Language Selection

English French German Italian Portuguese Spanish

OpenSSH 8.2 was released on 2020-02-14.

Filed under
Security
BSD

It is now possible[1] to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release.

This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.

Read more

Also: DragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance

OpenSSH 8.2 Released With FIDO/U2F Support

  • OpenSSH 8.2 Released With FIDO/U2F Support

    OpenSSH 8.2 is out this Valentine's Day as the leading SSH suite. Besides working to disable the SSH-RSA public key signature algorithm due to SHA1 collision attacks, OpenSSH 8.2 also comes with new features.

    The shiny new feature of OpenSSH 8.2 is support for FIDO/U2F hardware authenticators. FIDO/U2F two-factor authentication hardware can now work with OpenSSH 8.2+, including ssh-keygen can be used to generate a FIDO token backed key. Communication to the hardware token with OpenSSH is managed by a middleware library specified via the SSH/SSHD configuration, including the option for its own built-in middleware for supporting USB tokens.

OpenSSH adds support for FIDO/U2F security keys

New Qt5 and OpenSSH in [Slackware] Current

  • New Qt5 and OpenSSH in [Slackware] Current

    Another big thing happening in -current is the new OpenSSH 8.2 release which will bring some incompatible changes, especially if you are still using ssh-rsa as the algorithm. To test whether your machine is affected, try to run this command in your shell

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

    If you managed to connect using the above command, it means that your OpenSSH software is fine, but if you don't, then it needs to be upgraded.

Corbet at LWN

  • OpenSSH 8.2 released

    OpenSSH 8.2 is out. This release removes support for the ssh-rsa key algorithm, which may disrupt connectivity to older servers; see the announcement for a way to check whether a given server can handle newer, more secure algorithms. Also new in this release is support for FIDO/U2F hardware tokens.

OpenSSH Now Supports FIDO/U2F Security Keys

  • OpenSSH Now Supports FIDO/U2F Security Keys

    OpenSSH is, by far, the single most popular tool for logging into remote servers and desktops. SSH logins are generally considered fairly safe, but not 100%. If you’re not satisfied with the out the box security offered by OpenSSH, you can always opt to go with SSH key authentication. If that’s not enough, there’s always 2 Factor Authentication, which would then require you to enter a PIN generated by an application such as OTPClient or Authy.

    As of OpenSSH 8.2, there’s a newly supported option, FIDO/U2F security keys. What this means is that you can now use 2FA hardware keys (such as the Yubi Key) to authenticate your SSH login attempt.

    2FA is often considered the easiest method of adding an additional layer of security to SSH logins. However, for many, Hardware Keys are considered the single most secure means of preventing hackers from brute-forcing your SSH passwords. To make things easy, the OpenSSH developers have made it possible to generate a FIDO token-backed key using the ssh-keygen command. So anyone used to creating SSH keys shouldn’t have any problem getting up to speed with integrating hardware keys into SSH.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Android Leftovers

Is open source software licensing broken?

Practices and expectations that one may have developed in working with conventional software licensing may lead to frustration when confronting open source software. The modest request, "Please, just show me the license" may be met with an unsatisfying response. While sometimes the response is very simple, often, the license information for open source software is more complicated and does not match the expectations set by conventional software licensing. What's up? Is open source software licensing broken? No. Differences, not just in the type of license terms, but in how the software is developed, lead to differences in how software license information is conveyed. In part, this results from tradeoffs between lawyer convenience and developer convenience. Read more

MauiKit Aims to Bring Apps That Can Run on Linux and Android

Creating the same apps and software for different platforms is not an easy task for the developers. To make an app run on desktops, developers need to write a source code. However, to make the same app run on mobile devices, the developers have to write a different source code. With the new MauiKit, developers would be able to build convergent apps, that can run on both platforms with the same source code. Read more

Games: Steam on Focal Fossa, osu! Comes to GNU/Linux

  • Canonical need a little testing hand for a newer Steam package on Ubuntu 20.04

    With Ubuntu 20.04 "Focal Fossa" being released in the next few months, the team over at Canonical are looking for a little help testing their updated Steam package. To be clear, this is only for the 20.04 release, they're not looking for feedback for earlier versions of Ubuntu. It's not a drastic change to the Steam package with it pulling in an update from Debian, but this newer build does have updated udev rules for some devices. Canonical also did some of their own tweaks for NVIDIA due to the differences between Ubuntu and Debian. You will need to use a temporary PPA which will be removed when the test is over, found over here. They need people to try clean installs without any Steam, upgrading from an existing Steam install and purge removals of the steam package. Additionally, testing with a Steam Controller and supported VR devices would help them too.

  • Popular free rhythm game 'osu!' now provides a Linux build with releases

    osu!, going under the current development name of osu!lazer is a very popular free rhythm game and they're now doing official builds for Linux gamers. It's actually inspired by an older game called Osu! Tatakae! Ouendan, which was released in 2005 for the Nintendo DS. osu! was originally only available for Windows, then ported to macOS and eventually they started work on osu!lazer as an open source remake of the original client to eventually replace it. There's been various unofficial builds out there, since it's open source and up on GitHub but they're now making Linux a bit more official.