Hi,
OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at http://www.openssh.com/portable.html#cvs
At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
https://github.com/openssh/openssh-portable
Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:
$ ./configure && make tests
Live testing on suitable non-production systems is also appreciated.
Please send reports of success or failure to
openssh-unix-dev at mindrot.org. Security bugs should be reported
directly to openssh at openssh.com.
Below is a summary of changes. More detail may be found in the ChangeLog
in the portable OpenSSH tarballs.
Thanks to the many people who contributed to this release.
Future deprecation notice
========================
A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.
Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.
This creates one area of potential incompatibility: scp(1) when using
the SFTP protocol no longer requires this finicky and brittle quoting,
and attempts to use it may cause transfers to fail. We consider the
removal of the need for double-quoting shell characters in file names
to be a benefit and do not intend to introduce bug-compatibility for
legacy scp/rcp in scp(1) when using the SFTP protocol.
Another area of potential incompatibility relates to the use of remote
paths relative to other user's home directories, for example -
"scp host:~user/file /tmp". The SFTP protocol has no native way to
expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
support a protocol extension "expand-path at openssh.com" to support
this.
Potentially-incompatible changes
===============================
* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.
* This release modifies the FIDO security key middleware interface
and increments SSH_SK_VERSION_MAJOR.
Changes since OpenSSH 8.8
========================
This release includes a number of new features.
New features
------------
* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
A detailed description of the feature is available at
https://www.openssh.com/agent-restrict.html and the protocol
extensions are documented in the PROTOCOL and PROTOCOL.agent
files in the source release.
* ssh(1), sshd(8): add the sntrup761x25519-sha512 at openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones).
* ssh-keygen(1): when downloading resident keys from a FIDO token,
pass back the user ID that was used when the key was created and
append it to the filename the key is written to (if it is not the
default). Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different user
IDs.
* ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
on tokens that provide user verification (UV) on the device itself,
including biometric keys, avoiding unnecessary PIN prompts.
* ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
perform matching of principals names against an allowed signers
file. To be used towards a TOFU model for SSH signatures in git.
* ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
authentication time.
* ssh-keygen(1): allow selection of hash at sshsig signing time
(either sha512 (default) or sha256).
* ssh(1), sshd(8): read network data directly to the packet input
buffer instead indirectly via a small stack buffer. Provides a
modest performance improvement.
* ssh(1), sshd(8): read data directly to the channel input buffer,
providing a similar modest performance improvement.
* ssh(1): extend the PubkeyAuthentication configuration directive to
accept yes|no|unbound|host-bound to allow control over one of the
protocol extensions used to implement agent-restricted keys.
Bugfixes
--------
* sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
PubkeyAuthOptions can be used in a Match block. PR#277.
* ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
exchange hashes
* ssh(1): don't put the TTY into raw mode when SessionType=none,
avoids ^C being unable to kill such a session. bz3360
* scp(1): fix some corner-case bugs in SFTP-mode handling of
~-prefixed paths.
* ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
select RSA keys when only RSA/SHA2 signature algorithms are
configured (this is the default case). Previously RSA keys were
not being considered in the default case.
* ssh-keysign(1): make ssh-keysign use the requested signature
algorithm and not the default for the key type. Part of unbreaking
hostbased auth for RSA/SHA2 keys.
* ssh(1): stricter UpdateHostkey signature verification logic on
the client- side. Require RSA/SHA2 signatures for RSA hostkeys
except when RSA/SHA1 was explicitly negotiated during initial
KEX; bz3375
* ssh(1), sshd(8): fix signature algorithm selection logic for
UpdateHostkeys on the server side. The previous code tried to
prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
cases. This will use RSA/SHA2 signatures for RSA keys if the
client proposed these algorithms in initial KEX. bz3375
* All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
and sftp-server(8), as well as the sshd(8) listen loop and all
other FD read/writability checks. On platforms with missing or
broken poll(2)/ppoll(2) syscalls as select(2)-based compat shim is
available.
* ssh-keygen(1): the "-Y find-principals" command was verifying key
validity when using ca certs but not with simple key lifetimes
within the allowed signers file.
* ssh-keygen(1): make sshsig verify-time argument parsing optional
* ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
keys (we already did this for RSA keys). Avoids fatal errors for
PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
"cryptoauthlib"; bz#3364
* ssh(1), ssh-agent(1): improve the testing of credentials against
inserted FIDO: ask the token whether a particular key belongs to
it in cases where the token supports on-token user-verification
(e.g. biometrics) rather than just assuming that it will accept it.
Will reduce spurious "Confirm user presence" notifications for key
handles that relate to FIDO keys that are not currently inserted in at
least some cases. bz3366
* ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
allow for the preceding two ECN bits. bz#3373
* ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
option.
