ProHoster > Blog > internet news > OpenSSH 8.4 release

OpenSSH 8.4 release

After four months of development submitted release of OpenSSH 8.4, an open client and server implementation for SSH 2.0 and SFTP protocols.

Major changes:

  • Security related changes:
    • In ssh-agent, when using FIDO keys not created for SSH authentication (the key ID does not start with the string "ssh:"), it now checks that the message will be signed using methods used in the SSH protocol. The change will not allow ssh-agent to be redirected to remote hosts that have FIDO keys to block the ability to use these keys to generate signatures for web authentication requests (the reverse case, when the browser can sign the SSH request, was initially excluded due to the use of the "ssh:" prefix in key ID).
    • ssh-keygen resident key generation includes support for the credProtect add-on described in the FIDO 2.1 specification, which provides additional protection for keys by requiring a mandatory PIN code entry before performing any operation that could result in the extraction of a resident key from a token.
  • Changes potentially breaking compatibility:
    • For FIDO/U2F support, it is recommended to use the libfido2 library at least version 1.5.0. The ability to use older releases is also partially implemented, but in this case, features such as resident keys, PIN request, and connection of several tokens will not be available.
    • In ssh-keygen, the authentication information format, which is optionally saved when generating a FIDO key, has been updated with data for the authenticator needed to verify digital signatures.
    • The API used when OpenSSH interacts with the layer to access FIDO tokens has been changed.
    • When building a portable version of OpenSSH, automake is now required to generate the configure script and accompanying build files (if you build from a published code tar file, you do not need to regenerate configure).
  • Added support to ssh and ssh-keygen for FIDO keys that require PIN verification. Added "verify-required" option to ssh-keygen to generate keys with PIN. In the case of using such keys, before performing the signature creation operation, the user is prompted to confirm their actions by entering a PIN code.
  • In sshd, the "verify-required" option is implemented in the authorized_keys setting, requiring the use of user presence verification capabilities during token operations. The FIDO standard provides several options for such verification, but OpenSSH currently only supports PIN-based verification.
  • Support has been added to sshd and ssh-keygen to verify digital signatures that comply with the FIDO Webauthn standard, which allows FIDO keys to be used in web browsers.
  • In ssh in the CertificateFile settings,
    ControlPath, IdentityAgent, IdentityFile, LocalForward and
    RemoteForward allowed substitution of values ​​from environment variables specified in the "${ENV}" format.

  • Support for the $SSH_ASKPASS_REQUIRE environment variable has been added to ssh and ssh-agent, which can be used to enable or disable the ssh-askpass call.
  • In ssh in ssh_config in the AddKeysToAgent directive, the ability to limit the key expiration time has been added. After the expiration of the specified limit, the keys are automatically removed from the ssh-agent.
  • In scp and sftp, you can now explicitly enable redirection to scp and sftp using ssh-agent using the "-A" flag (redirection is disabled by default).
  • Added support for '%k' substitution to specify host key name in ssh settings. This feature can be used to split keys into separate files (for example, "UserKnownHostsFile ~/.ssh/known_hosts.d/%k").
  • The use of the "ssh-add -d -" operation is allowed to read keys from stdin that are to be deleted.
  • sshd provides a log of the start and end of the connection pruning process, controlled by the MaxStartups parameter.

OpenSSH developers also reminded about the upcoming deprecation of algorithms using SHA-1 hashes due to promotion the effectiveness of collision attacks with a given prefix (the cost of selecting a collision is estimated at about 45 thousand dollars). In one of the upcoming releases, they plan to disable by default the ability to use the ssh-rsa public key digital signature algorithm, which is mentioned in the original RFC for the SSH protocol and remains widespread in practice (to check the use of ssh-rsa in your systems, you can try to connect via ssh with "-oHostKeyAlgorithms=-ssh-rsa" option).

To smooth the transition to new algorithms, OpenSSH will have the UpdateHostKeys setting enabled by default in the next release, which will automatically migrate clients to more reliable algorithms. Recommended algorithms for migration include rsa-sha2-256/512 based on RFC8332 RSA SHA-2 (supported since OpenSSH 7.2 and used by default), ssh-ed25519 (supported since OpenSSH 6.5) and ecdsa-sha2-nistp256/384/521 based on RFC5656 ECDSA (supported since OpenSSH 5.7).

Source: opennet.ru

Add a comment