Language Selection

English French German Italian Portuguese Spanish

OpenSSH 8.2 was released on 2020-02-14.

Filed under
Security
BSD

It is now possible[1] to perform chosen-prefix attacks against the SHA-1 hash algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm that depends on SHA-1 by default in a near-future release.

This algorithm is unfortunately still used widely despite the existence of better alternatives, being the only remaining public key signature algorithm specified by the original SSH RFCs.

Read more

Also: DragonFlyBSD Improves Its TMPFS Implementation For Better Throughput Performance

OpenSSH 8.2 Released With FIDO/U2F Support

  • OpenSSH 8.2 Released With FIDO/U2F Support

    OpenSSH 8.2 is out this Valentine's Day as the leading SSH suite. Besides working to disable the SSH-RSA public key signature algorithm due to SHA1 collision attacks, OpenSSH 8.2 also comes with new features.

    The shiny new feature of OpenSSH 8.2 is support for FIDO/U2F hardware authenticators. FIDO/U2F two-factor authentication hardware can now work with OpenSSH 8.2+, including ssh-keygen can be used to generate a FIDO token backed key. Communication to the hardware token with OpenSSH is managed by a middleware library specified via the SSH/SSHD configuration, including the option for its own built-in middleware for supporting USB tokens.

OpenSSH adds support for FIDO/U2F security keys

New Qt5 and OpenSSH in [Slackware] Current

  • New Qt5 and OpenSSH in [Slackware] Current

    Another big thing happening in -current is the new OpenSSH 8.2 release which will bring some incompatible changes, especially if you are still using ssh-rsa as the algorithm. To test whether your machine is affected, try to run this command in your shell

    ssh -oHostKeyAlgorithms=-ssh-rsa user@host

    If you managed to connect using the above command, it means that your OpenSSH software is fine, but if you don't, then it needs to be upgraded.

Corbet at LWN

  • OpenSSH 8.2 released

    OpenSSH 8.2 is out. This release removes support for the ssh-rsa key algorithm, which may disrupt connectivity to older servers; see the announcement for a way to check whether a given server can handle newer, more secure algorithms. Also new in this release is support for FIDO/U2F hardware tokens.

OpenSSH Now Supports FIDO/U2F Security Keys

  • OpenSSH Now Supports FIDO/U2F Security Keys

    OpenSSH is, by far, the single most popular tool for logging into remote servers and desktops. SSH logins are generally considered fairly safe, but not 100%. If you’re not satisfied with the out the box security offered by OpenSSH, you can always opt to go with SSH key authentication. If that’s not enough, there’s always 2 Factor Authentication, which would then require you to enter a PIN generated by an application such as OTPClient or Authy.

    As of OpenSSH 8.2, there’s a newly supported option, FIDO/U2F security keys. What this means is that you can now use 2FA hardware keys (such as the Yubi Key) to authenticate your SSH login attempt.

    2FA is often considered the easiest method of adding an additional layer of security to SSH logins. However, for many, Hardware Keys are considered the single most secure means of preventing hackers from brute-forcing your SSH passwords. To make things easy, the OpenSSH developers have made it possible to generate a FIDO token-backed key using the ssh-keygen command. So anyone used to creating SSH keys shouldn’t have any problem getting up to speed with integrating hardware keys into SSH.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Obarun – An Arch Based Linux Distro Without Systemd

Today’s Linux distribution review is not just for distro hoppers who love to try something new but it’s for people who have a specific purpose such as a Linux system without systemd. Systemd, as we all know, has always been criticized by a lot of developers and Linux users. Obarun is packed with enough utilities to install & start a vanilla Arch Linux without any trouble. I have written an article on how to install Arch step by step and it is a long article. But Obarun does the Arch installation in a very simple way. It comes with obarun-installer, a script that helps install Arch as easily as possible. Read more

40 Practical and Useful awk Command in Linux and BSD

AWK is a powerful data-driven programming language that dates its origin back to the early days of Unix. It was initially developed for writing ‘one-liner’ programs but has since evolved into a full-fledged programming language. AWK gets its name from the initials of its authors – Aho, Weinberger, and Kernighan. The awk command in Linux and other Unix systems invokes the interpreter that runs AWK scripts. Several implementations of awk exist in recent systems such as gawk (GNU awk), mawk (Minimal awk), and nawk (New awk), among others. Check out the below examples if you want to master awk. Read more

Android Leftovers

Behind Plasma Bigscreen

Plasma has been designed from the get go (2006 or so.. it seems at least 2 eternities agoto not make any assumptions on the type of device and to do a clear separation between the core technology/runtime and the various GUI plugins that end up implementing a full desktop experience. In an architecture decision informed by previous prototypes we did in KDE4 times for mobile devices UIs, in Plasma 5 we split it further and introduced the concept of a “shell package” which lets further customization between devices than what Plasma in KDE4 times allowed. Because of that we could do the Plasma Mobile shell without changes to the architecture that runs both the Desktop shell and the mobile version, despite being a completely different UI. Read more