* ssh-keygen(1): fix a NULL deref when using the find-principals
function, when matching an allowed_signers line that contains a
namespace restriction, but no restriction specified on the
command-line
* ssh-agent(1): fix memleak in process_extension(); oss-fuzz
issue #42719
* ssh(1): suppress "Connection to xxx closed" messages when LogLevel
is set to "error" or above. bz3378
* ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
compressed packet data. bz3372
* scp(1): when recursively transferring files in SFTP mode, create the
destination directory if it doesn't already exist to match scp(1) in
legacy RCP mode behaviour.
* scp(1): many improvements in error message consistency between scp(1)
in SFTP mode vs legacy RCP mode.
* sshd(8): fix potential race in SIGTERM handling PR#289
* ssh(1), ssh(8): since DSA keys are deprecated, move them to the
end of the default list of public keys so that they will be tried
last. PR#295
* ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
wildcard principals in allowed_signers files
Portability
-----------
* ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
implementation does not work in a chroot when the kernel does not
have close_range(2). It tries to read from /proc/self/fd and when
that fails dies with an assertion of sorts. Instead, call
close_range(2) directly from our compat code and fall back if
that fails. bz#3349,
* OS X poll(2) is broken; use compat replacement. For character-
special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
when polled with POLLIN. Apparently this is Apple bug 3710161 -
not public but a websearch will find other OSS projects
rediscovering it periodically since it was first identified in
2005.
* Correct handling of exceptfds/POLLPRI in our select(2)-based
poll(2)/ppoll(2) compat implementation.
* Cygwin: correct checking of mbstowcs() return value.
* Add a basic SECURITY.md that refers people to the openssh.com
website.
* Enable additional compiler warnings and toolchain hardening flags,
including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
-fzero-call-used-regs and -ftrivial-auto-var-init.
* HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
is not reliable.
On 2/9/22 20:18, Damien Miller wrote:> Hi, > > OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a bugfix release. > >openssh-SNAP-20220211.tar.gz gcc (Debian 10.2.1-6) 10.2.1 20210110 OpenSSL 1.1.1k? 25 Mar 2021 Debian GNU/Linux 11 (bullseye) ./configure && make tests .... cc -g -O2 -pipe -Wno-error=format-truncation -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -Wimplicit-fallthrough -Wmisleading-indentation -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE?? -I. -I.? -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/local/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c regress/unittests/misc/test_strdelim.c -o regress/unittests/misc/test_strdelim.o cc -g -O2 -pipe -Wno-error=format-truncation -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -Wimplicit-fallthrough -Wmisleading-indentation -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE?? -I. -I.? -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/local/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c regress/unittests/misc/test_hpdelim.c -o regress/unittests/misc/test_hpdelim.o regress/unittests/misc/test_hpdelim.c:18:10: fatal error: test_helper.h: No such file or directory ?? 18 | #include "test_helper.h" ????? |????????? ^~~~~~~~~~~~~~~ compilation terminated. make: *** [Makefile:200: regress/unittests/misc/test_hpdelim.o] Error 1 -- # include <stddisclaimer.h> /* Kevin Brott <Kevin.Brott at GMail.com> */
On NetBSD amd64-current and amd64-9.2_STABLE:
(cd openbsd-compat && make)
cc -g -O2 -pipe -Wno-error=format-truncation -Wall -Wextra -Wpointer-arith
-Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess
-Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result
-Wimplicit-fallthrough -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv
-fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./..
-D_OPENBSD_SOURCE -DHAVE_CONFIG_H -c arc4random.c
In file included from ../openbsd-compat/openbsd-compat.h:203,
from ../includes.h:173,
from arc4random.c:27:
../openbsd-compat/bsd-poll.h:42:16: error: redefinition of 'struct
pollfd'
42 | typedef struct pollfd {
| ^~~~~~
In file included from ../openbsd-compat/bsd-poll.h:35,
from ../openbsd-compat/openbsd-compat.h:203,
from ../includes.h:173,
from arc4random.c:27:
/usr/include/poll.h:39:8: note: originally defined here
39 | struct pollfd {
| ^~~~~~
In file included from ../openbsd-compat/openbsd-compat.h:203,
from ../includes.h:173,
from arc4random.c:27:
../openbsd-compat/bsd-poll.h:63: warning: "INFTIM" redefined
63 | #define INFTIM (-1) /* not standard */
|
In file included from ../openbsd-compat/bsd-poll.h:35,
from ../openbsd-compat/openbsd-compat.h:203,
from ../includes.h:173,
from arc4random.c:27:
/usr/include/poll.h:67: note: this is the location of the previous definition
67 | #define INFTIM -1
|
In file included from ../openbsd-compat/openbsd-compat.h:203,
from ../includes.h:173,
from arc4random.c:27:
../openbsd-compat/bsd-poll.h:75:7: error: conflicting types for 'ppoll'
75 | int ppoll(struct pollfd *, nfds_t, const struct timespec *, const
sigset_t *);
| ^~~~~
In file included from ../openbsd-compat/bsd-poll.h:35,
from ../openbsd-compat/openbsd-compat.h:203,
from ../includes.h:173,
from arc4random.c:27:
/usr/include/poll.h:95:5: note: previous declaration of 'ppoll' was here
95 | int ppoll(struct pollfd * __restrict, nfds_t,
| ^~~~~
*** Error code 1
Stop.
