diff options
Diffstat (limited to 'debian/NEWS')
-rw-r--r-- | debian/NEWS | 347 |
1 files changed, 347 insertions, 0 deletions
diff --git a/debian/NEWS b/debian/NEWS new file mode 100644 index 000000000..2d38891ea --- /dev/null +++ b/debian/NEWS | |||
@@ -0,0 +1,347 @@ | |||
1 | openssh (1:8.4p1-1) unstable; urgency=medium | ||
2 | |||
3 | OpenSSH 8.4 includes a number of changes that may affect existing | ||
4 | configurations: | ||
5 | |||
6 | * ssh-keygen(1): the format of the attestation information optionally | ||
7 | recorded when a FIDO key is generated has changed. It now includes the | ||
8 | authenticator data needed to validate attestation signatures. | ||
9 | |||
10 | * The API between OpenSSH and the FIDO token middleware has changed and | ||
11 | the SSH_SK_VERSION_MAJOR version has been incremented as a result. | ||
12 | Third-party middleware libraries must support the current API version | ||
13 | (7) to work with OpenSSH 8.4. | ||
14 | |||
15 | -- Colin Watson <cjwatson@debian.org> Sun, 18 Oct 2020 12:07:48 +0100 | ||
16 | |||
17 | openssh (1:8.3p1-1) unstable; urgency=medium | ||
18 | |||
19 | OpenSSH 8.3 includes a number of changes that may affect existing | ||
20 | configurations: | ||
21 | |||
22 | * sftp(1): reject an argument of "-1" in the same way as ssh(1) and scp(1) | ||
23 | do instead of accepting and silently ignoring it. | ||
24 | |||
25 | -- Colin Watson <cjwatson@debian.org> Sun, 07 Jun 2020 13:44:04 +0100 | ||
26 | |||
27 | openssh (1:8.2p1-1) unstable; urgency=medium | ||
28 | |||
29 | OpenSSH 8.2 includes a number of changes that may affect existing | ||
30 | configurations: | ||
31 | |||
32 | * ssh(1), sshd(8), ssh-keygen(1): This release removes the "ssh-rsa" | ||
33 | (RSA/SHA1) algorithm from those accepted for certificate signatures | ||
34 | (i.e. the client and server CASignatureAlgorithms option) and will use | ||
35 | the rsa-sha2-512 signature algorithm by default when the ssh-keygen(1) | ||
36 | CA signs new certificates. | ||
37 | |||
38 | Certificates are at special risk to SHA1 collision vulnerabilities as | ||
39 | an attacker has effectively unlimited time in which to craft a | ||
40 | collision that yields them a valid certificate, far more than the | ||
41 | relatively brief LoginGraceTime window that they have to forge a host | ||
42 | key signature. | ||
43 | |||
44 | The OpenSSH certificate format includes a CA-specified (typically | ||
45 | random) nonce value near the start of the certificate that should make | ||
46 | exploitation of chosen-prefix collisions in this context challenging, | ||
47 | as the attacker does not have full control over the prefix that | ||
48 | actually gets signed. Nonetheless, SHA1 is now a demonstrably broken | ||
49 | algorithm and further improvements in attacks are highly likely. | ||
50 | |||
51 | OpenSSH releases prior to 7.2 do not support the newer RSA/SHA2 | ||
52 | algorithms and will refuse to accept certificates signed by an OpenSSH | ||
53 | 8.2+ CA using RSA keys unless the unsafe algorithm is explicitly | ||
54 | selected during signing ("ssh-keygen -t ssh-rsa"). Older | ||
55 | clients/servers may use another CA key type such as ssh-ed25519 | ||
56 | (supported since OpenSSH 6.5) or one of the ecdsa-sha2-nistp256/384/521 | ||
57 | types (supported since OpenSSH 5.7) instead if they cannot be upgraded. | ||
58 | |||
59 | * ssh(1), sshd(8): Remove diffie-hellman-group14-sha1 from the default | ||
60 | key exchange proposal for both the client and server. | ||
61 | |||
62 | * ssh-keygen(1): The command-line options related to the generation and | ||
63 | screening of safe prime numbers used by the | ||
64 | diffie-hellman-group-exchange-* key exchange algorithms have changed. | ||
65 | Most options have been folded under the -O flag. | ||
66 | |||
67 | * sshd(8): The sshd listener process title visible to ps(1) has changed | ||
