OpenSSH 7.0 deprecates weak, legacy and unsafe cryptography

OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, it provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

The focus of version 7.0 is primarily to deprecate weak, legacy and/or unsafe cryptography.

Security

  • sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences.
  • sshd(8): Portable OpenSSH only: Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users.
  • sshd(8): Portable OpenSSH only: Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution.
  • sshd(8): fix circumvention of MaxAuthTries using keyboard-interactive authentication. By specifying a long, repeating keyboard-interactive “devices” string, an attacker could request the same authentication method be tried thousands of times in a single pass. The LoginGraceTime timeout in sshd(8) and any authentication failure delays implemented by the authentication mechanism itself were still applied.

Potentially-incompatible changes

  • Support for the legacy SSH version 1 protocol is disabled by default at compile time.
  • Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is disabled by default at run-time.
  • Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time.
  • Support for the legacy v00 cert format has been removed.
  • The default for the sshd_config(5) PermitRootLogin option has changed from “yes” to “prohibit-password”.
  • PermitRootLogin=without-password/prohibit-password now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled).

New features

  • ssh_config(5): add PubkeyAcceptedKeyTypes option to control which public key types are available for user authentication.
  • sshd_config(5): add HostKeyAlgorithms option to control which public key types are offered for host authentications.
  • ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms, HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes options to allow appending to the default set of algorithms instead of replacing it. Options may now be prefixed with a ‘+’ to append to the default, e.g. “HostKeyAlgorithms=+ssh-dss”.
  • sshd_config(5): PermitRootLogin now accepts an argument of ‘prohibit-password’ as a less-ambiguous synonym of ‘without-password’.

Don't miss