OpenSSH 10.8 Security Update: Removed weak DSA/limited DH, fixed X11 integer overflow

Version Information: OpenSSH 10.8 was released on 2022-04-09, available from https://www.openssh.com/. Security Updates: - Removed support for weak DSA signature algorithms, completing the deprecation process started in OpenSSH 7.0. - Disabled implicit session creation via sshfs or sftp triggering “ControlMaster no” to ssh, preventing unintended user behavior. - Removed the sshd-session binary code from sshd used for handling connections, reducing the attack surface. - Default disabled finite field Diffie-Hellman key exchange methods, switching to more secure elliptic curve Diffie-Hellman methods. - Removed implicit fallback to compile-time default Moduli file behavior, enhancing security. New Features: - Added support for hybrid post-quantum algorithm mikeN76x25519-sha256, increasing resistance against quantum computer attacks. - Prioritized AES-GCM and AES-CTR cipher modes when selecting connection ciphers. - Added support for “Match version” in .ssh/config, allowing configuration based on local OpenSSH version. - Added support for “Match sessiontype” in .ssh/config, distinguishing between interactive, command execution, subsystem, etc. session types. - Enabled %t and %v variable expansion in .ssh/config and sshd_config, excluding 'r' and 'u' to avoid self-reference errors. - Added support for “Match command ...” in .ssh/config, matching commands specified on the command line. - Added global support for “Match tag” and “Match command” tags in .ssh/config. - ssh-keygen(1) now supports returning FIDO tokens without authentication data. - ssh-agent(1) added “-Owebauthn-allow=” option to override default FIDO2 application ID allow list. - Added a working tool to validate FIDO authentication blocks, ensuring they originate from trusted FIDO keys. now allows “--” as a module to filter output files. Bug Fixes: - Fixed issue where DisableForwarding failed to properly disable X11 forwarding and agent forwarding. - Fixed issue where ObscureKeyStrokesTiming mitigation was triggered when recent X11 forwarding channel traffic existed. - Fixed issue accepting underscores as the first character in hostnames. - Fixed issue setting high-water mark during “put” recovery, preventing deadlocks. - Fixed issue handling empty strings in .ssh/config and any configuration sources. - Fixed incorrect use of “crash” penalty when LoginsGraceTime expired. - Fixed incorrect activation of PermitEmptyPasswords during initial configuration pass. - Fixed user-specific delay debug logging issue. - Improved debug logging across subprocess boundaries. - Required control escape character sequences passed via -e “-x” command line to be exactly two characters long. - Prevented integer overflow in X11 port forwarding. - Avoided corrupting ssh-keygen -L output when signing messages with RSA keys. - Added rate limiting to logging for connections dropped by PerSourceMaxTries. - Fixed parameters for “compression” directive in .ssh/config. - Fixed corner case triggered when ssh client attempts to accept a signature provided by an agent holding the host key. - Fixed ssh-keygen(1) when built-in support for specific signature algorithms was used to store keys. - Fixed ssh-keygen(1) when requested signature algorithm differs from default or rsa-sha2-512, but is supported by all signature backends.

Goal Reached Thanks to every supporter — we hit 100%!

OpenSSH 10.8 Security Update: Removed weak DSA/limited DH, fixed X11 integer overflow