en Copyright 2025 Java http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#8e28d84935f2f0ee081d44f9803f3052b960e50b OpenSSH: Update to 10.0p2Full release notes are available athttps://www.openssh.com/txt/release-10.0Selected highlights from the release notes:Potentially-incompatible changes- This release removes support for the weak DSA signature algorithm. [This change was previously merged to FreeBSD main.]- This release has the version number 10.0 and announces itself as "SSH-2.0-OpenSSH_10.0". Software that naively matches versions using patterns like "OpenSSH_1*" may be confused by this.- sshd(8): this release removes the code responsible for the user authentication phase of the protocol from the per-connection sshd-session binary to a new sshd-auth binary.Security- sshd(8): fix the DisableForwarding directive, which was failing to disable X11 forwarding and agent forwarding as documented. [This change was previously merged to FreeBSD main.]New features- ssh(1): the hybrid post-quantum algorithm mlkem768x25519-sha256 is now used by default for key agreement.Sponsored by: The FreeBSD FoundationDifferential Revision: https://reviews.freebsd.org/D51630 List of files: /src/crypto/openssh/ChangeLog Tue, 26 Aug 2025 19:04:16 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#0ae642c7dd0c2cfd965a22bf73876cd26cceadd2 openssh: Update to 9.9p2This release exists primarily to fix two security bugs. The fixes havebeen independently imported into FreeBSD. This import serves to updatethe ssh and sshd version number.A few minor bug fixes are also included; see the upstream release notesfor full details of the 9.9p2 release(https://www.openssh.com/releasenotes.html).Sponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Wed, 19 Feb 2025 19:33:38 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#3d9fd9fcb432750f3716b28f6ccb0104cd9d351a openssh: Update to 9.9p1Highlights from the release notes are reproduced below. Bug fixes andimprovements that were previously merged into FreeBSD have been elided.See the upstream release notes for full details of the 9.9p1 release(https://www.openssh.com/releasenotes.html).---Future deprecation notice=========================OpenSSH plans to remove support for the DSA signature algorithm inearly 2025.Potentially-incompatible changes-------------------------------- * ssh(1): remove support for pre-authentication compression. * ssh(1), sshd(8): processing of the arguments to the "Match" configuration directive now follows more shell-like rules for quoted strings, including allowing nested quotes and \-escaped characters.New features------------ * ssh(1), sshd(8): add support for a new hybrid post-quantum key exchange based on the FIPS 203 Module-Lattice Key Enapsulation mechanism (ML-KEM) combined with X25519 ECDH as described by https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03 This algorithm "mlkem768x25519-sha256" is available by default. * ssh(1), sshd(8), ssh-agent(1): prevent private keys from being included in core dump files for most of their lifespans. This is in addition to pre-existing controls in ssh-agent(1) and sshd(8) that prevented coredumps. This feature is supported on OpenBSD, Linux and FreeBSD. * All: convert key handling to use the libcrypto EVP_PKEY API, with the exception of DSA.Bugfixes-------- * sshd(8): do not apply authorized_keys options when signature verification fails. Prevents more restrictive key options being incorrectly applied to subsequent keys in authorized_keys. bz3733 * ssh-keygen(1): include pathname in some of ssh-keygen's passphrase prompts. Helps the user know what's going on when ssh-keygen is invoked via other tools. Requested in GHPR503 * ssh(1), ssh-add(1): make parsing user@host consistently look for the last '@' in the string rather than the first. This makes it possible to more consistently use usernames that contain '@' characters. * ssh(1), sshd(8): be more strict in parsing key type names. Only allow short names (e.g "rsa") in user-interface code and require full SSH protocol names (e.g. "ssh-rsa") everywhere else. bz3725 * ssh-keygen(1): clarify that ed25519 is the default key type generated and clarify that rsa-sha2-512 is the default signature scheme when RSA is in use. GHPR505---Reviewed by: jlduran (build infrastructure)Reviewed by: cy (build infrastructure)Sponsored by: The FreeBSD FoundationDifferential Revision: https://reviews.freebsd.org/D48947 List of files: /src/crypto/openssh/ChangeLog Wed, 19 Feb 2025 19:08:59 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#0fdf8fae8b569bf9fff3b5171e669dcd7cf9c79e openssh: Update to 9.8p1Highlights from the release notes are reproduced below. Some securityand bug fixes were previously merged into FreeBSD and have been elided.See the upstream release notes for full details(https://www.openssh.com/releasenotes.html).---Future deprecation notice=========================OpenSSH plans to remove support for the DSA signature algorithm inearly 2025.Potentially-incompatible changes-------------------------------- * sshd(8): the server will now block client addresses that repeatedly fail authentication, repeatedly connect without ever completing authentication or that crash the server. See the discussion of PerSourcePenalties below for more information. Operators of servers that accept connections from many users, or servers that accept connections from addresses behind NAT or proxies may need to consider these settings. * sshd(8): the server has been split into a listener binary, sshd(8), and a per-session binary "sshd-session". This allows for a much smaller listener binary, as it no longer needs to support the SSH protocol. As part of this work, support for disabling privilege separation (which previously required code changes to disable) and disabling re-execution of sshd(8) has been removed. Further separation of sshd-session into additional, minimal binaries is planned for the future. * sshd(8): several log messages have changed. In particular, some log messages will be tagged with as originating from a process named "sshd-session" rather than "sshd". * ssh-keyscan(1): this tool previously emitted comment lines containing the hostname and SSH protocol banner to standard error. This release now emits them to standard output, but adds a new "-q" flag to silence them altogether. * sshd(8): (portable