
OpenSSH 6.5 Released - moonboots
http://www.openssh.org/txt/release-6.5
======
jaryd
The following two things are highlights for me:

    
    
      * ssh(1): Add a ssh_config(5) "Match" keyword that allows
       conditional configuration to be applied by matching on hostname,
       user and result of arbitrary commands.
    
     * ssh(1): Add support for client-side hostname canonicalisation
       using a set of DNS suffixes and rules in ssh_config(5). This
       allows unqualified names to be canonicalised to fully-qualified
       domain names to eliminate ambiguity when looking up keys in
       known_hosts or checking host certificate names.

~~~
newman314
I would still like to see an easy way to switch between a gateway ssh host and
going direct depending on location/IP.

If I'm home, I want to be able to ssh to the gateway machine automatically and
when I'm at work, go direct.

Obviously, this can be fixed with a shell script but it's hacky.

~~~
stormbrew
The Match keyword does allow you to configure based on your local address, so
on first glance it would seem like it would allow you to do this, but for some
reason ProxyCommand is not on the list of whitelisted keywords acceptable in a
Match block. :/ That's really a shame.

------
sneak
Bold move, defaulting to Curve25519 ECDH.

I'm not saying DH/DLP is broken, but the NSA declines to include non-EC DH (or
RSA, for that matter) in their Suite B of algorithms approved for internal
applications. It's nice to have the option of ECDH for day to day use.

[http://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography](http://en.wikipedia.org/wiki/NSA_Suite_B_Cryptography)

~~~
m0nastic
Aside from any security implications for EC, there's also a lot of practical
benefits around the reduced sizes necessary.

We made a Suite B implementation for TPM's (where smaller key sizes are very
very important).

------
mcpherrinm
* Add a new private key format that uses a bcrypt KDF to better protect keys at rest.

This is pretty important to me: Keys are much less of a hazard if taken off a
stolen laptop/disk.

~~~
MichaelGG
Shouldn't your laptop/disks be fully encrypted anyways? It's good to have a
strong KDF, but the stolen laptop threat should be already covered, I'd hope.

~~~
mcpherrinm
True, but what if it's stolen while the laptop is turned on and the disk keys
are in memory? I rarely shut my laptop off, and while I may be a little overly
paranoid, it is certainly possible for a local attacker to gain memory bus
access and read out disk encryption keys.

Multiple layers of security are always good!

------
XorNot
OpenSSH-HPN's patchset really needs to be merged into the mainline. There's no
excuse for not at least incorporating dynamic window scaling into the core
protocol since it's such a ridiculous omission at this point.

~~~
jaryd
[http://www.psc.edu/index.php/hpn-ssh](http://www.psc.edu/index.php/hpn-ssh)
(for the uninitiated)

~~~
midas007
Is there a patch for 6.4p1/6.5p1 or does 6.1p1 work?

------
sneak
Wonderful to see them using a modern, time-hard KDF finally.

One wonders where the kickstarter to get a proper time- and memory- hard KDF
patched into GnuPG is? It's not even really that much of a compatibility
issue, either (unless you are sharing private key files between many
machines)...

You'd really think the tinfoil-hat paranoids that (until Snowden) comprise(d)
the bulk of the pgp userbase would care about the keys used to keep their log-
term keys on disk private. I was flabbergasted to see the (relatively) tiny
number of iterations in use in the GnuPG kdf.

~~~
papaf
I forgot my PGP passphrase and can no longer sign Java packages in the
Sonatype maven repository. This is not a big deal for me but I did try to
recover my passphrase.

I got an extension to John the Ripper that supports Gnu PGP keys and built a
dictionary of permutations of words that I think I could have used in the
passphrase.

I got nowhere. In this case, a passphrase > 20 characters was unbreakable to
someone with modest computing power and an appropriate dictionary.

Edit: I did not save a revoke certificate because the Sonatype instructions
did not include this step.

~~~
willvarfar
How far you get as a private effort is not really characterizing the threat;
the threat is a determined attacker with AMD GPUs by the dozen. And while it
is easy to discount state-sized efforts as being uninterested in signing your
Java packages, the real threat are the hobbyists and criminally minded pros
who really do have rigs and really do brag about how they do go attack the
long lists of hashed passwords that often turn up after website breaches.

Please use bcrypt on your new key, the one you will be writing down the
password to ;)

~~~
icebraining
Even those who don't have such rigs can just rent them from, for example,
Moxie Marlinspike's Cloud Cracker:
[https://www.cloudcracker.com/](https://www.cloudcracker.com/)

------
cm3
More than a few people requested Github and Bitbucket to support more than RSA
keys but they've both ignored the request for ECDSA for the last few years.
The changes in 6.5 should inspire them to skip ECDSA and add Ed25519 as an
option. Please Github and Bitbucket do everyone a favor and support modern
keys. Next step is to save cpu cycles by using Curve25519 when available in
the client. It's illogical not to.

------
mct
I'm very happy to see djb's crypto work being supported in openssh!

Does anyone know offhand why ChaCha was chosen instead of XSalsa20, which is
used in NaCl?

~~~
arnehormann
ChaCha is a little faster and apparently a little more secure. Dig through
[http://www.ietf.org/mail-
archive/web/tls/current/msg10843.ht...](http://www.ietf.org/mail-
archive/web/tls/current/msg10843.html) for reference.

EDIT found a better one: [http://www.ietf.org/mail-
archive/web/tls/current/msg10630.ht...](http://www.ietf.org/mail-
archive/web/tls/current/msg10630.html)

------
ballard
Brew formula for mac

[https://gist.github.com/8266138](https://gist.github.com/8266138)

~~~
akerl_
Awesome! Any chance the keychain patches can be applied against this?

~~~
ballard
Ported care of Debian patches and apple open source:

[https://github.com/steakknife/openssh/tree/apple-osx-
openssh...](https://github.com/steakknife/openssh/tree/apple-osx-openssh-
portable)

Update: it doesn't build yet, minor patch issue will fix tomrw.

Update 2: Fixed building, no warranty.

I'll refactor into patches, will be much simpler to validate.

~~~
ballard
As an update, I've started with clean patches from sources so it's all in a
git repo instead of spread out in brew files and gists.

[http://github.com/steakknife/openssh](http://github.com/steakknife/openssh)

------
justincormack
it also has:

* sshd(8): Add support for pre-authentication sandboxing using the Capsicum API introduced in FreeBSD 10.

Capsicum is a nice way to drop privs that shipped in FreeBSD 10 and is also
being worked on for Linux.

------
newman314
Given that Ubuntu 14.04 is not released yet, it would be great to see this in
a LTS release...

