Openssh 8.4 P1

Posted on  by



Portable OpenSSH. Contribute to openssh/openssh-portable development by creating an account on GitHub. If you are installing OpenSSH 8.4 on OpenBSD 6.6 or 6.7, you will need one of the following patches: https. /openssh-8.3.tar.gz # patch -p1 ssh # make obj # make cleandir # make depend # make # make install # cp sshconfig sshdconfig /etc/ssh. The main OpenSSH page.

OpenSSH 8.4 is out. The SHA-1 algorithm is deprecated and the 'ssh-rsa'public key signature algorithm will be disabled by default 'in anear-future release.' They note that it is possible to performchosen-prefix attacks against the SHA-1 algorithm for less than USD$50K.
From:Damien Miller <djm-AT-openbsd.org>
To:lwn-AT-lwn.net
Subject:Announce: OpenSSH 8.4 released
Date:Sun, 27 Sep 2020 03:37:07 -0600
Message-ID:<2a5a384b015c8542@openbsd.org>


(Log in to post comments) 8.4

OpenSSH 8.4 released

Posted Sep 29, 2020 5:47 UTC (Tue) by geuder (subscriber, #62854) [Link]

This has been discussed before, but not being a cryptographer I don't remember the details. Was it so that rsa host keys will be disabled, but rsa user keys are still considered safe enough for most of us? Where does the difference (if I remember it correctly) come from?

OpenSSH 8.4 released

Posted Sep 29, 2020 6:33 UTC (Tue) by alspnost (guest, #2763) [Link]

Openssh 8.4 P1 Nothing wrong with RSA itself (provided you're using 2048-bit or longer keys). This is about the specific signature algorithm that uses SHA1 as the hashing component. It's SHA1 that is considered broken, not RSA. So OpenSSH is, in future, only supporting mechanisms that use SHA2 instead.

OpenSSH 8.4 released

Openssh 8.4 P1102w

Posted Sep 29, 2020 7:31 UTC (Tue) by joib (subscriber, #8541) [Link]

Further, as the announcement says, the rsa-sha2-256/512 signature algorithms can use the same rsa keys as the old ssh-rsa signature algorithm. So you don't need to regenerate host nor user keys.

OpenSSH 8.4 released

Posted Sep 29, 2020 7:50 UTC (Tue) by leromarinvit (subscriber, #56850) [Link]

Openssh 8.4 p1 crack
It's sort of confusing (at least to me) that id_rsa.pub contains the prefix 'ssh-rsa' for RSA key pairs. The deprecation of the signature algorithm has been announced a few times, and it gives me pause every time until I remember that, at least AFAIU, this is just about the protocol between client and server, and not about long-lived keys (which would be somewhat annoying to replace).

OpenSSH 8.4 released

Openssh 8.4p1 rpm

Posted Sep 29, 2020 20:18 UTC (Tue) by ballombe (subscriber, #9523) [Link]

OpenSSH 8.4 released

Posted Sep 29, 2020 20:50 UTC (Tue) by leromarinvit (subscriber, #56850) [Link]

Openssh 8.4 P1005

Huh? Of course they're not the same. But the algorithm they're going to disable (because it uses SHA-1) is called 'ssh-rsa'. Am I missing something?Openssh 8.4 p1005

I was just referring to the fact that my (and probably others') id_rsa.pub also starts with 'ssh-rsa AAAAB...'. I'm under the impression that despite using the same name, this is still just the public key and unrelated to the algorithm they're deprecating, thus not requiring me to recreate id_rsa.pub and update authorized_keys on all hosts I want to connect to. Please correct me if I'm wrong!

OpenSSH 8.4 released

Posted Sep 30, 2020 6:12 UTC (Wed) by rudis (subscriber, #130572) [Link]

Yes, you're right. The 'ssh-rsa AAA ...' key string vs. 'ssh-rsa' HostkeyAlgorithms/PubkeyAcceptedKeyTypes value caused quite some confusion. But all existing keys can be used unchanged, only the options need to be updated (or the defaults in future OpenSSH releases).

OpenSSH 8.4 released

Openssh 8.4 P1 Key

Posted Sep 30, 2020 7:18 UTC (Wed) by mkubecek (subscriber, #130791) [Link]

This is an unfortunate historical relic. Originally each key type (asymmetric algorithm) was used with only one hash algorithm so it seemed natural to name key signature algorithm the same as they key types. This is no longer true so that we have 'rsa-sha2-256' or 'rsa-sha2-512' signature algorithms combining key type and hash algorithm but the old names had to stay as they were. And the fact that PubkeyAcceptedKeyTypes directive still has 'KeyTypes' in its name but accepts a list of signature algorithms rather than key types (contrary to what sshd_config(8) says, BtW) only adds to the confusion.