Bug 49611 - Consider to update openssh version
Summary: Consider to update openssh version
Status: NEW
Alias: None
Product: Branch p10
Classification: Unclassified
Component: openssh-server (show other bugs)
Version: не указана
Hardware: x86_64 Linux
: P5 normal
Assignee: Gleb F-Malinovskiy
QA Contact: qa-p10@altlinux.org
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-03-05 12:41 MSK by Constantin
Modified: 2024-04-09 14:03 MSK (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Constantin 2024-03-05 12:41:16 MSK 
Now in p10 platform openssh version is only OpenSSH_7.9p1, which is more than 5 years old (release date 19.10.2018). It seems to be already out of main support lifecycle. The second problem is this OpenSSH_7.9p1 version can not support FIDO authentication protocol. And users can't store their (i.e. ssh residential) keys on any security tokens (such as RutokenMFA, Yubikey, Google Titan, etc). The support of this FIDO residential keys starts after ssh via OpenSSH_8.2p1 and later bulds (after 8.3 main support functionality has been added). In this case oenssh in p10 platform can be vulnerable to a Snake SSH attacks (i.e. https://github.com/gdarko/ssh-snake).

Consider to update openssh version if it is possible.