diff options
Diffstat (limited to 'debian/NEWS')
| -rw-r--r-- | debian/NEWS | 247 |
1 files changed, 247 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..c0a535c --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,247 @@ +openssh (1:7.9p1-1) unstable; urgency=medium + + OpenSSH 7.9 includes a number of changes that may affect existing + configurations: + + * ssh(1), sshd(8): the setting of the new CASignatureAlgorithms option + bans the use of DSA keys as certificate authorities. + * sshd(8): the authentication success/failure log message has changed + format slightly. It now includes the certificate fingerprint + (previously it included only key ID and CA key fingerprint). + + -- Colin Watson <cjwatson@debian.org> Sun, 21 Oct 2018 10:39:24 +0100 + +openssh (1:7.8p1-1) unstable; urgency=medium + + OpenSSH 7.8 includes a number of changes that may affect existing + configurations: + + * ssh-keygen(1): Write OpenSSH format private keys by default instead of + using OpenSSL's PEM format. The OpenSSH format, supported in OpenSSH + releases since 2014 and described in the PROTOCOL.key file in the + source distribution, offers substantially better protection against + offline password guessing and supports key comments in private keys. + If necessary, it is possible to write old PEM-style keys by adding "-m + PEM" to ssh-keygen's arguments when generating or updating a key. + * sshd(8): Remove internal support for S/Key multiple factor + authentication. S/Key may still be used via PAM or BSD auth. + * ssh(1): Remove vestigial support for running ssh(1) as setuid. This + used to be required for hostbased authentication and the (long gone) + rhosts-style authentication, but has not been necessary for a long + time. Attempting to execute ssh as a setuid binary, or with uid != + effective uid will now yield a fatal error at runtime. + * sshd(8): The semantics of PubkeyAcceptedKeyTypes and the similar + HostbasedAcceptedKeyTypes options have changed. These now specify + signature algorithms that are accepted for their respective + authentication mechanism, where previously they specified accepted key + types. This distinction matters when using the RSA/SHA2 signature + algorithms "rsa-sha2-256", "rsa-sha2-512" and their certificate + counterparts. Configurations that override these options but omit + these algorithm names may cause unexpected authentication failures (no + action is required for configurations that accept the default for these + options). + * sshd(8): The precedence of session environment variables has changed. + ~/.ssh/environment and environment="..." options in authorized_keys + files can no longer override SSH_* variables set implicitly by sshd. + * ssh(1)/sshd(8): The default IPQoS used by ssh/sshd has changed. They + will now use DSCP AF21 for interactive traffic and CS1 for bulk. For a + detailed rationale, please see the commit message: + https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284 + + -- Colin Watson <cjwatson@debian.org> Thu, 30 Aug 2018 15:35:27 +0100 + +openssh (1:7.6p1-1) unstable; urgency=medium + + OpenSSH 7.6 includes a number of changes that may affect existing + configurations: + + * ssh(1): Delete SSH protocol version 1 support, associated configuration + options and documentation. + * ssh(1)/sshd(8): Remove support for the hmac-ripemd160 MAC. + * ssh(1)/sshd(8): Remove support for the arcfour, blowfish and CAST + ciphers. + * Refuse RSA keys <1024 bits in length and improve reporting for keys + that do not meet this requirement. + * ssh(1): Do not offer CBC ciphers by default. + + -- Colin Watson <cjwatson@debian.org> Fri, 06 Oct 2017 12:36:48 +0100 + +openssh (1:7.5p1-1) experimental; urgency=medium + + OpenSSH 7.5 includes a number of changes that may affect existing + configurations: + + * This release deprecates the sshd_config UsePrivilegeSeparation option, + thereby making privilege separation mandatory. + + * The format of several log messages emitted by the packet code has + changed to include additional information about the user and their + authentication state. Software that monitors ssh/sshd logs may need to + account for these changes. For example: + + Connection closed by user x 1.1.1.1 port 1234 [preauth] + Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth] + Connection closed by invalid user x 1.1.1.1 port 1234 [preauth] + + Affected messages include connection closure, timeout, remote + disconnection, negotiation failure and some other fatal messages + generated by the packet code. + + -- Colin Watson <cjwatson@debian.org> Sun, 02 Apr 2017 02:58:01 +0100 + +openssh (1:7.4p1-7) unstable; urgency=medium + + This version restores the default for AuthorizedKeysFile to search both + ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2, as was the case in + Debian configurations before 1:7.4p1-1. Upstream intends to phase out + searching ~/.ssh/authorized_keys2 by default, so you should ensure that + you are only using ~/.ssh/authorized_keys, at least for critical + administrative access; do not assume that the current default will remain + in place forever. + + -- Colin Watson <cjwatson@debian.org> Sun, 05 Mar 2017 02:12:42 +0000 + +openssh (1:7.4p1-1) unstable; urgency=medium + + OpenSSH 7.4 includes a number of changes that may affect existing + configurations: + + * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit + block ciphers are not safe in 2016 and we don't want to wait until + attacks like SWEET32 are extended to SSH. As 3des-cbc was the only + mandatory cipher in the SSH RFCs, this may cause problems connecting to + older devices using the default configuration, but it's highly likely + that such devices already need explicit configuration for key exchange + and hostkey algorithms already anyway. + * sshd(8): Remove support for pre-authentication compression. Doing + compression early in the protocol probably seemed reasonable in the + 1990s, but today it's clearly a bad idea in terms of both cryptography + (cf. multiple