diff options
Diffstat (limited to '')
-rw-r--r-- | debian/NEWS | 347 |
1 files changed, 347 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 0000000..2d38891 --- /dev/null +++ b/debian/NEWS @@ -0,0 +1,347 @@ +openssh (1:8.4p1-1) unstable; urgency=medium + + OpenSSH 8.4 includes a number of changes that may affect existing + configurations: + + * ssh-keygen(1): the format of the attestation information optionally + recorded when a FIDO key is generated has changed. It now includes the + authenticator data needed to validate attestation signatures. + + * The API between OpenSSH and the FIDO token middleware has changed and + the SSH_SK_VERSION_MAJOR version has been incremented as a result. + Third-party middleware libraries must support the current API version + (7) to work with OpenSSH 8.4. + + -- Colin Watson <cjwatson@debian.org> Sun, 18 Oct 2020 12:07:48 +0100 + +openssh (1:8.3p1-1) unstable; urgency=medium + + OpenSSH 8.3 includes a number of changes that may affect existing + configurations: + + * sftp(1): reject an argument of "-1" in the same way as ssh(1) and scp(1) + do instead of accepting and silently ignoring it. + + -- Colin Watson <cjwatson@debian.org> Sun, 07 Jun 2020 13:44:04 +0100 + +openssh (1:8.2p1-1) unstable; urgency=medium + + OpenSSH 8.2 includes a number of changes that may affect existing + configurations: + + * ssh(1), sshd(8), ssh-keygen(1): This release removes the "ssh-rsa" + (RSA/SHA1) algorithm from those accepted for certificate signatures + (i.e. the client and server CASignatureAlgorithms option) and will use + the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1) + CA signs new certificates. + + Certificates are at special risk to SHA1 collision vulnerabilities as + an attacker has effectively unlimited time in which to craft a + collision that yields them a valid certificate, far more than the + relatively brief LoginGraceTime window that they have to forge a host + key signature. + + The OpenSSH certificate format includes a CA-specified (typically + random) nonce value near the start of the certificate that should make + exploitation of chosen-prefix collisions in this context challenging, + as the attacker does not have full control over the prefix that + actually gets signed. Nonetheless, SHA1 is now a demonstrably broken + algorithm and further improvements in attacks are highly likely. + + OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2 + algorithms and will refuse to accept certificates signed by an OpenSSH + 8.2+ CA using RSA keys unless the unsafe algorithm is explicitly + selected during signing ("ssh-keygen -t ssh-rsa"). Older + clients/servers may use another CA key type such as ssh-ed25519 + (supported since OpenSSH 6.5) or one of the ecdsa-sha2-nistp256/384/521 + types (supported since OpenSSH 5.7) instead if they cannot be upgraded. + + * ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default + key exchange proposal for both the client and server. + + * ssh-keygen(1): The command-line options related to the generation and + screening of safe prime numbers used by the + diffie-hellman-group-exchange-* key exchange algorithms have changed. + Most options have been folded under the -O flag. + + * sshd(8): The sshd listener process title visible to ps(1) has changed + to include information about the number of connections that are + currently attempting authentication and the limits configured by + MaxStartups. + + -- Colin Watson <cjwatson@debian.org> Fri, 21 Feb 2020 16:36:37 +0000 + +openssh (1:8.1p1-1) unstable; urgency=medium + + OpenSSH 8.1 includes a number of changes that may affect existing + configurations: + + * ssh-keygen(1): when acting as a CA and signing certificates with an RSA + key, default to using the rsa-sha2-512 signature algorithm. + Certificates signed by RSA keys will therefore be incompatible with + OpenSSH versions prior to 7.2 unless the default is overridden (using + "ssh-keygen -t ssh-rsa -s ..."). + + -- Colin Watson <cjwatson@debian.org> Thu, 10 Oct 2019 10:23:19 +0100 + +openssh (1:8.0p1-1) experimental; urgency=medium + + OpenSSH 8.0 includes