OpenSSH 10.4/10.4p1 已发布
OpenSSH 10.4/10.4p1 Released

原始链接: https://www.openssh.org/txt/release-10.4

OpenSSH 10.4 已于 2026 年 7 月 6 日发布,带来了显著的安全增强、错误修复和新功能。 **安全与稳定性更新:** 此次发布解决了多个漏洞,包括 `sftp` 和 `scp` 中潜在的文件系统遍历风险、`sshd` 内部 SFTP 服务器中的截断问题,以及客户端的释放后使用(use-after-free)漏洞。此外,还修复了与 GSSAPI 身份验证及不当认证延迟相关的拒绝服务攻击向量。 **主要变更:** * **协议加固:** 传输协议变得更加严格;如果对端在密钥重新交换期间发送非 KEX 消息,系统将断开连接。 * **沙盒机制:** 在 Linux 系统上,如果无法启用 seccomp/NO_NEW_PRIVS,`sshd` 将会强制终止。 * **实验性功能:** 增加了对复合后量子签名方案(ML-DSA 44 和 Ed25519)的支持。 * **模式匹配:** 使用了更高效的基于 NFA 的实现替换了原有的通配符匹配器。 * **配置:** `sshd -G` 现在以大小写混合形式输出指令,以提高可读性。 此版本包含了大量的可移植性改进和内部重构,以强化权限分离模型。建议用户在升级前查阅发布说明,了解潜在的配置变更。详细信息和下载镜像请访问 [openssh.com](https://www.openssh.com/)。

```Hacker News 最新 | 过往 | 评论 | 提问 | 展示 | 招聘 | 提交 登录 OpenSSH 10.4/10.4p1 发布 (openssh.org) 10 分,由 throw0101a 发布于 1 小时前 | 隐藏 | 过往 | 收藏 | 3 条评论 | 帮助 Panino 1 小时前 | 下一条 [–] 除了其他更改外,10.4 还增加了后量子密钥(组合式 ML-DSA 44 和 Ed25519),但默认未启用。当 2019 年增加后量子密钥交换时,花了近 3 年时间才默认启用。这并非批评,只是一个观察。我目前对后量子签名没有迫切需求。不过很高兴看到 OpenSSH 发布新版本! 回复 lousken 18 分钟前 | 上一条 | 下一条 [–] hmac-sha1 和 umac-64 仍然默认启用吗? 回复 throw0101a 1 小时前 | 上一条 [–] 发行说明的 HTML 版本:* https://www.openssh.org/releasenotes.html#10.4 回复 准则 | 常见问题 | 列表 | API | 安全 | 法律 | 加入 YC | 联系 搜索: ```
相关文章

原文
OpenSSH 10.4 was released on 2026-07-06. It is available from the mirrors listed at https://www.openssh.com/. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested snapshots or donated to the project. More information on donations may be found at: https://www.openssh.com/donations.html Potentially-incompatible changes -------------------------------- * sshd(8): configuration dump mode ("sshd -G") now writes directives in mixed case (e.g. "PubkeyAuthentication") whereas previously it emitted only lower-case names. * sshd(8): on Linux systems with the seccomp sandbox enabled, failures to enable SECCOMP or NO_NEW_PRIVS are now fatal. Previously sshd(8) would log the error but continue operation, to support systems that lacked these features. Now systems that lack these should instead disable the sandbox at configure time. * ssh(1), sshd(8): make the transport protocol stricter by disconnecting if the peer sends non-KEX messages during a post- authentication key re-exchange. Previously a malicious peer could continue sending non-key exchange messages without penalty. These would be buffered, causing memory to be wasted up until the connection terminated or the server/client hit a memory limit. Implementations that do not restrict messages sent during key exchange as per RFC4253 section 7.1 may be disconnected. Reported by Marko Jevtic. Changes since OpenSSH 10.3 ========================== This release contains a number of security fixes as well as general bugfixes and a couple of new features. Security ======== * sftp(1): when downloading files on the command-line using "sftp host:/path .", a malicious server could cause the file to be downloaded to an unexpected location. This issue was identified by the Swival Security Scanner. * scp(1): when copying files between two remote destinations, do not allow a malicious server to write files to the parent directory of the intended target directory. This issue was identified by the Swival Security Scanner. * sshd(8): when using the "internal-sftp" SFTP server implementation (this is not the default), long command lines were previously truncated silently after the 9th argument. If a security-relevant option was in the 10th or later position, it would be discarded. Reported by Steve Caffrey. * sshd(8): add a documentation note to mention that the GSSAPIStrictAcceptorCheck option is ineffective when the server is joined to a Windows Active Directory. Reported by Yarin Aharoni of Safebreach. * sshd(8): DisableForwarding=yes didn't override PermitTunnel=yes as it was documented to do. Note that PermitTunnel is not enabled by default. Reported independently by Huzaifa Sidhpurwala of Redhat and Marko Jevtic. * sshd(8): avoid a potential pre-authentication denial of service when GSSAPIAuthentication was enabled (this feature is off by default). This was not mitigated by MaxAuthTries, but would be penalised by PerSourcePenalties. This was reported by Manfred Kaiser of the milCERT AT (Austrian Ministry of Defence). * sshd(8): fix a number of cases where the minimum authentication delay was not being enforced. Reported by the Orange Cyberdefense Vulnerability Team. * ssh(1): fix a possible client-side use-after-free if the server changes its host key during a key reexchange. This was reported by Zhenpeng (Leo) Lin of Depthfirst. New features ------------ * All: add experimental support for a composite post-quantum signature scheme that combines ML-DSA 44 and Ed25519 as specified in draft-miller-sshm-mldsa44-ed25519-composite-sigs. This scheme is not enabled by default. To use it, you'll need to add it to HostKeyAlgorithms, PubkeyAcceptedAlgorithms, etc. Keys may be generated using "ssh-keygen -t mldsa44-ed25519". * ssh(1), sshd(8): replace the wildcard pattern matcher with an implementation based on an NFA. This avoids exponential worst-case behaviour for the old implementation. Bugfixes -------- * ssh-agent(1): fix incorrect reply to "query" SSH_AGENTC_EXTENSION requests. bz3967 * sshd(8): avoid sending observably different messages for