Back to bug 1952957
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2021-04-23 16:03:18 UTC | Pool ID | sst_security_crypto_rhel_9 | |
| Red Hat One Jira (issues.redhat.com) | 2021-04-23 16:05:10 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-76458 | |
| Dmitry Belyavskiy | 2021-05-05 14:35:39 UTC | Doc Type | Enhancement | Rebase: Bug Fixes and Enhancements |
| Alexander Sosedkin | 2021-05-05 16:27:25 UTC | CC | asosedki | |
| Dmitry Belyavskiy | 2021-05-06 12:09:25 UTC | Type | --- | Component Upgrade |
| Dmitry Belyavskiy | 2021-05-06 12:10:34 UTC | Status | NEW | MODIFIED |
| Red Hat One Jira (issues.redhat.com) | 2021-05-06 12:15:14 UTC | Link ID | Red Hat Issue Tracker CRYPTO-4114 | |
| errata-xmlrpc | 2021-05-06 12:37:43 UTC | Status | MODIFIED | ON_QA |
| Stanislav Zidek | 2021-05-25 14:11:41 UTC | Fixed In Version | openssh-8.6p1-1.el9 | |
| Fixed In Version | openssh-8.6p1-1.el9 | openssh-8.6p1-2.el9 | ||
| QA Contact | qe-baseos-security | asosedki | ||
| Alexander Sosedkin | 2021-06-11 11:31:20 UTC | Status | ON_QA | VERIFIED |
| Prerana Sharma | 2021-07-07 18:45:37 UTC | CC | presharm | |
| Docs Contact | mjahoda | |||
| Mirek Jahoda | 2021-09-29 11:49:26 UTC | Fixed In Version | openssh-8.6p1-2.el9 | openssh-8.6p1-7.el9 |
| Flags | needinfo?(dbelyavs) | |||
| Dmitry Belyavskiy | 2021-09-29 11:55:11 UTC | Flags | needinfo?(dbelyavs) | |
| Mirek Jahoda | 2021-10-14 10:02:34 UTC | Docs Contact | mjahoda | jafiala |
| Lenka Špačková | 2021-10-18 16:17:46 UTC | Doc Text | //Document as a rebase but keep the "Enhancement" Doc Type | |
| Doc Type | Rebase: Bug Fixes and Enhancements | Enhancement | ||
| Jan Fiala | 2021-10-20 10:07:58 UTC | Doc Text | //Document as a rebase but keep the "Enhancement" Doc Type | .OpenSSH rebased to 8.6p1 OpenSSH has been rebased to upstream version 8.6p1. This update includes many enhancements and bug fixes. Most notably, it fixes a security problem with the LogVerbose keyword introduced in OpenSSH 8.5. Previously, an attacker could have exploited a low-privilege logging process to escape OpenSSH's sandboxing and attack a high-privilege process. Exploitation of this weakness was unlikely, because the LogVerbose option is not enabled by default and is typically only used for debugging. No vulnerabilities in the low-privilege process are currently known to exist. With the current version,... |
| Flags | needinfo?(dbelyavs) | |||
| Dmitry Belyavskiy | 2021-10-20 10:16:18 UTC | Doc Text | .OpenSSH rebased to 8.6p1 OpenSSH has been rebased to upstream version 8.6p1. This update includes many enhancements and bug fixes. Most notably, it fixes a security problem with the LogVerbose keyword introduced in OpenSSH 8.5. Previously, an attacker could have exploited a low-privilege logging process to escape OpenSSH's sandboxing and attack a high-privilege process. Exploitation of this weakness was unlikely, because the LogVerbose option is not enabled by default and is typically only used for debugging. No vulnerabilities in the low-privilege process are currently known to exist. With the current version,... | .OpenSSH rebased to 8.6p1 OpenSSH has been rebased to upstream version 8.6p1. This update includes many enhancements and bug fixes. Most notably, it fixes a security problem with the LogVerbose keyword introduced in OpenSSH 8.5. Previously, an attacker could have exploited a low-privilege logging process to escape OpenSSH's sandboxing and attack a high-privilege process. Exploitation of this weakness was unlikely, because the LogVerbose option is not enabled by default and is typically only used for debugging. No vulnerabilities in the low-privilege process are currently known to exist. With the current version, the ability to pass the function was eliminated. |
| Flags | needinfo?(dbelyavs) | |||
| Jan Fiala | 2021-10-20 10:38:22 UTC | Flags | needinfo?(dbelyavs) | |
| Doc Text | .OpenSSH rebased to 8.6p1 OpenSSH has been rebased to upstream version 8.6p1. This update includes many enhancements and bug fixes. Most notably, it fixes a security problem with the LogVerbose keyword introduced in OpenSSH 8.5. Previously, an attacker could have exploited a low-privilege logging process to escape OpenSSH's sandboxing and attack a high-privilege process. Exploitation of this weakness was unlikely, because the LogVerbose option is not enabled by default and is typically only used for debugging. No vulnerabilities in the low-privilege process are currently known to exist. With the current version, the ability to pass the function was eliminated. | .OpenSSH distributed in 8.6p1 RHEL 9 Beta is distributed with OpenSSH version 8.6p1. This version includes many enhancements and bug fixes over previous versions. Most notably, it fixes a security problem with the LogVerbose keyword introduced in OpenSSH 8.5. Previously, an attacker could have exploited a low-privilege logging process to escape OpenSSH's sandboxing and attack a high-privilege process. Exploitation of this weakness was unlikely, because the LogVerbose option is not enabled by default and is typically only used for debugging. No vulnerabilities in the low-privilege process are currently known to exist. With the current version, file function is not passed to the monitor, and therefore this security problem no longer exists. |
