Openssh release 9.5

Release OpenSSH 9.5 has been published, introducing updates to the client and server for the SSH 2.0 and SFTP protocols.

The main changes in this release include:

• SSH-KEYGEN now generates keys using the ED25519 digital signature by default. ED25519 keys were first supported in OpenSSH 6.5 (2014) and offer the advantages of smaller size, higher security levels compared to ECDSA and DSA, and faster verification and signature creation speeds. ED25519 has a resistance to hacking of about 2^128, comparable to NIST P-256 and RSA with a key size of 375 bytes, or a 128-bit block cipher. Additionally, ED25519 is not vulnerable to hash conflicts and is immune to attacks such as Cache-Timing Attacks and Side-Channel Attacks.
• The SSH utility now includes protection against attacks through third-party channels. This protection analyzes the delays between keystrokes to recreate the input. These attacks exploit the fact that the delays between key presses depend on the specific keyboard configuration. Previously, SSH sent information about each entered symbol in separate packages immediately after each key press, allowing delays between package transmissions to correlate with delays between key presses. To mitigate this, SSH now sends data in fixed time intervals (default 20 ms), hiding the interactive input characteristics in the traffic. Additionally, the software randomly sends fictitious key presses after sending real data to confuse attackers. The protection can be configured through the “ObscureKeystroketiming” parameter in SSH_CONFIG.
• Support for the “[email protected]” SSH protocol extension has been implemented in both SSH and SSHD. This extension introduces the SSH2_MSG_PING and SSH2_MSG_PONG message types for periodic package sending after equal time intervals. This expansion is necessary for the protection against attacks through third-party channels mentioned earlier.
• SSHD now allows the redesign of Subsystem directives using Match blocks.
• In SSHD, the processing of quotation marks in the Subsystem Directive has been modified to preserve commands and arguments. However, this change could potentially lead to compatibility issues with very rare configurations.