OpenSSH/OpenSSH versions Release Notes
Appearance
< OpenSSH
Reading Release Notes is one of the best way to be updated and learn about a software. So you can read complete Release Notes or this filtered summary.
OpenSSH Versions
[edit | edit source]- OpenSSH 8.2[1]
- FEATURE: Add FIDO/U2F Support
- OpenSSH 8.1[2][3], released in October 2019
- OpenSSH 8.0[4][5], released in April 2019
- OpenSSH 7.9[7], released in October 2018
- allow key revocation lists (KRLs) to revoke keys specified by SHA256 hash
- OpenSSH 7.8[8], released in August 2018
- Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using OpenSSL's PEM format.
- OpenSSH 7.7[9], released in February 2018
- FEATURE: Add "
expiry-time
" option in sshd for authorized_keys files to allow for expiring keys.
- FEATURE: Add "
- OpenSSH 7.6[10], released in October 2017
- FEATURE: Add
RemoteCommand
option - FEATURE: Add
SyslogFacility
option to ssh matching the equivalent option in sshd - FEATURE: ssh client reverse dynamic forwarding
-R
- FEATURE: Add
- OpenSSH 7.5[11], released in March 2017
- BUGFIX: This is a mainly a bugfix release.
- OpenSSH 7.4[12], released Template:Release date and age
- sshd(8): Add a sshd_config
DisableForwarding
option
- sshd(8): Add a sshd_config
- OpenSSH 7.3[13], released August 01, 2016
- FEATURE: Adds
ProxyJump
option (-J) - FEATURE: Add an
Include
directive for ssh_config(5) files
- FEATURE: Adds
- OpenSSH 7.1: August 20, 2015[14]
- This is a bugfix release.
- OpenSSH 7.0: August 11, 2015[15]
- The focus of this release is primarily to deprecate weak, legacy and unsafe cryptography.
- OpenSSH 6.9: July 1, 2015[16]
- BUGFIX: This is primarily a bugfix release.
- OpenSSH 6.8: March 18, 2015
- OpenSSH 6.7: October 6, 2014
- OpenSSH 6.6: March 16, 2014
- This is primarily a bugfix release.
- Added new chacha20-poly1305@openssh.com transport cipher[23][24]
- Added curve25519-sha256@libssh.org key exchange
- FEATURE: ssh, added Match keyword for ssh_config that allows conditional configuration to be applied [25]
- FEATURE: client-side hostname canonicalisation:
CanonicalDomains, CanonicalizeFallbackLocal, CanonicalizeHostname, CanonicalizeMaxDots and CanonicalizePermittedCNAMEs
.[26][27] - Add a new private key format that uses a bcrypt KDF
- OpenSSH 6.4: November 8, 2013 [28]
- This release fixes a security bug with AES-GCM
- OpenSSH 6.3: September 13, 2013
- This release is predominantly a bugfix release
- OpenSSH 6.2: March 22, 2013
- OpenSSH 6.1: August 29, 2012
- This is primarily a bugfix release.
- Enables pre-auth sandboxing by default
- Finds ECDSA keys in
ssh-keyscan
and SSHFP DNS records by default now
- OpenSSH 6.0: April 22, 2012
- This is primarily a bugfix release.
- OpenSSH 5.9: September 6, 2011
- Introduce sandboxing of the pre-auth privilege separated child
- OpenSSH 5.8: February 4, 2011
- OpenSSH 5.7: January 24, 2011
- Added support for elliptic curve cryptography for key exchange as well as host/user keys, per RFC 5656
- OpenSSH 5.6: August 23, 2010
- Added a
ControlPersist
option to ssh_config
- Added a
- OpenSSH 5.5: April 16, 2010
- OpenSSH 5.4: March 8, 2010
- Disabled SSH protocol 1 default support. Clients and servers must now explicitly enable it.
- Added PKCS11 authentication support for ssh(1) (-I pkcs11)
- Added Certificate based authentication
- Added "Netcat mode" for ssh(1) (-W host:port). Similar to "-L tunnel", but forwards instead stdin and stdout. This allows, for example, using ssh(1) itself as a ssh(1)
ProxyCommand
to route connections via intermediate servers, without the need for nc(1) on the server machine. - Added the ability to revoke public keys in sshd(8) and ssh(1). While it was already possible to remove the keys from authorised lists, revoked keys will now trigger a warning if used.
