Language Selection

English French German Italian Portuguese Spanish

OpenSSH 8.2 was released on 2020-02-14.

Filed under
Security
BSD

It is now possible[1] to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release.

This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.

Read more

Also: DragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance

OpenSSH 8.2 Released With FIDO/U2F Support

  • OpenSSH 8.2 Released With FIDO/U2F Support

    OpenSSH 8.2 is out this Valentine's Day as the leading SSH suite. Besides working to disable the SSH-RSA public key signature algorithm due to SHA1 collision attacks, OpenSSH 8.2 also comes with new features.

    The shiny new feature of OpenSSH 8.2 is support for FIDO/U2F hardware authenticators. FIDO/U2F two-factor authentication hardware can now work with OpenSSH 8.2+, including ssh-keygen can be used to generate a FIDO token backed key. Communication to the hardware token with OpenSSH is managed by a middleware library specified via the SSH/SSHD configuration, including the option for its own built-in middleware for supporting USB tokens.

OpenSSH adds support for FIDO/U2F security keys

New Qt5 and OpenSSH in [Slackware] Current

  • New Qt5 and OpenSSH in [Slackware] Current

    Another big thing happening in -current is the new OpenSSH 8.2 release which will bring some incompatible changes, especially if you are still using ssh-rsa as the algorithm. To test whether your machine is affected, try to run this command in your shell

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

    If you managed to connect using the above command, it means that your OpenSSH software is fine, but if you don't, then it needs to be upgraded.

Corbet at LWN

  • OpenSSH 8.2 released

    OpenSSH 8.2 is out. This release removes support for the ssh-rsa key algorithm, which may disrupt connectivity to older servers; see the announcement for a way to check whether a given server can handle newer, more secure algorithms. Also new in this release is support for FIDO/U2F hardware tokens.

OpenSSH Now Supports FIDO/U2F Security Keys

  • OpenSSH Now Supports FIDO/U2F Security Keys

    OpenSSH is, by far, the single most popular tool for logging into remote servers and desktops. SSH logins are generally considered fairly safe, but not 100%. If you’re not satisfied with the out the box security offered by OpenSSH, you can always opt to go with SSH key authentication. If that’s not enough, there’s always 2 Factor Authentication, which would then require you to enter a PIN generated by an application such as OTPClient or Authy.

    As of OpenSSH 8.2, there’s a newly supported option, FIDO/U2F security keys. What this means is that you can now use 2FA hardware keys (such as the Yubi Key) to authenticate your SSH login attempt.

    2FA is often considered the easiest method of adding an additional layer of security to SSH logins. However, for many, Hardware Keys are considered the single most secure means of preventing hackers from brute-forcing your SSH passwords. To make things easy, the OpenSSH developers have made it possible to generate a FIDO token-backed key using the ssh-keygen command. So anyone used to creating SSH keys shouldn’t have any problem getting up to speed with integrating hardware keys into SSH.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Rules for product managers at open source companies

Product management is an interesting career. It's immensely rewarding to be the interface between users, business strategy, engineering, and product design. And it's also a highly lucrative career with increasing demand for ambitious and empathetic practitioners. It's also a role with no single path. You might see various certifications and courses emerging to help address the serious skills shortage. The good news is that these are starting to contribute to the talent pipeline, but they struggle to address the wider demands of the role. This is especially the case where roles require direct experience across the enormous range of what it takes to build and ship successful products. Read more

How we decide when to release Fedora

Open source projects can use a variety of different models for deciding when to put out a release. Some projects release on a set schedule. Others decide on what the next release should contain and release whenever that is ready. Some just wake up one day and decide it’s time to release. And other projects go for a rolling release model, avoiding the question entirely. For Fedora, we go with a schedule-based approach. Releasing twice a year means we can give our contributors time to implement large changes while still keeping on the leading edge. Targeting releases for the end of April and the end of October gives everyone predictability: contributors, users, upstreams, and downstreams. But it’s not enough to release whatever’s ready on the scheduled date. We want to make sure that we’re releasing quality software. Over the years, the Fedora community has developed a set of processes to help ensure we can meet both our time and and quality targets. Read more

Raspberry Pi 4: Chronicling the Desktop Experience – Firefox Upgrade – Week 18

This is a weekly blog about the Raspberry Pi 4 (“RPI4”), the latest product in the popular Raspberry Pi range of computers. I’ve previously looked at web browsing on the RPI4 in Week 4 of my blog, recommending Chromium and Vivaldi on this tiny machine. Chromium offers the virtue of official Raspbian support on the RPI4 and it’s published under an open source license. On the other hand, Vivaldi is no-charge proprietary software. Both web browsers earned my recommendation. At the time, I was unable to recommend Firefox because the Raspbian repositories hosted a prehistoric version; version 60.9.0 ESR to be specific. Running a version of a web browser that’s 2 years behind the latest version is totally unacceptable, even from a security standpoint alone. Read more

Zorin OS For Windows Users

Dear former Microsoft users, after Windows 7 (W7) officially discontinued early this year, how about looking at alternative operating system called Zorin OS? Zorin is computer operating system for everybody that is user-friendly and familiar. You can get Zorin gratis and free, you and your family can use without learning much, prepare to live peacefully without virus & antivirus, and you will be happy you can revive old computers with it. This article gives you sights on Zorin from perspective of a W7 user and see if you find it interesting. Enjoy Zorin! Read more