After five months of development, the release of OpenSSH 8.5 is released, an open implementation of a client and server for working with the SSH 2.0 and SFTP protocols. The developers announced the translation in the future of algorithms that use SHA-1 hashes to the category of obsolete ones. The problem is that the effectiveness of collision attacks with a given prefix is โโconstantly increasing. At the same time, the cost of selecting a collision costs about $ 50,000.
In the near future, the developers promise to disable the ability to use the digital signature algorithm using the "ssh-rsa" public key by default. It is still widespread today.
In order to check if this key is used in your own system, you need to try to connect via ssh with the "-oHostKeyAlgorithms = -ssh-rsa" option. An important point: disabling this type of digital signature by default is not a complete rejection of the use of RSA keys. The problem is that, in addition to SHA-1, the SSH protocol allows for other algorithms for calculating hashes. Among other possibilities, the developers will leave the use of bundles "rsa-sha2-256" (RSA / SHA256) and "rsa-sha2-512" (RSA / SHA512).
To simplify the transition to new algorithms, the new release includes by default setting UpdateHostKeys. It is she who transfers clients to new algorithms. The function activates a special protocol extension "hostkeys@openssh.com", which allows the server to inform the client about all available host keys immediately after passing the authentication. The client can reflect these keys in the ~ / .ssh / known_hosts file, which makes it possible to organize the update of the host keys, making it easier to change the keys on the server.
It should be noted that using UpdateHostKeys is possible with a number of nuances:
- it must be mentioned in UserKnownHostsFile and not used in GlobalKnownHostsFile;
- the key must be present under only one name,
- the host key certificate must not be used;
- known_hosts should not use hostname masks;
- the VerifyHostKeyDNS setting must be disabled;
- the UserKnownHostsFile parameter must be active.
Among the algorithms that developers mention as recommended for migration:
- rsa-sha2-256 / 512 based on RFC8332 RSA SHA-2 (supported since OpenSSH 7.2 and used by default);
- ssh-ed25519 (supported since OpenSSH 6.5);
- ecdsa-sha2-nistp256 / 384/521 based on RFC5656 ECDSA (supported since OpenSSH 5.7).
Details of the changes in the new version
Of course, the developers have added many other features that cover several categories.
Security:
- ssh-agent, . OpenSSH 8.2. ssh-agent . , , . , , , root-.
- sshd -. PAM (Pluggable Authentication Module). sshd root- Solaris (CVE-2020-14871).
:
- ssh sshd , . , . , . , . NTRU Prime, , X25519. sntrup4591761x25519-sha512@tinyssh.org sntrup761x25519-sha512@openssh.com ( sntrup4591761 sntrup761).
- ssh sshd . ECDSA ED25519.
- TOS/DSCP TCP-.
- ijndael-cbc@lysator.liu.se, aes256-cbc RFC-4253, .
- CheckHostIP. , .
- sshd PerSourceMaxStartups PerSourceNetBlockSize . .
- ssh sshd LogVerbose, , , .
- ssh IP-, . .
- ssh UserKnownHostsFile=none known_hosts .
- ssh-config KnownHostsCommand, known_hosts .
- PermitRemoteOpen, RemoteForward SOCKS.
- ssh FIDO PIN - PIN PIN . , , PIN.
- contrib/ssh-copy-id.
