Release OpenSSH 8.7

Altus Intel
Altus Intel
  • Date Time

After four months of development is presented Release Openssh 8.7 , open customer implementation and server for work on SSH 2.0 and SFTP protocols.

Main changes:

  • SCP added experimental data transfer mode using the SFTP protocol instead of the traditionally used SCP / RCP protocol. SFTP uses more predictable name processing methods and the processing of GLOB-templates through the shell on the side of another host, which creates safety problems. To enable SFTP in SCP, the “-S” flag is proposed, but in the future it is planned to go to this default protocol.
  • SFTP-Server implemented SFTP extensions to open pathways ~ / and ~ user /, what is needed for SCP.
  • In the SCP utility, the behavior is changed when copying files between two remote hosts (for example, “SCP Host-A: / Path Host-B:”), which is now performed by default through the intermediate local host, as when specifying the flag “-3 “. This approach allows you to avoid transmitting unnecessary credentials to the first host and triple interpretation of file names in Shell (on the source side, receiver and local system), as well as using SFTP allows you to use all authentication methods when accessing remote hosts, and not just non-interactive methods . For the recovery of old behavior, the “-R” option has been added.
  • in SSH Added a forkAfterauthentication setting, corresponding to the “-f flag”.
  • SSH Added Stdinnull Setup, corresponding to the “-N” flag.
  • in SSH Added setting SESSIONTYPE, through which you can set modes corresponding to the “-N” flags (without a session) and “-s” (Subsystem).
  • in SSH-keygen in keys files allowed to indicate the key action interval.
  • The “-Print-Pubkey” flag has been added to SSH-Keygen to output the full open key in the SSHSIG signature.
  • in SSH and SSHD, both client and the server, are translated into the use of a more strict parser of the configuration file, which uses similar to the shell for processing quotes, spaces and Escape characters. The new parser also does not miss previously experienced assumptions, such as skipping arguments in the options (for example, it is now impossible to leave an empty denyusers directive), unlocked quotes and specifying several characters “=”.
  • When using SSHFP DNS records when verifying keys, SSH now checks all the matched records, and not only containing a specific type of digital signature.
  • in SSH-Keygen when generating a FIDO key with an indication of -Ochallenge option for hashing, a built-in layer is now used, and not LIBFIDO2 tools, which allows the use of challenge sequences, larger or less than 32 bytes.
  • in SSHD When processing the Environment = “…” directive, the first coincidence is now accepted in the authorized_keys files and the restriction of 1024 names of environment variables is applied.
/Media reports.

© 2025 - Altus Intel