OpenSSH changelog

From wikieduonline
Revision as of 05:33, 30 August 2022 by Welcome (talk | contribs) (→‎2022)
Jump to navigation Jump to search

2022

2021

2020

2019

2018

  • OpenSSH 7.9[7], released in October 2018
  • OpenSSH 7.8[8], released in August 2018
    • Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using OpenSSL's PEM format.
  • OpenSSH 7.7[9], released in February 2018

2017

2016

2015

  • OpenSSH 7.1: August 20, 2015[14]
    • Bugfix: This is a bugfix release.
  • OpenSSH 7.0: August 11, 2015[15]
    • The focus of this release is primarily to deprecate weak, legacy and unsafe cryptography.
  • OpenSSH 6.9: July 1, 2015[16]
    • Bugfix: This is primarily a bugfix release.
  • OpenSSH 6.8: March 18, 2015
    • Added new [email protected] extension to facilitate public key discovery and rotation for trusted hosts (for transition from DSA to Ed25519 public host keys)[17]
    • AuthenticationMethods=publickey,publickey to require that users authenticate using two different public keys[18]

2014

  • OpenSSH 6.7: October 6, 2014
    • The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default.
    • Compile-time option to not depend on OpenSSL[19]
    • Add support for Unix domain socket forwarding
  • OpenSSH 6.6: March 16, 2014
    • This is primarily a bugfix release.
  • OpenSSH 6.5[20][21]: January 30, 2014
    • Added new ssh-ed25519 and [email protected] public key types (available since 2005 but more popular since some suspicious that NSA had chosen values that gave them an advantage in factoring public-keys)[22]
    • Added new chacha20-poly1305@openssh.com transport cipher[23][24]
    • Added curve25519-sha256@libssh.org key exchange
    • FEATURE: ssh, added Match keyword for ssh_config that allows conditional configuration to be applied [25]
    • FEATURE: client-side hostname canonicalisation: CanonicalDomains, CanonicalizeFallbackLocal, CanonicalizeHostname, CanonicalizeMaxDots and CanonicalizePermittedCNAMEs.[26][27]
    • Add a new private key format that uses a bcrypt KDF

2013

  • OpenSSH 6.4: November 8, 2013 [28]
    • This release fixes a security bug with AES-GCM
  • OpenSSH 6.3: September 13, 2013
    • This release is predominantly a bugfix release
  • OpenSSH 6.2: March 22, 2013
    • Add a GCM-mode for the AES cipher, similar to RFC, RFI
    • Added support for encrypt-then-mac MAC modes
    • Added support for multiple required authentication methods
    • Added support for Key Revocation Lists (KRL)

2012

  • OpenSSH 6.1: August 29, 2012
    • This is primarily a bugfix release.
    • Enables pre-auth sandboxing by default
    • Finds ECDSA keys in ssh-keyscan and SSHFP DNS records by default now
  • OpenSSH 6.0: April 22, 2012
    • This is primarily a bugfix release.

2011

2010

  • OpenSSH 5.6: August 23, 2010
  • OpenSSH 5.5: April 16, 2010
  • OpenSSH 5.4: March 8, 2010
    • Disabled SSH protocol 1 default support. Clients and servers must now explicitly enable it.
    • Added PKCS11 authentication support for ssh(1) (-I pkcs11)
    • Added Certificate based authentication
    • Added "Netcat mode" for ssh(1) (-W host:port). Similar to "-L tunnel", but forwards instead stdin and stdout. This allows, for example, using ssh(1) itself as a ssh(1) ProxyCommand to route connections via intermediate servers, without the need for nc(1) on the server machine.
    • Added the ability to revoke public keys in sshd(8) and ssh(1). While it was already possible to remove the keys from authorised lists, revoked keys will now trigger a warning if used.

