OpenSSH/OpenSSH versions Release Notes

From Wikiversity
Jump to navigation Jump to search

Reading Release Notes is one of the best way to be updated and learn about a software. So you can read complete Release Notes or this brief summary.


OpenSSH Versions[edit]

  • OpenSSH 8.0[1][2], released in April 2019
    • SECURITY: CVE-2019-6111[3] related to scp tool and protocol allowing to overwrite arbitrary files in the scp client target directory
  • OpenSSH 7.9[4], released in October 2018
  • OpenSSH 7.8[5], released in August 2018
    • Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using OpenSSL's PEM format.
  • OpenSSH 7.7[6], released in February 2018
    • FEATURE: Add "expiry-time" option in sshd for authorized_keys files to allow for expiring keys.
  • OpenSSH 7.6[7], released in October 2017
    • FEATURE: Add RemoteCommand option
    • FEATURE: Add SyslogFacility option to ssh matching the equivalent option in sshd
    • FEATURE: ssh client reverse dynamic forwarding -R
  • OpenSSH 7.5[8], released in March 2017
    • BUGFIX: This is a mainly a bugfix release.
  • OpenSSH 7.4[9], released Template:Release date and age
    • sshd(8): Add a sshd_config DisableForwarding option
  • OpenSSH 7.3[10], released August 01, 2016
    • FEATURE: Adds ProxyJump option (-J)
    • FEATURE: Add an Include directive for ssh_config(5) files
  • OpenSSH 7.1: August 20, 2015[11]
    • This is a bugfix release.
  • OpenSSH 7.0: August 11, 2015[12]
    • The focus of this release is primarily to deprecate weak, legacy and unsafe cryptography.
  • OpenSSH 6.9: July 1, 2015[13]
    • BUGFIX: This is primarily a bugfix release.
  • OpenSSH 6.8: March 18, 2015
    • Added new hostkeys@openssh.com extension to facilitate public key discovery and rotation for trusted hosts (for transition from DSA to Ed25519 public host keys)[14]
    • AuthenticationMethods=publickey,publickey to require that users authenticate using two different public keys[15]
  • OpenSSH 6.7: October 6, 2014
    • The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default.
    • Compile-time option to not depend on OpenSSL[16]
    • Add support for Unix domain socket forwarding
  • OpenSSH 6.6: March 16, 2014
    • This is primarily a bugfix release.
  • OpenSSH 6.5[17][18]: January 30, 2014
    • Added new ssh-ed25519 and ssh-ed25519-cert-v01@openssh.com public key types (available since 2005 but more popular since some suspicious that NSA had chosen values that gave them an advantage in factoring public-keys)[19]
    • Added new chacha20-poly1305@openssh.com transport cipher[20][21]
    • Added curve25519-sha256@libssh.org key exchange
    • FEATURE: ssh, added Match keyword for ssh_config that allows conditional configuration to be applied [22]
    • FEATURE: client-side hostname canonicalisation: CanonicalDomains, CanonicalizeFallbackLocal, CanonicalizeHostname, CanonicalizeMaxDots and CanonicalizePermittedCNAMEs.[23][24]
    • Add a new private key format that uses a bcrypt KDF
  • OpenSSH 6.4: November 8, 2013 [25]
    • This release fixes a security bug with AES-GCM
  • OpenSSH 6.3: September 13, 2013
    • This release is predominantly a bugfix release
  • OpenSSH 6.2: March 22, 2013
    • Add a GCM-mode for the AES cipher, similar to RFC 5647
    • Added support for encrypt-then-mac MAC modes
    • Added support for multiple required authentication methods
    • Added support for Key Revocation Lists (KRL)
  • OpenSSH 6.1: August 29, 2012
    • This is primarily a bugfix release.
    • Enables pre-auth sandboxing by default
    • Finds ECDSA keys in ssh-keyscan and SSHFP DNS records by default now
  • OpenSSH 6.0: April 22, 2012
    • This is primarily a bugfix release.
  • OpenSSH 5.9: September 6, 2011
  • OpenSSH 5.8: February 4, 2011
  • OpenSSH 5.7: January 24, 2011
  • OpenSSH 5.6: August 23, 2010
    • Added a ControlPersistoption to ssh_config
  • OpenSSH 5.5: April 16, 2010
  • OpenSSH 5.4: March 8, 2010
    • Disabled SSH protocol 1 default support. Clients and servers must now explicitly enable it.
    • Added PKCS11 authentication support for ssh(1) (-I pkcs11)
    • Added Certificate based authentication
    • Added "Netcat mode" for ssh(1) (-W host:port). Similar to "-L tunnel", but forwards instead stdin and stdout. This allows, for example, using ssh(1) itself as a ssh(1) ProxyCommand to route connections via intermediate servers, without the need for nc(1) on the server machine.
    • Added the ability to revoke public keys in sshd(8) and ssh(1). While it was already possible to remove the keys from authorised lists, revoked keys will now trigger a warning if used.
  • OpenSSH 5.3: October 1, 2009
  • OpenSSH 5.2: February 23, 2009
  • OpenSSH 5.1: July 21, 2008
    • Added a MaxSessions option to sshd_config
  • OpenSSH 5.0: April 3, 2008
  • OpenSSH 4.9: March 30, 2008
    • Added chroot support for sshd(8)
    • Create an internal SFTP server for easier use of the chroot functionality
  • OpenSSH 4.7: September 4, 2007
  • OpenSSH 4.6: March 9, 2007
  • OpenSSH 4.5: November 7, 2006
  • OpenSSH 4.4: September 27, 2006
  • OpenSSH 4.3: February 1, 2006
    • Added OSI layer 2/3 tun-based VPN (-w option on ssh(1))
  • OpenSSH 4.2: September 1, 2005
  • OpenSSH 4.1: May 26, 2005
  • OpenSSH 4.0: March 9, 2005
  • OpenSSH 3.9[26]: August 18, 2004
    • Implement session multiplexing. ControlMaster option
    • Added a MaxAuthTries option to sshd, allowing control over the maximum number of authentication attempts permitted per connection
    • Added IdentitiesOnly option to ssh which specifies that it should use keys specified in ssh_config, rather than any keys in ssh-agent
  • OpenSSH 3.8: February 24, 2004
  • OpenSSH 3.7.1: September 16, 2003
  • OpenSSH 3.7: September 16, 2003
  • OpenSSH 3.6.1: April 1, 2003
  • OpenSSH 3.6: March 31, 2003
  • OpenSSH 3.5: October 14, 2002
  • OpenSSH 3.4: June 26, 2002
  • OpenSSH 2.5.1p1: February 19, 2001[27]
    • SkeyAuthentication absoleted, use ChallengeResponseAuthentication instead.
  • OpenSSH 1.2.2p1[28]: March 5, 2000