a number of changes that may affect existing + configurations: + + * sshd(8): Remove support for obsolete "host/port" syntax. + Slash-separated host/port was added in 2001 as an alternative to + host:port syntax for the benefit of IPv6 users. These days there are + established standards for this like [::1]:22 and the slash syntax is + easily mistaken for CIDR notation, which OpenSSH supports for some + things. Remove the slash notation from ListenAddress and PermitOpen. + + -- Colin Watson <cjwatson@debian.org> Sun, 09 Jun 2019 22:47:27 +0100 + +openssh (1:7.9p1-1) unstable; urgency=medium + + OpenSSH 7.9 includes a number of changes that may affect existing + configurations: + + * ssh(1), sshd(8): the setting of the new CASignatureAlgorithms option + bans the use of DSA keys as certificate authorities. + * sshd(8): the authentication success/failure log message has changed + format slightly. It now includes the certificate fingerprint + (previously it included only key ID and CA key fingerprint). + + -- Colin Watson <cjwatson@debian.org> Sun, 21 Oct 2018 10:39:24 +0100 + +openssh (1:7.8p1-1) unstable; urgency=medium + + OpenSSH 7.8 includes a number of changes that may affect existing + configurations: + + * ssh-keygen(1): Write OpenSSH format private keys by default instead of + using OpenSSL's PEM format. The OpenSSH format, supported in OpenSSH + releases since 2014 and described in the PROTOCOL.key file in the + source distribution, offers substantially better protection against + offline password guessing and supports key comments in private keys. + If necessary, it is possible to write old PEM-style keys by adding "-m + PEM" to ssh-keygen's arguments when generating or updating a key. + * sshd(8): Remove internal support for S/Key multiple factor + authentication. S/Key may still be used via PAM or BSD auth. + * ssh(1): Remove vestigial support for running ssh(1) as setuid. This + used to be required for hostbased authentication and the (long gone) + rhosts-style authentication, but has not been necessary for a long + time. Attempting to execute ssh as a setuid binary, or with uid != + effective uid will now yield a fatal error at runtime. + * sshd(8): The semantics of PubkeyAcceptedKeyTypes and the similar + HostbasedAcceptedKeyTypes options have changed. These now specify + signature algorithms that are accepted for their respective + authentication mechanism, where previously they specified accepted key + types. This distinction matters when using the RSA/SHA2 signature + algorithms "rsa-sha2-256", "rsa-sha2-512" and their certificate + counterparts. Configurations that override these options but omit + these algorithm names may cause unexpected authentication failures (no + action is required for configurations that accept the default for these + options). + * sshd(8): The precedence of session environment variables has changed. + ~/.ssh/environment and environment="..." options in authorized_keys + files can no longer override SSH_* variables set implicitly by sshd. + * ssh(1)/sshd(8): The default IPQoS used by ssh/sshd has changed. They + will now use DSCP AF21 for interactive traffic and CS1 for bulk. For a + detailed rationale, please see the commit message: + https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284 + + -- Colin Watson <cjwatson@debian.org> Thu, 30 Aug 2018 15:35:27 +0100 + +openssh (1:7.6p1-1) unstable; urgency=medium + + OpenSSH 7.6 includes a number of changes that may affect existing + configurations: + + * ssh(1): Delete SSH protocol version 1 support, associated configuration + options and documentation. + * ssh(1)/sshd(8): Remove support for the hmac-ripemd160 MAC. + * ssh(1)/sshd(8): Remove support for the arcfour, blowfish and CAST + ciphers. + * Refuse RSA keys <1024 bits in length and improve reporting for keys + that do not meet this requirement. + * ssh(1): Do not offer CBC ciphers by default. + + -- Colin Watson <cjwatson@debian.org> Fri, 06 Oct 2017 12:36:48 +0100 + +openssh (1:7.5p1-1) experimental; urgency=medium + + OpenSSH 7.5 includes a number of changes that may affect existing + configurations: + + * This release deprecates the sshd_config UsePrivilegeSeparation option, + thereby making privilege separation mandatory. + + * The format of several log messages emitted by the packet code has + changed to include additional information about the user and their + authentication state. Software that monitors ssh/sshd logs may need to + account for these changes. For example: + + Connection closed by user x 1.1.1.1 port 1234 [preauth] + Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth] + Connection closed by invalid user x 1.1.1.1 port 1234 [preauth] + + Affected messages include connection closure, timeout, remote + disconnection, negotiation failure and some other fatal messages + generated by the packet code. + + -- Colin Watson <cjwatson@debian.org> Sun, 02 Apr 2017 02:58:01 +0100 + +openssh (1:7.4p1-7) unstable; urgency=medium + + This version restores the default for AuthorizedKeysFile to search both + ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2, as was the case in + Debian configurations before 1:7.4p1-1. Upstream intends to phase out + searching ~/.ssh/authorized_keys2 by default, so you should ensure that + you are only using ~/.ssh/authorized_keys, at least for critical + administrative access; do not assume that the current default will remain + in place forever. + + -- Colin Watson <cjwatson@debian.org> Sun, 05 Mar 2017 02:12:42 +0000 + +openssh (1:7.4p1-1) unstable; urgency=medium + + OpenSSH 7.4 includes a number of changes that may affect existing + configurations: + + * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit + block ciphers are not safe in 2016 and we don't want to wait until + attacks like SWEET32 are extended to SSH. As 3des-cbc was the only + mandatory cipher in the SSH RFCs, this may cause problems connecting to + older devices using the default configuration, but it's highly likely + that such devices already need explicit configuration for key exchange + and hostkey algorithms already anyway. + * sshd(8): Remove support for pre-authentication compression. Doing + compression early in the protocol probably seemed reasonable in the + 1990s, but today it's clearly a bad idea in terms of both cryptography + (cf. multiple compression oracle attacks in TLS) and attack surface. + Pre-auth compression support has been disabled by default for >10 + years. Support remains in the client. + * ssh-agent will refuse to load PKCS#11 modules outside a whitelist of + trusted paths by default. The path whitelist may be specified at + run-time. + * sshd(8): When a forced-command appears in both a certificate and an + authorized keys/principals command= restriction, sshd will now refuse + to accept the certificate unless they are identical. The previous + (documented) behaviour of having the certificate forced-command + override the other could be a bit confusing and error-prone. + * sshd(8): Remove the UseLogin configuration directive and support for + having /bin/login manage login sessions. + + The unprivileged sshd process that deals with pre-authentication network + traffic is now subject to additional sandboxing restrictions by default: + that is, the default sshd_config now sets UsePrivilegeSeparation to + "sandbox" rather than "yes". This has been the case upstream for a while, + but until now the Debian configuration diverged unnecessarily. + + -- Colin Watson <cjwatson@debian.org> Tue, 27 Dec 2016 18:01:46 +0000 + +openssh (1:7.2p1-1) unstable; urgency=medium + + OpenSSH 7.2 disables a number of legacy cryptographic algorithms by + default in ssh: + + * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and the + rijndael-cbc aliases for AES. + * MD5-based and truncated HMAC algorithms. + + These algorithms are already disabled by default in sshd. + + -- Colin Watson <cjwatson@debian.org> Tue, 08 Mar 2016 11:47:20 +0000 + +openssh (1:7.1p1-2) unstable; urgency=medium + + OpenSSH 7.0 disables several pieces of weak, legacy, and/or unsafe + cryptography. + + * Support for the legacy SSH version 1 protocol is disabled by default at + compile time. Note that this also means that the Cipher