Linux News Today: OpenSSH 7.3 Officially Released, Now Refuses RSA Keys Smaller than 1024 Bits
On August 1, 2016, the OpenBSD project proudly announced the availability for download of the OpenSSH 7.3 and Portable OpenSSH 7.3p1 open source software projects.
OpenSSH is a 100% complete, freely distributed, and open-source Secure Shell (SSH) 2.0 protocol implementation for GNU/Linux and UNIX-like operating systems. It comes pre-installed with SFTP client and server support, as well as transitional support for the legacy SSH 1.3 and SSH 1.5 protocols, which can be enabled during compilation.
The new release, OpenSSH 7.3, is a massive one, bringing all sorts of improvements to security and portability, fixes for many of the bugs reported by users since the previous release, OpenSSH 7.2, as well as a bunch of new features that would make the project even more usable in various security-related scenarios.
“Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: http://www.openssh.com/donations.html,” reads the announcement.
Here’s what’s new in OpenSSH 7.3
The biggest new features of OpenSSH 7.3 are the implementation of the ProxyJump option and “-J” command-line argument, which promise to simplify indirection via one or more Secure Shell “jump hosts” or bastions, as well as the IdentityAgent option for specifying certain agent sockets instead of receiving one from the environment.
Moreover, the ClearAllForwardings and ExitOnForwardFailure options can now be overridden via the “ssh -W” command, and there’s support for the IUTF8 terminal mode, the Diffie-Hellman 2K, 4K and 8K groups, and the SHA256 and SHA512 RSA signatures in certificates.
Last but not least, UTF-8 characters are now allowed in pre-authentication banners that are sent from the server, and an “Include” directive was added for ssh_config files. Users are being informed that RSA keys smaller than 1024 bits are now automatically refused, as the minimum allowed is 768 bits.
Also, it appears that server-side support for the SSH 1 protocol has been removed from OpenSSH 7.3, and that in about one year or so, the project’s development team will attempt to remove all support for the SSH v.1 protocol. Download OpenSSH 7.3 and Portable OpenSSH 7.3p1 right now via our website.