See also[edit]

  • http://www.openssh.com/txt/release-8.0
  • https://www.openssh.com/releasenotes.html#8.0
  • https://nvd.nist.gov/vuln/detail/CVE-2019-6111
  • http://www.openssh.com/txt/release-7.9
  • http://www.openssh.com/txt/release-7.8
  • http://www.openssh.com/txt/release-7.7
  • http://www.openssh.com/txt/release-7.6
  • http://www.openssh.com/txt/release-7.5
  • http://www.openssh.com/txt/release-7.4
  • http://www.openssh.com/txt/release-7.3
  • "OpenSSH 7.1 Release Notes". openssh.com. 2015-08-20. Retrieved 2015-09-01.
  • "OpenSSH 7.0 Release Notes". openssh.com. 2015-08-11. Retrieved 2015-08-18.
  • "OpenSSH 6.9 Release Notes". openssh.com. 2015-07-01. Retrieved 2015-08-12.
  • Murenin, Constantine A. (2015-02-01). Soulskill (ed.). "OpenSSH Will Feature Key Discovery and Rotation For Easier Switching To Ed25519". Slashdot. Retrieved 2015-02-01.
  • https://lwn.net/Article s/637147/
  • Murenin, Constantine A. (2014-04-30). Soulskill (ed.). "OpenSSH No Longer Has To Depend On OpenSSL". Slashdot. Retrieved 2014-12-26.
  • http://www.openssh.com/txt/release-6.5
  • https://www.openssh.com/releasenotes.html#6.5
  • https://en.wikipedia.org/wiki/Curve25519#Popularity
  • Miller, Damien (2013-12-02). "ssh/PROTOCOL.chacha20poly1305". BSD Cross Reference, OpenBSD src/usr.bin/. Retrieved 2014-12-26.
  • Murenin, Constantine A. (2013-12-11). Unknown Lamer (ed.). "OpenSSH Has a New Cipher — Chacha20-poly1305 — from D.J. Bernstein". Slashdot. Retrieved 2014-12-26.
  • https://www.openssh.com/txt/release-6.5
  • http://blog.djm.net.au/2014/01/hostname-canonicalisation-in-openssh.html
  • https://github.com/openssh/openssh-portable/commit/0faf747e2f77f0f7083bcd59cbed30c4b5448444
  • https://www.openssh.com/txt/release-6.4
  • https://www.openssh.com/txt/release-3.9
  • https://www.openssh.com/txt/release-2.5.1p1
  • https://www.openssh.com/txt/release-1.2.2p1