openssh: Update to 9.9p1

Highlights from the release notes are reproduced below. Bug fixes and
improvements that were previously merged into FreeBSD have been elided.

See the upstream release note

openssh: Update to 9.9p1

Highlights from the release notes are reproduced below. Bug fixes and
improvements that were previously merged into FreeBSD have been elided.

See the upstream release notes for full details of the 9.9p1 release
(https://www.openssh.com/releasenotes.html).

---

Future deprecation notice
=========================

OpenSSH plans to remove support for the DSA signature algorithm in
early 2025.

Potentially-incompatible changes
--------------------------------

* ssh(1): remove support for pre-authentication compression.

* ssh(1), sshd(8): processing of the arguments to the "Match"
configuration directive now follows more shell-like rules for
quoted strings, including allowing nested quotes and \-escaped
characters.

New features
------------

* ssh(1), sshd(8): add support for a new hybrid post-quantum key
exchange based on the FIPS 203 Module-Lattice Key Enapsulation
mechanism (ML-KEM) combined with X25519 ECDH as described by
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This algorithm "mlkem768x25519-sha256" is available by default.

* ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
included in core dump files for most of their lifespans. This is
in addition to pre-existing controls in ssh-agent(1) and sshd(8)
that prevented coredumps. This feature is supported on OpenBSD,
Linux and FreeBSD.

* All: convert key handling to use the libcrypto EVP_PKEY API, with
the exception of DSA.

Bugfixes
--------

* sshd(8): do not apply authorized_keys options when signature
verification fails. Prevents more restrictive key options being
incorrectly applied to subsequent keys in authorized_keys. bz3733

* ssh-keygen(1): include pathname in some of ssh-keygen's passphrase
prompts. Helps the user know what's going on when ssh-keygen is
invoked via other tools. Requested in GHPR503

* ssh(1), ssh-add(1): make parsing user@host consistently look for
the last '@' in the string rather than the first. This makes it
possible to more consistently use usernames that contain '@'
characters.

* ssh(1), sshd(8): be more strict in parsing key type names. Only
allow short names (e.g "rsa") in user-interface code and require
full SSH protocol names (e.g. "ssh-rsa") everywhere else. bz3725

* ssh-keygen(1): clarify that ed25519 is the default key type
generated and clarify that rsa-sha2-512 is the default signature
scheme when RSA is in use. GHPR505

---

Reviewed by: jlduran (build infrastructure)
Reviewed by: cy (build infrastructure)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48947

show more ...

openssh: Update to 9.8p1

Highlights from the release notes are reproduced below. Some security
and bug fixes were previously merged into FreeBSD and have been elided.
See the upstream release notes

openssh: Update to 9.8p1

Highlights from the release notes are reproduced below. Some security
and bug fixes were previously merged into FreeBSD and have been elided.
See the upstream release notes for full details
(https://www.openssh.com/releasenotes.html).

---

Future deprecation notice
=========================

OpenSSH plans to remove support for the DSA signature algorithm in
early 2025.

Potentially-incompatible changes
--------------------------------

* sshd(8): the server will now block client addresses that
repeatedly fail authentication, repeatedly connect without ever
completing authentication or that crash the server. See the
discussion of PerSourcePenalties below for more information.
Operators of servers that accept connections from many users, or
servers that accept connections from addresses behind NAT or
proxies may need to consider these settings.

* sshd(8): the server has been split into a listener binary, sshd(8),
and a per-session binary "sshd-session". This allows for a much
smaller listener binary, as it no longer needs to support the SSH
protocol. As part of this work, support for disabling privilege
separation (which previously required code changes to disable) and
disabling re-execution of sshd(8) has been removed. Further
separation of sshd-session into additional, minimal binaries is
planned for the future.

* sshd(8): several log messages have changed. In particular, some
log messages will be tagged with as originating from a process
named "sshd-session" rather than "sshd".

* ssh-keyscan(1): this tool previously emitted comment lines
containing the hostname and SSH protocol banner to standard error.
This release now emits them to standard output, but adds a new
"-q" flag to silence them altogether.

