OpenBSD Journal

OpenSSH updated to 8.9

Contributed by grey on from the Security near misses only count with holy hand grenades? dept.

On February 23rd, 2022 OpenSSH was updated to version 8.9.

The complete release notes may be found here:

https://www.openssh.com/txt/release-8.9

For users not running OpenBSD, OpenSSH 8.9p1 portable was also released.

Of particular interest from the release notes is a mitigation for a "Security Near Miss" as well as MD5-hashed passphrases finally being deprecated from the portable release [editor's note: it's about time!].

(Comments are closed)


Comments
  1. By grey (grey) on

    For what it's worth, for people who are stuck on macOS and don't use Homebrew (which some have alleged contains Alphabet Inc./Google spyware by default), I submitted a PR to MacPorts for the portable version of OpenSSH 8.9p1, and that commit was just merged here:

    https://github.com/macports/macports-ports/pull/14167

    Given that I also worked with jkh while I consulted for iXSystems some years ago, and given that jkh is founder of FreeBSD as well as DarwinPorts (now known as MacPorts) and was previously "Director of Engineering of Unix Technologies" at Apple, it seems, to me at least, as if MacPorts has better provenance when it comes to BSD aligned mindsets than Homebrew?

    Regardless, that is all personal opinion! For OpenBSD users, they need not worry about even resorting to a ports collection to get the latest and greatest OpenSSH!

    Comments
    1. By grey (grey) on

      As an update, that PR was merged.

      However, it seems to have ruffled some feathers, e.g.
      https://github.com/macports/macports-ports/pull/14193#issuecomment-1062215737 and
      https://trac.macports.org/ticket/64748#comment:4.

      Admittedly, I rather bristle at GitHub and the bike-shedding nature of the commentators, so maybe my responses were inappropriate?

      It's not as if I have commit access anyway, so if the merge gets removed, that is also out of my control.

      As usual, at least I made an effort to drag other projects closer to -current and leave behind their bad habits.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]