||
| Dmitry Belyavskiy | 2021-10-20 10:43:17 UTC | Flags | needinfo?(dbelyavs) | |
| Jan Fiala | 2021-10-20 11:17:07 UTC | Flags | needinfo?(dbelyavs) | |
| Dmitry Belyavskiy | 2021-10-21 08:53:55 UTC | Flags | needinfo?(dbelyavs) | |
| Jan Fiala | 2021-10-21 11:49:24 UTC | Doc Text | .OpenSSH distributed in 8.6p1 RHEL 9 Beta is distributed with OpenSSH version 8.6p1. This version includes many enhancements and bug fixes over previous versions. Most notably, it fixes a security problem with the LogVerbose keyword introduced in OpenSSH 8.5. Previously, an attacker could have exploited a low-privilege logging process to escape OpenSSH's sandboxing and attack a high-privilege process. Exploitation of this weakness was unlikely, because the LogVerbose option is not enabled by default and is typically only used for debugging. No vulnerabilities in the low-privilege process are currently known to exist. With the current version, file function is not passed to the monitor, and therefore this security problem no longer exists. | .OpenSSH distributed in 8.6p1 RHEL 9 Beta includes *OpenSSH* in version 8.6p1. This version provides many enhancements and bug fixes over previous versions, most notably: *New Features* * The LogVerbose configuration directive that allows forcing maximum debug logging by file/function/line pattern lists. * Client address-based rate-limiting with the new `sshd_config` `PerSourceMaxStartups`, and `PerSourceNetBlockSize` directives. This provides finer control than the global `MaxStartups` limit. * The `HostbasedAcceptedAlgorithms` keyword now filters based on signature algorithm instead of filtering by key type. * The `Include` `sshd_config` keyword in the `sshd` daemon that allows including additional configuration files by using `glob` patterns. * Support for Universal 2nd Factor (U2F) hardware authenticators specified by the FIDO Alliance. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In *OpenSSH*, FIDO devices are supported by new public key types `ecdsa-sk` and `ed25519-sk` and by the corresponding certificate types. * Support for FIDO keys that require a PIN for each use. These keys may be generated using `ssh-keygen` using the new `verify-required` option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. * The `authorized_keys` file now supports a new `verify-required` option. This option requires FIDO signatures to assert token verification of the user's presence before making the signature. The FIDO protocol supports multiple methods for user verification, OpenSSH currently supports only PIN verification. * Added support for verifying FIDO `webauthn` signatures. `webauthn` is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and therefore require explicit support. *Bugfixes* * Clarified semantics of the `ClientAliveCountMax=0` keyword. Now, it entirely disables connection killing instead of the previous behavior of instantly killing the connection after the first liveness test regardless of its success. *Security* * Fixed an exploitable integer overflow bug in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. * Added protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). * Removed the RSA/SHA1 algorithm from the list of algorithms acceptable for certificate signatures the client and server in the `CASignatureAlgorithms` option. *OpenSSH* uses the `rsa-sha2-512` signature algorithm by default when the `ssh-keygen` certificate authority (CA) signs new certificates. + OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2 algorithms and refuse to accept certificates signed by an OpenSSH 8.2+ CA using RSA keys. If your scenario requires use of the unsafe algorithm, you can explicitly select it during signing by using the `ssh-keygen -t ssh-rsa` command. If older clients and servers cannot be upgraded, they may instead use another CA key type such as `ssh-ed25519`, which is supported since OpenSSH 6.5, or one of the `ecdsa-sha2-nistp256/384/521` types, which are supported since OpenSSH 5.7. *Changes that may affect existing configurations* * When `ssh-keygen` acts as a CA and signs certificates with an RSA key, it uses the `rsa-sha2-512` signature algorithm by default. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2. If your scenario requires so, you can override this default by using the `ssh-keygen -t ssh-rsa -s ...` command. * Removed `ssh-rsa` from the accepted `CASignatureAlgorithms` list. * Removed `diffie-hellman-group14-sha1` from the default key exchange proposal for both the client and server. * A new binary `ssh-sk-helper` is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries, including the internal library. It must be installed in the expected path, typically in `/usr/libexec`. |