* sshd(8): (portable OpenSSH only) sshd will no longer use argv[0]
as the PAM service name. A new "PAMServiceName" sshd_config(5)
directive allows selecting the service name at runtime. This
defaults to "sshd". bz2101

New features
------------

* sshd(8): sshd(8) will now penalise client addresses that, for various
reasons, do not successfully complete authentication. This feature is
controlled by a new sshd_config(5) PerSourcePenalties option and is
on by default.

* ssh(8): allow the HostkeyAlgorithms directive to disable the
implicit fallback from certificate host key to plain host keys.

Portability
-----------

* sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules
unconditionally. The previous behaviour was to expose it only when
particular authentication methods were in use.

* ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY
environment variable to enable SSH_ASKPASS, similarly to the X11
DISPLAY environment variable. GHPR479

---

Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48914

show more ...

ssh: Update to OpenSSH 9.7p1

This release contains mostly bugfixes.

It also makes support for the DSA signature algorithm a compile-time
option, with plans to disable it upstream later this year an

ssh: Update to OpenSSH 9.7p1

This release contains mostly bugfixes.

It also makes support for the DSA signature algorithm a compile-time
option, with plans to disable it upstream later this year and remove
support entirely in 2025.

Full release notes at https://www.openssh.com/txt/release-9.7

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

show more ...

ssh: Update to OpenSSH 9.6p1

From the release notes,

> This release contains a number of security fixes, some small features
> and bugfixes.

The most significant change in 9.6p1 is a set of fixes

ssh: Update to OpenSSH 9.6p1

From the release notes,

> This release contains a number of security fixes, some small features
> and bugfixes.

The most significant change in 9.6p1 is a set of fixes for a newly-
discovered weakness in the SSH transport protocol. The fix was already
merged into FreeBSD and released as FreeBSD-SA-23:19.openssh.

Full release notes at https://www.openssh.com/txt/release-9.6

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

show more ...

Implement "strict key exchange" in ssh and sshd.

This adds a protocol extension to improve the integrity of the SSH
transport protocol, particular in and around the initial key exchange
(KEX) phase.

Implement "strict key exchange" in ssh and sshd.

This adds a protocol extension to improve the integrity of the SSH
transport protocol, particular in and around the initial key exchange
(KEX) phase.

Full details of the extension are in the PROTOCOL file.

OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14

Approved by: so (implicit)
Obtained from: https://anongit.mindrot.org/openssh.git/patch/?id=1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5
Security: CVE-2023-48795

show more ...

ssh: Update to OpenSSH 9.5p1

Excerpts from the release notes:

Potentially incompatible changes
--------------------------------

* ssh-keygen(1): generate Ed25519 keys by default.
[NOTE: This c

ssh: Update to OpenSSH 9.5p1

Excerpts from the release notes:

Potentially incompatible changes
--------------------------------

* ssh-keygen(1): generate Ed25519 keys by default.
[NOTE: This change was already merged into FreeBSD.]

* sshd(8): the Subsystem directive now accurately preserves quoting of
subsystem commands and arguments.

New features
------------

* ssh(1): add keystroke timing obfuscation to the client.

* ssh(1), sshd(8): Introduce a transport-level ping facility.

* sshd(8): allow override of Sybsystem directives in sshd Match blocks.

Full release notes at https://www.openssh.com/txt/release-9.5

Relnotes: Yes
Sponsored by: The FreeBSD Foundation

show more ...

ssh: fix OpenSSH 9.4 regression with multiplexed sessions

Upstream commit message:
upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that caused
multiplexed sessions to ignore SIGINT under some

ssh: fix OpenSSH 9.4 regression with multiplexed sessions

Upstream commit message:
upstream: fix regression in OpenSSH 9.4 (mux.c r1.99) that caused
multiplexed sessions to ignore SIGINT under some circumstances.
Reported by / feedback naddy@, ok dtucker@

OpenBSD-Commit-ID: 4d5c6c894664f50149153fd4764f21f43e7d7e5a

Fixes: 535af610a4fd ("ssh: Update to OpenSSH 9.4p1")
Obtained from: OpenSSH 803e22eabd3b
Sponsored by: The FreeBSD Foundation

show more ...

ssh: Update to OpenSSH 9.3p1

This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):

ssh: Update to OpenSSH 9.3p1

This release fixes a number of security bugs and has minor new
features and bug fixes. Security fixes, from the release notes
(https://www.openssh.com/txt/release-9.3):

This release contains fixes for a security problem and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.

* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in OpenSSH
8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This problem
was reported by Luci Stanescu.

* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.

The getrrsetbyname(3) replacement is only included if the system's
standard library lacks this function and portable OpenSSH was not
compiled with the ldns library (--with-ldns). getrrsetbyname(3) is
only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This
problem was found by the Coverity static analyzer.

Sponsored by: The FreeBSD Foundation

show more ...

ssh: update to OpenSSH 9.2p1

Release notes are available at https://www.openssh.com/txt/release-9.2

OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem. The memory saf

ssh: update to OpenSSH 9.2p1

Release notes are available at https://www.openssh.com/txt/release-9.2

OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem. The memory safety problem is not believed to be exploitable.
These fixes have already been committed to OpenSSH 9.1 in FreeBSD.

Some other notable items from the release notes:

* ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
controls whether the client-side ~C escape sequence that provides a
command-line is available. Among other things, the ~C command-line
could be used to add additional port-forwards at runtime.

* sshd(8): add support for channel inactivity timeouts via a new
sshd_config(5) ChannelTimeout directive. This allows channels that
have not seen traffic in a configurable interval to be
automatically closed. Different timeouts may be applied to session,
X11, agent and TCP forwarding channels.

* sshd(8): add a sshd_config UnusedConnectionTimeout option to
terminate client connections that have no open channels for a
length of time. This complements the ChannelTimeout option above.

* sshd(8): add a -V (version) option to sshd like the ssh client has.

* scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to
allow control over some SFTP protocol parameters: the copy buffer
length and the number of in-flight requests, both of which are used
during upload/download. Previously these could be controlled in
sftp(1) only. This makes them available in both SFTP protocol
clients using the same option character sequence.

* ssh-keyscan(1): allow scanning of complete CIDR address ranges,
e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then
it will be expanded to all possible addresses in the range
including the all-0s and all-1s addresses. bz#976

* ssh(1): support dynamic remote port forwarding in escape
command-line's -R processing. bz#3499

MFC after: 1 week
Sponsored by: The FreeBSD Foundation

show more ...

ssh: update to OpenSSH v8.9p1

Release notes are available at https://www.openssh.com/txt/release-8.9

Some highlights:

* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting

ssh: update to OpenSSH v8.9p1

Release notes are available at https://www.openssh.com/txt/release-8.9

Some highlights:

* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)

* ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones). The next release of OpenSSH is likely to
make this key exchange the default method.

* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation

show more ...

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new ho

openssh: update to OpenSSH v8.7p1

Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
(RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
support to provide address-space isolation for token middleware
libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by: imp
MFC after: 1 month
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D29985

show more ...

Merge ^/head r338392 through r338594.

Upgrade to OpenSSH 7.8p1.

Approved by: re (kib@)

Upgrade to OpenSSH 7.7p1.

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. F

Upgrade to OpenSSH 7.6p1. This will be followed shortly by 7.7p1.

This completely removes client-side support for the SSH 1 protocol,
which was already disabled in 12 but is still enabled in 11. For that
reason, we will not be able to merge 7.6p1 or newer back to 11.

show more ...

MFhead@r322451

Merge ^/head r321383 through r322397.

MFhead@r322057

Upgrade to OpenSSH 7.5p1.

Upgrade to OpenSSH 7.4p1.

Upgrade to OpenSSH 7.3p1.

Merge ^/head r303250 through r308226.

MFV r308196:

Fix OpenSSH remote Denial of Service vulnerability.

Security: CVE-2016-8858

MFH

Sponsored by: The FreeBSD Foundation

Upgrade to OpenSSH 7.2p2.