Bug 1952957

.OpenSSH distributed in 8.7p1 RHEL 9 includes *OpenSSH* in version 8.7p1. This version provides many enhancements and bug fixes over *OpenSSH* version 8.0p1, which is distributed in RHEL 8.5, most notably: *New Features* * Support for transfers using the SFTP protocol as a replacement for the previously used SCP/RCP protocol. SFTP offers more predictable filename handling and does not require expansion of glob(3) patterns by the shell on the remote side. + SFTP support is enabled by default. If SFTP is unavailable or incompatible in your scenario, you can use the `-O` flag to force use of the original SCP/RCP protocol. * The `LogVerbose` configuration directive that allows forcing maximum debug logging by file/function/line pattern lists. * Client address-based rate-limiting with the new `sshd_config` `PerSourceMaxStartups`, and `PerSourceNetBlockSize` directives. This provides finer control than the global `MaxStartups` limit. * The `HostbasedAcceptedAlgorithms` keyword now filters based on the signature algorithm instead of filtering by key type. * The `Include` `sshd_config` keyword in the `sshd` daemon that allows including additional configuration files by using `glob` patterns. * Support for Universal 2nd Factor (U2F) hardware authenticators specified by the FIDO Alliance. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In *OpenSSH*, FIDO devices are supported by new public key types `ecdsa-sk` and `ed25519-sk` and by the corresponding certificate types. * Support for FIDO keys that require a PIN for each use. You can generate these keys by using `ssh-keygen` with the new `verify-required` option. When a PIN-required key is used, the user will be prompted for a PIN to complete the signature operation. * The `authorized_keys` file now supports a new `verify-required` option. This option requires FIDO signatures to assert token verification of the user's presence before making the signature. The FIDO protocol supports multiple methods for user verification, OpenSSH currently supports only PIN verification. * Added support for verifying FIDO `webauthn` signatures. `webauthn` is a standard for using FIDO keys in web browsers. These signatures are a slightly different format to plain FIDO signatures and therefore require explicit support. *Bug fixes* * Clarified semantics of the `ClientAliveCountMax=0` keyword. Now, it entirely disables connection killing instead of the previous behavior of instantly killing the connection after the first liveness test regardless of its success. *Security* * Fixed an exploitable integer overflow bug in the private key parsing code for the XMSS key type. This key type is still experimental and support for it is not compiled by default. No user-facing autoconf option exists in portable OpenSSH to enable it. * Added protection for private keys at rest in RAM against speculation and memory side-channel attacks like Spectre, Meltdown and Rambleed. This release encrypts private keys when they are not in use with a symmetric key that is derived from a relatively large “prekey” consisting of random data (currently 16 KB).