Linux News Today: OpenSSH 7.2 Out Now with Support for RSA Signatures Using SHA-256/512 Algorithms
Today, February 29, 2016, the OpenBSD project had the great pleasure of announcing the release and immediate availability for download of OpenSSH 7.2 for all supported platforms.
According to the internal release notes, also attached at the end of the article for reference, OpenSSH 7.2 is primarily a bugfix release, fixing most of the issues reported by users or discovered by the development team since the release of OpenSSH 7.1p2, but we can see several new features as well.
Among these, we can mention support for RSA signatures using SHA-256 or SHA-256 512 hash algorithms, the addition of an AddKeysToAgent client option to add private keys used for authentication to the ssh-agent, and the implementation of the “restrict” authorized_keys option for storing key restrictions.
Furthermore, there’s now an ssh_config CertificateFile option for explicitly listing certificates, the ssh-keygen is now capable of changing the key comment for all supported formats, fingerprinting is now allowed from standard input and for multiple public keys in a file.
ssh-keygen now supports multiple certificates
In addition to the changes mentioned above, OpenSSH 7.2 adds support for multiple certificates to ssh-keygen, one per line, implements the “none” argument for sshd_config ChrootDirectory and Foreground, and the “-c” flag allows ssh-keyscan to fetch certificates instead of plain keys.
Last but not least, OpenSSH 7.2 no longer enables by default all flavors of the rijndael-cbc aliases for AES, blowfish-cbc, and cast128-cbc legacy ciphers, as well as MD5-based and truncated HMAC algorithms. The getrandom() syscall is now supported under Linux. Download OpenSSH 7.2 and check the changelog below for some additional details about exactly what has been fixed in this major release.