Hello Linux Geeksters. As you may know, OpenSSH is an open-source Secure Shell (SSH), which allows the users to connect to different hosts remotely.
OpenSSH is used for executing commands remote and transfer files between systems. Also, the authentication can be done with passwords and public/private keys. The latest version available is OpenSSH 6.8, which has been recently released, coming with the below new features, among others:
- Much of OpenSSH’s internal code has been re-factored to be more library-like. These changes are mostly not user-visible, but have greatly improved OpenSSH’s testability and internal layout.
- Add FingerprintHash option to ssh(1) and sshd(8), and equivalent command-line flags to the other tools to control algorithm used for key fingerprints. The default changes from MD5 to SHA256 and format from hex to base64.
- Fingerprints now have the hash algorithm prepended. An example of the new format: Please note that visual host keys will also be different.
- ssh(1), sshd(8): Experimental host key rotation support. Add a protocol extension for a server to inform a client of all its available host keys after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default off).
- ssh(1): Add a ssh_config HostbasedKeyType option to control which host public key types are tried during host-based authentication.
- ssh(1), sshd(8): fix connection-killing host key mismatch errors when sshd offers multiple ECDSA keys of different lengths.
- ssh(1): when host name canonicalisation is enabled, try to parse host names as addresses before looking them up for canonicalisation. fixes and avoiding needless DNS lookups in some cases.
- ssh-keygen(1), sshd(8): Key Revocation Lists (KRLs) no longer require OpenSSH to be compiled with OpenSSL support.
- ssh(1), ssh-keysign(8): Make ed25519 keys work for host based authentication.
- sshd(8): SSH protocol v.1 workaround for the Meyer, et al, Bleichenbacher Side Channel Attack. Fake up a bignum key before RSA decryption.
- sshd(8): Remember which public keys have been used for authentication and refuse to accept previously-used keys. This allows AuthenticationMethods=publickey,publickey to require that users authenticate using two _different_ public keys.
- sshd(8): add sshd_config HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options to allow sshd to control what public key types will be accepted. Currently defaults to all.
- sshd(8): Don’t count partial authentication success as a failure against MaxAuthTries.
- ssh(1): Add RevokedHostKeys option for the client to allow text-file or KRL-based revocation of host keys.
- ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates by serial number or key ID without scoping to a particular CA.
- ssh(1): Add a “Match canonical” criteria that allows ssh_config Match blocks to trigger only in the second config pass.
- ssh(1): Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to “sshd -T”.
- ssh(1): Allow Match criteria to be negated. E.g. “Match !host”.
- The regression test suite has been extended to cover more OpenSSH features. The unit tests have been expanded and now cover key exchange.
In this article I will show you how to install OpenSSH 6.8 on Arch Linux, Manjaro, Antergos and other Arch Linux based systems.
Because it is available via AUR, installing OpenSSH 6.8 on Arch Linux and derivative systems is easy. All you have to do is:
$ sudo pacman -Sy yaourt
$ sudo yaourt openssh-git