keyword in + ssh_config(5) is effectively no longer usable; use Ciphers instead for + protocol 2. The openssh-client-ssh1 package includes "ssh1", "scp1", + and "ssh-keygen1" binaries which you can use if you have no alternative + way to connect to an outdated SSH1-only server; please contact the + server administrator or system vendor in such cases and ask them to + upgrade. + * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is + disabled by default at run-time. It may be re-enabled using the + instructions at http://www.openssh.com/legacy.html + * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by + default at run-time. These may be re-enabled using the instructions at + http://www.openssh.com/legacy.html + * Support for the legacy v00 cert format has been removed. + + Future releases will retire more legacy cryptography, including: + + * Refusing all RSA keys smaller than 1024 bits (the current minimum is + 768 bits). + * Several ciphers will be disabled by default: blowfish-cbc, cast128-cbc, + all arcfour variants, and the rijndael-cbc aliases for AES. + * MD5-based HMAC algorithms will be disabled by default. + + -- Colin Watson <cjwatson@debian.org> Tue, 08 Dec 2015 15:33:08 +0000 + +openssh (1:6.9p1-1) unstable; urgency=medium + + UseDNS now defaults to 'no'. Configurations that match against the client + host name (via sshd_config or authorized_keys) may need to re-enable it or + convert to matching against addresses. + + -- Colin Watson <cjwatson@debian.org> Thu, 20 Aug 2015 10:38:58 +0100 + +openssh (1:6.7p1-5) unstable; urgency=medium + + openssh-server 1:6.7p1-4 changed the default setting of AcceptEnv to list + a number of specific LC_FOO variables rather than the wildcard LC_*. I + have since been persuaded that this was a bad idea and have reverted it, + but it is difficult to automatically undo the change to + /etc/ssh/sshd_config without compounding the problem (that of modifying + configuration that some users did not want to be modified) further. Most + users who upgraded via version 1:6.7p1-4 should restore the previous value + of "AcceptEnv LANG LC_*" in /etc/ssh/sshd_config. + + -- Colin Watson <cjwatson@debian.org> Sun, 22 Mar 2015 23:09:32 +0000 + +openssh (1:5.4p1-2) unstable; urgency=low + + Smartcard support is now available using PKCS#11 tokens. If you were + previously using an unofficial build of Debian's OpenSSH package with + OpenSC-based smartcard support added, then note that commands like + 'ssh-add -s 0' will no longer work; you need to use 'ssh-add -s + /usr/lib/opensc-pkcs11.so' instead. + + -- Colin Watson <cjwatson@debian.org> Sat, 10 Apr 2010 01:08:59 +0100 + +openssh (1:3.8.1p1-9) experimental; urgency=low + + The ssh package has been split into openssh-client and openssh-server. If + you had previously requested that the sshd server should not be run, then + that request will still be honoured. However, the recommended approach is + now to remove the openssh-server package if you do not want to run sshd. + You can remove the old /etc/ssh/sshd_not_to_be_run marker file after doing + that. + + -- Colin Watson <cjwatson@debian.org> Mon, 2 Aug 2004 20:48:54 +0100 + +openssh (1:3.5p1-1) unstable; urgency=low + + This version of OpenSSH disables the environment option for public keys by + default, in order to avoid certain attacks (for example, LD_PRELOAD). If + you are using this option in an authorized_keys file, beware that the keys + in question will no longer work until the option is removed. + + To re-enable this option, set "PermitUserEnvironment yes" in + /etc/ssh/sshd_config after the upgrade is complete, taking note of the + warning in the sshd_config(5) manual page. + + -- Colin Watson <cjwatson@debian.org> Sat, 26 Oct 2002 19:41:51 +0100 + +openssh (1:3.0.1p1-1) unstable; urgency=high + + As of version 3, OpenSSH no longer uses separate files for ssh1 and ssh2 + keys. This means the authorized_keys2 and known_hosts2 files are no longer + needed. They will still be read in order to maintain backward + compatibility. + + -- Matthew Vernon <matthew@debian.org> Thu, 28 Nov 2001 17:43:01 +0000 |