Difference between revisions of "OpenSSH changelog"

OpenSSH Versions

• OpenSSH 8.1^[1][2], released in October 2019
  • ssh, sshd, ssh-agent: add protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed.
• OpenSSH 8.0^[3][4], released in April 2019
  • SECURITY: CVE-2019-6111^[5] related to scp tool and protocol allowing to overwrite arbitrary files in the scp client target directory
• OpenSSH 7.9^[6], released in October 2018
  • allow key revocation lists (KRLs) to revoke keys specified by SHA256 hash
• OpenSSH 7.8^[7], released in August 2018
  • Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using OpenSSL's PEM format.
• OpenSSH 7.7^[8], released in February 2018
  • FEATURE: Add "expiry-time" option in sshd for authorized_keys files to allow for expiring keys.
• OpenSSH 7.6^[9], released in October 2017
  • FEATURE: Add RemoteCommand option
  • FEATURE: Add SyslogFacility option to ssh matching the equivalent option in sshd
  • FEATURE: ssh client reverse dynamic forwarding -R
• OpenSSH 7.5^[10], released in March 2017
  • BUGFIX: This is a mainly a bugfix release.
• OpenSSH 7.4^[11], released Template:Release date and age
  • sshd(8): Add a sshd_config DisableForwarding option
• OpenSSH 7.3^[12], released August 01, 2016
  • FEATURE: Adds ProxyJump option (-J)
  • FEATURE: Add an Include directive for ssh_config(5) files
• OpenSSH 7.1: August 20, 2015^[13]
  • This is a bugfix release.
• OpenSSH 7.0: August 11, 2015^[14]
  • The focus of this release is primarily to deprecate weak, legacy and unsafe cryptography.
• OpenSSH 6.9: July 1, 2015^[15]
  • BUGFIX: This is primarily a bugfix release.
• OpenSSH 6.8: March 18, 2015
  • Added new [email protected] extension to facilitate public key discovery and rotation for trusted hosts (for transition from DSA to Ed25519 public host keys)^[16]
  • AuthenticationMethods=publickey,publickey to require that users authenticate using two different public keys^[17]
• OpenSSH 6.7: October 6, 2014
  • The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default.
  • Compile-time option to not depend on OpenSSL^[18]
  • Add support for Unix domain socket forwarding

• OpenSSH 6.6: March 16, 2014
  • This is primarily a bugfix release.

• OpenSSH 6.5^[19][20]: January 30, 2014
  • Added new ssh-ed25519 and [email protected] public key types (available since 2005 but more popular since some suspicious that NSA had chosen values that gave them an advantage in factoring public-keys)^[21]

• • Added new chacha20-poly1305@openssh.com transport cipher^[22][23]
  • Added curve25519-sha256@libssh.org key exchange
  • FEATURE: ssh, added Match keyword for ssh_config that allows conditional configuration to be applied ^[24]
  • FEATURE: client-side hostname canonicalisation: CanonicalDomains, CanonicalizeFallbackLocal, CanonicalizeHostname, CanonicalizeMaxDots and CanonicalizePermittedCNAMEs.^[25][26]
  • Add a new private key format that uses a bcrypt KDF

• OpenSSH 6.4: November 8, 2013 ^[27]
  • This release fixes a security bug with AES-GCM

• OpenSSH 6.3: September 13, 2013
  • This release is predominantly a bugfix release

• OpenSSH 6.2: March 22, 2013
  • Add a GCM-mode for the AES cipher, similar to RFC, RFI
  • Added support for encrypt-then-mac MAC modes
  • Added support for multiple required authentication methods
  • Added support for Key Revocation Lists (KRL)

• OpenSSH 6.1: August 29, 2012
  • This is primarily a bugfix release.
  • Enables pre-auth sandboxing by default
  • Finds ECDSA keys in ssh-keyscan and SSHFP DNS records by default now

• OpenSSH 6.0: April 22, 2012
  • This is primarily a bugfix release.

• OpenSSH 5.9: September 6, 2011
  • Introduce sandboxing of the pre-auth privilege separated child
• OpenSSH 5.8: February 4, 2011
• OpenSSH 5.7: January 24, 2011
  • Added support for elliptic curve cryptography for key exchange as well as host/user keys, per RFC, RFI
• OpenSSH 5.6: August 23, 2010
  • Added a ControlPersistoption to ssh_config
• OpenSSH 5.5: April 16, 2010
• OpenSSH 5.4: March 8, 2010
  • Disabled SSH protocol 1 default support. Clients and servers must now explicitly enable it.
  • Added PKCS11 authentication support for ssh(1) (-I pkcs11)
  • Added Certificate based authentication
  • Added "Netcat mode" for ssh(1) (-W host:port). Similar to "-L tunnel", but forwards instead stdin and stdout. This allows, for example, using ssh(1) itself as a ssh(1) ProxyCommand to route connections via intermediate servers, without the need for nc(1) on the server machine.
  • Added the ability to revoke public keys in sshd(8) and ssh(1). While it was already possible to remove the keys from authorised lists, revoked keys will now trigger a warning if used.
• OpenSSH 5.3: October 1, 2009
• OpenSSH 5.2: February 23, 2009
• OpenSSH 5.1: July 21, 2008
  • Added a MaxSessions option to sshd_config
• OpenSSH 5.0: April 3, 2008
• OpenSSH 4.9: March 30, 2008
  • Added chroot support for sshd(8)
  • Create an internal SFTP server for easier use of the chroot functionality
• OpenSSH 4.7: September 4, 2007
• OpenSSH 4.6: March 9, 2007
• OpenSSH 4.5: November 7, 2006
• OpenSSH 4.4: September 27, 2006
• OpenSSH 4.3: February 1, 2006
  • Added OSI layer 2/3 tun-based VPN (-w option on ssh(1))
• OpenSSH 4.2: September 1, 2005
• OpenSSH 4.1: May 26, 2005
• OpenSSH 4.0: March 9, 2005
• OpenSSH 3.9^[28]: August 18, 2004
  • Implement session multiplexing. ControlMaster option
  • Added a MaxAuthTries option to sshd, allowing control over the maximum number of authentication attempts permitted per connection
  • Added IdentitiesOnly option to ssh which specifies that it should use keys specified in ssh_config, rather than any keys in ssh-agent
  • Re-introduce support for PAM password authentication
• OpenSSH 3.8: February 24, 2004
• OpenSSH 3.7.1: September 16, 2003
• OpenSSH 3.7: September 16, 2003
  • rhosts authentication has been removed in ssh(1) and sshd(8).
• OpenSSH 3.6.1: April 1, 2003
• OpenSSH 3.6: March 31, 2003
• OpenSSH 3.5: October 14, 2002
• OpenSSH 3.4: June 26, 2002
• OpenSSH 3.0: ^[29]
  • Improved Kerberos support in protocol v1 (KerbIV and KerbV)
• OpenSSH 2.9.9: ^[30]
• OpenSSH 2.5.1p1: February 19, 2001^[31]
  • SkeyAuthentication absoleted, use ChallengeResponseAuthentication instead.

• OpenSSH 1.2.2p1^[32]: March 5, 2000

See also

• OpenSSH (changelog): /etc/ssh/sshd_config | /etc/ssh/ssh_config | ~/.ssh/ | openSSL | sshd logs | sftp | scp | authorized_keys | ssh-keygen | ssh-keyscan | ssh-add | ssh-agent | ssh | Ssh -O stop | ssh-copy-id | CheckHostIP | UseKeychain, OpenSSF
• Software changelogs, git log, GA, EoL, EOS, release cycle, apt changelog, docker-compose changelog

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Source: Wikiversity