| Flags | needinfo?(dbelyavs) | |||
| Dmitry Belyavskiy | 2021-10-21 11:53:57 UTC | Flags | needinfo?(dbelyavs) | |
| Jan Fiala | 2021-10-21 13:15:27 UTC | Doc Text | .OpenSSH distributed in 8.6p1 RHEL 9 Beta includes *OpenSSH* in version 8.6p1. This version provides many enhancements and bug fixes over previous versions, most notably: *New Features* * The LogVerbose configuration directive that allows forcing maximum debug logging by file/function/line pattern lists. * Client address-based rate-limiting with the new `sshd_config` `PerSourceMaxStartups`, and `PerSourceNetBlockSize` directives. This provides finer control than the global `MaxStartups` limit. * The `HostbasedAcceptedAlgorithms` keyword now filters based on signature algorithm instead of filtering by key type. * The `Include` `sshd_config` keyword in the `sshd` daemon that allows including additional configuration files by using `glob` patterns. * Support for Universal 2nd Factor (U2F) hardware authenticators specified by the FIDO Alliance. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In *OpenSSH*, FIDO devices are supported by new public key types `ecdsa-sk` and `ed25519-sk` and by the corresponding certificate types. * Support for FIDO keys that require a PIN for each use. These keys may be generated using `ssh-keygen` using the new `verify-required` option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. * The `authorized_keys` file now supports a new `verify-required` option. This option requires FIDO signatures to assert token verification of the user's presence before making the signature. The FIDO protocol supports multiple methods for user verification, OpenSSH currently supports only PIN verification. * Added support for verifying FIDO `webauthn` signatures. `webauthn` is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and therefore require explicit support. *Bugfixes* * Clarified semantics of the `ClientAliveCountMax=0` keyword. Now, it entirely disables connection killing instead of the previous behavior of instantly killing the connection after the first liveness test regardless of its success. *Security* * Fixed an exploitable integer overflow bug in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. * Added protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large "prekey" consisting of random data (currently 16KB). * Removed the RSA/SHA1 algorithm from the list of algorithms acceptable for certificate signatures the client and server in the `CASignatureAlgorithms` option. *OpenSSH* uses the `rsa-sha2-512` signature algorithm by default when the `ssh-keygen` certificate authority (CA) signs new certificates. + OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2 algorithms and refuse to accept certificates signed by an OpenSSH 8.2+ CA using RSA keys. If your scenario requires use of the unsafe algorithm, you can explicitly select it during signing by using the `ssh-keygen -t ssh-rsa` command. If older clients and servers cannot be upgraded, they may instead use another CA key type such as `ssh-ed25519`, which is supported since OpenSSH 6.5, or one of the `ecdsa-sha2-nistp256/384/521` types, which are supported since OpenSSH 5.7. *Changes that may affect existing configurations* * When `ssh-keygen` acts as a CA and signs certificates with an RSA key, it uses the `rsa-sha2-512` signature algorithm by default. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2. If your scenario requires so, you can override this default by using the `ssh-keygen -t ssh-rsa -s ...` command. * Removed `ssh-rsa` from the accepted `CASignatureAlgorithms` list. * Removed `diffie-hellman-group14-sha1` from the default key exchange proposal for both the client and server. * A new binary `ssh-sk-helper` is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries, including the internal library. It must be installed in the expected path, typically in `/usr/libexec`. | .OpenSSH distributed in 8.6p1 RHEL 9 Beta includes *OpenSSH* in version 8.6p1. This version provides many enhancements and bug fixes over *OpenSSH* version 8.0p1, which is distributed in RHEL 8.5, most notably: *New Features* * The LogVerbose configuration directive that allows forcing maximum debug logging by file/function/line pattern lists. * Client address-based rate-limiting with the new `sshd_config` `PerSourceMaxStartups`, and `PerSourceNetBlockSize` directives. This provides finer control than the global `MaxStartups` limit. * The `HostbasedAcceptedAlgorithms` keyword now filters based on the signature algorithm instead of filtering by key type. * The `Include` `sshd_config` keyword in the `sshd` daemon that allows including additional configuration files by using `glob` patterns. * Support for Universal 2nd Factor (U2F) hardware authenticators specified by the FIDO Alliance. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In *OpenSSH*, FIDO devices are supported by new public key types `ecdsa-sk` and `ed25519-sk` and by the corresponding certificate types. * Support for FIDO keys that require a PIN for each use. You can generate these keys by using `ssh-keygen` with the new `verify-required` option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. * The `authorized_keys` file now supports a new `verify-required` option. This option requires FIDO signatures to assert token verification of the user's presence before making the signature. The FIDO protocol supports multiple methods for user verification, OpenSSH currently supports only PIN verification. * Added support for verifying FIDO `webauthn` signatures. `webauthn` is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and therefore require explicit support. *Bug fixes* * Clarified semantics of the `ClientAliveCountMax=0` keyword. Now, it entirely disables connection killing instead of the previous behavior of instantly killing the connection after the first liveness test regardless of its success. *Security* * Fixed an exploitable integer overflow bug in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. * Added protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large “prekey” consisting of random data (currently 16 KB). |
| Jan Fiala | 2021-10-21 13:19:06 UTC | Doc Text | .OpenSSH distributed in 8.6p1 RHEL 9 Beta includes *OpenSSH* in version 8.6p1. This version provides many enhancements and bug fixes over *OpenSSH* version 8.0p1, which is distributed in RHEL 8.5, most notably: *New Features* * The LogVerbose configuration directive that allows forcing maximum debug logging by file/function/line pattern lists. * Client address-based rate-limiting with the new `sshd_config` `PerSourceMaxStartups`, and `PerSourceNetBlockSize` directives. This provides finer control than the global `MaxStartups` limit. * The `HostbasedAcceptedAlgorithms` keyword now filters based on the signature algorithm instead of filtering by key type. * The `Include` `sshd_config` keyword in the `sshd` daemon that allows including additional configuration files by using `glob` patterns. * Support for Universal 2nd Factor (U2F) hardware authenticators specified by the FIDO Alliance. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In *OpenSSH*, FIDO devices are supported by new public key types `ecdsa-sk` and `ed25519-sk` and by the corresponding certificate types. * Support for FIDO keys that require a PIN for each use. You can generate these keys by using `ssh-keygen` with the new `verify-required` option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. * The `authorized_keys` file now supports a new `verify-required` option. This option requires FIDO signatures to assert token verification of the user's presence before making the signature. The FIDO protocol supports multiple methods for user verification, OpenSSH currently supports only PIN verification. * Added support for verifying FIDO `webauthn` signatures. `webauthn` is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and therefore require explicit support. *Bug fixes* * Clarified semantics of the `ClientAliveCountMax=0` keyword. Now, it entirely disables connection killing instead of the previous behavior of instantly killing the connection after the first liveness test regardless of its success. *Security* * Fixed an exploitable integer overflow bug in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. * Added protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large “prekey” consisting of random data (currently 16 KB). | .OpenSSH distributed in 8.6p1 RHEL 9 Beta includes *OpenSSH* in version 8.6p1. This version provides many enhancements and bug fixes over *OpenSSH* version 8.0p1, which is distributed in RHEL 8.5, most notably: *New Features* * The LogVerbose configuration directive that allows forcing maximum debug logging by file/function/line pattern lists. * Client address-based rate-limiting with the new `sshd_config` `PerSourceMaxStartups`, and `PerSourceNetBlockSize` directives. This provides finer control than the global `MaxStartups` limit. * The `HostbasedAcceptedAlgorithms` keyword now filters based on the signature algorithm instead of filtering by key type. * The `Include` `sshd_config` keyword in the `sshd` daemon that allows including additional configuration files by using `glob` patterns. * Support for Universal 2nd Factor (U2F) hardware authenticators specified by the FIDO Alliance. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In *OpenSSH*, FIDO devices are supported by new public key types `ecdsa-sk` and `ed25519-sk` and by the corresponding certificate types. * Support for FIDO keys that require a PIN for each use. You can generate these keys by using `ssh-keygen` with the new `verify-required` option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. * The `authorized_keys` file now supports a new `verify-required` option. This option requires FIDO signatures to assert token verification of the user's presence before making the signature. The FIDO protocol supports multiple methods for user verification, OpenSSH currently supports only PIN verification. * Added support for verifying FIDO `webauthn` signatures. `webauthn` is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and therefore require explicit support. *Bug fixes* * Clarified semantics of the `ClientAliveCountMax=0` keyword. Now, it entirely disables connection killing instead of the previous behavior of instantly killing the connection after the first liveness test regardless of its success. *Security* * Fixed an exploitable integer overflow bug in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. * Added protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large “prekey” consisting of random data (currently 16 KB). |
| Vratislav Hutsky | 2021-12-07 21:42:00 UTC | Resolution | --- | CURRENTRELEASE |
| Status | VERIFIED | CLOSED | ||
| Last Closed | 2021-12-07 21:42:00 UTC | |||
| Jan Fiala | 2022-05-03 06:45:25 UTC | Doc Text | .OpenSSH distributed in 8.6p1 RHEL 9 Beta includes *OpenSSH* in version 8.6p1. This version provides many enhancements and bug fixes over *OpenSSH* version 8.0p1, which is distributed in RHEL 8.5, most notably: *New Features* * The LogVerbose configuration directive that allows forcing maximum debug logging by file/function/line pattern lists. * Client address-based rate-limiting with the new `sshd_config` `PerSourceMaxStartups`, and `PerSourceNetBlockSize` directives. This provides finer control than the global `MaxStartups` limit. * The `HostbasedAcceptedAlgorithms` keyword now filters based on the signature algorithm instead of filtering by key type. * The `Include` `sshd_config` keyword in the `sshd` daemon that allows including additional configuration files by using `glob` patterns. * Support for Universal 2nd Factor (U2F) hardware authenticators specified by the FIDO Alliance. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In *OpenSSH*, FIDO devices are supported by new public key types `ecdsa-sk` and `ed25519-sk` and by the corresponding certificate types. * Support for FIDO keys that require a PIN for each use. You can generate these keys by using `ssh-keygen` with the new `verify-required` option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. * The `authorized_keys` file now supports a new `verify-required` option. This option requires FIDO signatures to assert token verification of the user's presence before making the signature. The FIDO protocol supports multiple methods for user verification, OpenSSH currently supports only PIN verification. * Added support for verifying FIDO `webauthn` signatures. `webauthn` is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and therefore require explicit support. *Bug fixes* * Clarified semantics of the `ClientAliveCountMax=0` keyword. Now, it entirely disables connection killing instead of the previous behavior of instantly killing the connection after the first liveness test regardless of its success. *Security* * Fixed an exploitable integer overflow bug in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. * Added protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large “prekey” consisting of random data (currently 16 KB). | .OpenSSH distributed in 8.6p1 RHEL 9 includes *OpenSSH* in version 8.6p1. This version provides many enhancements and bug fixes over *OpenSSH* version 8.0p1, which is distributed in RHEL 8.5, most notably: *New Features* * The LogVerbose configuration directive that allows forcing maximum debug logging by file/function/line pattern lists. * Client address-based rate-limiting with the new `sshd_config` `PerSourceMaxStartups`, and `PerSourceNetBlockSize` directives. This provides finer control than the global `MaxStartups` limit. * The `HostbasedAcceptedAlgorithms` keyword now filters based on the signature algorithm instead of filtering by key type. * The `Include` `sshd_config` keyword in the `sshd` daemon that allows including additional configuration files by using `glob` patterns. * Support for Universal 2nd Factor (U2F) hardware authenticators specified by the FIDO Alliance. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In *OpenSSH*, FIDO devices are supported by new public key types `ecdsa-sk` and `ed25519-sk` and by the corresponding certificate types. * Support for FIDO keys that require a PIN for each use. You can generate these keys by using `ssh-keygen` with the new `verify-required` option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. * The `authorized_keys` file now supports a new `verify-required` option. This option requires FIDO signatures to assert token verification of the user's presence before making the signature. The FIDO protocol supports multiple methods for user verification, OpenSSH currently supports only PIN verification. * Added support for verifying FIDO `webauthn` signatures. `webauthn` is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and therefore require explicit support. *Bug fixes* * Clarified semantics of the `ClientAliveCountMax=0` keyword. Now, it entirely disables connection killing instead of the previous behavior of instantly killing the connection after the first liveness test regardless of its success. *Security* * Fixed an exploitable integer overflow bug in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. * Added protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large “prekey” consisting of random data (currently 16 KB). |