2009

  • OpenSSH 5.3: October 1, 2009
  • OpenSSH 5.2: February 23, 2009

2008

2007

  • OpenSSH 4.7: September 4, 2007
Added chroot(2) support for sshd(8), controlled by a new option "ChrootDirectory". Please refer to sshd_config(5) for details, and please use this feature carefully. (bz#177 bz#1352)
  • OpenSSH 4.6: March 9, 2007

2006

  • OpenSSH 4.5: November 7, 2006
  • OpenSSH 4.4: September 27, 2006
  • OpenSSH 4.3: February 1, 2006
    • Added OSI layer 2/3 tun-based VPN (-w option on ssh(1))

2005

  • OpenSSH 4.1: May 26, 2005
  • OpenSSH 4.0: March 9, 2005

2004

  • OpenSSH 3.9[32]: August 18, 2004
    • Implement session multiplexing. ControlMaster option
    • Added a MaxAuthTries option to sshd, allowing control over the maximum number of authentication attempts permitted per connection
    • Added IdentitiesOnly option to ssh which specifies that it should use keys specified in ssh_config, rather than any keys in ssh-agent
    • Re-introduce support for PAM password authentication
  • OpenSSH 3.8: February 24, 2004

2003

  • OpenSSH 3.7.1: September 16, 2003
  • OpenSSH 3.7: September 16, 2003
  • OpenSSH 3.6.1: April 1, 2003
  • OpenSSH 3.6: March 31, 2003

2002

  • OpenSSH 3.5: October 14, 2002
  • OpenSSH 3.4: June 26, 2002
  • OpenSSH 3.0: [33]
    • Improved Kerberos support in protocol v1 (KerbIV and KerbV)
  • OpenSSH 2.9.9: [34]

2001

2000

  • OpenSSH 1.2.2p1[36]: March 5, 2000


1995

See also


Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy.

Source: Wikiversity

  1. https://www.openssh.com/txt/release-8.2
  2. https://www.openssh.com/txt/release-8.1
  3. https://www.openssh.com/releasenotes.html#8.1
  4. http://www.openssh.com/txt/release-8.0
  5. https://www.openssh.com/releasenotes.html#8.0
  6. https://nvd.nist.gov/vuln/detail/CVE-2019-6111
  7. http://www.openssh.com/txt/release-7.9
  8. http://www.openssh.com/txt/release-7.8
  9. http://www.openssh.com/txt/release-7.7
  10. http://www.openssh.com/txt/release-7.6
  11. http://www.openssh.com/txt/release-7.5
  12. http://www.openssh.com/txt/release-7.4
  13. http://www.openssh.com/txt/release-7.3
  14. "OpenSSH 7.1 Release Notes". openssh.com. 2015-08-20. Retrieved 2015-09-01.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  15. "OpenSSH 7.0 Release Notes". openssh.com. 2015-08-11. Retrieved 2015-08-18.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  16. "OpenSSH 6.9 Release Notes". openssh.com. 2015-07-01. Retrieved 2015-08-12.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  17. Murenin, Constantine A. (2015-02-01). Soulskill (ed.). "OpenSSH Will Feature Key Discovery and Rotation For Easier Switching To Ed25519". Slashdot. Retrieved 2015-02-01.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  18. https://lwn.net/Article s/637147/
  19. Murenin, Constantine A. (2014-04-30). Soulskill (ed.). "OpenSSH No Longer Has To Depend On OpenSSL". Slashdot. Retrieved 2014-12-26.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  20. http://www.openssh.com/txt/release-6.5
  21. https://www.openssh.com/releasenotes.html#6.5
  22. https://en.wikipedia.org/wiki/Curve25519#Popularity
  23. Miller, Damien (2013-12-02). "ssh/PROTOCOL.chacha20poly1305". BSD Cross Reference, OpenBSD src/usr.bin/. Retrieved 2014-12-26.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  24. Murenin, Constantine A. (2013-12-11). Unknown Lamer (ed.). "OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein". Slashdot. Retrieved 2014-12-26.<templatestyles src="Module:Citation/CS1/styles.css"></templatestyles>
  25. https://www.openssh.com/txt/release-6.5
  26. http://blog.djm.net.au/2014/01/hostname-canonicalisation-in-openssh.html
  27. https://github.com/openssh/openssh-portable/commit/0faf747e2f77f0f7083bcd59cbed30c4b5448444
  28. https://www.openssh.com/txt/release-6.4
  29. http://www.openssh.com/txt/release-5.1
  30. http://www.openssh.com/txt/release-5.0
  31. http://www.openssh.com/txt/release-4.9
  32. https://www.openssh.com/txt/release-3.9
  33. https://www.openssh.com/txt/release-3.0
  34. https://www.openssh.com/txt/release-2.9.9
  35. https://www.openssh.com/txt/release-2.5.1p1
  36. https://www.openssh.com/txt/release-1.2.2p1
  37. http://web.mit.edu/Crypto/src/ssh-1.2.26/ChangeLog

Advertising: