After six months of development Release , an open implementation of the client and server for working over the SSH 2.0 and SFTP protocols.
Special attention in the new release deserves the elimination of a vulnerability affecting ssh, sshd, ssh-add and ssh-keygen. The problem is present in the XMSS private key parsing code and allows an attacker to trigger an integer overflow. The vulnerability is marked as exploitable, but of little use, since support for XMSS keys is an experimental feature that is disabled by default (in the portable version, autoconf does not even provide a build option to enable XMSS).
Major changes:
- In ssh, sshd and ssh-agent a code that prevents the recovery of a private key located in RAM as a result of attacks through third-party channels, such as , ΠΈ . Private keys are now encrypted when loaded into memory and decrypted only when they are used, remaining encrypted the rest of the time. With this approach, in order to successfully recover the private key, the attacker needs to first recover a randomly generated intermediate key of 16 KB in size used to encrypt the main key, which is unlikely given the frequency of recovery errors inherent in modern attacks;
- Π added experimental support for a simplified scheme for creating and verifying digital signatures. Digital signatures can be created using regular SSH keys stored on disk or in ssh-agent and verified using something similar to authorized_keys . Namespace information is embedded in the digital signature to avoid confusion when applied in different areas (for example, for email and files);
- ssh-keygen has been switched by default to use the rsa-sha2-512 algorithm when digitally signing certificates based on an RSA key (when working in CA mode). Such certificates are not compatible with releases prior to OpenSSH 7.2 (to ensure compatibility, the algorithm type should be overridden, for example by calling "ssh-keygen -t ssh-rsa -s ...");
- In ssh, the ProxyCommand expression supports expanding the substitution "%n" (the hostname specified in the address bar);
- In the lists of encryption algorithms for ssh and sshd, you can now use the "^" character to insert the default algorithms. For example, to add ssh-ed25519 to the default list, you can specify "HostKeyAlgorithms ^ssh-ed25519";
- ssh-keygen provides output of a comment attached to the key when extracting a public key from a private one;
- ssh-keygen added the ability to use the "-v" flag when performing key lookup operations (for example, "ssh-keygen -vF host"), specifying which leads to the output of a descriptive host signature;
- Added the ability to use as an alternative format for storing private keys on disk. The default continues to be the PEM format, and PKCS8 may be useful to achieve compatibility with third party applications.
Source: opennet.ru