Difference between revisions of "OpenSSH changelog"
Jump to navigation
Jump to search
Line 4: | Line 4: | ||
* OpenSSH 8.1<ref>https://www.openssh.com/txt/release-8.1</ref><ref>https://www.openssh.com/releasenotes.html#8.1</ref>, released in October 2019 | * OpenSSH 8.1<ref>https://www.openssh.com/txt/release-8.1</ref><ref>https://www.openssh.com/releasenotes.html#8.1</ref>, released in October 2019 | ||
− | ** <code>ssh</code>, <code>sshd</code>, <code>[[ssh-agent]]</code>: add protection for private keys at rest in RAM against speculation and memory side-channel attacks like [[Spectre]], [[Meltdown]] and [[Rambleed]]. | + | ** <code>[[ssh]]</code>, <code>[[sshd]]</code>, <code>[[ssh-agent]]</code>: add protection for private keys at rest in RAM against speculation and memory side-channel attacks like [[Spectre]], [[Meltdown]] and [[Rambleed]]. |
* OpenSSH 8.0<ref>http://www.openssh.com/txt/release-8.0</ref><ref>https://www.openssh.com/releasenotes.html#8.0</ref>, released in April 2019 | * OpenSSH 8.0<ref>http://www.openssh.com/txt/release-8.0</ref><ref>https://www.openssh.com/releasenotes.html#8.0</ref>, released in April 2019 | ||
** SECURITY: CVE-2019-6111<ref>https://nvd.nist.gov/vuln/detail/CVE-2019-6111</ref> related to [[scp]] tool and protocol allowing to overwrite arbitrary files in the scp client target directory | ** SECURITY: CVE-2019-6111<ref>https://nvd.nist.gov/vuln/detail/CVE-2019-6111</ref> related to [[scp]] tool and protocol allowing to overwrite arbitrary files in the scp client target directory |
Revision as of 13:21, 4 January 2020
OpenSSH Versions
- OpenSSH 8.1[1][2], released in October 2019
- OpenSSH 8.0[3][4], released in April 2019
- OpenSSH 7.9[6], released in October 2018
- allow key revocation lists (KRLs) to revoke keys specified by SHA256 hash
- OpenSSH 7.8[7], released in August 2018
- Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using OpenSSL's PEM format.
- OpenSSH 7.7[8], released in February 2018
- FEATURE: Add "
expiry-time
" option in sshd for authorized_keys files to allow for expiring keys.
- FEATURE: Add "
- OpenSSH 7.6[9], released in October 2017
- FEATURE: Add
RemoteCommand
option - FEATURE: Add
SyslogFacility
option to ssh matching the equivalent option in sshd - FEATURE: ssh client reverse dynamic forwarding
-R
- FEATURE: Add
- OpenSSH 7.5[10], released in March 2017
- BUGFIX: This is a mainly a bugfix release.
- OpenSSH 7.4[11], released Template:Release date and age
- sshd(8): Add a sshd_config
DisableForwarding
option
- sshd(8): Add a sshd_config
- OpenSSH 7.3[12], released August 01, 2016
- FEATURE: Adds
ProxyJump
option (-J) - FEATURE: Add an
Include
directive for ssh_config(5) files
- FEATURE: Adds
- OpenSSH 7.1: August 20, 2015[13]
- This is a bugfix release.
- OpenSSH 7.0: August 11, 2015[14]
- The focus of this release is primarily to deprecate weak, legacy and unsafe cryptography.
- OpenSSH 6.9: July 1, 2015[15]
- BUGFIX: This is primarily a bugfix release.
- OpenSSH 6.8: March 18, 2015
- Added new [email protected] extension to facilitate public key discovery and rotation for trusted hosts (for transition from DSA to Ed25519 public host keys)[16]
AuthenticationMethods=publickey,publickey
to require that users authenticate using two different public keys[17]
- OpenSSH 6.7: October 6, 2014
- OpenSSH 6.6: March 16, 2014
- This is primarily a bugfix release.
