Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSH 7.0 Released

Posted by Soulskill on from the onward-and-upward dept.

An anonymous reader writes: Today the OpenSSH project maintainers announced the release of version 7.0. This release is focusing on deprecating weak and unsafe cryptographic methods, though some of the work won't be complete until 7.1. This release removes support for the following: the legacy SSH v1 protocol, the 1024-bit diffie-hellman-group1-sha1 key exchange, ssh-dss, ssh-dss-cert-* host and user keys, and legacy v00 cert format. There were also several bug fixes, security tweaks, and new features. In the next release, they plan to retire more legacy cryptography. This includes refusing RSA keys smaller than 1024 bits, disabling MD5-based HMAC algorithms, and disabling these ciphers: blowfish-cbc, cast128-cbc, all arcfour variants and the rijndael-cbc aliases for AES.

10 of 75 comments (clear)

  1. none cipher? by Anonymous Coward · · Score: 5, Interesting

    I hope they add a "none" cipher.

    I use ssh for X11 forwarding and encryption really slows it down. Currently I'm using arcfour because it's the fastest one. But TFS says that's going away in 7.1. Guess it's time to look for a patch.

    No, I don't want encryption between these machines. I would run "xhost +", but setting $DISPLAY after a script remotely logs in is ugly. " ssh -Y" makes it so much easier, cleaner, and more likely to be correct.

    1. Re:none cipher? by bill_mcgonigle · · Score: 4, Interesting

      Are you running old hardware? I've switched over to "-c aes128-ctr" for the best speed/security/compatibility compromise, but I have hardware AES. I get about a gigabit between vm's.

      ssh -c aes128-ctr -o Compression=no hostname cat /dev/zero |pv | cat > /dev/null

      on Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    2. Re:none cipher? by hankwang · · Score: 4, Interesting

      in 2015 you must be running unbelievably shitty old hardware to even notice any slowdown any more with the best ciphers.

      Does running rsync on an Android phone or a low-end NAS qualify? I prefer to keep my backups local rather than in the cloud. I've said it before: The weaknesses in RC4/arcfour are all about leaking key information in the first 256 or maybe 512 bytes of cipher stream, because that's how long it takes to scramble the internal state. SSH always discards the first 1.5 kiB, so it's not vulnerable to this kind of attack. Why deprecate it?

      --
      Avantslash: low-bandwidth mobile slashdot.
    3. Re:none cipher? by arglebargle_xiv · · Score: 2

      I patched 'none' encryption into openssh many years ago

      We assume the fruit basket and flowers arrived OK?

      Love,
      The NSA.

  2. Watch out for old hardware by thogard · · Score: 2

    If you have old SSH1 only type devices (like old switches and routers), you might not be able to talk to them anymore after this update. You might want to keep a version of 6.6 around as ssh1 to talk to the old stuff that can't be upgraded to newer stuff.

    1. Re:Watch out for old hardware by Noryungi · · Score: 4, Informative

      If you have old SSH1 only type devices (like old switches and routers), you might not be able to talk to them anymore after this update. You might want to keep a version of 6.6 around as ssh1 to talk to the old stuff that can't be upgraded to newer stuff.

      OK, here is a hint for you: SSH v1 is a compile option.

      Simply enter: ./configure --with-ssh1 ; make ; sudo make install and you will have the latest version of OpenSSH, with SSH v1 baked in.

      Add a couple of options to your personal ~/.ssh/config (you do have a personal SSH config, right?) for these obsolete hosts, or simply add -1 to your ssh command and you are good to go.

      There... That was not so hard now, was it?

      --
      The right to offend is far more important than the right not to be offended. (Rowan Atkinson)
    2. Re:Watch out for old hardware by arglebargle_xiv · · Score: 3, Funny

      Damn you, OpenSSH devs! Damn you all to heck!!!

      Is heck the place people go who don't believe in gosh?

  3. Re:NSA responds by jonwil · · Score: 4, Informative

    RSA the algorithm isn't insecure if you use a big enough key. RSA the company may have released some weak products (at the request of the NSA or otherwise) but nothing they did affects the security of RSA the algorithm or the implementation of RSA that is in OpenSSH.

  4. Re:NSA responds by petermgreen · · Score: 2

    The problem is "big enough key", how big is big enough? best estimate seems to be that 4096 bit is fine for the forseeable future but noone really knows because noone can predict how integer factorisation algorithms will progress.

    When RSA was developed it was thought that 1024 bit keys would be secure essentially forever. Unfortunately the combination of advancements in integer factorisation techniques and advancements in computing power have brought factoring a 1024 bit key into the range of computationally feasible (though very expensive). Furthermore that is based on what is publically known, it's not beyond the realms of possibility that the spooks know techiquest that the public doesn't.

    Unfortunately 1024 bit keys were the standard size for years and so are extremely common. Getting rid of them is going to involve quite a bit of pain. It's telling that openssh only plan to refuse keys smaller than 1024 bit, not keys that are exactly 1024 bit.

    --
    note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
  5. blowfish-cbc ! by 0xdeaddead · · Score: 2

    i remembered when blowfish was the darling of OpenBSD.