[ssh_x509] PKIX-SSH release 12.0

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Thu Apr 18 21:37:47 EEST 2019

Hello all,

I would like to announce that release 12.0 is available for download - 
https://www.roumenpetrov.info/secsh/#news20190418 .

Release change log:

(x) Features:

* increase the default RSA key size to 3072 bits.
    Follows NIST Special Publication 800-57's guidance for a 128-bit 
equivalent symmetric security level.

* new sftp extension "lsetstat at openssh.com"
    Support SFTP extension "lsetstat at openssh.com" that replicates the 
functionality of the existing SSH_FXP_SETSTAT operation but does not 
follow symbolic-links. Activated by "-h" argument to sftp command chgrp, 
chmod and chown.

* pseudo localization on Android
    Allows file transfer program to display file name with UTF-8 
character instead octal escape sequence.

* "final" criteria for keyword Match
    Enhance Match keyword in client configuration with "final" criteria 
- it matches in same pass as "canonical" but doesn't require enabled 
hostname canonicalization.

* usability of agent keys
    Test whether keys in an agent are usable - new ssh-add option "-T" 
that performs a signature and a verification with agent-key that match 
specified public part.

* option "-J" for file transfer command
    New file transfer command (scp and sftp) option "-J" as alias to 
match with client configuration Proxyjump. None that local configuration 
is not used for Proxyjump host.

* log more connection drops
    Log connection drop for attempt to run a command when 
ForceCommand=internal-sftp is in effect.

* new KEX method "sntrup4591761x25519-sha512 at tinyssh.org"
    Experimental post-quantum cryptography key exchange method 
sntrup4591761x25519-sha512 at tinyssh.org enabled only compilation time. 
Method is based on "Streamlined NTRU Prime 4591^761" and X25519.

* exclude KEX "diffie-hellman-group-exchange-sha1"
    Remove key exchange method "diffie-hellman-group-exchange-sha1" from 
client defaults.

* do not use "PKCS11Provider"
   Allow "none" argument for client option "PKCS11Provider" to indicate 
that no provider should be used. Note "none" is default.

* "keyscan" exit status
    Command "keyscan" returns a non-zero exit status if no keys were found.

(x) Bugs:

* calculate bandwidth limits
    Fixed calculation of initial bandwidth limits in file transfer commands.

* management of "ext-info-c" extension
    Daemon consider the "ext-info-c" extension only during the initial 
key exchange.
* fixed a number of memory leaks.

* file name match in secure copy
             On local side secure copy tool performs simple match that 
files send from remote match request. This mitigate weakness in the tool 
and protocol (CVE-2019-6111). Note that remote and local could perform 
different wildcard expansion. For this reason command argument "-T" 
disables client side verification at the risk hostile remote to create 
or replace unexpectedly local files with attacker-controlled content. 
Note that recommended mitigation of scp protocol issue is for file 
transfer to use more modern protocols like sftp and and rsync instead.

* SIGPIPE and child process
    Avoids sending SIGPIPE to child processes after their parent exits 
if they attempt to write to standard error stream.

* no duplicate "keepalives"
    Prevents sending two "keepalives" successively and prematurely 
terminating connection when ClientAliveInterval is used in server 

* avoid connection close
    Correct interaction between server options ClientAliveInterval and 
RekeyLimit that could lead to incorrect connection close.

* authentication failures due to option override
    Correct authentication failures when "any" argument of server option 
"AuthenticationMethods" used in a Match block overrides a more 
restrictive global.

* no redirection to /dev/null
    Prevent client to redirect standard output stream to /dev/null if is 
used "ProxyCommand=-".

* race conditions in daemon restart
    Correct two race conditions related to SIGHUP daemon restart.

* strict protocol banners
    Strict processing of protocol banners, allowing \r characters only 
immediately before \n.

* timeout management
     Correct interaction between the client options ConnectTimeout and 
ConnectionAttempts - connection attempts after the first were ignoring 
the requested timeout.

(x) Miscellaneous:

* obsolete host/port syntax
    Remove support for obsolete host/port syntax from daemon 
configuration (slash notation from ListenAddress and PermitOpen). For 
IPv6 users there are standards like [::1]:22.

* Android compatibility
    Many improvements for Android that ensure better cross-version 

* use of global variables
    Minimize use of global variables, either by us of connection or 
other structures, or make them static.
* Refactor "packet" related code to use new-API

* Refactor "KEX" code

* Refactor "LDAP" code
    Also prepare it for use by upcoming X.509 lookup based on OpenSSL 
Store API.

* Refactor "pkcs#11" code
    This includes support for verbose mode in ssh-add command and 

* improvements for Cygwin
    configurable service name; case-insensitive user/group matching; run 
under SYSTEM again and create user token using S4U with failback 
NtCreateToken if not supported.

* fingerprint as a synonym for "yes"
    Client accepts host-key fingerprint as a synonym for "yes" when 
accepting an unknown host-key.

* PAM environment
    Do not export $MAIL to PAM environment.

* support upcoming OpenSSL 3.0
    Ensure builds with current OpenSSL master branch(future 3.0.0).

* RUN-PATH configuration
    Configuration options --with-rpath accepts argument in addition to 

* minimize key-type enumeration values
    Stop to use custom key-type enumeration values for keys with X.509 

* file name display in secure copy
    In secure copy tool sanitize file names in progress meter to allow 
UTF-8 characters without terminal control sequences.

Roumen Petrov

More information about the ssh_x509 mailing list