68 | to include information about the number of connections that are | ||
69 | currently attempting authentication and the limits configured by | ||
70 | MaxStartups. | ||
71 | |||
72 | -- Colin Watson <cjwatson@debian.org> Fri, 21 Feb 2020 16:36:37 +0000 | ||
73 | |||
74 | openssh (1:8.1p1-1) unstable; urgency=medium | ||
75 | |||
76 | OpenSSH 8.1 includes a number of changes that may affect existing | ||
77 | configurations: | ||
78 | |||
79 | * ssh-keygen(1): when acting as a CA and signing certificates with an RSA | ||
80 | key, default to using the rsa-sha2-512 signature algorithm. | ||
81 | Certificates signed by RSA keys will therefore be incompatible with | ||
82 | OpenSSH versions prior to 7.2 unless the default is overridden (using | ||
83 | "ssh-keygen -t ssh-rsa -s ..."). | ||
84 | |||
85 | -- Colin Watson <cjwatson@debian.org> Thu, 10 Oct 2019 10:23:19 +0100 | ||
86 | |||
87 | openssh (1:8.0p1-1) experimental; urgency=medium | ||
88 | |||
89 | OpenSSH 8.0 includes a number of changes that may affect existing | ||
90 | configurations: | ||
91 | |||
92 | * sshd(8): Remove support for obsolete "host/port" syntax. | ||
93 | Slash-separated host/port was added in 2001 as an alternative to | ||
94 | host:port syntax for the benefit of IPv6 users. These days there are | ||
95 | established standards for this like [::1]:22 and the slash syntax is | ||
96 | easily mistaken for CIDR notation, which OpenSSH supports for some | ||
97 | things. Remove the slash notation from ListenAddress and PermitOpen. | ||
98 | |||
99 | -- Colin Watson <cjwatson@debian.org> Sun, 09 Jun 2019 22:47:27 +0100 | ||
100 | |||
101 | openssh (1:7.9p1-1) unstable; urgency=medium | ||
102 | |||
103 | OpenSSH 7.9 includes a number of changes that may affect existing | ||
104 | configurations: | ||
105 | |||
106 | * ssh(1), sshd(8): the setting of the new CASignatureAlgorithms option | ||
107 | bans the use of DSA keys as certificate authorities. | ||
108 | * sshd(8): the authentication success/failure log message has changed | ||
109 | format slightly. It now includes the certificate fingerprint | ||
110 | (previously it included only key ID and CA key fingerprint). | ||
111 | |||
112 | -- Colin Watson <cjwatson@debian.org> Sun, 21 Oct 2018 10:39:24 +0100 | ||
113 | |||
114 | openssh (1:7.8p1-1) unstable; urgency=medium | ||
115 | |||
116 | OpenSSH 7.8 includes a number of changes that may affect existing | ||
117 | configurations: | ||
118 | |||
119 | * ssh-keygen(1): Write OpenSSH format private keys by default instead of | ||
120 | using OpenSSL's PEM format. The OpenSSH format, supported in OpenSSH | ||
121 | releases since 2014 and described in the PROTOCOL.key file in the | ||
122 | source distribution, offers substantially better protection against | ||
123 | offline password guessing and supports key comments in private keys. | ||
124 | If necessary, it is possible to write old PEM-style keys by adding "-m | ||
125 | PEM" to ssh-keygen's arguments when generating or updating a key. | ||
126 | * sshd(8): Remove internal support for S/Key multiple factor | ||
127 | authentication. S/Key may still be used via PAM or BSD auth. | ||
128 | * ssh(1): Remove vestigial support for running ssh(1) as setuid. This | ||
129 | used to be required for hostbased authentication and the (long gone) | ||
130 | rhosts-style authentication, but has not been necessary for a long | ||
131 | time. Attempting to execute ssh as a setuid binary, or with uid != | ||
132 | effective uid will now yield a fatal error at runtime. | ||
133 | * sshd(8): The semantics of PubkeyAcceptedKeyTypes and the similar | ||
134 | HostbasedAcceptedKeyTypes options have changed. These now specify | ||
135 | signature algorithms that are accepted for their respective | ||
136 | authentication mechanism, where previously they specified accepted key | ||
137 | types. This distinction matters when using the RSA/SHA2 signature | ||