| Jan Fiala | 2022-05-04 13:58:54 UTC | Doc Text | .OpenSSH distributed in 8.6p1 RHEL 9 includes *OpenSSH* in version 8.6p1. This version provides many enhancements and bug fixes over *OpenSSH* version 8.0p1, which is distributed in RHEL 8.5, most notably: *New Features* * The LogVerbose configuration directive that allows forcing maximum debug logging by file/function/line pattern lists. * Client address-based rate-limiting with the new `sshd_config` `PerSourceMaxStartups`, and `PerSourceNetBlockSize` directives. This provides finer control than the global `MaxStartups` limit. * The `HostbasedAcceptedAlgorithms` keyword now filters based on the signature algorithm instead of filtering by key type. * The `Include` `sshd_config` keyword in the `sshd` daemon that allows including additional configuration files by using `glob` patterns. * Support for Universal 2nd Factor (U2F) hardware authenticators specified by the FIDO Alliance. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In *OpenSSH*, FIDO devices are supported by new public key types `ecdsa-sk` and `ed25519-sk` and by the corresponding certificate types. * Support for FIDO keys that require a PIN for each use. You can generate these keys by using `ssh-keygen` with the new `verify-required` option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. * The `authorized_keys` file now supports a new `verify-required` option. This option requires FIDO signatures to assert token verification of the user's presence before making the signature. The FIDO protocol supports multiple methods for user verification, OpenSSH currently supports only PIN verification. * Added support for verifying FIDO `webauthn` signatures. `webauthn` is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and therefore require explicit support. *Bug fixes* * Clarified semantics of the `ClientAliveCountMax=0` keyword. Now, it entirely disables connection killing instead of the previous behavior of instantly killing the connection after the first liveness test regardless of its success. *Security* * Fixed an exploitable integer overflow bug in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. * Added protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large “prekey” consisting of random data (currently 16 KB). | .OpenSSH distributed in 8.7p1 RHEL 9 includes *OpenSSH* in version 8.7p1. This version provides many enhancements and bug fixes over *OpenSSH* version 8.0p1, which is distributed in RHEL 8.5, most notably: *New Features* * The LogVerbose configuration directive that allows forcing maximum debug logging by file/function/line pattern lists. * Client address-based rate-limiting with the new `sshd_config` `PerSourceMaxStartups`, and `PerSourceNetBlockSize` directives. This provides finer control than the global `MaxStartups` limit. * The `HostbasedAcceptedAlgorithms` keyword now filters based on the signature algorithm instead of filtering by key type. * The `Include` `sshd_config` keyword in the `sshd` daemon that allows including additional configuration files by using `glob` patterns. * Support for Universal 2nd Factor (U2F) hardware authenticators specified by the FIDO Alliance. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In *OpenSSH*, FIDO devices are supported by new public key types `ecdsa-sk` and `ed25519-sk` and by the corresponding certificate types. * Support for FIDO keys that require a PIN for each use. You can generate these keys by using `ssh-keygen` with the new `verify-required` option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. * The `authorized_keys` file now supports a new `verify-required` option. This option requires FIDO signatures to assert token verification of the user's presence before making the signature. The FIDO protocol supports multiple methods for user verification, OpenSSH currently supports only PIN verification. * Added support for verifying FIDO `webauthn` signatures. `webauthn` is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and therefore require explicit support. *Bug fixes* * Clarified semantics of the `ClientAliveCountMax=0` keyword. Now, it entirely disables connection killing instead of the previous behavior of instantly killing the connection after the first liveness test regardless of its success. *Security* * Fixed an exploitable integer overflow bug in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. * Added protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large “prekey” consisting of random data (currently 16 KB). |
