After six months of development OpenSSH 8.1 release has been unveiled, which is a set of applications that allow encrypted communications over a network, using the SSH protocol, as an open source client and server implementation to work on SSH 2.0 and SFTP.
This new version of OpenSSH 8.1 comes with some improvements, But one of the highlights is the fix for the vulnerability affecting ssh, sshd, ssh-add and ssh-keygen. The problem is present in the private key parsing code with type XMSS and allows the attacker to initiate an overflow. The vulnerability is marked as exploitable, but not applicable, as XMSS key support refers to experimental features that are disabled by default (in the portable version, autoconf doesn't even provide an option to enable XMSS).
Main new features of OpenSSH 8.1
In this new version of OpenSSH 8.1 se has added a code to ssh, sshd and ssh-agent that prevents the recovery of the private key located in RAM as a result of attacks on third-party channels such as Spectre, meltdown, RowHammer and RAMBleed.
Private keys are now encrypted when loaded into memory and decrypted only on the spot of use, the rest of the remaining time is encrypted. With this approach, to successfully recover the private key, the attacker must first restore the randomly generated 16K intermediate key to encrypt the primary key, which is unlikely with the recovery error rate that is typical of modern attacks.
Another major change that stands out is ssh-keygen which was added as experimental support for a simplified scheme for creating and verifying digital signatures. Digital signatures can be created using ordinary SSH keys stored on disk or in ssh-agent and verified by a list of valid keys similar to authorized keys.
The namespace information is embedded in the digital signature to avoid confusion when applied to multiple fields (for example, for email and files).
Ssh-keygen is enabled by default to use the rsa-sha2-512 algorithm when verifying certificates with a digital signature based on the RSA key (when working in CA mode).
These certificates are incompatible with versions prior to OpenSSH 7.2 (To ensure compatibility, override the algorithm type, for example by calling "ssh-keygen -t ssh-rsa -s ...").
In ssh, the ProxyCommand expression supports spanning expansion "% n" (the host name specified in the address bar).
In the lists of encryption algorithms for ssh and sshd, the "^" symbol totime can be used to insert the default algorithms. Ssh-keygen provides the output of a comment attached to a key when a public key is retrieved from a private one.
Ssh-keygen adds the ability to use the -v flag when performing key lookup operations (for example, ssh-keygen -vF host), the indication of which leads to the display of a clear host signature.
Finally another outstanding novelty is the addition of the ability to use PKCS8 as an alternate format for storing private keys On the disk. By default, the PEM format continues to be used, and PKCS8 can be useful for compatibility with third-party applications.
How to install OpenSSH 8.1 on Linux?
For those who are interested in being able to install this new version of OpenSSH on their systems, for now they can do it downloading the source code of this and performing the compilation on their computers.
This is because the new version has not yet been included in the repositories of the main Linux distributions. To get the OpenSSH 8.1 source code, we just have to open a terminal and in it we are going to type the following command:
wget https://cloudflare.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-8.1p1.tar.gz
Done the download, now we are going to unzip the package with the following command:
tar -xvf openssh-8.1p1.tar.gz
We enter the created directory:
cd openssh-8.1p1.tar.gz
Y we can compile with the following commands:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install