138 | algorithms "rsa-sha2-256", "rsa-sha2-512" and their certificate | ||
139 | counterparts. Configurations that override these options but omit | ||
140 | these algorithm names may cause unexpected authentication failures (no | ||
141 | action is required for configurations that accept the default for these | ||
142 | options). | ||
143 | * sshd(8): The precedence of session environment variables has changed. | ||
144 | ~/.ssh/environment and environment="..." options in authorized_keys | ||
145 | files can no longer override SSH_* variables set implicitly by sshd. | ||
146 | * ssh(1)/sshd(8): The default IPQoS used by ssh/sshd has changed. They | ||
147 | will now use DSCP AF21 for interactive traffic and CS1 for bulk. For a | ||
148 | detailed rationale, please see the commit message: | ||
149 | https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284 | ||
150 | |||
151 | -- Colin Watson <cjwatson@debian.org> Thu, 30 Aug 2018 15:35:27 +0100 | ||
152 | |||
153 | openssh (1:7.6p1-1) unstable; urgency=medium | ||
154 | |||
155 | OpenSSH 7.6 includes a number of changes that may affect existing | ||
156 | configurations: | ||
157 | |||
158 | * ssh(1): Delete SSH protocol version 1 support, associated configuration | ||
159 | options and documentation. | ||
160 | * ssh(1)/sshd(8): Remove support for the hmac-ripemd160 MAC. | ||
161 | * ssh(1)/sshd(8): Remove support for the arcfour, blowfish and CAST | ||
162 | ciphers. | ||
163 | * Refuse RSA keys <1024 bits in length and improve reporting for keys | ||
164 | that do not meet this requirement. | ||
165 | * ssh(1): Do not offer CBC ciphers by default. | ||
166 | |||
167 | -- Colin Watson <cjwatson@debian.org> Fri, 06 Oct 2017 12:36:48 +0100 | ||
168 | |||
169 | openssh (1:7.5p1-1) experimental; urgency=medium | ||
170 | |||
171 | OpenSSH 7.5 includes a number of changes that may affect existing | ||
172 | configurations: | ||
173 | |||
174 | * This release deprecates the sshd_config UsePrivilegeSeparation option, | ||
175 | thereby making privilege separation mandatory. | ||
176 | |||
177 | * The format of several log messages emitted by the packet code has | ||
178 | changed to include additional information about the user and their | ||
179 | authentication state. Software that monitors ssh/sshd logs may need to | ||
180 | account for these changes. For example: | ||
181 | |||
182 | Connection closed by user x 1.1.1.1 port 1234 [preauth] | ||
183 | Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth] | ||
184 | Connection closed by invalid user x 1.1.1.1 port 1234 [preauth] | ||
185 | |||
186 | Affected messages include connection closure, timeout, remote | ||
187 | disconnection, negotiation failure and some other fatal messages | ||
188 | generated by the packet code. | ||
189 | |||
190 | -- Colin Watson <cjwatson@debian.org> Sun, 02 Apr 2017 02:58:01 +0100 | ||
191 | |||
192 | openssh (1:7.4p1-7) unstable; urgency=medium | ||
193 | |||
194 | This version restores the default for AuthorizedKeysFile to search both | ||
195 | ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2, as was the case in | ||
196 | Debian configurations before 1:7.4p1-1. Upstream intends to phase out | ||
197 | searching ~/.ssh/authorized_keys2 by default, so you should ensure that | ||
198 | you are only using ~/.ssh/authorized_keys, at least for critical | ||
199 | administrative access; do not assume that the current default will remain | ||
200 | in place forever. | ||
201 | |||
202 | -- Colin Watson <cjwatson@debian.org> Sun, 05 Mar 2017 02:12:42 +0000 | ||
203 | |||
204 | openssh (1:7.4p1-1) unstable; urgency=medium | ||
205 | |||
206 | OpenSSH 7.4 includes a number of changes that may affect existing | ||
207 | configurations: | ||
208 | |||
209 | * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit | ||
210 | block ciphers are not safe in 2016 and we don't want to wait until | ||