- OpenSSH 6.5[19][20]: January 30, 2014
- Added new ssh-ed25519 and [email protected] public key types (available since 2005 but more popular since some suspicious that NSA had chosen values that gave them an advantage in factoring public-keys)[21]
- Added new chacha20-poly1305@openssh.com transport cipher[22][23]
- Added curve25519-sha256@libssh.org key exchange
- FEATURE: ssh, added Match keyword for ssh_config that allows conditional configuration to be applied [24]
- FEATURE: client-side hostname canonicalisation:
CanonicalDomains, CanonicalizeFallbackLocal, CanonicalizeHostname, CanonicalizeMaxDots and CanonicalizePermittedCNAMEs
.[25][26] - Add a new private key format that uses a bcrypt KDF
- OpenSSH 6.4: November 8, 2013 [27]
- This release fixes a security bug with AES-GCM
- OpenSSH 6.3: September 13, 2013
- This release is predominantly a bugfix release
- OpenSSH 6.2: March 22, 2013
- OpenSSH 6.1: August 29, 2012
- This is primarily a bugfix release.
- Enables pre-auth sandboxing by default
- Finds ECDSA keys in
ssh-keyscan
and SSHFP DNS records by default now
- OpenSSH 6.0: April 22, 2012
- This is primarily a bugfix release.
- OpenSSH 5.9: September 6, 2011
- Introduce sandboxing of the pre-auth privilege separated child
- OpenSSH 5.8: February 4, 2011
- OpenSSH 5.7: January 24, 2011
- Added support for elliptic curve cryptography for key exchange as well as host/user keys, per RFC, RFI
- OpenSSH 5.6: August 23, 2010
- Added a
ControlPersist
option to ssh_config
- Added a
- OpenSSH 5.5: April 16, 2010
- OpenSSH 5.4: March 8, 2010
- Disabled SSH protocol 1 default support. Clients and servers must now explicitly enable it.
- Added PKCS11 authentication support for ssh(1) (-I pkcs11)
- Added Certificate based authentication
- Added "Netcat mode" for ssh(1) (-W host:port). Similar to "-L tunnel", but forwards instead stdin and stdout. This allows, for example, using ssh(1) itself as a ssh(1)
ProxyCommand
to route connections via intermediate servers, without the need for nc(1) on the server machine. - Added the ability to revoke public keys in sshd(8) and ssh(1). While it was already possible to remove the keys from authorised lists, revoked keys will now trigger a warning if used.
- OpenSSH 5.3: October 1, 2009
- OpenSSH 5.2: February 23, 2009
- OpenSSH 5.1: July 21, 2008
- Added a
MaxSessions
option to sshd_config
- Added a
- OpenSSH 5.0: April 3, 2008
- OpenSSH 4.9: March 30, 2008
- OpenSSH 4.7: September 4, 2007
- OpenSSH 4.6: March 9, 2007
- OpenSSH 4.5: November 7, 2006
- OpenSSH 4.4: September 27, 2006
- OpenSSH 4.3: February 1, 2006
- OpenSSH 4.2: September 1, 2005
- OpenSSH 4.1: May 26, 2005
- OpenSSH 4.0: March 9, 2005
- OpenSSH 3.9[28]: August 18, 2004
- Implement session multiplexing.
ControlMaster
option - Added a
MaxAuthTries
option to sshd, allowing control over the maximum number of authentication attempts permitted per connection - Added
IdentitiesOnly
option tossh
which specifies that it should use keys specified in ssh_config, rather than any keys in ssh-agent - Re-introduce support for PAM password authentication
- Implement session multiplexing.
