Language Selection

English French German Italian Portuguese Spanish

OpenSSH 8.2 was released on 2020-02-14.

Filed under
Security
BSD

It is now possible[1] to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release.

This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.

Read more

Also: DragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance

OpenSSH 8.2 Released With FIDO/U2F Support

  • OpenSSH 8.2 Released With FIDO/U2F Support

    OpenSSH 8.2 is out this Valentine's Day as the leading SSH suite. Besides working to disable the SSH-RSA public key signature algorithm due to SHA1 collision attacks, OpenSSH 8.2 also comes with new features.

    The shiny new feature of OpenSSH 8.2 is support for FIDO/U2F hardware authenticators. FIDO/U2F two-factor authentication hardware can now work with OpenSSH 8.2+, including ssh-keygen can be used to generate a FIDO token backed key. Communication to the hardware token with OpenSSH is managed by a middleware library specified via the SSH/SSHD configuration, including the option for its own built-in middleware for supporting USB tokens.

OpenSSH adds support for FIDO/U2F security keys

New Qt5 and OpenSSH in [Slackware] Current

  • New Qt5 and OpenSSH in [Slackware] Current

    Another big thing happening in -current is the new OpenSSH 8.2 release which will bring some incompatible changes, especially if you are still using ssh-rsa as the algorithm. To test whether your machine is affected, try to run this command in your shell

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

    If you managed to connect using the above command, it means that your OpenSSH software is fine, but if you don't, then it needs to be upgraded.

Corbet at LWN

  • OpenSSH 8.2 released

    OpenSSH 8.2 is out. This release removes support for the ssh-rsa key algorithm, which may disrupt connectivity to older servers; see the announcement for a way to check whether a given server can handle newer, more secure algorithms. Also new in this release is support for FIDO/U2F hardware tokens.

OpenSSH Now Supports FIDO/U2F Security Keys

  • OpenSSH Now Supports FIDO/U2F Security Keys

    OpenSSH is, by far, the single most popular tool for logging into remote servers and desktops. SSH logins are generally considered fairly safe, but not 100%. If you’re not satisfied with the out the box security offered by OpenSSH, you can always opt to go with SSH key authentication. If that’s not enough, there’s always 2 Factor Authentication, which would then require you to enter a PIN generated by an application such as OTPClient or Authy.

    As of OpenSSH 8.2, there’s a newly supported option, FIDO/U2F security keys. What this means is that you can now use 2FA hardware keys (such as the Yubi Key) to authenticate your SSH login attempt.

    2FA is often considered the easiest method of adding an additional layer of security to SSH logins. However, for many, Hardware Keys are considered the single most secure means of preventing hackers from brute-forcing your SSH passwords. To make things easy, the OpenSSH developers have made it possible to generate a FIDO token-backed key using the ssh-keygen command. So anyone used to creating SSH keys shouldn’t have any problem getting up to speed with integrating hardware keys into SSH.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

The Spectre Mitigation Performance Impact On AMD Ryzen 5000 "Zen 3" Processors

For those wondering what the current cost is to the default Spectre mitigation protections on the new AMD Ryzen 5000 series "Zen 3" processors, here are a set of performance tests looking at that overhead with the still relevant mitigations applied by default and then if forcing them off. The Zen 3 mitigation overhead was compared then to similar AMD Zen 2 and Zen+ processors. After looking last week at the odd state of mitigation performance on Intel's new Tiger Lake processors, the attention shifted to looking at the mitigation overhead for the new AMD Zen 3 processors. Thankfully there is less mitigations to worry about with AMD processors but still even with these new processors there is still a measurable difference in affected workloads between mitigations on and off. Also, unlike Tiger Lake and contrary to rumors, the Zen 3 mitigation performance was in the right direction: disabling the mitigations did help boost the performance as is logical, unlike what we saw with Tiger Lake where now disabling the mitigations hurt the overall performance. Read more

