Legacy Shadows: OpenSSH 10.3 Eradicates Decades-Old “Berkeley rcp” Security Flaws

The OpenSSH architects have promulgated version 10.3—an iteration that proves significantly more profound than a mere routine synchronization. The collective has neutralized a myriad of vulnerabilities, including a legacy flaw residing in the primordial Berkeley rcp architecture, a utility whose lineage spans several decades.

The most startling revelation concerns the scp command: during file acquisition under the root persona in compatibility mode, the setuid and setgid indicators failed to be rescinded from the ingested archives. Consequently, a malignant file could retain elevated execution privileges—a behavioral relic harkening back to the ancestral BSD rcp era. This anomaly was unearthed by Christos Papakonstantinou of Cantina and Spearbit.

Simultaneously, a malady was identified within sshd: the PubkeyAcceptedAlgorithms and HostbasedAcceptedAlgorithms directives erroneously orchestrated ECDSA key processing. By merely specifying a singular ECDSA algorithm in the configuration—such as ecdsa-sha2-nistp384—the server would surreptitiously sanction any other algorithm within the ECDSA family, even those explicitly omitted from the roster.

A vulnerability within ssh likewise warrants rigorous attention: the validation of shell metacharacters within usernames was executed with insufficient celerity. Under specific configurations involving the %u token within a Match exec block, an adversary wielding control over the username could achieve arbitrary shell command execution. This frailty was reported by Florian Kohnhäuser. The developers have reiterated that exposing the ssh command string to unverified input remains a fundamentally precarious endeavor, as such defensive measures can never achieve absolute invulnerability.

A further discovery pertains to authorized_keys: a flawed algorithm was employed when reconciling the principals="" parameter with a certificate wherein the principal’s nomenclature contained a comma. In rare instances, this facilitated a bypass of the verification process, provided the Certificate Authority had issued a credential with multiple comma-separated identities. This subversion was identified by Vladimir Tokarev.

Of particular note is the behavioral metamorphosis of certificates possessing a vacant principals section. Previously, such a certificate functioned as a wildcard, permitting authentication for any user who reposed trust in the issuing authority. Now, an empty section signifies a denial of ingress—a paradigm that is both more predictable and inherently secure.

A pivotal alteration shall also affect those tethered to legacy hardware or archaic software: OpenSSH has excised compatibility with SSH implementations that lack support for rekeying. Communions with such systems shall be severed the moment the transport stratum mandates a key rotation.

Furthermore, the -J and -oProxyJump options now rigorously interrogate usernames and hostnames transmitted via the command line. This measure seeks to preclude shell command injection in scenarios where ProxyJump parameters are dynamically forged from untrusted input. This vulnerability was unmasked by a researcher known by the pseudonym rabbit.

Among the nascent capabilities is the support for IANA codepoints for ssh-agent redirection, adhering to the draft-ietf-sshm-ssh-agent standard, while ssh-keygen has acquired the faculty to record ED25519 keys in PKCS8 format. The ssh interface has been enriched with the ~I escape sequence, which yields granular intelligence regarding the active communion, while multiplexing has gained the conninfo and channels commands for instantaneous diagnostics. Additionally, sshd has introduced an invaliduser penalty, allowing attempts to infiltrate via non-existent identities to be sanctioned more severely than conventional failed authentications.

A series of vexing regressions have also been rectified: the impasse regarding PIN entry for PKCS#11 keys, which surfaced in versions 10.1 and 10.2, has finally been resolved. The architects have also mended crashes in ssh-keygen during the offloading of multiple keys and a potential stagnation during key exchange should the requisite DH parameters be absent from /etc/moduli.

The source archives are currently accessible via the official sanctuary at openssh.com.