- "Update" to openssh 10.2p1:
* No changes for askpass, see main package changelog for
details.
- Build with gcr-4 in Factory and SLE-16/Leap 16 instead of gtk-3
- Update to openssh 10.2p1:
= Future deprecation warning
* A future release of OpenSSH will deprecate support for SHA1
SSHFP records due to weaknesses in the SHA1 hash function.
SHA1 SSHFP DNS records will be ignored and ssh-keygen -r
will generate only SHA256 SSHFP records.
The SHA256 hash algorithm, which has no known weaknesses, has
been supported for SSHFP records since OpenSSH 6.1, released
in 2012.
= Bugfixes
* ssh(1): fix mishandling of terminal connections when
ControlPersist was active that rendered the session unusable.
bz3872
* ssh-keygen(1): fix download of keys from PKCS#11 tokens.
* ssh-keygen(1): fix CA signing operations when the CA key is
held in a ssh-agent(1). bz3877
= Portability
* All: support platforms without mmap(2), e.g. WASM builds such
as https://hterm.org
* All: fix builds on FreeBSD for missing fnctl.h include.
* All: fix builds on MacOS <10.12 Sierra, which lacks
clock_gettime(3)
* sshd(8): don't PAM_RHOST if the remote host is the "UNKNOWN"
placeholder name. Avoids potential hangs in some PAM modules
as they try to resolve it. Note, sshd(8) only uses the
OBS-URL: https://build.opensuse.org/request/show/1311450
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=297
- Update to openssh 10.0p1:
* No changes for askpass, see main package changelog for
details.
- Update to openssh 10.0p1:
= Potentially-incompatible changes
* This release removes support for the weak DSA signature
algorithm, completing the deprecation process that began in
2015 (when DSA was disabled by default) and repeatedly warned
over the last 12 months.
* scp(1), sftp(1): pass "ControlMaster no" to ssh when invoked by
scp & sftp. This disables implicit session creation by these
tools when ControlMaster was set to yes/auto by configuration,
which some users found surprising. This change will not prevent
scp/sftp from using an existing multiplexing session if one had
already been created. GHPR557
* This release has the version number 10.0 and announces itself
as "SSH-2.0-OpenSSH_10.0". Software that naively matches
versions using patterns like "OpenSSH_1*" may be confused by
this.
* sshd(8): this release removes the code responsible for the
user authentication phase of the protocol from the per-
connection sshd-session binary to a new sshd-auth binary.
Splitting this code into a separate binary ensures that the
crucial pre-authentication attack surface has an entirely
disjoint address space from the code used for the rest of the
connection. It also yields a small runtime memory saving as the
authentication code will be unloaded after the authentication
phase completes. This change should be largely invisible to
users, though some log messages may now come from "sshd-auth"
OBS-URL: https://build.opensuse.org/request/show/1268126
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=286
- Update to openssh 9.9p2:
= Security
* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by
default.
* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service
related to the handling of SSH2_MSG_PING packets. This
condition may be mitigated using the existing
PerSourcePenalties feature.
Both vulnerabilities were discovered and demonstrated to be
exploitable by the Qualys Security Advisory team. The openSSH
team thanks them for their detailed review of OpenSSH.
= Bugfixes
* ssh(1), sshd(8): fix regression in Match directive that caused
failures when predicates and their arguments were separated by
'=' characters instead of whitespace (bz3739).
* sshd(8): fix the "Match invalid-user" predicate, which was
matching incorrectly in the initial pass of config evaluation.
* ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key
exchange on big-endian systems.
* Fix a number of build problems on particular operating systems
and configurations.
- Remove patches that are already included in 9.9p2:
* 0001-fix-utmpx-ifdef.patch
* 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch
* 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch
* 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch
OBS-URL: https://build.opensuse.org/request/show/1246611
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=283
- Add patches from upstream:
- To fix a copy&paste oversight in an ifdef :
* 0001-fix-utmpx-ifdef.patch
- To fix a regression introduced when the "Match" criteria
tokenizer was modified since it stopped supporting the
"Match criteria=argument" format:
* 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch
- To fix the previous patch which broke on negated Matches:
* 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch
- To fix the ML-KEM768x25519 kex algorithm on big-endian systems:
* 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch
OBS-URL: https://build.opensuse.org/request/show/1218784
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=279
- Update to openssh 9.9p1:
* No changes for askpass, see main package changelog for
details.
- Update to openssh 9.9p1:
= Future deprecation notice
* OpenSSH plans to remove support for the DSA signature algorithm
in early 2025. This release disables DSA by default at compile
time. DSA, as specified in the SSHv2 protocol, is inherently
weak - being limited to a 160 bit private key and use of the
SHA1 digest. Its estimated security level is only 80 bits
symmetric equivalent.
OpenSSH has disabled DSA keys by default since 2015 but has
retained run-time optional support for them. DSA was the only
mandatory-to-implement algorithm in the SSHv2 RFCs, mostly
because alternative algorithms were encumbered by patents when
the SSHv2 protocol was specified.
This has not been the case for decades at this point and better
algorithms are well supported by all actively-maintained SSH
implementations. We do not consider the costs of maintaining
DSA in OpenSSH to be justified and hope that removing it from
OpenSSH can accelerate its wider deprecation in supporting
cryptography libraries.
= Potentially-incompatible changes
* ssh(1): remove support for pre-authentication compression.
OpenSSH has only supported post-authentication compression in
the server for some years. Compression before authentication
significantly increases the attack surface of SSH servers and
risks creating oracles that reveal information about
information sent during authentication.
OBS-URL: https://build.opensuse.org/request/show/1202729
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=275
- Drop most of openssh-6.6p1-keycat.patch (actually, it was just
commented out). The keycat binary isn't really installed nor
supported, so we can drop it, except for the code that is used
by other SELinux patches, which is what I kept from that patch
(boo#1229072).
- Add patch submitted to upstream to fix RFC4256 implementation
so that keyboard-interactive authentication method can send
instructions and sshd shows them to users even before a prompt
is requested. This fixes MFA push notifications (boo#1229010).
* 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch
OBS-URL: https://build.opensuse.org/request/show/1200272
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=274
- Update to openssh 9.8p1:
* No changes for askpass, see main package changelog for
details.
- Fix a dbus connection leaked in the logind patch that was
missing a sd_bus_unref call (found by Matthias Gerstner):
* logind_set_tty.patch
- Add a patch that fixes a small memory leak when parsing the
subsystem configuration option:
* fix-memleak-in-process_server_config_line_depth.patch
- Update to openssh 9.8p1:
= Security
* 1) Race condition in sshd(8) (bsc#1226642, CVE-2024-6387).
A critical vulnerability in sshd(8) was present in Portable
OpenSSH versions between 8.5p1 and 9.7p1 (inclusive) that may
allow arbitrary code execution with root privileges.
Successful exploitation has been demonstrated on 32-bit
Linux/glibc systems with ASLR. Under lab conditions, the attack
requires on average 6-8 hours of continuous connections up to
the maximum the server will accept. Exploitation on 64-bit
systems is believed to be possible but has not been
demonstrated at this time. It's likely that these attacks will
be improved upon.
Exploitation on non-glibc systems is conceivable but has not
been examined. Systems that lack ASLR or users of downstream
Linux distributions that have modified OpenSSH to disable
per-connection ASLR re-randomisation (yes - this is a thing, no
- we don't understand why) may potentially have an easier path
to exploitation. OpenBSD is not vulnerable.
OBS-URL: https://build.opensuse.org/request/show/1193382
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=272
- Add patch from upstream to fix proxy multiplexing mode:
* 0001-upstream-fix-proxy-multiplexing-mode_-broken-when-keystroke.patch
- Add patch from upstream to restore correctly sigprocmask
* 0001-upstream-correctly-restore-sigprocmask-around-ppoll.patch
- Add patch from upstream to fix a logic error in
ObscureKeystrokeTiming that rendered this feature ineffective,
allowing a passive observer to detect which network packets
contained real keystrokes (bsc#1227318, CVE-2024-39894):
* 0001-upstream-when-sending-ObscureKeystrokeTiming-chaff-packets_.patch
OBS-URL: https://build.opensuse.org/request/show/1185821
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=271
- Add obsoletes for openssh-server-config-rootlogin since that
package existed for a brief period of time during SLE 15 SP6/
Leap 15.6 development but even if it was removed from the
repositories before GM, some users might have it in their
systems from having tried a beta/RC release (boo#1227350).
quoting was present in the user-supplied ssh_config(5) directive
(bsc#1218215, CVE-2023-51385).
OBS-URL: https://build.opensuse.org/request/show/1185775
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=270
- Remove the recommendation for openssh-server-config-rootlogin
from openssh-server. Since the default for that config option
was changed in SLE it's not needed anymore in SLE nor in TW
(boo#1224392).
- Add a warning in %post of openssh-clients, openssh-server and
openssh-server-config-disallow-rootlogin to warn the user if
the /etc/ssh/(ssh_config.d|sshd_config.d) directories are not
being used (bsc#1223486).
OBS-URL: https://build.opensuse.org/request/show/1174779
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=267
- Only for SLE15, restore the patch file removed in
Thu Feb 18 13:54:44 UTC 2021 to restore the previous behaviour
from SP5 of having root password login allowed by default
(fixes bsc#1223486, related to bsc#1173067):
* openssh-7.7p1-allow_root_password_login.patch
- Since the default value for this config option is now set to
permit root to use password logins in SLE15, the
openssh-server-config-rootlogin subpackage isn't useful there so
we now create an openssh-server-config-disallow-rootlogin
subpackage that sets the configuration the other way around
than openssh-server-config-rootlogin.
OBS-URL: https://build.opensuse.org/request/show/1173783
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=266
- Make openssh-server recommend the openssh-server-config-rootlogin
package in SLE in order to keep the same behaviour of previous
SPs where the PermitRootLogin default was set to yes.
- Fix crypto-policies requirement to be set by openssh-server, not
the config-rootlogin subpackage.
- Add back %config(noreplace) tag for more config files that were
already set like this in previous SPs.
OBS-URL: https://build.opensuse.org/request/show/1167038
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=263
- Update to openssh 9.6p1:
* No changes for askpass, see main package changelog for
details.
- Update to openssh 9.6p1:
= Security
* ssh(1), sshd(8): implement protocol extensions to thwart the
so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server
would not be able to detect that messages were deleted.
* ssh-agent(1): when adding PKCS#11-hosted private keys while
specifying destination constraints, if the PKCS#11 token returned
multiple keys then only the first key had the constraints applied.
Use of regular private keys, FIDO tokens and unconstrained keys
are unaffected.
* ssh(1): if an invalid user or hostname that contained shell
metacharacters was passed to ssh(1), and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the
user or hostname via %u, %h or similar expansion token, then
an attacker who could supply arbitrary user/hostnames to ssh(1)
could potentially perform command injection depending on what
quoting was present in the user-supplied ssh_config(5) directive.
= Potentially incompatible changes
* ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
a TCP-like window mechanism that limits the amount of data that
can be sent without acceptance from the peer. In cases where this
OBS-URL: https://build.opensuse.org/request/show/1150500
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=255
- Enhanced SELinux functionality. Added Fedora patches:
* openssh-7.8p1-role-mls.patch
Proper handling of MLS systems and basis for other SELinux
improvements
* openssh-6.6p1-privsep-selinux.patch
Properly set contexts during privilege separation
* openssh-6.6p1-keycat.patch
Add ssh-keycat command to allow retrival of authorized_keys
on MLS setups with polyinstantiation
* openssh-6.6.1p1-selinux-contexts.patch
Additional changes to set the proper context during privilege
separation
* openssh-7.6p1-cleanup-selinux.patch
Various changes and putting the pieces together
For now we don't ship the ssh-keycat command, but we need the patch
for the other SELinux infrastructure
This change fixes issues like bsc#1214788, where the ssh daemon
needs to act on behalf of a user and needs a proper context for this
OBS-URL: https://build.opensuse.org/request/show/1123220
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=252
- Update to openssh 9.3p2
* No changes for askpass, see main package changelog for
details
- Update to openssh 9.3p2 (bsc#1213504, CVE-2023-38408):
Security
========
Fix CVE-2023-38408 - a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote
code execution via a forwarded agent socket if the following
conditions are met:
* Exploitation requires the presence of specific libraries on
the victim system.
* Remote exploitation requires that the agent was forwarded
to an attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an
empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring
an allowlist that contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable
by the Qualys Security Advisory team.
In addition to removing the main precondition for exploitation,
this release removes the ability for remote ssh-agent(1) clients
to load PKCS#11 modules by default (see below).
Potentially-incompatible changes
--------------------------------
* ssh-agent(8): the agent will now refuse requests to load PKCS#11
modules issued by remote clients by default. A flag has been added
to restore the previous behaviour "-Oallow-remote-pkcs11".
Note that ssh-agent(8) depends on the SSH client to identify
requests that are remote. The OpenSSH >=8.9 ssh(1) client does
this, but forwarding access to an agent socket using other tools
may circumvent this restriction.
OBS-URL: https://build.opensuse.org/request/show/1099810
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=249
- Update to openssh 9.3p1
* No changes for askpass, see main package changelog for
details
- Update to openssh 9.3p1:
= Security
* ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
per-hop destination constraints (ssh-add -h ...) added in
OpenSSH 8.9, a logic error prevented the constraints from being
communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and
keys without destination constraints are unaffected. This
problem was reported by Luci Stanescu.
* ssh(1): Portable OpenSSH provides an implementation of the
getrrsetbyname(3) function if the standard library does not
provide it, for use by the VerifyHostKeyDNS feature. A
specifically crafted DNS response could cause this function to
perform an out-of-bounds read of adjacent stack data, but this
condition does not appear to be exploitable beyond denial-of-
service to the ssh(1) client.
The getrrsetbyname(3) replacement is only included if the
system's standard library lacks this function and portable
OpenSSH was not compiled with the ldns library (--with-ldns).
getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to
fetch SSHFP records. This problem was found by the Coverity
static analyzer.
= New features
* ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256
when outputting SSHFP fingerprints to allow algorithm
selection. bz3493
OBS-URL: https://build.opensuse.org/request/show/1087770
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=247
