OpenSSH version 10.2 has officially been released and is now available for download from its official mirrors. This latest release addresses several critical bugs, particularly in how terminal connections are managed when the ControlPersist feature is active, as well as resolving issues related to CA signing operations in the ssh-keygen(1) tool.
One significant change to note is the impending deprecation of SHA1 SSHFP records due to recognized vulnerabilities in the SHA1 hash function. Starting with the next release, these records will be disregarded, and the default behavior of the ssh-keygen -r command will be updated to only generate SHA256 SSHFP records. This move follows the introduction of SHA256 support in OpenSSH 6.1, released in 2012, which is recognized for its security and lack of known weaknesses.
OpenSSH remains a robust solution, providing a comprehensive implementation of the SSH protocol version 2.0, along with strong support for SFTP clients and servers. Its ongoing success can be attributed to a dedicated community that contributes code, reports bugs, tests new features, and supports the project through donations.
The main goal of OpenSSH 10.2 is to deliver a more reliable user experience by fixing bugs that hinder functionality. Specifically, it corrects a critical issue that rendered the ssh(1) command unusable with ControlPersist enabled, alongside other enhancements that improve usability across different platforms.
Key fixes in this version include:
- Addressing terminal connection mishandling in ssh(1) with ControlPersist active.
- Resolving issues related to downloading operations from PKCS#11 tokens in ssh-keygen(1).
- Fixing CA signing operation problems in ssh-keygen(1), especially when using an ssh-agent(1) to store the CA key.
For users interested in checksums, please refer to the following:
- SHA1 (openssh-10.2.tar.gz) = 6fcda8004bad0fb0eaee60e8308f91b605ad0dce
- SHA256 (openssh-10.2.tar.gz) = y0rCEdrVc4OJRZLg0u3F0frAgz87ydeTktCk3rQfVj8=
It is important to note that SHA256 signatures are encoded in base64 rather than hexadecimal, which is typically the default format for most checksum tools.
Users can also obtain the PGP key used for signing releases from the official OpenBSD mirror sites. This release underscores the commitment of the OpenSSH development team to maintain secure and efficient tools for secure communications. With ongoing updates and community support, OpenSSH continues to evolve, ensuring its relevance and reliability in the ever-changing landscape of cybersecurity
One significant change to note is the impending deprecation of SHA1 SSHFP records due to recognized vulnerabilities in the SHA1 hash function. Starting with the next release, these records will be disregarded, and the default behavior of the ssh-keygen -r command will be updated to only generate SHA256 SSHFP records. This move follows the introduction of SHA256 support in OpenSSH 6.1, released in 2012, which is recognized for its security and lack of known weaknesses.
OpenSSH remains a robust solution, providing a comprehensive implementation of the SSH protocol version 2.0, along with strong support for SFTP clients and servers. Its ongoing success can be attributed to a dedicated community that contributes code, reports bugs, tests new features, and supports the project through donations.
The main goal of OpenSSH 10.2 is to deliver a more reliable user experience by fixing bugs that hinder functionality. Specifically, it corrects a critical issue that rendered the ssh(1) command unusable with ControlPersist enabled, alongside other enhancements that improve usability across different platforms.
Key fixes in this version include:
- Addressing terminal connection mishandling in ssh(1) with ControlPersist active.
- Resolving issues related to downloading operations from PKCS#11 tokens in ssh-keygen(1).
- Fixing CA signing operation problems in ssh-keygen(1), especially when using an ssh-agent(1) to store the CA key.
For users interested in checksums, please refer to the following:
- SHA1 (openssh-10.2.tar.gz) = 6fcda8004bad0fb0eaee60e8308f91b605ad0dce
- SHA256 (openssh-10.2.tar.gz) = y0rCEdrVc4OJRZLg0u3F0frAgz87ydeTktCk3rQfVj8=
It is important to note that SHA256 signatures are encoded in base64 rather than hexadecimal, which is typically the default format for most checksum tools.
Users can also obtain the PGP key used for signing releases from the official OpenBSD mirror sites. This release underscores the commitment of the OpenSSH development team to maintain secure and efficient tools for secure communications. With ongoing updates and community support, OpenSSH continues to evolve, ensuring its relevance and reliability in the ever-changing landscape of cybersecurity
OpenSSH 10.2 released
OpenSSH version 10.2 has been released and is now available for download from its official mirrors. The new release includes important fixes, such as correcting terminal connection handling when ControlPersist is active and resolving issues with CA signing operations in ssh-keygen(1). Additionally, due to known flaws in the SHA1 hash function, SHA1 SSHFP records will be deprecated starting from the next release, with a default change in ssh-keygen -r to only create SHA256 SSHFP records.
