Published release OpenSSH 8.8 , open the client and server implementation for protocols SSH 2.0 and SFTP. Issue remarkable disabled by default the possibility of using digital signatures based on the RSA-key with the SHA-1 hash ( “ssh-rsa”).
Termination of support signatures “ssh-rsa” is due to an increase in the efficiency of collision attacks with a given prefix (the cost of recruitment collision estimated at about 50 thousand dollars). To test the use of ssh-rsa in their systems, you can try to connect via ssh with the option “-oHostKeyAlgorithms = -ssh-rsa”. Supports RSA signatures with hash SHA-256 and SHA-512 (rsa-sha2-256 / 512) Compatible with OpenSSH 7.2, left unchanged.
In most cases, withdrawal of support “ssh-rsa” does not require users to some manual steps, as previously OpenSSH default included UpdateHostKeys adjustment is automatic translation customers with more reliable algorithms. To migrate an extended protocol “[email protected]”, which allows the server after successful authentication to inform the client about all available host keys. If you connect to a host with very old versions of OpenSSH on the client side, you can selectively restore the possibility of using signatures “ssh-rsa”, adding to the ~ / .ssh / config:
Host imya_starogo_hosta HostkeyAlgorithms + ssh-rsa PubkeyAcceptedAlgorithms + ssh-rsa
The new version also eliminated security problem, caused by the fact that sshd since the release of OpenSSH 6.2, incorrectly performed user group when performing initialization commands specified in the directives and AuthorizedKeysCommand AuthorizedPrincipalsCommand. These guidelines should provide a start-up command as a different user, but in fact they have inherited a list of groups that are used when running sshd. Potentially, such a behavior in the presence of certain system settings allow a running processor to receive additional privileges on the system.
In a note to the new release also issued a warning about the intention to transfer the default scp utility to use the SFTP protocol instead of the outdated SCP / RCP. The SFTP apply more predictable methods names, and non-processing is used glob-patterns in filenames through the shell on the side of the other host, creating security problems.
In particular, the application of SCP and RCP server decides which files and folders to send to the client, and the client only checks the correctness of the returned object names, that in case of the absence of proper checks on the client side allows the server to pass other file names that differ from the requested. SFTP protocol is deprived of these problems, but does not support the disclosure spetsputey, such as “~ /”. To eliminate this distinction in the last issue in the implementation of OpenSSH SFTP-server has been offered a new SFTP protocol extension for opening paths ~ / and ~ user /.