of the output of commands executed in batch mode;
  • When displaying the contents of a certificate using the command
    "ssh-keygen -Lf /path/certificate" now displays the algorithm used by the CA to certify the certificate;

  • Improved support for the Cygwin environment, such as comparing group and user names in a case-insensitive manner. The sshd process in the Cygwin port has been changed to cygsshd to avoid interference with the Microsoft-supplied OpenSSH port;
  • Added the ability to build with the experimental branch of OpenSSL 3.x;
  • Eliminated vulnerability (CVE-2019-6111) in the implementation of the scp utility, which allows overwriting arbitrary files in the target directory on the client side when accessing a server controlled by an attacker. The problem is that when using scp, the server decides which files and directories to send to the client, and the client only checks the correctness of the returned object names. The client-side check is limited to blocking out of bounds of the current directory ("../"), but does not take into account the transfer of files with names different from those originally requested. In the case of recursive copying (-r), in addition to file names, subdirectory names can be manipulated in a similar way. For example, if a user copies files to the user's home directory, the server controlled by the attacker can issue files named .bash_aliases or .ssh/authorized_keys instead of the requested files, and they will be saved by the scp utility in the user's home directory.

    In the new release, the scp utility has been added to check that the names of the files requested and given by the server match, performed on the client side. In this case, problems may arise with the processing of masks, since mask expansion characters can be processed differently on the server and client sides. In case, due to such differences, the client stops accepting files, the "-T" option has been added to scp, which allows you to disable client-side checking. To fully fix the problem, a conceptual rework of the scp protocol is required, which itself is already outdated, so it is recommended to use more modern protocols such as sftp and rsync instead.

Source: opennet.ru

Add a comment