OpenSSH 7.0 released

OpenSSH has launched version 7.0 of the software, aimed at combating weak and unsafe cryptography.

Specifically, support for SSH version 1 is now disabled by default at compile time, 1,024-bit diffie-hellman-group1-sha1 key exchange is disabled by default at run-time, and the legacy v00 certificate format has been removed.

There have also been changes to the way OpenSSH treats the setting which allows logins without a password.

The default for the PermitRootLogin option has changed from “yes” to “prohibit-password”.

Setting PermitRootLogin to without-password or prohibit-password now bans all interactive authentication methods, allowing only public-key, host-based, and Generic Security Services Application Program Interface authentication.

Previously, it allowed users to type in a password in addition to the password-less authentication options.

There is also a plan to retire more legacy cryptography in the next release:

• All RSA keys smaller than 1,024 bits will be refused (the current minimum is 768 bits).
• Several ciphers will be disabled by default: blowfish-cbc, cast128-cbc, all arcfour variants and the rijndael-cbc aliases for AES.
• MD5-based HMAC algorithms will be disabled by default.

OpenSSH is an SSH protocol 2.0 implementation and includes SFTP client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time.

More security news

Windows PCs infected through big USB security flaw

Cognition Holdings responds to security concerns

Security flaw exposes faxes of some FaxEmail clients

Super cellphone spying machine in SA used to rig government tenders

Massive Android vulnerability means hackers can take over your phone

Don't miss the latest news

• Add MyBroadband as a preferred source in Google Search
• Follow MyBroadband on Google News