Openssh release 9.1

After six months of development published release openssh 9.1 , open sales of a client and server for working on SSH 2.0 and SFTP protocols. The release is characterized as mainly containing error correction, including several potential vulnerabilities caused by problems when working with memory:

  • A single-byte overflow in the SSH-Banner processing code in the SSH-KEYSCAN.
  • Double call of the Free () function in the case of error when calculating harsh for files in the code creating and checking digital signatures in the SSH-KEYGEN.
  • utility.

  • Double call of the Free () function when processing errors in the SSH-KEYSIGN utility.

The main changes:

  • SSH and SSHD added the Requiredrsasisze directive, which allows you to determine the minimum allowable size of the RSA-key. In SSHD, smaller keys will be ignored, and in SSH lead to completion of the connection.
  • The transferred editorial office of the Openssh has been transferred to the use of SSH-keyworms to assure the digital signature of commits and tags in Git.
  • Setenv directives in the SSH_CONFIG and SSHD_Config configuration files now use the value from the first mention of the environment, if it is determined in the configuration several times (before that the last mention was used).
  • When calling the SSH-KEYGEN utility with the flag “-A” (the generation of all the defaults of the host keys supported by default) DSA’s generation, which have not been used by default for several years.
  • SFTP-SERVER and SFTP implemented the extension “[email protected]”, which gives the client the opportunity to request users and groups corresponding to the specified set of digital identifiers (UID and GID). In SFTP, this extension was used to display names when output the contents of the catalog.
  • The SFTP-SERVER has an expansion of “Home-Directory” to disclose the ways ~/ and ~ user/, an alternative to the “[email protected]” (expansion of “Home-directory” for the same purpose for the same purpose. standardization and is already supported by some customers).
  • SSH-KEYGEN and SSHD added the ability to specify the time in the UTC time zone when determining the intervals of the action of certificates and keys, in addition to the system time.
  • SFTP is allowed to indicate additional arguments in the “-D” option (for example, “/usr/libexec/sftp-server –el debug3”).
  • SSH-KEYGEN is allowed to use the flag “-u” (using ssh-agent) along with operations “-y sign” to determine that closed keys are placed in SSH-Agent.
/Media reports.