Releases: Eugeny/russh
Releases · Eugeny/russh
v0.39.0
Breaking changes
- The behaviour or
server::Handler::auth_publickey
method has been changed.- Previously, this method was called before the public key's signature was verified and if you didn't pay attention to the documentation, your application might interpret this call as a successful public key authentication. In reality, it's only meant to decide whether to accept the public key offer from the client or not.
- Now, the method is called after the signature is verified and the return value is used to decide whether to accept the authentication or not.
- The old method has been renamed to
auth_publickey_offer
and will accept all offers by default. - If you have not relied on the incorrect interpretation of
auth_publickey
method, no action is needed. - If you explicitly want to control whether public key offers are accepted or not, additionally implement
auth_publickey_offer
. - N.B.: In OpenSSH, the difference in user experience between rejecting a public key offer and rejecting a public key authentication is whether the key passphrase prompt has been shown.
v0.38.0
Breaking changes
- d97cfcc: #158 - removed unsafe key exchanges from default algorithm list when the
openssl
feature is disabled - ae95df8: #171 - removed unsafe
none
HMAC from the default algorithm list - 6606e28: #141 - renamed
Config::connection_timeout
toConfig::inactivity_timeout
to better reflect its purpose - eb6fee2: support RFC8731 name of curve25519-sha256 kex (Jan Christian Grünhage) #158
CURVE25519
is nowcurve25519-sha256
instead ofcurve25519-sha256@libssh.org
curve25519-sha256@libssh.org
is still available asCURVE25519_PRE_RFC_8731
- 531fe30:
Error::UnsupportedKeyType
now holds a String (Lucas Kent) #161
Changes
- 359fa3c: fixed #100 - allow overriding Handler methods without losing Channel functionality
- 87245b5: Support ssh clients without RFC 8308 extension negotation mechanism (Mateusz Kondej) #153
- 576c691: Trait method to add conditions for SSH agent server when accepting requests for operations (Saksham Mittal) #166
- 84264b3: Use negotiated kex instead of prefered (Raphael Druon) #174
- 973dee5: only send enabled key algos in server-sig-algs
- 5d82dcb: Update dependencies (Lucas Kent) #169
- 8c8b064: removed EXTENSION_SUPPORT_AS_x from explicit kex list
- 43edc32: fixed #172 - update ed25519-dalek #173
v0.37.1
Security fixes
CVE-2023-28113 [45d2d82]
A malicious client/server could negotiate insecure Diffie-Hellman key exchange parameters in way that leads to an insecure shared secret and breaks confidentiality of the connection traffic.
v0.37.0
Breaking changes
- 2ce4334: removed the
Session::id
method - bd4113d: unsafe Diffie-Hellman key exchange algorithms are now disabled by default - you can reenable them in your
Config
struct.
Changes
- 6748879: Keyboard-interactive auth support as client (Joshua Benz) #147
- 56c8ff6: initial client support for UNIX socket forwarding (
direct-streamlocal
) (mllken)
Fixes
v0.36.2
Security fixes
CVE-2023-28113 [d831a37]
A malicious client/server could negotiate insecure Diffie-Hellman key exchange parameters in way that leads to an insecure shared secret and breaks confidentiality of the connection traffic.
v0.36.1
v0.36.0
Major changes
- Migrated to
async-trait
- you'll need to simplify & clean up yourHandler
impelementations to use#[async_trait]
and async methods (see new examples in the docs). - Server-side
Channel
objects -Handler::channel_open_*
methods now take aChannel<>
instead ofChannelId
.
Fixes
- fixed #111 - closed channel sender leak in client
- fixed #114 - ignore sig hash algo in PartialEq for PublicKey
- client: correctly return error for channel open failures
- fixed missing CHANNEL_CLOSE messages
- Use client generated channel id when creating server initiated channel