OpenSSH 5.2 Secured and Tuned
Even though the OpenSSH project emphasizes that the focus of 5.2 is bug fixes to the 5.1 version, 5.2 does contain some notable enhancements.
Security-wise the new OpenSSH version replaces cipher block chaining (CBC) mode as the default cipher order with the Advanced Encryption Standard (AES) Counter (CTR) mode to remove the susceptibility to "Plaintext Recovery Attack Against SSH." The software also adds other countermeasures to these attacks, as reported in CPNI Vulnerability Advisory SSH 957037. Last November it became clear that many versions of OpenSSH exposed up to 32 bits of plaintext ciphertext to attackers when the default CBC mode was in use. The solution in 5.2 was to read the maximum supported packet length instead of terminating the connection, thereby eliminating the leaks that allowed the plaintext recovery attacks.
Compared to OpenSSH 5.1, the updated version provides further command line options and minor functional enhancements. For example, the ssh -y option redirects logging to syslog and dynamic port forwarding was improved. The release changelog includes the list of fixed bugs.
OpenSSH emanates from the OpenBSD project, where a separate team focuses on OpenSSH's portability to different systems. The mirrors with the portable versions also include diffs against the OpenBSD source.
Issue 210/2018
Buy this issue as a PDF
News
-
Red Hat Enterprise Linux 7.5 Released
The latest release is focused on hybrid cloud.
-
Microsoft Releases a Linux-Based OS
The company is building a new IoT environment powered by Linux.
-
Solomon Hykes Leaves Docker
In a surprise move, Solomon Hykes, the creator of Docker has left the company.
-
Red Hat Celebrates 25th Anniversary with a New Code Portal
The company announces a GitHub page with links to source code for all its projects
-
Gnome 3.28 Released
The latest GNOME rolls out with better contact management and new features for handling virtual machines.
-
Install Firefox in a Snap on Linux
Mozilla has picked the Snap package system to deliver its application to Linux users.
-
OpenStack Queens Released
The new release comes with new features for mission critical workloads.
-
Kali Linux Comes to Windows
The Kali Linux developers even managed to run full blown XFCE desktop via WSL.
-
Ubuntu to Start Collecting Some Data with Ubuntu 18.04
It will be an ‘opt-out’ feature.
-
CNCF Illuminates Serverless Vision
The Cloud Native Computing Foundation announces a paper describing their model for a serverless ecosystem.