Language Selection

English French German Italian Portuguese Spanish

Announce: OpenSSH 8.4 released

Filed under
Security
BSD

It is now possible[1] to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm by default in a near-future release.

This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.

The better alternatives include: [...]

Read more

OpenSSH 8.4 Brings Better Support For FIDO/2FA Keys

  • OpenSSH 8.4 Brings Better Support For FIDO/2FA Keys

    Version 8.4 of OpenSSH has been released and among its wide assortment of changes is a lot of continued work on FIDO/2FA key handling.

    For those with a FIDO key like the YubiKey or Google Titan Security Key for handling two-factor authentication, OpenSSH 8.4 has better support in place. OpenSSH 8.4 now supports FIDO keys that require a PIN code to be entered for each use, SSHD now supports a "verify-required" option to require FIDO signatures assert the token be verified, SSH-Keygen now supports the FIDO 2.1 credProtect extension, support for verifying FIDO WebAuthn signatures, better support for multiple attached FIDO tokens, and many other fixes.

LWN on OpenSSH 8.4

  • OpenSSH 8.4 released

    OpenSSH 8.4 is out. The SHA-1 algorithm is deprecated and the "ssh-rsa" public key signature algorithm will be disabled by default "in a near-future release." They note that it is possible to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Tails 4.12 is out

This release fixes many security vulnerabilities. You should upgrade as soon as possible. Read more

Android Leftovers

KD Chart 2.7.2 released!

KDAB has released KD Chart 2.7.2, the final release in the KD Chart 2.7 series. This is a very minor release; however, it’s significant in that it may be the final release of KD Chart that will support Qt 4. KD Chart is a comprehensive business charting package with many different chart types and a large number of customization options. We are constantly improving the package, and have been doing so for years. Read more

Microsoft Edge for Linux is Here - First Look

Microsoft announced the Edge for Linux today as developer preview and it is immediately available for download as .deb and .rpm builds. And Edge for Linux looks great and feels like super fast. Read more