make[1]: stopped in /home/htodd/openssh-portable/openbsd-compat
*** Error code 1
Stop.
make: stopped in /home/htodd/openssh-portable
--
Hisashi T Fujinaka - htodd at twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee
configure can't find a compiler on MacOS. Probably a misconfiguration on my part (just updated the OS today). -- Hisashi T Fujinaka - htodd at twofifty.com BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee
On Wed, Feb 09, 2022 at 08:18:23PM PST, Damien Miller wrote:>Hi, > >OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing >on as many platforms and systems as possible. This is a bugfix release. >At commit 6ee53064f476cf, all tests pass on current Void Linux (kernel 5.15.22, gcc 10.2.1, glibc 2.32, openssl 1.1.1l). Thanks, Zev
On Feb 10 15:18, Damien Miller wrote:> Hi, > > OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a bugfix release.Builds OOTB on Cygwin x86_64, almost all tests pass, except a single test in hostkey-agent: ------------- debug1: kex: host key algorithm: (no match) Unable to negotiate with UNKNOWN port 65535: no matching host key type found. Their offer: ssh-ed25519-cert-v01 at openssh.com,rsa-sha2-512-cert-v01 at openssh.com,rsa-sha2-256- cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v01 at openssh.com,e cdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com ,ecdsa-sha2-nistp521-cert-v01 at openssh.com^M FAIL: cert type sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com failed FAIL: bad SSH_CONNECTION key type sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com ------------- I wonder why sk-ecdsa-sha2-nistp256-cert-v01 at openssh.com is not in the above list of cert type offers. What explanation could that have? I'm building OPenSSH exactly as if I create a distro build, using the following configuration options: --with-libedit --with-xauth=/usr/bin/xauth --disable-strip --without-hardening --with-security-key-builtin Thanks, Corinna
HARUYAMA Seigo
2022-Feb-14 06:01 UTC
PubkeyAuthentication value "unbound|host-bound" in ssh_config(5) Re: Call for testing: OpenSSH 8.9
> * ssh(1): extend the PubkeyAuthentication configuration directive to > accept yes|no|unbound|host-bound to allow control over one of the > protocol extensions used to implement agent-restricted keys.The description of PubkeyAuthentication value "unbound|host-bound" does not exist in ssh_config(5). https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh_config.5?rev=1.368&content-type=text/x-cvsweb-markup https://github.com/openssh/openssh-portable/blob/ad16a84e64a8cf1c69c63de3fb9008320a37009c/ssh_config.5#L1520
On Thu, Feb 10, 2022 at 03:18:23PM +1100, Damien Miller wrote:> Hi, > > OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a bugfix release.--- openssh-SNAP-20220215.tar.gz Haiku R1/beta3 hrev55181+63 (x86) gcc 11.2.0 --- ... run test login-timeout.sh ... which: no rev in (/boot/home/build/openssh:.:/boot/home/config/non-packaged/bin:/boot/home/config/bin:/boot/system/non-packaged/bin:/bin:/boot/system/apps:/boot/system/preferences) ssh connect after login grace timeout failed failed connect after login grace timeout Makefile:221: recipe for target 't-exec' failed make[1]: *** [t-exec] Error 1 make[1]: Leaving directory '/boot/home/build/openssh/regress' Makefile:727: recipe for target 't-exec' failed make: *** [t-exec] Error 2 make: *** Waiting for unfinished jobs.... ssh-keygen for ssh-rsa failed SKIPPED: putty interop tests not enabled Makefile:236: recipe for target 't-exec-interop' failed make[1]: *** [t-exec-interop] Error 1 make[1]: Leaving directory '/boot/home/build/openssh/regress' Makefile:727: recipe for target 'interop-tests' failed make: *** [interop-tests] Error 2 --- regress.log: trace: using cached key type sk-ecdsa-sha2-nistp256 at openssh.com --- failed-ssh.log: trace: wait for sshd Executing: /boot/home/build/openssh/ssh -F /boot/home/build/openssh/regress/ssh_config somehost true debug3: ssh_connect_direct: entering debug1: Connecting to 127.0.0.1 [127.0.0.1] port 4242. debug3: set_sock_tos: set socket 5 IP_TOS 0x48 debug1: Connection established. debug1: identity file /boot/home/build/openssh/regress/ssh-ed25519 type 3 debug1: identity file /boot/home/build/openssh/regress/ssh-ed25519-cert type -1 debug1: identity file /boot/home/build/openssh/regress/sk-ssh-ed25519 at openssh.com type 12 debug1: identity file /boot/home/build/openssh/regress/sk-ssh-ed25519 at openssh.com-cert type -1 debug1: identity file /boot/home/build/openssh/regress/ssh-rsa type 0 debug1: identity file /boot/home/build/openssh/regress/ssh-rsa-cert type -1 debug1: identity file /boot/home/build/openssh/regress/ssh-dss type 1 debug1: identity file /boot/home/build/openssh/regress/ssh-dss-cert type -1 debug1: identity file /boot/home/build/openssh/regress/ecdsa-sha2-nistp256 type 2 debug1: identity file /boot/home/build/openssh/regress/ecdsa-sha2-nistp256-cert type -1 debug1: identity file /boot/home/build/openssh/regress/ecdsa-sha2-nistp384 type 2 