compression oracle attacks in TLS) and attack surface. + Pre-auth compression support has been disabled by default for >10 + years. Support remains in the client. + * ssh-agent will refuse to load PKCS#11 modules outside a whitelist of + trusted paths by default. The path whitelist may be specified at + run-time. + * sshd(8): When a forced-command appears in both a certificate and an + authorized keys/principals command= restriction, sshd will now refuse + to accept the certificate unless they are identical. The previous + (documented) behaviour of having the certificate forced-command + override the other could be a bit confusing and error-prone. + * sshd(8): Remove the UseLogin configuration directive and support for + having /bin/login manage login sessions. + + The unprivileged sshd process that deals with pre-authentication network + traffic is now subject to additional sandboxing restrictions by default: + that is, the default sshd_config now sets UsePrivilegeSeparation to + "sandbox" rather than "yes". This has been the case upstream for a while, + but until now the Debian configuration diverged unnecessarily. + + -- Colin Watson <cjwatson@debian.org> Tue, 27 Dec 2016 18:01:46 +0000 + +openssh (1:7.2p1-1) unstable; urgency=medium + + OpenSSH 7.2 disables a number of legacy cryptographic algorithms by + default in ssh: + + * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and the + rijndael-cbc aliases for AES. + * MD5-based and truncated HMAC algorithms. + + These algorithms are already disabled by default in sshd. + + -- Colin Watson <cjwatson@debian.org> Tue, 08 Mar 2016 11:47:20 +0000 + +openssh (1:7.1p1-2) unstable; urgency=medium + + OpenSSH 7.0 disables several pieces of weak, legacy, and/or unsafe + cryptography. + + * Support for the legacy SSH version 1 protocol is disabled by default at + compile time. Note that this also means that the Cipher keyword in + ssh_config(5) is effectively no longer usable; use Ciphers instead for + protocol 2. The openssh-client-ssh1 package includes "ssh1", "scp1", + and "ssh-keygen1" binaries which you can use if you have no alternative + way to connect to an outdated SSH1-only server; please contact the + server administrator or system vendor in such cases and ask them to + upgrade. + * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is + disabled by default at run-time. It may be re-enabled using the + instructions at http://www.openssh.com/legacy.html + * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by + default at run-time. These may be re-enabled using the instructions at + http://www.openssh.com/legacy.html + * Support for the legacy v00 cert format has been removed. + + Future releases will retire more legacy cryptography, including: + + * Refusing all RSA keys smaller than 1024 bits (the current minimum is + 768 bits). + * Several ciphers will be disabled by default: blowfish-cbc, cast128-cbc, + all arcfour variants, and the rijndael-cbc aliases for AES. + * MD5-based HMAC algorithms will be disabled by default. + + -- Colin Watson <cjwatson@debian.org> Tue, 08 Dec 2015 15:33:08 +0000 + +openssh (1:6.9p1-1) unstable; urgency=medium + + UseDNS now defaults to 'no'. Configurations that match against the client + host name (via sshd_config or authorized_keys) may need to re-enable it or + convert to matching against addresses. + + -- Colin Watson <cjwatson@debian.org> Thu, 20 Aug 2015 10:38:58 +0100 + +openssh (1:6.7p1-5) unstable; urgency=medium + + openssh-server 1:6.7p1-4 changed the default setting of AcceptEnv to list + a number of specific LC_FOO variables rather than the wildcard LC_*. I + have since been persuaded that this was a bad idea and have reverted it, + but it is difficult to automatically undo the change to + /etc/ssh/sshd_config without compounding the problem (that of modifying + configuration that some users did not want to be modified) further. Most + users who upgraded via version 1:6.7p1-4 should restore the previous value + of "AcceptEnv LANG LC_*" in /etc/ssh/sshd_config. + + -- Colin Watson <cjwatson@debian.org> Sun, 22 Mar 2015 23:09:32 +0000 + +openssh (1:5.4p1-2) unstable; urgency=low + + Smartcard support is now available using PKCS#11 tokens. If you were + previously using an unofficial build of Debian's OpenSSH package with + OpenSC-based smartcard support added, then note that commands like + 'ssh-add -s 0' will no longer work; you need to use 'ssh-add -s + /usr/lib/opensc-pkcs11.so' instead. + + -- Colin Watson <cjwatson@debian.org> Sat, 10 Apr 2010 01:08:59 +0100 + +openssh (1:3.8.1p1-9) experimental; urgency=low + + The ssh package has been split into openssh-client and openssh-server. If + you had previously requested that the sshd server should not be run, then + that request will still be honoured. However, the recommended approach is + now to remove the openssh-server package if you do not want to run sshd. + You can remove the old /etc/ssh/sshd_not_to_be_run marker file after doing + that. + + -- Colin Watson <cjwatson@debian.org> Mon, 2 Aug 2004 20:48:54 +0100 + +openssh (1:3.5p1-1) unstable; urgency=low + + This version of OpenSSH disables the environment option for public keys by + default, in order to avoid certain attacks (for example, LD_PRELOAD). If + you are using this option in an authorized_keys file, beware that the keys + in question will no longer work until the option is removed. + + To re-enable this option, set "PermitUserEnvironment yes" in + /etc/ssh/sshd_config after the upgrade is complete, taking note of the + warning in the sshd_config(5) manual page. + + -- Colin Watson <cjwatson@debian.org> Sat, 26 Oct 2002 19:41:51 +0100 + +openssh (1:3.0.1p1-1) unstable; urgency=high + + As of version 3, OpenSSH no longer uses separate files for ssh1 and ssh2 + keys. This means the authorized_keys2 and known_hosts2 files are no longer + needed. They will still be read in order to maintain backward + compatibility. + + -- Matthew Vernon <matthew@debian.org> Thu, 28 Nov 2001 17:43:01 +0000 |