After five months of development, the release of OpenSSH 8.5 is presented along with which the OpenSSH developers recalled the upcoming transfer to the category of obsolete algorithms that use SHA-1 hashes, due to the greater efficiency of collision attacks with a certain prefix (the cost of the collision selection is estimated at about 50 thousand dollars).
In an upcoming release, they plan to disable by default the ability to use the “ssh-rsa” public key digital signature algorithm, which is mentioned in the original RFC for the SSH protocol and is still widely used in practice.
To smooth the transition to new algorithms in OpenSSH 8.5, the UpdateHostKeys setting is enabled by default, allowing clients to automatically switch to more reliable algorithms.
This setting enables a special protocol extension “[email protected]”, which allows the server, after passing authentication, to inform the client of all available host keys. The client can reflect these keys in their ~/.ssh/known_hosts file, which enables organizing host key updates and makes it easy to change keys on the server.
On the other hand, a vulnerability caused by re-freeing an already freed memory area in ssh-agent was fixed. The problem has been apparent since the release of OpenSSH 8.2 and could potentially be exploited if the attacker has access to the ssh agent socket on the local system. To complicate things, only root and the original user have access to the socket. The most likely scenario of an attack is redirecting the agent to an account controlled by the attacker, or to a host where the attacker has root access.
In addition, sshd has added protection against the passing of very large parameters with a user name to the PAM subsystem, which allows to block vulnerabilities in the modules of the PAM (Pluggable Authentication Module) system. For example, the change prevents sshd from being used as a vector to exploit a recently identified root vulnerability in Solaris (CVE-2020-14871).
On the part of the potentially compatibility-breaking changes it is mentioned that ssh and sshd have reworked an experimental key exchange method that is resistant to brute force attacks on a quantum computer.
The method used is based on the NTRU Prime algorithm developed for post-quantum cryptosystems and the X25519 elliptic curve key exchange method.
Of the other changes that stand out:
- In ssh and sshd, the order of advertising supported digital signature algorithms has been changed. The first is now ED25519 instead of ECDSA.
- In ssh and sshd, TOS/DSCP QoS settings for interactive sessions are now set before establishing a TCP connection.
- Ssh and sshd have stopped supporting the [email protected] encryption, which is identical to aes256-cbc and was used before RFC-4253.
- Ssh, by accepting a new host key, ensures that all host names and IP addresses associated with the key are displayed.
- In ssh for FIDO keys, a repeated PIN request is provided in case of a failure in the digital signature operation due to an incorrect PIN and the lack of a PIN request from the user (for example, when it was not possible to obtain correct biometric data and the device manually re-entered the PIN).
- Sshd adds support for additional system calls to the seccomp-bpf-based sandboxing mechanism in Linux.
How to install OpenSSH 8.5 on Linux?
For those who are interested in being able to install this new version of OpenSSH on their systems, for now they will be able to do so by downloading its source code and compiling it on their computers.
This is because the new version has not yet been included in the repositories of the main Linux distributions. To get the source code, you can do it from the following link.
After downloading, now we are going to unzip the package with the following command:
tar -xvf openssh-8.5.tar.gz
Then we enter the directory, prepare and build the executable, to finally install it.
cd openssh-8.5 ./configure --prefix=/opt --sysconfdir=/etc/ssh make make install