OpenSSH for Mac

Future deprecation warning

• A future release of OpenSSH will deprecate support for SHA1 SSHFP records due to weaknesses in the SHA1 hash function. SHA1 SSHFP DNS records will be ignored and ssh-keygen -r will generate only SHA256 SSHFP records.
• The SHA256 hash algorithm, which has no known weaknesses, has been supported for SSHFP records since OpenSSH 6.1, released in 2012.

Potentially-incompatible changes

• ssh(1): add a warning when the connection negotiates a non-post quantum key agreement algorithm.
• ssh(1), sshd(8): major changes to handling of DSCP marking/IPQoS
• ssh(1), sshd(8): deprecate support for IPv4 type-of-service (ToS) keywords in the IPQoS configuration directive.
• ssh-add(1): when adding certificates to an agent, set the expiry to the certificate expiry time plus a short (5 min) grace period.
• All: remove experimental support for XMSS keys. This was never enabled by default. We expect to implement a new post-quantum signature scheme in the near future.
• ssh-agent(1), sshd(8): move agent listener sockets from /tmp to under ~/.ssh/agent for both ssh-agent(1) and forwarded sockets in sshd(8).

Security

• ssh(1): disallow control characters in usernames passed via the commandline or expanded using %-sequences from the configuration file, and disallow \0 characters in ssh:// URIs.

New features

• ssh(1), sshd(8): add SIGINFO handlers to log active channel and session information.
• sshd(8): when refusing a certificate for user authentication, log enough information to identify the certificate in addition to the reason why it was being denied. Makes debugging certificate authorisation problems a bit easier.
• ssh(1), ssh-agent(1): support ed25519 keys hosted on PKCS#11 tokens.
• ssh(1): add an ssh_config(5) RefuseConnection option that, when encountered while processing an active section in a configuration, terminates ssh(1) with an error message that contains the argument to the option.
• sshd(8): make the X11 display number check relative to X11DisplayOffset. This will allow people to use X11DisplayOffset to configure much higher port ranges if they really want, while not changing the default behaviour.
• Unit tests: the unit test framework now includes some basic benchmarking capabilities. Run with "make UNITTEST_BENCHMARK=yes" on OpenBSD or "make unit-bench" on Portable OpenSSH.

Bugfixes

• sshd(8): fix mistracking of MaxStartups process exits in some situations. At worst, this could cause all MaxStartups slots to fill and sshd to refuse new connections.
• ssh(1): fix delay on X client startup when ObscureKeystrokeTiming is enabled.
• sshd(8): increase the maximum size of the supported configuration from 256KB to 4MB, which ought to be enough for anybody. Fail early and visibly when this limit is breached.
• sftp(1): during sftp uploads, avoid a condition where a failed write could be ignored if a subsequent write succeeded. This is unlikely but technically possible because sftp servers are allowed to reorder requests.
• sshd(8): avoid a race condition when the sshd-auth process exits that could cause a spurious error message to be logged.
• sshd(8): log at level INFO when PerSourcePenalties actually blocks access to a source address range. Previously this was logged at level VERBOSE, which hid enforcement actions under default config settings.
• sshd(8): GssStrictAcceptor was missing from sshd -T output; fix
• sshd(8): Make the MaxStartups and PerSourceNetBlockSize options first-match-wins as advertised.
• ssh(1): fix an incorrect return value check in the local forward cancellation path that would cause failed cancellations not to be logged.
• sshd(8): make "Match !final" not trigger a second parsing pass of ssh_config (unless hostname canonicalisation or a separate "Match final" does).
• ssh(1): better debug diagnostics when loading keys. Will now list key fingerprint and algorithm (not just algorithm number) as well as making it explicit which keys didn't load.
• All: fix a number of memory leaks found by LeakSanitizer, Coverity and manual inspection.
• sshd(8): Output the current name for PermitRootLogin's "prohibit-password" in sshd -T instead of its deprecated alias "without-password".
• ssh(1): make writing known_hosts lines more atomic by writing the entire line in one operation and using unbuffered stdio.

Portability

• sshd(8): check the username didn't change during the PAM transactions.
• sshd(8): don't log audit messages with UNKNOWN hostname to avoid slow DNS lookups in the audit subsystem.
• All: when making a copy of struct passwd, ensure struct fields are non-NULL. Android libc can return NULL pw_gecos, for example.
• All: Remove status bits from OpenSSL >=3 version check.
• sshd(8), ssh(1): Use SSH_TUN_COMPAT_AF on FreeBSD. Otherwise tun forwarding from other OSes fails as soon as the first IPv6 message is sent by the other side.
• ssh(1), ssh-agent(8): check for nlist function presence before attempting to use it instead of relying on the presence of the nlist.h header. Mac OS X, for example, has the header but not the function in the 64bit libraries.
• All: fill in missing system header files.
• sshd(8): handle futex_time64 properly in seccomp sandbox
• Add contrib/gnome-ssh-askpass4 for GNOME 40+ using the GCR API.
• sshd(8): let ga_init() fail gracefully if getgrouplist does.
• ssh-agent(1): exit 0 from SIGTERM under systemd socket-activation, preventing a graceful shutdown of an agent via systemd from incorrectly marking the service as "failed".
• Build: wrap some autoconf macros in AC_CACHE_CHECK.