debug1: identity file /boot/home/build/openssh/regress/ecdsa-sha2-nistp384-cert type -1 debug1: identity file /boot/home/build/openssh/regress/ecdsa-sha2-nistp521 type 2 debug1: identity file /boot/home/build/openssh/regress/ecdsa-sha2-nistp521-cert type -1 debug1: identity file /boot/home/build/openssh/regress/sk-ecdsa-sha2-nistp256 at openssh.com type 10 debug1: identity file /boot/home/build/openssh/regress/sk-ecdsa-sha2-nistp256 at openssh.com-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.8 debug1: kex_exchange_identification: banner line 0: Exceeded MaxStartups kex_exchange_identification: Connection closed by remote host Connection closed by 127.0.0.1 port 4242 FAIL: ssh connect after login grace timeout failed trace: wait for sshd to exit FAIL: ssh-keygen for ssh-rsa failed --- failed-sshd.log: trace: wait for sshd debug1: fd 5 clearing O_NONBLOCK debug1: Forked child 30396. debug3: send_rexec_state: entering fd = 8 config len 1004 debug3: ssh_msg_send: type 0 debug3: send_rexec_state: done debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8 debug1: inetd sockets after dupping: 4, 4 Connection from 127.0.0.1 port 40275 on 127.0.0.1 port 4242 debug1: Local version string SSH-2.0-OpenSSH_8.8 debug1: Remote protocol version 2.0, remote software version fake debug1: compat_banner: no match: fake debug2: fd 4 setting O_NONBLOCK debug2: Network child is on pid 30397 debug3: preauth child monitor started debug3: privsep user:group 1000:102 [preauth] debug1: permanently_set_uid: 1000/102 [preauth] debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth] debug3: append_hostkey_type: ssh-dss key not permitted by HostkeyAlgorithms [preauth] debug1: list_hostkey_types: ssh-ed25519,sk-ssh-ed25519 at openssh.com,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256 at openssh.com [preauth] debug3: send packet: type 20 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth] Timeout before authentication for 127.0.0.1 port 40275 debug1: fd 7 clearing O_NONBLOCK beginning MaxStartups throttling drop connection #1 from [127.0.0.1]:40281 on [127.0.0.1]:4242 past MaxStartups FAIL: ssh connect after login grace timeout failed trace: wait for sshd to exit Received signal 15; terminating. mm_log_handler: write: Broken pipe debug1: do_cleanup FAIL: ssh-keygen for ssh-rsa failed ---
On Thu, Feb 10, 2022 at 03:18:23PM +1100, Damien Miller wrote:> Hi, > > OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a bugfix release. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable OpenSSH is also available via git using the > instructions at http://www.openssh.com/portable.html#cvs > At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github: > https://github.com/openssh/openssh-portable > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests > > Live testing on suitable non-production systems is also appreciated. > Please send reports of success or failure to > openssh-unix-dev at mindrot.org. Security bugs should be reported > directly to openssh at openssh.com. > > Below is a summary of changes. More detail may be found in the ChangeLog > in the portable OpenSSH tarballs. > > Thanks to the many people who contributed to this release. > > Future deprecation notice > ========================> > A near-future release of OpenSSH will switch scp(1) from using the > legacy scp/rcp protocol to using SFTP by default. > > Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. > "scp host:* .") through the remote shell. This has the side effect of > requiring double quoting of shell meta-characters in file names > included on scp(1) command-lines, otherwise they could be interpreted > as shell commands on the remote side. > > This creates one area of potential incompatibility: scp(1) when using > the SFTP protocol no longer requires this finicky and brittle quoting, > and attempts to use it may cause transfers to fail. We consider the > removal of the need for double-quoting shell characters in file names > to be a benefit and do not intend to introduce bug-compatibility for > legacy scp/rcp in scp(1) when using the SFTP protocol. > > Another area of potential incompatibility relates to the use of remote > paths relative to other user's home directories, for example - > "scp host:~user/file /tmp". The SFTP protocol has no native way to > expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later > support a protocol extension "expand-path at openssh.com" to support > this. > > Potentially-incompatible changes > ===============================> > * sshd(8), portable OpenSSH only: this release removes in-built > support for MD5-hashed passwords. If you require these on your > system then we recommend linking against libxcrypt or similar. > > * This release modifies the FIDO security key middleware interface > and increments SSH_SK_VERSION_MAJOR. > > Changes since OpenSSH 8.8 > ========================> > This release includes a number of new features. > > New features > ------------ > > * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for > restricting forwarding and use of keys added to ssh-agent(1) > A detailed description of the feature is available at > https://www.openssh.com/agent-restrict.html and the protocol > extensions are documented in the PROTOCOL and PROTOCOL.agent > files in the source release. > > * ssh(1), sshd(8): add the sntrup761x25519-sha512 at openssh.com hybrid > ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the > default KEXAlgorithms list (after the ECDH methods but before the > prime-group DH ones). > > * ssh-keygen(1): when downloading resident keys from a FIDO token, > pass back the user ID that was used when the key was created and > append it to the filename the key is written to (if it is not the > default). Avoids keys being clobbered if the user created multiple > resident keys with the same application string but different user > IDs. > > * ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys > on tokens that provide user verification (UV) on the device itself, > including biometric keys, avoiding unnecessary PIN prompts. > > * ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to > perform matching of principals names against an allowed signers > file. To be used towards a TOFU model for SSH signatures in git. > > * ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added > to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at > authentication time. > > * ssh-keygen(1): allow selection of hash at sshsig signing time > (either sha512 (default) or sha256). > > * ssh(1), sshd(8): read network data directly to the packet input > buffer instead indirectly via a small stack buffer. Provides a > modest performance improvement. > > * ssh(1), sshd(8): read data directly to the channel input buffer, > providing a similar modest performance improvement. > > * ssh(1): extend the PubkeyAuthentication configuration directive to > accept yes|no|unbound|host-bound to allow control over one of the > protocol extensions used to implement agent-restricted keys. > > Bugfixes > -------- > > * sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and > PubkeyAuthOptions can be used in a Match block. PR#277. > > * ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512 > exchange hashes > > * ssh(1): don't put the TTY into raw mode when SessionType=none, > avoids ^C being unable to kill such a session. bz3360 > > * scp(1): fix some corner-case bugs in SFTP-mode handling of > ~-prefixed paths. > > * ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to > select RSA keys when only RSA/SHA2 signature algorithms are > configured (this is the default case). Previously RSA keys were > not being considered in the default case. > > * ssh-keysign(1): make ssh-keysign use the requested signature > algorithm and not the default for the key type. Part of unbreaking > hostbased auth for RSA/SHA2 keys. > > * ssh(1): stricter UpdateHostkey signature verification logic on > the client- side. Require RSA/SHA2 signatures for RSA hostkeys > except when RSA/SHA1 was explicitly negotiated during initial > KEX; bz3375 > > * ssh(1), sshd(8): fix signature algorithm selection logic for > UpdateHostkeys on the server side. The previous code tried to > prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some > cases. This will use RSA/SHA2 signatures for RSA keys if the > client proposed these algorithms in initial KEX. bz3375 > > * All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2). > This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1) > and sftp-server(8), as well as the sshd(8) listen loop and all > other FD read/writability checks. On platforms with missing or > broken poll(2)/ppoll(2) syscalls as select(2)-based compat shim is > available. > > * ssh-keygen(1): the "-Y find-principals" command was verifying key > validity when using ca certs but not with simple key lifetimes > within the allowed signers file. > > * ssh-keygen(1): make sshsig verify-time argument parsing optional > > * ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA > keys (we already did this for RSA keys). Avoids fatal errors for > PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B > "cryptoauthlib"; bz#3364 > > * ssh(1), ssh-agent(1): improve the testing of credentials against > inserted FIDO: ask the token whether a particular key belongs to > it in cases where the token supports on-token user-verification > (e.g. biometrics) rather than just assuming that it will accept it. > > Will reduce spurious "Confirm user presence" notifications for key > handles that relate to FIDO keys that are not currently inserted in at > least some cases. bz3366 > > * ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to > allow for the preceding two ECN bits. bz#3373 > > * ssh-keygen(1): add missing -O option to usage() for the "-Y sign" > option. > > * ssh-keygen(1): fix a NULL deref when using the find-principals > function, when matching an allowed_signers line that contains a > namespace