| Jan Fiala | 2022-05-06 10:25:04 UTC | Doc Text | .OpenSSH distributed in 8.7p1 RHEL 9 includes *OpenSSH* in version 8.7p1. This version provides many enhancements and bug fixes over *OpenSSH* version 8.0p1, which is distributed in RHEL 8.5, most notably: *New Features* * The LogVerbose configuration directive that allows forcing maximum debug logging by file/function/line pattern lists. * Client address-based rate-limiting with the new `sshd_config` `PerSourceMaxStartups`, and `PerSourceNetBlockSize` directives. This provides finer control than the global `MaxStartups` limit. * The `HostbasedAcceptedAlgorithms` keyword now filters based on the signature algorithm instead of filtering by key type. * The `Include` `sshd_config` keyword in the `sshd` daemon that allows including additional configuration files by using `glob` patterns. * Support for Universal 2nd Factor (U2F) hardware authenticators specified by the FIDO Alliance. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In *OpenSSH*, FIDO devices are supported by new public key types `ecdsa-sk` and `ed25519-sk` and by the corresponding certificate types. * Support for FIDO keys that require a PIN for each use. You can generate these keys by using `ssh-keygen` with the new `verify-required` option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. * The `authorized_keys` file now supports a new `verify-required` option. This option requires FIDO signatures to assert token verification of the user's presence before making the signature. The FIDO protocol supports multiple methods for user verification, OpenSSH currently supports only PIN verification. * Added support for verifying FIDO `webauthn` signatures. `webauthn` is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and therefore require explicit support. *Bug fixes* * Clarified semantics of the `ClientAliveCountMax=0` keyword. Now, it entirely disables connection killing instead of the previous behavior of instantly killing the connection after the first liveness test regardless of its success. *Security* * Fixed an exploitable integer overflow bug in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. * Added protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large “prekey” consisting of random data (currently 16 KB). | .OpenSSH distributed in 8.7p1 RHEL 9 includes *OpenSSH* in version 8.7p1. This version provides many enhancements and bug fixes over *OpenSSH* version 8.0p1, which is distributed in RHEL 8.5, most notably: *New Features* * Support for transfers using the SFTP protocol as a replacement for the previously used SCP/RCP protocol. SFTP offers more predictable filename handling and does not require expansion of glob(3) patterns by the shell on the remote side. + SFTP support is enabled by default. If SFTP is unavailable or incompatible in your scenario, you can use the `-O` flag to force use of the original SCP/RCP protocol. * The `LogVerbose` configuration directive that allows forcing maximum debug logging by file/function/line pattern lists. * Client address-based rate-limiting with the new `sshd_config` `PerSourceMaxStartups`, and `PerSourceNetBlockSize` directives. This provides finer control than the global `MaxStartups` limit. * The `HostbasedAcceptedAlgorithms` keyword now filters based on the signature algorithm instead of filtering by key type. * The `Include` `sshd_config` keyword in the `sshd` daemon that allows including additional configuration files by using `glob` patterns. * Support for Universal 2nd Factor (U2F) hardware authenticators specified by the FIDO Alliance. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In *OpenSSH*, FIDO devices are supported by new public key types `ecdsa-sk` and `ed25519-sk` and by the corresponding certificate types. * Support for FIDO keys that require a PIN for each use. You can generate these keys by using `ssh-keygen` with the new `verify-required` option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. * The `authorized_keys` file now supports a new `verify-required` option. This option requires FIDO signatures to assert token verification of the user's presence before making the signature. The FIDO protocol supports multiple methods for user verification, OpenSSH currently supports only PIN verification. * Added support for verifying FIDO `webauthn` signatures. `webauthn` is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and therefore require explicit support. *Bug fixes* * Clarified semantics of the `ClientAliveCountMax=0` keyword. Now, it entirely disables connection killing instead of the previous behavior of instantly killing the connection after the first liveness test regardless of its success. *Security* * Fixed an exploitable integer overflow bug in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. * Added protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large “prekey” consisting of random data (currently 16 KB). |
Back to bug 1952957