OpenSSH 9.0 released: free SSH protocol suite
OpenSSH is a free SSH protocol suite providing encryption for network services like remote login or remote file transfers.
The following is a list of OpenSSH features:
- Completely open source project with free licensingThe OpenSSH source code is available free to everyone via the Internet. This encourages code reuse and code auditing. Code review ensures the bugs can be found and corrected by anyone. This results in secure code. OpenSSH is not covered by any restrictive license. It can be used for any and all purposes, and that explicitly includes commercial use. The license is included in the distribution. We feel that the world would be better if routers, network appliances, operating systems, and all other network devices had ssh integrated into them. All components of a restrictive nature (i.e. patents) have been removed from the source code. Any licensed or patented components are chosen from external libraries (e.g. LibreSSL).
- Strong cryptography (AES, ChaCha20, RSA, ECDSA, Ed25519…)Encryption is started before authentication, and no passwords or other information is transmitted in the clear. Encryption is also used to protect against spoofed packets. A number of different ciphers and key types are available, and legacy options are usually phased out in a reasonable amount of time.
- X11 forwarding (which also encrypts X Window System traffic)X11 forwarding allows the encryption of remote X windows traffic, so that nobody can snoop on your remote xterms or insert malicious commands. The program automatically sets DISPLAY on the server machine, and forwards any X11 connections over the secure channel. Fake Xauthority information is automatically generated and forwarded to the remote machine; the local client automatically examines incoming X11 connections and replaces the fake authorization data with the real data (never telling the remote machine the real information).
- Port forwarding (encrypted channels for legacy protocols)Port forwarding allows forwarding of TCP/IP connections to a remote machine over an encrypted channel. Insecure internet applications like POP can be secured with this.
- Strong authentication (public keys, one-time passwords)Strong authentication protects against several security problems: IP spoofing, fakes routes and DNS spoofing. Some authentication methods include public key authentication, one-time passwords with s/key and authentication using Kerberos (only in -portable).
- Agent forwardingAn authentication agent, running in the user’s laptop or local workstation, can be used to hold the user’s authentication keys. OpenSSH automatically forwards the connection to the authentication agent over any connections, and there is no need to store the authentication keys on any machine in the network (except the user’s own local machine). The authentication protocols never reveal the keys; they can only be used to verify that the user’s agent has a certain key. Eventually the agent could rely on a smart card to perform all authentication computations.
- InteroperabilityInteroperability between implementations is a goal, but not a promise. As OpenSSH development progresses, older protocols, ciphers, key types and other options that have known weaknesses are routinely disabled. Some examples can be found on the legacy page.
- SFTP client and server support.Complete SFTP support is included, using the sftp(1) command as a client and sftp-server(8) subsystem as a server.
- Optional data compressionData compression before encryption improves the performance for slow network links.
Changelog v9.0
New features ------------ * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key exchange method by default ("sntrup761x25519-sha512@openssh.com"). The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be discovered in the future. The combination ensures that the hybrid exchange offers at least as good security as the status quo. We are making this change now (i.e. ahead of cryptographically- relevant quantum computers) to prevent "capture now, decrypt later" attacks where an adversary who can record and store SSH session ciphertext would be able to decrypt it once a sufficiently advanced quantum computer is available. * sftp-server(8): support the "copy-data" extension to allow server- side copying of files/data, following the design in draft-ietf-secsh-filexfer-extensions-00. bz2948 * sftp(1): add a "cp" command to allow the sftp client to perform server-side file copies. Bugfixes -------- * ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output fd closes without data in the channel buffer. bz3405 and bz3411 * sshd(8): pack pollfd array in server listen/accept loop. Could cause the server to hang/spin when MaxStartups > RLIMIT_NOFILE * ssh-keygen(1): avoid NULL deref via the find-principals and check-novalidate operations. bz3409 and GHPR307 respectively. * scp(1): fix a memory leak in argument processing. bz3404 * sshd(8): don't try to resolve ListenAddress directives in the sshd re-exec path. They are unused after re-exec and parsing errors (possible for example if the host's network configuration changed) could prevent connections from being accepted. * sshd(8): when refusing a public key authentication request from a client for using an unapproved or unsupported signature algorithm include the algorithm name in the log message to make debugging easier. Portability ----------- * sshd(8): refactor platform-specific locked account check, fixing an incorrect free() on platforms with both libiaf and shadow passwords (probably only Unixware) GHPR284, * ssh(1), sshd(8): Fix possible integer underflow in scan_scaled(3) parsing of K/M/G/etc quantities. bz#3401. * sshd(8): provide killpg implementation (mostly for Tandem NonStop) GHPR301. * Check for missing ftruncate prototype. GHPR301 * sshd(8): default to not using sandbox when cross compiling. On most systems poll(2) does not work when the number of FDs is reduced with setrlimit, so assume it doesn't when cross compiling and we can't run the test. bz#3398. * sshd(8): allow ppoll_time64 in seccomp sandbox. Should fix sandbox violations on some (at least i386 and armhf) 32bit Linux platforms. bz#3396. * Improve detection of -fzero-call-used-regs=all support in configure script.
