OpenSSH is a set of applications that allow encrypted communications over a network, using the SSH protocol.
Announced the launch of the new version of OpenSSH 9.7, version in which stands outr start with the implementation of changes to anticipate future obsolescence of keys based on DSA, as well as the implementation of some new features, bug fixes and more.
For those who do not know about OpenSSH, you should know thatThis is a free and open source implementation of the SSH protocol (Secure Shell) that provides both client and server functionality for secure communications over a network. The SSH protocol is primarily used to remotely access systems and to securely transfer files between systems, especially in network environments where security is a primary concern.
What's new in OpenSSH 9.7?
One of the main features of this new version of OpenSSH 9.7 and as mentioned at the beginning, is the advance to the future deprecation plan of the DSA signature algorithm and although OpenSSH 9.7 retains default build with DSA support For now, it provides an option to disable DSA at compile time.
It is important to note that, by default, The use of DSA keys was discontinued in 2015, but the code to support DSA was kept by default and allowed DSA activation through configuration. In the next version, scheduled for June, build mode will change to disable DSA by defaulta, and OpenSSH plans to remove support for DSA in early 2025
This decision is due to The DSA algorithm was necessary for the implementation in the SSHv2 protocol due to patent restrictions at the time of its creation and approval. However, As time has passed, the patents associated with RSA have expired, and algorithms such as ECDSA, which offers better performance and security than DSA, and EdDSA, which is even more secure and faster than ECDSA, have been introduced. These technological advances have led to the decision to anticipate the deprecation of DSA in OpenSSH.
In addition to the DSA related changes, OpenSSH 9.7 introduces several improvements and additional features and one of these improvements is the introduction of a new type of timeout in ssh and sshd, that It is activated by specifying the value "global" in the ChannelTimeout directive. This type of timeout monitors all open channels and will close all open channels if there is no traffic on any of them during the specified interval. This feature is useful in situations where you have multiple channels open, such as sessions and forwarding, and you want to close them if they remain inactive for an extended period.
On the other hand, OpenSSH 9.7 It also includes several bug fixes to improve stability and performance. These fixes cover areas such as configuration analysis, signal handling, and improving interoperability testing against other SSH implementations.
Of the other changes What stands out from this new version of OpenSSH 9.7
- OpenSSH includes a significant improvement in compatibility testing with the PuTTY project.
- In terms of portability, improvements have been made to broken toolchain detection and the error message has been improved in certain situations, contributing to a smoother and more efficient user experience.
Finally if you are interested in knowing more about it about this new version, you can check the details by going to the following link.
How to install OpenSSH 9.7 on Linux?
For those who are interested in being able to install this new version of OpenSSH on their systems, for now they can do it downloading the source code of this and performing the compilation on their computers.
This is because the new version has not yet been included in the repositories of the main Linux distributions. To get the source code, you can do from the following link.
Done the download, now we are going to unzip the package with the following command:
tar -xvf openssh-9.7.tar.gz
We enter the created directory:
cd openssh-9.7
Y we can compile with the following commands:
./configure --prefix=/opt --sysconfdir=/etc/ssh make make install