restriction, but no restriction specified on the > command-line > > * ssh-agent(1): fix memleak in process_extension(); oss-fuzz > issue #42719 > > * ssh(1): suppress "Connection to xxx closed" messages when LogLevel > is set to "error" or above. bz3378 > > * ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing > compressed packet data. bz3372 > > * scp(1): when recursively transferring files in SFTP mode, create the > destination directory if it doesn't already exist to match scp(1) in > legacy RCP mode behaviour. > > * scp(1): many improvements in error message consistency between scp(1) > in SFTP mode vs legacy RCP mode. > > * sshd(8): fix potential race in SIGTERM handling PR#289 > > * ssh(1), ssh(8): since DSA keys are deprecated, move them to the > end of the default list of public keys so that they will be tried > last. PR#295 > > * ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match > wildcard principals in allowed_signers files > > Portability > ----------- > > * ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's > implementation does not work in a chroot when the kernel does not > have close_range(2). It tries to read from /proc/self/fd and when > that fails dies with an assertion of sorts. Instead, call > close_range(2) directly from our compat code and fall back if > that fails. bz#3349, > > * OS X poll(2) is broken; use compat replacement. For character- > special devices like /dev/null, Darwin's poll(2) returns POLLNVAL > when polled with POLLIN. Apparently this is Apple bug 3710161 - > not public but a websearch will find other OSS projects > rediscovering it periodically since it was first identified in > 2005. > > * Correct handling of exceptfds/POLLPRI in our select(2)-based > poll(2)/ppoll(2) compat implementation. > > * Cygwin: correct checking of mbstowcs() return value. > > * Add a basic SECURITY.md that refers people to the openssh.com > website. > > * Enable additional compiler warnings and toolchain hardening flags, > including -Wbitwise-instead-of-logical, -Wmisleading-indentation, > -fzero-call-used-regs and -ftrivial-auto-var-init. > > * HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version > is not reliable. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-devOpenSSH_8.8p1-snap20220216, OpenSSL 1.1.1m+quic 14 Dec 2021 Working in FreeBSD 13.0-p7 -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b Do they do as the Word said, or as the world said? -unknown Beware https://mindspring.com
On Thu, Feb 10, 2022 at 03:18:23PM +1100, Damien Miller wrote:> * ssh(1), sshd(8): add the sntrup761x25519-sha512 at openssh.com hybrid > ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the > default KEXAlgorithms list (after the ECDH methods but before the > prime-group DH ones).Very happy to see this, thank you! Been using the sntrup* KEMs since 2019. I tried four machines. First 3 look good, last might need attention. 1. Debian 10 x86_64 gcc 8.3.0 ./configure --without-openssl make (builds successfully) make clean && ./configure && make && make tests [...] all tests passed 2. Amazon Linux AMI x86_64 gcc version 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) ./configure && make tests [...] all tests passed 3. Ubuntu 18.04.6 LTS x86_64 gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04) ./configure && make tests [...] all tests passed 4. Alpine Linux 3.15.0 x86_64 gcc version 10.3.1 20211027 (Alpine 10.3.1_git20211027) ./configure --without-openssl make (builds successfully) make clean && ./configure make (builds successfully) make tests [...] all file-tests passed [...] make[1]: Entering directory '/home/codetest/openssh/regress' run test connect.sh ... ssh direct connect failed ssh proxycommand connect failed failed simple connect make[1]: *** [Makefile:221: t-exec] Error 1 make[1]: Leaving directory '/home/codetest/openssh/regress' make: *** [Makefile:727: t-exec] Error 2 Nicolai
Current master (bc16667b4a1c3cad7029304853c143a32ae04bd4) fails on Fedora
35 when building building tests with
=======cc -o regress/unittests/misc/test_misc -L. -Lopenbsd-compat/
-Wl,-z,relro
-Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie
regress/unittests/misc/tests.o regress/unittests/misc/test_parse.o
regress/unittests/misc/test_expand.o regress/unittests/misc/test_convtime.o
regress/unittests/misc/test_argv.o regress/unittests/misc/test_strdelim.o
regress/unittests/misc/test_hpdelim.o \
regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lz -lcrypt
/usr/bin/ld: regress/unittests/misc/test_hpdelim.o: relocation R_X86_64_32
against `.rodata.str1.1' can not be used when making a PIE object;
recompile with -fPIE
collect2: error: ld returned 1 exit status
make: *** [Makefile:665: regress/unittests/misc/test_misc] Error 1
=======Configuration results (after autoreconf && configure):
=======
OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/share/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH:
/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Manpage format: doc