211 | attacks like SWEET32 are extended to SSH. As 3des-cbc was the only | ||
212 | mandatory cipher in the SSH RFCs, this may cause problems connecting to | ||
213 | older devices using the default configuration, but it's highly likely | ||
214 | that such devices already need explicit configuration for key exchange | ||
215 | and hostkey algorithms already anyway. | ||
216 | * sshd(8): Remove support for pre-authentication compression. Doing | ||
217 | compression early in the protocol probably seemed reasonable in the | ||
218 | 1990s, but today it's clearly a bad idea in terms of both cryptography | ||
219 | (cf. multiple compression oracle attacks in TLS) and attack surface. | ||
220 | Pre-auth compression support has been disabled by default for >10 | ||
221 | years. Support remains in the client. | ||
222 | * ssh-agent will refuse to load PKCS#11 modules outside a whitelist of | ||
223 | trusted paths by default. The path whitelist may be specified at | ||
224 | run-time. | ||
225 | * sshd(8): When a forced-command appears in both a certificate and an | ||
226 | authorized keys/principals command= restriction, sshd will now refuse | ||
227 | to accept the certificate unless they are identical. The previous | ||
228 | (documented) behaviour of having the certificate forced-command | ||
229 | override the other could be a bit confusing and error-prone. | ||
230 | * sshd(8): Remove the UseLogin configuration directive and support for | ||
231 | having /bin/login manage login sessions. | ||
232 | |||
233 | The unprivileged sshd process that deals with pre-authentication network | ||
234 | traffic is now subject to additional sandboxing restrictions by default: | ||
235 | that is, the default sshd_config now sets UsePrivilegeSeparation to | ||
236 | "sandbox" rather than "yes". This has been the case upstream for a while, | ||
237 | but until now the Debian configuration diverged unnecessarily. | ||
238 | |||
239 | -- Colin Watson <cjwatson@debian.org> Tue, 27 Dec 2016 18:01:46 +0000 | ||
240 | |||
241 | openssh (1:7.2p1-1) unstable; urgency=medium | ||
242 | |||
243 | OpenSSH 7.2 disables a number of legacy cryptographic algorithms by | ||
244 | default in ssh: | ||
245 | |||
246 | * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and the | ||
247 | rijndael-cbc aliases for AES. | ||
248 | * MD5-based and truncated HMAC algorithms. | ||
249 | |||
250 | These algorithms are already disabled by default in sshd. | ||
251 | |||
252 | -- Colin Watson <cjwatson@debian.org> Tue, 08 Mar 2016 11:47:20 +0000 | ||
253 | |||
254 | openssh (1:7.1p1-2) unstable; urgency=medium | ||
255 | |||
256 | OpenSSH 7.0 disables several pieces of weak, legacy, and/or unsafe | ||
257 | cryptography. | ||
258 | |||
259 | * Support for the legacy SSH version 1 protocol is disabled by default at | ||
260 | compile time. Note that this also means that the Cipher keyword in | ||
261 | ssh_config(5) is effectively no longer usable; use Ciphers instead for | ||
262 | protocol 2. The openssh-client-ssh1 package includes "ssh1", "scp1", | ||
263 | and "ssh-keygen1" binaries which you can use if you have no alternative | ||
264 | way to connect to an outdated SSH1-only server; please contact the | ||
265 | server administrator or system vendor in such cases and ask them to | ||
266 | upgrade. | ||
267 | * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is | ||
268 | disabled by default at run-time. It may be re-enabled using the | ||
269 | instructions at http://www.openssh.com/legacy.html | ||
270 | * Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by | ||
271 | default at run-time. These may be re-enabled using the instructions at | ||
272 | http://www.openssh.com/legacy.html | ||
273 | * Support for the legacy v00 cert format has been removed. | ||
274 | |||
275 | Future releases will retire more legacy cryptography, including: | ||
276 | |||
277 | * Refusing all RSA keys smaller than 1024 bits (the current minimum is | ||
278 | 768 bits). | ||
279 | * Several ciphers will be disabled by default: blowfish-cbc, cast128-cbc, | ||
280 | all arcfour variants, and the rijndael-cbc aliases for AES. | ||
281 | * MD5-based HMAC algorithms will be disabled by default. | ||
282 | |||
283 | -- Colin Watson <cjwatson@debian.org> Tue, 08 Dec 2015 15:33:08 +0000 | ||
284 | |||
285 | openssh (1:6.9p1-1) unstable; urgency=medium | ||
286 | |||
287 | UseDNS now defaults to 'no'. Configurations that match against the client | ||
288 | host name (via sshd_config or authorized_keys) may need to re-enable it or | ||
289 | convert to matching against addresses. | ||
290 | |||
291 | -- Colin Watson <cjwatson@debian.org> Thu, 20 Aug 2015 10:38:58 +0100 | ||
292 | |||
293 | openssh (1:6.7p1-5) unstable; urgency=medium | ||
294 | |||
295 | openssh-server 1:6.7p1-4 changed the default setting of AcceptEnv to list | ||
296 | a number of specific LC_FOO variables rather than the wildcard LC_*. I | ||
297 | have since been persuaded that this was a bad idea and have reverted it, | ||
298 | but it is difficult to automatically undo the change to | ||
299 | /etc/ssh/sshd_config without compounding the problem (that of modifying | ||
300 | configuration that some users did not want to be modified) further. Most | ||
301 | users who upgraded via version 1:6.7p1-4 should restore the previous value | ||
302 | of "AcceptEnv LANG LC_*" in /etc/ssh/sshd_config. | ||
303 | |||
304 | -- Colin Watson <cjwatson@debian.org> Sun, 22 Mar 2015 23:09:32 +0000 | ||
305 | |||
306 | openssh (1:5.4p1-2) unstable; urgency=low | ||
307 | |||
308 | Smartcard support is now available using PKCS#11 tokens. If you were | ||
309 | previously using an unofficial build of Debian's OpenSSH package with | ||
310 | OpenSC-based smartcard support added, then note that commands like | ||
311 | 'ssh-add -s 0' will no longer work; you need to use 'ssh-add -s | ||
312 | /usr/lib/opensc-pkcs11.so' instead. | ||
313 | |||
314 | -- Colin Watson <cjwatson@debian.org> Sat, 10 Apr 2010 01:08:59 +0100 | ||
315 | |||
316 | openssh (1:3.8.1p1-9) experimental; urgency=low | ||
317 | |||
318 | The ssh package has been split into openssh-client and openssh-server. If | ||
319 | you had previously requested that the sshd server should not be run, then | ||
320 | that request will still be honoured. However, the recommended approach is | ||
321 | now to remove the openssh-server package if you do not want to run sshd. | ||
322 | You can remove the old /etc/ssh/sshd_not_to_be_run marker file after doing | ||
323 | that. | ||
324 | |||
325 | -- Colin Watson <cjwatson@debian.org> Mon, 2 Aug 2004 20:48:54 +0100 | ||
326 | |||
327 | openssh (1:3.5p1-1) unstable; urgency=low | ||
328 | |||
329 | This version of OpenSSH disables the environment option for public keys by | ||
330 | default, in order to avoid certain attacks (for example, LD_PRELOAD). If | ||
331 | you are using this option in an authorized_keys file, beware that the keys | ||
332 | in question will no longer work until the option is removed. | ||
333 | |||
334 | To re-enable this option, set "PermitUserEnvironment yes" in | ||
335 | /etc/ssh/sshd_config after the upgrade is complete, taking note of the | ||
336 | warning in the sshd_config(5) manual page. | ||
337 | |||
338 | -- Colin Watson <cjwatson@debian.org> Sat, 26 Oct 2002 19:41:51 +0100 | ||
339 | |||
340 | openssh (1:3.0.1p1-1) unstable; urgency=high | ||
341 | |||
342 | As of version 3, OpenSSH no longer uses separate files for ssh1 and ssh2 | ||
343 | keys. This means the authorized_keys2 and known_hosts2 files are no longer | ||
344 | needed. They will still be read in order to maintain backward | ||
345 | compatibility. | ||
346 | |||
347 | -- Matthew Vernon <matthew@debian.org> Thu, 28 Nov 2001 17:43:01 +0000 | ||