OpenSSH 10.2 released
The new version of OpenSSH, 10.2, is now available.
You can now download OpenSSH version 10.2 from its official mirrors. This release is a big step forward in the development of this well-known SSH protocol implementation.
OpenSSH is a full-featured solution that includes a fully working SSH protocol 2.0 implementation and strong support for both SFTP clients and servers. It has continued to be successful because its community has always supported it, especially people who have given it useful code or patches, reported bugs, tested snapshots, or made large donations to the project.
A warning has been issued regarding the upcoming deprecation of SHA1 SSHFP records due to known flaws in the SHA1 hash function. Beginning with the next release, these records will no longer be supported and will be ignored. Also, by default, ssh-keygen -r will now only make SHA256 SSHFP records.
OpenSSH version 6.1 (released in 2012) added support for SHA256 because it is strong and has no known weaknesses.
The main purpose of OpenSSH 10.2 is to fix bugs, especially one that made ssh(1) unusable when ControlPersist was turned on. It also fixes several other bugs and makes it easier to use on different platforms.
Some important fixes are
- A correction for the mishandling of terminal connections by ssh(1) when ControlPersist is active.
- Fixing issues related to download operations from PKCS#11 tokens in ssh-keygen(1).
- Resolving problems with CA signing operations in ssh-keygen(1), particularly when the CA key is held within an ssh-agent(1).
For people who need to know more about checksums, please refer to the following:
SHA1 (openssh-10.2.tar.gz) = 6fcda8004bad0fb0eaee60e8308f91b605ad0dce
SHA256 (openssh-10.2.tar.gz) = y0rCEdrVc4OJRZLg0u3F0frAgz87ydeTktCk3rQfVj8=
Please be aware that the SHA256 signatures are base64 encoded, not hexadecimal, which is what most checksum tools do by default.
You can obtain the PGP key used to sign releases on the official OpenBSD mirror sites.
