PKIX-SSH
secure shell with
X.509 v3 certificate support
(archive 14.x-series)
Check the current version here!
- 13 Jan 2024 : Official version 14.4.2
- What's new:
- Bugs:
- release GSS OIDs only at end of authentication
Correct previous to avoid build failure.
- Misc:
- NULL user information on Android
User information in password structure is also NULL on Android.
Prevent crash if "fake" password file is missing.
- kerberos builds
Enable Kerberos 5 build by default is spec-files.
Also list kerberos libraries before "common" one.
- 6 Jan 2024 : Official version 14.4.1
- What's new:
- Features:
- do not prefer OpenSSH EtM functionality
- exclude EtM functionality from defaults
A pre-processor directive allows to exclude EtM functionality from default configurations.
This is yet another work-around to avoid prefix truncation attack on the ssh binary packet protocol.
Also avoids use of custom "strict key exchange" extension.
- Bugs:
- fix memory leak in dh and ecdh key exchange
- Misc:
- selinux compatibility with ancient OS-es
Restore use of matchpathcon if selabel_lookup is not.
- autoconf compatibility with ancient OS-es
- 20 Dec 2023 : Official version 14.4
- What's new:
- Security:
- custom "strict key exchange" extension
Avoid prefix truncation attack on the secsh binary packet protocol(terrapin attack).
Another work-around is do not use ChaCha20-Poly1305 and EtM MACs,
for more details see
"Terrapin Attack: Breaking SSH Channel Integrity By Sequence Number Manipulation".
- shell meta-characters
Refuse user or host names provided on the command line that contain most shell meta-characters.
Note this countermeasure is not guaranteed to be effective in all cases.
- Features:
- generate RSA key by default in FIPS mode
Note since PKIX-SSH 14.3 is generated Ed25519 key by default.
- add ChannelTimeout support to the client
- add %j token that expands to the configured ProxyJump hostname
- Bugs:
- sftp limits
Return error if custom "limits" extender extension does not receive reply.
- %H token
Update KnownHostsCommand to use exact value for %H token.
- x509v3-ssh-ed25519 in FIPS mode
Explicitly deactivate algorithm "x509v3-ssh-ed25519" from defaults in FIPS mode.
Some vendor OpenSSL 1.1.1 releases crash in EVP_MD_flags() when library is in FIPS mode and "none" digest as argument.
- address filter
When connecting via socket filter addresses by AddressFamily if one was specified.
- Misc:
- prefer PRIV_XPOLICY to PRIV_LIMIT on Solaris 11.1+
- log unmatched paths in secure copy
- release GSS OIDs only at end of authentication
Avoids unnecessary init/cleanup cycles.
- manual pages
Spelling and etc.
- 5 Oct 2023 : Official version 14.3
- What's new:
- Features:
- generate Ed25519 key by default
Ed25519 public keys are very convenient due to their small size.
- run separate pkcs11 helper per module
Allows easily to reload keys from a pkcs11 module.
- allow override of subsystem directives in match blocks of daemon configuration
- Bugs:
- correct checks for ClientAliveInterval
Fix regression from "correct server loop "client alive probing" logic" that caused the probes to be sent less frequently.
- set interactive mode for ControlPersist sessions if they originally requested a tty
- recursive secure copy in SFTP mode with symbolic links to other directories
In SCP mode, the links are followed, but in SFTP mode they were not.
So, fix experimental SFTP mode of secure copy recursive download and upload of directories that contain symbolic links to other directories.
- close socket pair if cannot fork for pkcs11 helper
Avoid handle leak on error path.
- Misc:
- log invalid secsh identification string with debug level
Minimises pre-authentication "log spam".
- preserve quoting of subsystem commands and arguments
Potentially incompatible change.
- do not exit on duplicate duplicate Subsystem directives
- do not delay at all for the "none" authentication mechanism
Also limit login delay to a reasonable maximum (5s).
- pkcs11 helper messages
Improve logging functionality.
- 20 Aug 2023 : Official version 14.2.1
- What's new:
- Bugs:
- timeout to multiplexing local socket
Rewrite as previous implementation replace poll() with waitrfd().
Modification adds regression - signals are ignored.
So, rewrite waitfd do take into account signals and to accept "mux termination" flag as parameter.
- Misc:
- portability
Properly detect zlib 1.3 and use *ifaddrs* related configuration defines.
- 13 Aug 2023 : Official version 14.2
- What's new:
- Security:
- pkcs#11 module misuse
Do not allow pkcs11 providers by default. Fixes finally CVE-2016-10009 and mitigates CVE-2023-38408.
- Features:
- connection tupple
Add new daemon token - connection tupple(%C).
- forward unix domain socket
Experimental support for unix domain sockets to client forward request.
- match localnetwork
Add "localnetwork" case to match criteria.
- configuration tags
Support tags in client configuration.
- android failback path
Drop obsolete "failback path" management from Android packaging.
- "command" based path model
"command" based path model for Android application. Reserved for future.
- Bugs:
- fix public key serialisation if key contain only X.509 distinguished name
- print correctly some PKCS#11 information
- fork after authentication
Ensure that fork after authentication work properly in multiplexed cases.
- timeout in multiplexing
Apply connection timeout to multiplexing local socket connections.
- hostname canonicalization
Do not disable hostname canonicalization if ProxyJump=none is used.
- "no comment" for keys
Resolved issue with missing "no comment" when keys without comment is processed after key with comment.
- paraller sftp
Try to fix crappy OpenBSD sftp client in parallel cases.
- Misc:
- remote terminal
Do not open terminal when is requested do not execute command on remote.
- scp in sftp
Check in advance for source file when secure copy in sftp mode copy local to remote files.
- correct a number of memory leaks
- added checks for OpenSSL 3.0 releases
- avoid matchpathcon
Use selabel_lookup instead deprecated selinux matchpathcon function.
- stop printing of "scanned" key information on output error
- update ssh-copy-id script
- 16 Mar 2023 : Official version 14.1.1
- What's new:
- Security:
- bounds checking in getrrsetbyname() compatibility implementation
A specifically crafted response from domain name server could cause function to perform an out-of-bounds reads
Does not appear to be exploitable beyond denial-of-service to the ssh(1) client.
This function is called only if client option VerifyHostKeyDNS is set and is used to check CERT or SSHFP resource records.
Compatibility implementation is used only if is not provided by system resolver library.
- Features:
- hash algorithms in SSHFP RR
Allow to specify hash algorithms used to generate SSHFP RR records for domain name servers.
- print daemon configuration file
Added daemon option -G that parses and prints the effective configuration without attempting to load private keys and perform other checks.
- use sha256 when testing usability of rsa private key
- rewrite checks for Kerberos 5 implementations
Simplify, unify, and modernise configuration tests.
In addition is added pkg-config based rule.
- Bugs:
- non-ascii file name in progress meter
Rewrite progress meter to manage properly non-ascii file names.
- clean channel flags
Clean "file descriptors" flags when channel is closed.
Note functionality was added in PKIX-SSH 14.1.
- fix memory leak in sftp filename autocomplete
- fix memory leak in sftp ls command if file status is not available
- Misc:
- improved manual pages
- limit number of entries in "extension negotiation"
- minimise warnings raised by static analysers
- code clean-up - for instance remove unused secsh "compatibility" flags
- 4 Feb 2023 : Official version 14.1
- What's new:
- Security:
- fix use after free memory fault
Compatibility KEX code introduced a double-free in PKIX-SSH 14.0. It is does not impact server side.
Client could be impacted but when server is specially crafted.
- Features:
- control channel inactivity
New daemon option ChannelTimeout automatically closes channels without traffic.
- control unused connections
New daemon option UnusedConnectionTimeout allows to terminate connections without open channels.
- daemon command line argument -V
Output version information like the client utility.
- remove copy/transfer argument -X
Add -X option to remove copy and file transfer programs.
Currently sets SFTP parameters are the copy buffer length and the number of inflight requests.
Obsoletes sftp argument -B/-R.
- Bugs:
- properly process client option PermitRemoteOpen
Allow any/none argument only in first position.
- default multi-string options
Properly dump multi-string configuration options.
- restrict sftp to reasonable values
Do not allow sftp server "limits" extension to set unacceptable buffer sizes and number of open handles.
- suggest system known-host file
Avoid NULL print if user known-host files are not used.
Note some C-library crash if printf function is called with NULL value for string format.
- Misc:
- allow writev in secure secure computing mode
- optimise read buffers
Use more suitable buffer size for main loops and channel
Default sizes could set at build time.
- no host-keys warning
Emit warning if no host-keys for host-based authentication can be loaded.
- use socketpair in remote copy utility
Synchronise remote copy utility communication to ssh sub-processes with file transfer program.
- dump original Host
Add original "Host" line to the output of client configuration test.
- import ed25519 code from SUPERCOP
Update to 20221122 release.
- unify and extend channel names
Prerequisite for new channel controls.
- rewrite some test to use multiplexed session
- 26 Dec 2022 : Official version 14.0.3
- What's new:
- Bugs:
- put on hold "deffer seed_rng invocation in daemon"
Regression added in 14.0(14.0.1) release.
Note "reexec" functionality clobbers file descriptors opened after closefrom call.
- 19 Dec 2022 : Official version 14.0.2
- What's new:
- Bugs:
- properly use EVP digest work-around for ECDSA keys
On some Linux releases "OpenSSL's curve secp521r1 is NOT functional". For instance RHEL 6.
- 18 Dec 2022 : Official version 14.0.1
- What's new:
- Features:
- x509v3-ssh-ed25519
Implementation of x509v3-ssh-ed25519 public-key algorithm.
- scan by CIDR address ranges
Allow gather secure shell public keys utility to accept CIDR address ranges.
- prefer user's umask
Honour user's umask if it is more restrictive then the ssh default.
- warn if client cannot load public host-keys for host-based authentication
- Bugs:
- "globs" in sftp mode
Better match scp/rcp's handling of "globs" when secure copy utility runs in experimental sftp mode.
- handle remote forwarding in escape commandline's processing
- properly check for duplicate experimental host-key update
- Misc:
- use key descriptions
Describe keys into specific compilation with respective functional implementation.
- modernised signature operations
Unify sign and verify operations for RSA/DSA/EC keys and X.509 certificates and prefer EVP functions from OpenSSL 1.0+ API.
- deffer seed_rng invocation in daemon
Call after closefrom as work-around for random generator provided by an engine.
- improve disabled tracing on FreeBSD
- code clean-up, unification, readability, compatibility and portability
- spelling errors
Correct spelling errors in code and documentation including manual pages.
- improved logging errors
- check for valid canonical domain name when client resolves host-name
- do not ever try to write an invalid name to a known-hosts file
- add ECDSA on P-256 curve to X.509 "self-issued" test
- add new client option EnableEscapeCommandline
- more restrictive pledge(if supported) rules after session establishment
News archives:
|
![[empty image]](../images/clean.gif){kind=small}
