The 9.0 release of OpenSSH primarily corrects errors such as a memory leak in scp(1) parameter processing and some rare bugs in sshd(8). In addition to these fundamental fixes for the original OpenBSD implementation, the ported variants of sshd(8) have also been improved: the developers have added the practical function to sftp(1) and the sftp-server(8), files via cp (copy-data) to copy server-side.
Protection against attacks with quantum computers
To protect against possible future attacks with quantum computers, the OpenSSH developers are already implementing a key exchange method called Streamlined NTRU Prime. NTRU is an open-source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It consists of two algorithms: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. Unlike other common public-key cryptosystems, it is resistant to attacks using the Shor algorithm.
The OpenSSH team is once again defining itself as a pioneer in IT security. As one of the first free projects in mass use, they are now using a quantum computer-safe crypto process as standard. The early implementation is by no means a sign of paranoia, but makes sense: it is intended to protect against the so-called “capture now, decrypt later” problem – i.e. against the fact that you have to start now to protect long-term relevant data from attacks with quantum computers.
Encrypting user data using a symmetrical method such as AES with 256 or almost any number of bits is not the real problem in attacks by quantum computers. It’s “only” about cracking the exchange of the random key pair generated for this purpose, which has so far been done with a conventional Diffie-Hellman key exchange based on elliptic curves (X25519 ECDH).
This method is considered to be susceptible to quantum cryptographic attacks, even if the current (known) performance – i.e. the number of quibits – of the first quantum computer is far from sufficient for this. There are many estimates of how many qubits are needed to crack asymmetric encryption in a timely manner, probably in the range of several thousand qubits. Where is the current research? Google last year showed off its Sycamore processor with 54 qubits.
The OpenSSH developers, as part of the OpenBSD community, are aware that new implementations may contain bugs. Instead of just using a new algorithm, the OpenSSH developers are combining NTRU with the X25519 ECD, which has been the standard up to now. This is supposed to form a kind of safety net, because the old protection still applies even in the case of unknown security gaps or the secret backdoors of the secret services.
SFTP instead of scp/rcp
In OpenSSH 8.9/8.9p1, which was released almost two months ago, it was already announced that the implementation of scp(1) would no longer use the outdated and sometimes cumbersome scp/rcp protocol, but would use SFTP. In particular, the handling of wildcards and relative paths caused headaches for many an admin due to the necessary bracketing with quotation marks. Everything should be easier with SFTP instead of scp/rcp, but users have to adapt existing scripts. If you can’t or don’t want to do that, you still have the parameter as a last resort -O. It tells scp(1) to use “legacy scp/rcp”.
Two teams always work on OpenSSH: The actual development is tailored to OpenBSD, therefore follows its principles and produces code that is as simple and secure as possible. The second team then adds the code needed to adapt it to GNU/Linux, Windows, macOS and other systems. This variant can always be recognized by the appendix p like portable to the version number. The current OpenSSH 9.0 code can from the project page be downloaded. OpenBSD 7.1, due out in May, will of course include the native implementation of OpenSSH 9.0.
(fo)
