Bug 49611

Summary:	Consider to update openssh version
Product:	Branch p10	Reporter:	Constantin <constacalm>
Component:	openssh-server	Assignee:	Gleb F-Malinovskiy <glebfm>
Status:	NEW ---	QA Contact:	qa-p10 <qa-p10>
Severity:	normal
Priority:	P5	CC:	amakeenk, constacalm, max.gordeef
Version:	не указана
Hardware:	x86_64
OS:	Linux

Description Constantin 2024-03-05 12:41:16 MSK

Now in p10 platform openssh version is only OpenSSH_7.9p1, which is more than 5 years old (release date 19.10.2018). It seems to be already out of main support lifecycle. The second problem is this OpenSSH_7.9p1 version can not support FIDO authentication protocol. And users can't store their (i.e. ssh residential) keys on any security tokens (such as RutokenMFA, Yubikey, Google Titan, etc). The support of this FIDO residential keys starts after ssh via OpenSSH_8.2p1 and later bulds (after 8.3 main support functionality has been added). In this case oenssh in p10 platform can be vulnerable to a Snake SSH attacks (i.e. https://github.com/gdarko/ssh-snake).

Consider to update openssh version if it is possible.