PAM support: no
OSF SIA support: no
KerberosV support: no
SELinux support: no
libedit support: no
libldns support: no
Solaris process contract support: no
Solaris project support: no
Solaris privilege support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: seccomp_filter
PKCS#11 support: yes
U2F/FIDO support: yes
Host: x86_64-pc-linux-gnu
Compiler: cc
Compiler flags: -g -O2 -pipe -Wno-error=format-truncation -Wall -Wextra
-Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter
-Wno-unused-result -Wimplicit-fallthrough -Wmisleading-indentation
-fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used-regs=all
-fno-builtin-memset -fstack-protector-strong -fPIE
Preprocessor flags: -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE
Linker flags: -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack
-fstack-protector-strong -pie
Libraries: -lcrypto -lz -lcrypt
=======
On Thu, Feb 10, 2022 at 5:21 AM Damien Miller <djm at mindrot.org> wrote:
> Hi,
>
> OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
>
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests
>
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at mindrot.org. Security bugs should be reported
> directly to openssh at openssh.com.
>
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
>
> Thanks to the many people who contributed to this release.
>
> Future deprecation notice
> ========================>
> A near-future release of OpenSSH will switch scp(1) from using the
> legacy scp/rcp protocol to using SFTP by default.
>
> Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
> "scp host:* .") through the remote shell. This has the side
effect of
> requiring double quoting of shell meta-characters in file names
> included on scp(1) command-lines, otherwise they could be interpreted
> as shell commands on the remote side.
>
> This creates one area of potential incompatibility: scp(1) when using
> the SFTP protocol no longer requires this finicky and brittle quoting,
> and attempts to use it may cause transfers to fail. We consider the
> removal of the need for double-quoting shell characters in file names
> to be a benefit and do not intend to introduce bug-compatibility for
> legacy scp/rcp in scp(1) when using the SFTP protocol.
>
> Another area of potential incompatibility relates to the use of remote
> paths relative to other user's home directories, for example -
> "scp host:~user/file /tmp". The SFTP protocol has no native way
to
> expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
> support a protocol extension "expand-path at openssh.com" to
support
> this.
>
> Potentially-incompatible changes
> ===============================>
> * sshd(8), portable OpenSSH only: this release removes in-built
> support for MD5-hashed passwords. If you require these on your
> system then we recommend linking against libxcrypt or similar.
>
> * This release modifies the FIDO security key middleware interface
> and increments SSH_SK_VERSION_MAJOR.
>
> Changes since OpenSSH 8.8
> ========================>
> This release includes a number of new features.
>
> New features
> ------------
>
> * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
> restricting forwarding and use of keys added to ssh-agent(1)
> A detailed description of the feature is available at
> https://www.openssh.com/agent-restrict.html and the protocol
> extensions are documented in the PROTOCOL and PROTOCOL.agent
> files in the source release.
>
> * ssh(1), sshd(8): add the sntrup761x25519-sha512 at openssh.com hybrid
> ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
> default KEXAlgorithms list (after the ECDH methods but before the
> prime-group DH ones).
>
> * ssh-keygen(1): when downloading resident keys from a FIDO token,
> pass back the user ID that was used when the key was created and
> append it to the filename the key is written to (if it is not the
> default). Avoids keys being clobbered if the user created multiple
> resident keys with the same application string but different user
> IDs.
>
> * ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
> on tokens that provide user verification (UV) on the device itself,
> including biometric keys, avoiding unnecessary PIN prompts.
>
> * ssh-keygen(1): add "ssh-keygen -Y match-principals" operation
to
> perform matching of principals names against an allowed signers
> file. To be used towards a TOFU model for SSH signatures in git.
>
> * ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
> to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
> authentication time.
>
> * ssh-keygen(1): allow selection of hash at sshsig signing time
> (either sha512 (default) or sha256).
>
> * ssh(1), sshd(8): read network data directly to the packet input
> buffer instead indirectly via a small stack buffer. Provides a
> modest performance improvement.
>
> * ssh(1), sshd(8): read data directly to the channel input buffer,
> providing a similar modest performance improvement.