- OpenSSH 5.3: October 1, 2009
- OpenSSH 5.2: February 23, 2009
- OpenSSH 5.1: July 21, 2008
- Added a
MaxSessions
option to sshd_config
- Added a
- OpenSSH 5.0: April 3, 2008
- OpenSSH 4.9: March 30, 2008
- OpenSSH 4.7: September 4, 2007
- OpenSSH 4.6: March 9, 2007
- OpenSSH 4.5: November 7, 2006
- OpenSSH 4.4: September 27, 2006
- OpenSSH 4.3: February 1, 2006
- OpenSSH 4.2: September 1, 2005
- OpenSSH 4.1: May 26, 2005
- OpenSSH 4.0: March 9, 2005
- OpenSSH 3.9[29]: August 18, 2004
- Implement session multiplexing.
ControlMaster
option - Added a
MaxAuthTries
option to sshd, allowing control over the maximum number of authentication attempts permitted per connection - Added
IdentitiesOnly
option tossh
which specifies that it should use keys specified in ssh_config, rather than any keys in ssh-agent - Re-introduce support for PAM password authentication
- Implement session multiplexing.
- OpenSSH 3.8: February 24, 2004
- OpenSSH 3.7.1: September 16, 2003
- OpenSSH 3.7: September 16, 2003
- OpenSSH 3.6.1: April 1, 2003
- OpenSSH 3.6: March 31, 2003
- OpenSSH 3.5: October 14, 2002
- OpenSSH 3.4: June 26, 2002
- OpenSSH 3.1: April 9, 2004 [30]
- OpenSSH 3.0: November 6, 2001 [31]
- Improved Kerberos support in protocol v1 (KerbIV and KerbV)
- OpenSSH 2.9.9: [32]
- OpenSSH 2.5.1p1: February 19, 2001[33]
- SkeyAuthentication absoleted, use ChallengeResponseAuthentication instead.
- OpenSSH 1.2.2p1[34]: March 5, 2000
See also
[edit | edit source]- ↑ https://www.openssh.com/txt/release-8.2
- ↑ https://www.openssh.com/txt/release-8.1
- ↑ https://www.openssh.com/releasenotes.html#8.1
- ↑ http://www.openssh.com/txt/release-8.0
- ↑ https://www.openssh.com/releasenotes.html#8.0
- ↑ https://nvd.nist.gov/vuln/detail/CVE-2019-6111
- ↑ http://www.openssh.com/txt/release-7.9
- ↑ http://www.openssh.com/txt/release-7.8
- ↑ http://www.openssh.com/txt/release-7.7
- ↑ http://www.openssh.com/txt/release-7.6
- ↑ http://www.openssh.com/txt/release-7.5
- ↑ http://www.openssh.com/txt/release-7.4
- ↑ http://www.openssh.com/txt/release-7.3
- ↑ "OpenSSH 7.1 Release Notes". openssh.com. 2015-08-20. Retrieved 2015-09-01.
- ↑ "OpenSSH 7.0 Release Notes". openssh.com. 2015-08-11. Retrieved 2015-08-18.
- ↑ "OpenSSH 6.9 Release Notes". openssh.com. 2015-07-01. Retrieved 2015-08-12.
- ↑ Murenin, Constantine A. (2015-02-01). Soulskill (ed.). "OpenSSH Will Feature Key Discovery and Rotation For Easier Switching To Ed25519". Slashdot. Retrieved 2015-02-01.
- ↑ https://lwn.net/Article s/637147/
- ↑ Murenin, Constantine A. (2014-04-30). Soulskill (ed.). "OpenSSH No Longer Has To Depend On OpenSSL". Slashdot. Retrieved 2014-12-26.
- ↑ http://www.openssh.com/txt/release-6.5
- ↑ https://www.openssh.com/releasenotes.html#6.5
- ↑ https://en.wikipedia.org/wiki/Curve25519#Popularity
- ↑ Miller, Damien (2013-12-02). "ssh/PROTOCOL.chacha20poly1305". BSD Cross Reference, OpenBSD src/usr.bin/. Retrieved 2014-12-26.
- ↑ Murenin, Constantine A. (2013-12-11). Unknown Lamer (ed.). "OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein". Slashdot. Retrieved 2014-12-26.
- ↑ https://www.openssh.com/txt/release-6.5
- ↑ http://blog.djm.net.au/2014/01/hostname-canonicalisation-in-openssh.html
- ↑ https://github.com/openssh/openssh-portable/commit/0faf747e2f77f0f7083bcd59cbed30c4b5448444
- ↑ https://www.openssh.com/txt/release-6.4
- ↑ https://www.openssh.com/txt/release-3.9
- ↑ https://www.openssh.com/txt/release-3.1
- ↑ https://www.openssh.com/txt/release-3.0
- ↑ https://www.openssh.com/txt/release-2.9.9
- ↑ https://www.openssh.com/txt/release-2.5.1p1
- ↑ https://www.openssh.com/txt/release-1.2.2p1