Open source predictions for 2021

When I think of open source and 2021, a Saga song comes to mind: "On The Loose." I believe no one can stop open source in the coming year--that's how big it's going to get. That's saying something, given how enterprise businesses already depend on open source technology on a daily basis. The dependency we're currently experiencing is nothing compared to what I predict for the coming year. Of course, it's not just about business, as I have one rather bold prediction for consumers as well. What are these predictions? Let me warm up my crystal ball, dim the lights, drop the needle on some music to create the perfect ambiance, and gaze deep into the waters of the future. Read more

today's howtos

  • How to Install Wiki.js on CentOS 8 - RoseHosting

    Wiki.js is a free and open-source wiki application written in Node.js. It is simple, lightweight, and uses Markdown files to saves all contents. You can save your content directly to the Markdown file and sync it with your Git repository. It offers a rich set of features including, integrated access control, a built-in search engine, and supports external authentication.

  • How to install FreeCAD on Linux Mint 20 - YouTube

    In this video, we are looking at how to install FreeCAD on Linux Mint 20.

  • How to optimize the apt package manager on Debian-based Linux distributions - TechRepublic

    There are a number of ways Linux is superior to other operating systems. Not only is Linux more reliable and stable, it’s more secure and user-friendly (in more areas than you might believe). But above everything else, one of the most amazing things about Linux is it’s flexibility. You’d be hard-pressed to find a distribution of Linux that insists you do it one way and only one way (which is the case with Windows and macOS).

  • Image Noise Reduction By Image Stacking/Blending

    Simply put, it is a way to use multiple photos of an image to reduce the noise in the final image to produce a cleaner and clearer final image. Image Stacking/Blending is not the same as Focus Stacking, which is normally used when taking Macro or Close Up images.

  • Faked Memory Sticks

    There is a big trade in cheaper memory sticks, that is, all types. These include both USB Pen Drives and SDXC and microSDXC (aka TF) types. But there are many others. Some cheaper ones have speed problems, and if that's not a concern, go ahead. But amongst them are a number of Fake Memory drives. Let's just explain what that means. A fake memory drive is a memory drive, it's the details that are faked. It will actually work up to a point. What has been faked is the amount of storage space it holds. Your computer or phone or whatever device using it, relies on information stored at the beginning of the memory to know how much space there is on it. Also held there is the file index system. If someone can overwrite that information, then the drive can return false data to the system about how much space it has.

  • Inkscape Tutorial: Create A Custom Calendar
  • Using Timeshift To Backup & Restore Your PCLinuxOS System

    I recently ran across a post by one of the PCLinuxOS forum members, asking for an article/tutorial on how to use Timeshift, so I decided to give it a go. Now, if you're new to PCLinuxOS or Linux in general, you may be asking yourself, "what is Timeshift?" Well, Timeshift is a package/program written for Linux to create restore points for your operating system, much like the restore point feature in Windows. It allows you to make incremental backups that create exact images of your system, at specific points in time. They can be used to restore your system to the exact state that it was in, at the time when the backup was made. The backups are incremental so they don't need as much hard drive space to store.

  • BPF For Observability: Getting Started Quickly | Linux Journal

    BPF is a powerful component in the Linux kernel and the tools that make use of it are vastly varied and numerous. In this article we examine the general usefulness of BPF and guide you on a path towards taking advantage of BPF’s utility and power. One aspect of BPF, like many technologies, is that at first blush it can appear overwhelming. We seek to remove that feeling and to get you started.

  • Learn how to simplify data protection using Vinchin Backup & Recovery with Oracle Linux Virtualization Manager

    Looking for a reliable backup solution for your Oracle Linux Virtualization Manager deployments? Join us on Wednesday, December 16, for a webinar with Luwen Zhang from Vinchin and Simon Coter from Oracle. Luwen and Simon will discuss how to simplify the data protection process using Vinchin Backup & Recovery with Oracle Linux Virtualization Manager.

Linux: The 7 best distributions for new users

The age-old question has returned, one that divides a certain community faster than a penguin can devour a mouthful of krill. That question? What are the best Linux distributions for new users? When you ask the question of the Linux community, they inevitably answer with the distribution they use. Why wouldn't they? Loyalty has always been set at a fairly high bar with Linux. You find a distribution that's perfect for you, and you want everyone to use it. Thing is, you probably forget that your Linux skills are likely considerably higher than the average user--and especially the new user. Read more