valid vs invalid users in GSSAPIAuthentication (disabled by default). * ssh(1), sshd(8): fix several bugs that incorrectly classified bulk traffic as interactive. bz3972, bz3958 * ssh-keygen(1), ssh-add(1): skip unsupported key types when downloading resident keys from a FIDO token. Previously, downloads would abort when one was encountered. GHPR657 * ssh(1): fix a potential use-after-free on an error path if cipher_init() fails. * sshd(8): perform stricter encoding and validation of transport state passed between sshd privilege separation subprocesses. This somewhat further hardens the server against attacks on sshd-auth or sshd-session subprocesses. * ssh-agent(1): avoid possible runtime denial of service by enforcing some limits on the length of usernames in key use constraints. * sftp(1): fix two separate one-byte out-of-bounds reads, in SSH2_FXP_REALPATH and batch command processing. * sftp-server(8): disallow use of the copy-data extension to read and write to the same inode simultaneously. * ssh(1), sshd(8): avoid strlen(NULL) crash if an X11 channel was created before the x11-req SSH_MSG_CHANNEL_REQUEST was sent. GHPR679 * sftp(1), scp(1): avoid a situation where sftp_download() could get stuck in a loop if a broken server repeatedly returned zero length while reading a file. * ssh(1): avoid leaking DNS0x20 case-randomised names into names canonicalised using CanonicalizePermittedCNAMEs. bz3966 * sftp-server(8): avoid truncation of pathnames passed to lstat() during SSH_FXP_REALPATH handling on systems where PATH_MAX is not the actual max. GHPR688 * ssh(1), sshd(8): correct arming of poll(2) event masks for some socket-type channels. GHPR660 * sshd(8): major refactor of sshd_config parsing and management code, to allow for more exact serialisation/deserialisation across privilege separation boundaries. * ssh-add(1): open connection to the agent only after getopt() processing has completed, to give options like "-v" a chance to display debug information about this operation. * crypto code: fix bounds checking when signing messages of length greater than will fit in a size_t. In OpenSSH, message sizes are bounded by SSHBUF_SIZE_MAX so this was unreachable. * crypto code: add signature malleability and pubkey validity checks to ed25519 verification. SSH doesn't depend on these properties * crypto code: fix ECDSA order check for curves with cofactor != 1. All supported EC curves have cofactor 1, so this was unreachable. * sshd(8): differentiate between execution failures and a subsystem that was not found when logging why a subsystem failed to start. GHPR637 * All: use safer idioms for timegm(3) and mktime(3) error detection. * ssh(1), sshd(8): avoid accepting invalid cipher or MAC lists in config files or command-line arguments. This could cause runtime failures later. * ssh(1): fix NULL deref crash during pubkey auth when using a PEM style private key with no corresponding .pub key adjacent to it. * sshd(8): don't print an error message when trying to load a host private key when PKCS#11 keys are in use, as these don't need the private half on the filesystem. GHPR664 * All: don't use deprecated ERR_load_crypto_strings(). GHPR650 * ssh(1): properly report errors during configuration default setting. GHPR649 * ssh(1): use correct directive name (Match instead of Host) in error message. bz3968 * sftp(1): fix "ls -ln" which was not correctly showing numeric UID/GIDs but rather user and group names. bz3953 * sshd(8): avoid possible NULL dereference if an allocation fails during config parsing. bz3948 * All: fix ineffective guards against loading overly large public keys in several places. bz3969 and bz3970 * sftp(1): ensure file descriptors used by sftp to communicate to its ssh(1) subprocess don't leak into executed subprocesses (e.g. via "!"). GHPR693 Portability ----------- * Sync fmt_scaled.c with OpenBSD upstream, picking up an exactness fix for large exponents (GHPR671) * sshd(8): remove duplicate sandbox entry for clock_gettime64. * ssh(1), sshd(8): use correct IPTOS_DSCP_VA value if not provided by the system headers. * Sync getrrsetbyname.c with OpenBSD upstream, picking up robustness fixes. * Disable replacements in openbsd-compat for strvisx(3) and stravis(3), as these are unused in OpenSSH * Avoid fortify warnings on Android bz3954 * Fix a number of memory leaks on error paths in the portability code. GHPR681 * Revise the README.privsep documentation to reflect sshd's recent switch to a multi-binary model. Checksums: ========== - SHA1 (openssh-10.4.tar.gz) = 8502b516230865e229d55045bb4ccc67aeae905b - SHA256 (openssh-10.4.tar.gz) = qUVI+wMg4mVpiQbXvfMVkF3Zuyy2JrS+ZjN764mtyGE= - SHA1 (openssh-10.4p1.tar.gz) = ae8650a71cc52dbbd049519cee276ae6d65c2c4d - SHA256 (openssh-10.4p1.tar.gz) = 72Am3SrqjVYFljjV0yYpAsiSzrqfiDlYNeDQbT+2Mjg= Please note that the SHA256 signatures are base64 encoded and not hexadecimal (which is the default for most checksum tools). The PGP key used to sign the releases is available from the mirror sites: https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc Reporting Bugs: =============== - Please read https://www.openssh.com/report.html Security bugs should be reported directly to [email protected]
联系我们 contact @ memedata.com