- OpenSSH 3.8: February 24, 2004
- OpenSSH 3.7.1: September 16, 2003
- OpenSSH 3.7: September 16, 2003
- OpenSSH 3.6.1: April 1, 2003
- OpenSSH 3.6: March 31, 2003
- OpenSSH 3.5: October 14, 2002
- OpenSSH 3.4: June 26, 2002
- OpenSSH 3.0: [29]
- Improved Kerberos support in protocol v1 (KerbIV and KerbV)
- OpenSSH 2.9.9: [30]
- OpenSSH 2.5.1p1: February 19, 2001[31]
- SkeyAuthentication absoleted, use ChallengeResponseAuthentication instead.
- OpenSSH 1.2.2p1[32]: March 5, 2000
See also
- OpenSSH (changelog):
/etc/ssh/sshd_config
|/etc/ssh/ssh_config
|~/.ssh/
|openSSL | sshd logs
|sftp
|scp
|authorized_keys
|ssh-keygen
|ssh-keyscan
|ssh-add
|ssh-agent
|ssh
|Ssh -O stop
|ssh-copy-id
|CheckHostIP
|UseKeychain
, OpenSSF - Software changelogs,
git log
, GA, EoL, EOS, release cycle,apt changelog
,docker-compose changelog
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.
Source: Wikiversity
- ↑ https://www.openssh.com/txt/release-8.1
- ↑ https://www.openssh.com/releasenotes.html#8.1
- ↑ http://www.openssh.com/txt/release-8.0
- ↑ https://www.openssh.com/releasenotes.html#8.0
- ↑ https://nvd.nist.gov/vuln/detail/CVE-2019-6111
- ↑ http://www.openssh.com/txt/release-7.9
- ↑ http://www.openssh.com/txt/release-7.8
- ↑ http://www.openssh.com/txt/release-7.7
- ↑ http://www.openssh.com/txt/release-7.6
- ↑ http://www.openssh.com/txt/release-7.5
- ↑ http://www.openssh.com/txt/release-7.4
- ↑ http://www.openssh.com/txt/release-7.3
- ↑ "OpenSSH 7.1 Release Notes". openssh.com. 2015-08-20. Retrieved 2015-09-01.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ "OpenSSH 7.0 Release Notes". openssh.com. 2015-08-11. Retrieved 2015-08-18.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ "OpenSSH 6.9 Release Notes". openssh.com. 2015-07-01. Retrieved 2015-08-12.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ Murenin, Constantine A. (2015-02-01). Soulskill (ed.). "OpenSSH Will Feature Key Discovery and Rotation For Easier Switching To Ed25519". Slashdot. Retrieved 2015-02-01.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ https://lwn.net/Article s/637147/
- ↑ Murenin, Constantine A. (2014-04-30). Soulskill (ed.). "OpenSSH No Longer Has To Depend On OpenSSL". Slashdot. Retrieved 2014-12-26.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ http://www.openssh.com/txt/release-6.5
- ↑ https://www.openssh.com/releasenotes.html#6.5
- ↑ https://en.wikipedia.org/wiki/Curve25519#Popularity
- ↑ Miller, Damien (2013-12-02). "ssh/PROTOCOL.chacha20poly1305". BSD Cross Reference, OpenBSD src/usr.bin/. Retrieved 2014-12-26.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ Murenin, Constantine A. (2013-12-11). Unknown Lamer (ed.). "OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein". Slashdot. Retrieved 2014-12-26.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
- ↑ https://www.openssh.com/txt/release-6.5
- ↑ http://blog.djm.net.au/2014/01/hostname-canonicalisation-in-openssh.html
- ↑ https://github.com/openssh/openssh-portable/commit/0faf747e2f77f0f7083bcd59cbed30c4b5448444
- ↑ https://www.openssh.com/txt/release-6.4
- ↑ https://www.openssh.com/txt/release-3.9
- ↑ https://www.openssh.com/txt/release-3.0
- ↑ https://www.openssh.com/txt/release-2.9.9
- ↑ https://www.openssh.com/txt/release-2.5.1p1
- ↑ https://www.openssh.com/txt/release-1.2.2p1
Advertising: