I tested building the openSUSE Tumbleweed package locally with the 20250403 snapshot and doing a live test and it works fine. I then also did try "make tests" on the vanilla snapshot sources and at first they failed to even build but after a quick fix that I've submitted at https://bugzilla.mindrot.org/show_bug.cgi?id=3806 the tests run fine too. Thanks! El mié, 2 abr 2025 a las 0:22, Darren Tucker (<dtucker@xxxxxxxxxxx>) escribió: > Hi all. > > OpenSSH 10.0p1 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is primarily a bugfix > release, although one notable change is the introduction of the sshd-auth > binary (see below). > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable OpenSSH is also available via git using the > instructions at http://www.openssh.com/portable.html#cvs > At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github: > https://github.com/openssh/openssh-portable > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests > > Live testing on suitable non-production systems is also appreciated. > Please send reports of success or failure to > openssh-unix-dev@xxxxxxxxxxx. Security bugs should be reported > directly to openssh@xxxxxxxxxxx. > > Below is a summary of changes. More detail may be found in the ChangeLog > in the portable OpenSSH tarballs. > > Thanks to the many people who contributed to this release. > > Potentially-incompatible changes > -------------------------------- > > * This release removes support for the weak DSA signature > algorithm, completing the deprecation process that began in > 2015 (when DSA was disabled by default) and repeatedly warned > over the the last 12 months. > > * This release has the version number 10.0 and announces itself > as "SSH-2.0-OpenSSH_10.0". Software that naively matches > versions using patterns like "OpenSSH_1*" may be confused by > this. > > * sshd(8): this release removes the code responsible for the > user authentication phase of the protocol from the per- > connection sshd-session binary to a new sshd-auth binary. > Splitting this code into a separate binary ensures that the > crucial pre-authentication attack surface has an entirely > disjoint address space from the code used for the rest of the > connection. It also yields a small runtime memory saving as the > authentication code will be unloaded after the authentication > phase completes. This change should be largely invisible to > users, though some log messages may now come from "sshd-auth" > instead of "sshd-session". Downstream distributors of OpenSSH > will need to package the sshd-auth binary. > > * sshd(8): this release disables finite field (a.k.a modp) > Diffie-Hellman key exchange in sshd by default. Specifically, > this removes the "diffie-hellman-group*" and > "diffie-hellman-group-exchange-*" methods from the default > KEXAlgorithms list. The client is unchanged and continues to > support these methods by default. Finite field Diffie Hellman > is slow and computationally expensive for the same security > level as Elliptic Curve DH or PQ key agreement while offering > no redeeming advantages. ECDH has been specified for the SSH > protocol for 15 years and some form of ECDH has been the default > key exchange in OpenSSH for the last 14 years. > > * sshd(8): this release removes the implicit fallback to compiled- > in groups for Diffie-Hellman Group Exchange KEX when the moduli > file exists but does not contain moduli within the client- > requested range. The fallback behaviour remains for the case > where the moduli file does not exist at all. This allows > administrators more explicit control over which DH groups will > be selected, but can lead to connection failures if the moduli > file is edited incorrectly. bz#2793 > > * sftp(1) and scp(1) will now explicitly not create a ControlMaster mux > connection, since doing so would potentially create one with > options more restrictive than those specified in the config file. > This could lead to later confusion, particularly when used with > ControlMaster=auto. sftp(1) and scp(1) can still use a mux connection, > so ssh(1) can be used to establish one, after which they can use it > as per usual. > > Changes since OpenSSH 9.9 > ========================= > > New features > ------------ > > * ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256 > is now used by default for key agreement. This algorithm is > considered to be safe against attack by quantum computers, > is guaranteed to be no less strong than the popular > curve25519-sha256 algorithm, has been standardised by NIST > and is considerably faster than the previous default. > > * ssh(1): prefer AES-GCM to AES-CTR mode when selecting a cipher > for the connection. The default cipher preference list is now > Chacha20/Poly1305, AES-GCM (128/256) followed by AES-CTR > (128/192/256). > > * ssh(1): add %-token and environment variable expansion to the > ssh_config SetEnv directive. > > * ssh(1): allow %-token and environment variable expansion in > the ssh_config User directive, with the exception of %r and %C > which would be self-referential. bz#3477 > > * ssh(1), sshd(8): add "Match version" support to ssh_config and > sshd_config. Allows matching on the local version of OpenSSH, > e.g. "Match version OpenSSH_10.*". > > * ssh(1): add support for "Match sessiontype" to ssh_config. > Allows matching on the type of session initially requested, > either "shell" for interactive sessions, "exec" for command > execution sessions, "subsystem" for subsystem requests, such as > sftp, or "none" for transport/forwarding-only sessions. > > * ssh(1): add support for "Match command ..." support to > ssh_config, allowing matching on the remote command as specified > on the command-line. > > * ssh(1): allow 'Match tagged ""' and 'Match command ""' to match > empty tag and command values respectively. > > * sshd(8): allow glob(3) patterns to be used in sshd_config > AuthorizedKeysFile and AuthorizedPrincipalsFile directives. > bz2755 > > * sshd(1): support the VersionAddendum in the client, mirroring > the option of the same name in the server; bz2745 > > * ssh-agent(1): the agent will now delete all loaded keys when > signaled with SIGUSR1. This allows deletion of keys without > having access to $SSH_AUTH_SOCK. > > * Portable OpenSSH, ssh-agent(1): support systemd-style socket > activation in ssh-agent using the LISTEN_PID/LISTEN_FDS > mechanism. Activated when these environment variables are set, > the agent is started with the -d or -D option and no socket path > is set. GHPR502 > > * ssh-keygen(1): support FIDO tokens that return no attestation > data, e.g. recent WinHello. GHPR542 > > * ssh-agent(1): add a "-Owebsafe-allow=..." option to allow the > default FIDO application ID allow-list to be overridden. > > * Add a work-in-progress tool to verify FIDO attestation blobs > that ssh-keygen can optionally write when enrolling FIDO keys. > This tool is available under regress/misc/ssh-verify-attestation > for experimentation but is not installed by "make install". > > * ssh-keygen(1): allow "-" as output file for moduli screening. > GHPR393 > > Bugfixes > -------- > > * sshd(8): remove assumption that the sshd_config and any configs > it includes can fit in a (possibly enlarged) socket buffer. > Previously it was possible to create a sufficiently large > configuration that could cause sshd to fail to accept any > connection. sshd(8) will now actively manage sending its config > to the sshd-session sub-process. > > * ssh(1): don't start the ObscureKeystrokeTiming mitigations if > there has been traffic on a X11 forwarding channel recently. > Should fix X11 forwarding performance problems when this setting > is enabled. bz3655 > > * ssh(1): prohibit the comma character in hostnames accepted, but > allow an underscore as the first character in a hostname. > > * sftp(1): set high-water when resuming a "put". Prevents bogus > "server reordered acks" debug message. > > * ssh(1), sshd(8): fix regression in openssh-9.8, which would fail > to accept "Match criteria=argument" as well as the documented > "Match criteria argument" syntax in ssh_config and sshd_config. > bz3739 > > * scp(1), sftp(1): pass "ControlMaster no" to ssh when invoked by > scp & sftp. This disables implicit session creation by these > tools when ControlMaster was set to yes/auto by configuration, > which some users found surprising. This change will not prevent > scp/sftp from using an existing multiplexing session if one had > already been created. GHPR557 > > * sftp(1), ssh(1): fix a number possible NULL dereference bugs, > including Coverity CIDs 405019 and 477813. > > * sshd(8): fix PerSourcePenalty incorrectly using "crash" penalty > when LoginGraceTime was exceeded. bz3797 > > * sshd(8): fix "Match invalid-user" from incorrectly being > activated in initial configuration pass when no other predicates > were present on the match line > > * sshd(8): fix debug logging of user specific delay. GHPR#552 > > * sshd(8): improve debug logging across sub-process boundaries. > Previously some log messages were lost early in the sshd-auth and > sshd-session processes' life. > > * ssh(1): require control-escape character sequences passed via > the '-e ^x' command-line to be exactly two characters long. Avoids > one byte out-of-bounds read if ssh is invoked as "ssh -e^ ..." > GHPR368 > > * ssh(1), sshd(8): prevent integer overflow in x11 port handling. > These are theoretically possible if the admin misconfigured > X11DisplayOffset or the user misconfigures their own $DISPLAY, > but don't happen in normal operation. bz#3730 > > * ssh-keygen(1): don't mess up ssh-keygen -l output when the file > contains CR characters; GHPR236 bz3385. > > * sshd(8): add rate limits to logging of connections dropped by > PerSourcePenalties. Previously these could be noisy in logs. > > * ssh(1): fix argument of "Compression" directive in ssh -G config > dump, which regressed in openssh-9.8. > > * sshd(8): fix a corner-case triggered by UpdateHostKeys when sshd > refuses to accept the signature returned by an agent holding host > keys during the hostkey rotation sub-protocol. This situation > could occur in situations where a PKCS#11 smartcard that lacked > support for particular signature algorithms was used to store > host keys. > > * ssh-keygen(1): when using RSA keys to sign messages with > "ssh-keygen -Y", select the signature algorithm based on the > requested hash algorithm ("-Ohashalg=xxx"). This allows using > something other than the default of rsa-sha2-512, which may not > be supported on all signing backends, e.g. some smartcards only > support SHA256. > > * ssh(1), sshd(8), ssh-keyscan(1): fix ML-KEM768x25519 KEX on > big-endian systems. > > * Many regression and interop test improvements. > > Portability > ----------- > > * All: add support for AWS-LC (AWS libcrypto). bz3784 > > * sshd(8): add wtmpdb support as a Y2038 safe wtmp replacement. > > * sshd(8): add support for locking sshd into memory, enabled with > the --with-linux-memlock-onfault configure flag. > > * Add support for building a standalone sk-libfido2 library, > enabled by --with-security-key-standalone > > * ssh(1), sshd(8), ssh-keyscan(1): include __builtin_popcount > replacement function. for compilers that lack it. > > * All: Check for and replace le32toh, le64toh, htole64 separately. > It appears that at least some versions of endian.h in glibc do > not have the latter two. bz#3794 > > * Remove ancient RHL 6.x config in RPM spec. > > OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de > Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, > Tim Rice and Ben Lindstrom. > > -- > Darren Tucker (dtucker at dtucker.net) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