>
> * ssh(1): extend the PubkeyAuthentication configuration directive to
> accept yes|no|unbound|host-bound to allow control over one of the
> protocol extensions used to implement agent-restricted keys.
>
> Bugfixes
> --------
>
> * sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
> PubkeyAuthOptions can be used in a Match block. PR#277.
>
> * ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
> exchange hashes
>
> * ssh(1): don't put the TTY into raw mode when SessionType=none,
> avoids ^C being unable to kill such a session. bz3360
>
> * scp(1): fix some corner-case bugs in SFTP-mode handling of
> ~-prefixed paths.
>
> * ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
> select RSA keys when only RSA/SHA2 signature algorithms are
> configured (this is the default case). Previously RSA keys were
> not being considered in the default case.
>
> * ssh-keysign(1): make ssh-keysign use the requested signature
> algorithm and not the default for the key type. Part of unbreaking
> hostbased auth for RSA/SHA2 keys.
>
> * ssh(1): stricter UpdateHostkey signature verification logic on
> the client- side. Require RSA/SHA2 signatures for RSA hostkeys
> except when RSA/SHA1 was explicitly negotiated during initial
> KEX; bz3375
>
> * ssh(1), sshd(8): fix signature algorithm selection logic for
> UpdateHostkeys on the server side. The previous code tried to
> prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
> cases. This will use RSA/SHA2 signatures for RSA keys if the
> client proposed these algorithms in initial KEX. bz3375
>
> * All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
> This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
> and sftp-server(8), as well as the sshd(8) listen loop and all
> other FD read/writability checks. On platforms with missing or
> broken poll(2)/ppoll(2) syscalls as select(2)-based compat shim is
> available.
>
> * ssh-keygen(1): the "-Y find-principals" command was verifying
key
> validity when using ca certs but not with simple key lifetimes
> within the allowed signers file.
>
> * ssh-keygen(1): make sshsig verify-time argument parsing optional
>
> * ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
> keys (we already did this for RSA keys). Avoids fatal errors for
> PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
> "cryptoauthlib"; bz#3364
>
> * ssh(1), ssh-agent(1): improve the testing of credentials against
> inserted FIDO: ask the token whether a particular key belongs to
> it in cases where the token supports on-token user-verification
> (e.g. biometrics) rather than just assuming that it will accept it.
>
> Will reduce spurious "Confirm user presence" notifications
for key
> handles that relate to FIDO keys that are not currently inserted in at
> least some cases. bz3366
>
> * ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
> allow for the preceding two ECN bits. bz#3373
>
> * ssh-keygen(1): add missing -O option to usage() for the "-Y
sign"
> option.
>
> * ssh-keygen(1): fix a NULL deref when using the find-principals
> function, when matching an allowed_signers line that contains a
> namespace restriction, but no restriction specified on the
> command-line
>
> * ssh-agent(1): fix memleak in process_extension(); oss-fuzz
> issue #42719
>
> * ssh(1): suppress "Connection to xxx closed" messages when
LogLevel
> is set to "error" or above. bz3378
>
> * ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
> compressed packet data. bz3372
>
> * scp(1): when recursively transferring files in SFTP mode, create the
> destination directory if it doesn't already exist to match scp(1) in
> legacy RCP mode behaviour.
>
> * scp(1): many improvements in error message consistency between scp(1)
> in SFTP mode vs legacy RCP mode.
>
> * sshd(8): fix potential race in SIGTERM handling PR#289
>
> * ssh(1), ssh(8): since DSA keys are deprecated, move them to the
> end of the default list of public keys so that they will be tried
> last. PR#295
>
> * ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
> wildcard principals in allowed_signers files
>
> Portability
> -----------
>
> * ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
> implementation does not work in a chroot when the kernel does not
> have close_range(2). It tries to read from /proc/self/fd and when
> that fails dies with an assertion of sorts. Instead, call
> close_range(2) directly from our compat code and fall back if
> that fails. bz#3349,
>
> * OS X poll(2) is broken; use compat replacement. For character-
> special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
> when polled with POLLIN. Apparently this is Apple bug 3710161 -
> not public but a websearch will find other OSS projects
> rediscovering it periodically since it was first identified in
> 2005.
>
> * Correct handling of exceptfds/POLLPRI in our select(2)-based
> poll(2)/ppoll(2) compat implementation.
>
> * Cygwin: correct checking of mbstowcs() return value.
>
> * Add a basic SECURITY.md that refers people to the openssh.com
> website.
>
> * Enable additional compiler warnings and toolchain hardening flags,
> including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
> -fzero-call-used-regs and -ftrivial-auto-var-init.
>
> * HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
> is not reliable.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
--
Dmitry Belyavskiy