| #
8464ad72 |
| 19-Dec-2021 |
Ed Maste <[email protected]> |
ssh: update to OpenSSH v8.8p1
OpenSSH v8.8p1 was motivated primarily by a security update and
deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes.
The security update was already
ssh: update to OpenSSH v8.8p1
OpenSSH v8.8p1 was motivated primarily by a security update and
deprecation of RSA/SHA1 signatures. It also has a few minor bug fixes.
The security update was already applied to FreeBSD as an independent
change, and the RSA/SHA1 deprecation is excluded from this commit but
will immediately follow.
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
(cherry picked from commit e9e8876a4d6afc1ad5315faaa191b25121a813d7)
(cherry picked from commit 2ffb13149c8e46cb7d7e891b237255615906dc60)
show more ...
|
| #
317a38ab |
| 08-Sep-2021 |
Ed Maste <[email protected]> |
openssh: update to OpenSSH v8.7p1
Some notable changes, from upstream's release notes:
- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new ho
openssh: update to OpenSSH v8.7p1
Some notable changes, from upstream's release notes:
- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.
Additional integration work is needed to support FIDO/U2F in the base
system.
Deprecation Notice
------------------
OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.
Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985
(cherry picked from commit 19261079b74319502c6ffa1249920079f0f69a72)
(cherry picked from commit f448c3ed4ae1281861913a56377f9d93d49f8e8e)
(cherry picked from commit 1f290c707a19d1695c303e6c8ead9cc414ccc6dc)
(cherry picked from commit 0f9bafdfc325779e4ecc5154d5bb06c752297138)
(cherry picked from commit adb56e58e8db84d8087ebe3d3e7def0074cb5a90)
(cherry picked from commit 576b58108c1723c85e4dd00355e29bfe301dab11)
(cherry picked from commit 1c99af1ebe61cbaf633792941640dcd254acf921)
(cherry picked from commit 87152f34054921632016bc5eb4ab9f836fbaa522)
(cherry picked from commit 172fa4aa7577915bf5ace5783251821d3774dc05)
show more ...
|