After three months of development
The new release adds protection against an attack on scp that allows the server to pass different filenames than requested (as opposed to
This feature, when connected to a server controlled by an attacker, can be used to save other file names and other contents in the user's FS when copying using scp in configurations that lead to a failure when calling utimes (for example, when utimes is prohibited by SELinux policy or a system call filter) . The likelihood of real attacks is estimated to be minimal, since in typical configurations, a call to utimes does not fail. In addition, the attack does not go unnoticed - when calling scp, a data transfer error is shown.
General changes:
- sftp stopped handling the "-1" argument, similar to ssh and scp, which used to be accepted but ignored;
- sshd now provides three choices when using IgnoreRhosts: "yes" to ignore rhosts/shosts, "no" to honor rhosts/shosts, and "shosts-only" to allow ".shosts" but disallow ".rhosts";
- ssh handles %TOKEN substitution in the LocalFoward and RemoteForward settings used to redirect Unix sockets;
- Allow loading public keys from an unencrypted private key file if there is no separate public key file;
- With libcrypto on the system in ssh and sshd now uses the implementation of the chacha20 algorithm from this library, instead of the built-in portable implementation, which lags behind in performance;
- Implemented the ability to dump the contents of the binary list of revoked certificates when executing the command "ssh-keygen -lQf /path";
- The portable version implements system definitions where signals with the SA_RESTART option abort select;
- Fixed build issues on HP/UX and AIX systems;
- Fixed build issues with seccomp sandbox on some Linux configurations.
- Improved libfido2 library definition and resolved build issues with "--with-security-key-builtin" option.
The OpenSSH developers have also once again warned about the impending deprecation of algorithms using SHA-1 hashes due to
To smooth the transition to new algorithms in OpenSSH, in one of the next releases, the UpdateHostKeys setting will be enabled by default, which will automatically migrate clients to more reliable algorithms. Recommended algorithms for migration include rsa-sha2-256/512 based on RFC8332 RSA SHA-2 (supported since OpenSSH 7.2 and used by default), ssh-ed25519 (supported since OpenSSH 6.5) and ecdsa-sha2-nistp256/384/521 based on RFC5656 ECDSA (supported since OpenSSH 5.7).
As of the last release, "ssh-rsa" and "diffie-hellman-group14-sha1" have been removed from the CASignatureAlgorithms list that defines the algorithms allowed for digitally signing new certificates, as the use of SHA-1 in certificates comes with additional risk due to that the attacker has unlimited time to find a collision for an existing certificate, while the time to attack host keys is limited by the connection timeout (LoginGraceTime).
Source: opennet.ru