OpenSSH only) sshd will no longer use argv[0] as the PAM service name. A new "PAMServiceName" sshd_config(5) directive allows selecting the service name at runtime. This defaults to "sshd". bz2101New features------------ * sshd(8): sshd(8) will now penalise client addresses that, for various reasons, do not successfully complete authentication. This feature is controlled by a new sshd_config(5) PerSourcePenalties option and is on by default. * ssh(8): allow the HostkeyAlgorithms directive to disable the implicit fallback from certificate host key to plain host keys.Portability----------- * sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules unconditionally. The previous behaviour was to expose it only when particular authentication methods were in use. * ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY environment variable to enable SSH_ASKPASS, similarly to the X11 DISPLAY environment variable. GHPR479---Sponsored by: The FreeBSD FoundationDifferential Revision: https://reviews.freebsd.org/D48914 List of files: /src/crypto/openssh/ChangeLog Wed, 19 Feb 2025 17:20:44 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#a91a246563dffa876a52f53a98de4af9fa364c52 ssh: Update to OpenSSH 9.7p1This release contains mostly bugfixes.It also makes support for the DSA signature algorithm a compile-timeoption, with plans to disable it upstream later this year and removesupport entirely in 2025.Full release notes at https://www.openssh.com/txt/release-9.7Relnotes: YesSponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Mon, 18 Mar 2024 14:00:57 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#069ac18495ad8fde2748bc94b0f80a50250bb01d ssh: Update to OpenSSH 9.6p1From the release notes,> This release contains a number of security fixes, some small features> and bugfixes.The most significant change in 9.6p1 is a set of fixes for a newly-discovered weakness in the SSH transport protocol. The fix was alreadymerged into FreeBSD and released as FreeBSD-SA-23:19.openssh.Full release notes at https://www.openssh.com/txt/release-9.6Relnotes: YesSponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Fri, 05 Jan 2024 03:16:30 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#edf8578117e8844e02c0121147f45e4609b30680 ssh: Update to OpenSSH 9.5p1Excerpts from the release notes:Potentially incompatible changes-------------------------------- * ssh-keygen(1): generate Ed25519 keys by default. [NOTE: This change was already merged into FreeBSD.] * sshd(8): the Subsystem directive now accurately preserves quoting of subsystem commands and arguments.New features------------ * ssh(1): add keystroke timing obfuscation to the client. * ssh(1), sshd(8): Introduce a transport-level ping facility. * sshd(8): allow override of Sybsystem directives in sshd Match blocks.Full release notes at https://www.openssh.com/txt/release-9.5Relnotes: YesSponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Mon, 09 Oct 2023 17:28:17 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#535af610a4fdace6d50960c0ad9be0597eea7a1b ssh: Update to OpenSSH 9.4p1Excerpts from the release notes: * ssh-agent(1): PKCS#11 modules must now be specified by their full paths. Previously dlopen(3) could search for them in system library directories. * ssh(1): allow forwarding Unix Domain sockets via ssh -W. * ssh(1): add support for configuration tags to ssh(1). This adds a ssh_config(5) "Tag" directive and corresponding "Match tag" predicate that may be used to select blocks of configuration similar to the pf.conf(5) keywords of the same name. * ssh(1): add a "match localnetwork" predicate. This allows matching on the addresses of available network interfaces and may be used to vary the effective client configuration based on network location. * ssh-agent(1): improve isolation between loaded PKCS#11 modules by running separate ssh-pkcs11-helpers for each loaded provider. * ssh-agent(1), ssh(1): improve defences against invalid PKCS#11 modules being loaded by checking that the requested module contains the required symbol before loading it. * ssh(1): don't incorrectly disable hostname canonicalization when CanonicalizeHostname=yes and ProxyJump was expicitly set to "none". bz3567Full release notes at https://www.openssh.com/txt/release-9.4Relnotes: YesSponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Fri, 11 Aug 2023 03:10:18 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#66fd12cf4896eb08ad8e7a2627537f84ead84dd3 ssh: Update to OpenSSH 9.3p2From the release notes:Changes since OpenSSH 9.3=========================This release fixes a security bug.Security========Fix CVE-2023-38408 - a condition where specific libaries loaded viassh-agent(1)'s PKCS#11 support could be abused to achieve remotecode execution via a forwarded agent socket if the followingconditions are met:* Exploitation requires the presence of specific libraries on the victim system.* Remote exploitation requires that the agent was forwarded to an attacker-controlled system.Exploitation can also be prevented by starting ssh-agent(1) with anempty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuringan allowlist that contains only specific provider libraries.This vulnerability was discovered and demonstrated to be exploitableby the Qualys Security Advisory team.In addition to removing the main precondition for exploitation,this release removes the ability for remote ssh-agent(1) clientsto load PKCS#11 modules by default (see below).Potentially-incompatible changes-------------------------------- * ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules issued by remote clients by default. A flag has been added to restore the previous behaviour "-Oallow-remote-pkcs11". Note that ssh-agent(8) depends on the SSH client to identify requests that are remote. The OpenSSH >=8.9 ssh(1) client does this, but forwarding access to an agent socket using other tools may circumvent this restriction.CVE: CVE-2023-38408Sponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Wed, 19 Jul 2023 17:02:33 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#4d3fc8b0570b29fb0d6ee9525f104d52176ff0d4 ssh: Update to OpenSSH 9.3p1This release fixes a number of security bugs and has minor newfeatures and bug fixes. Security fixes, from the release notes(https://www.openssh.com/txt/release-9.3):This release contains fixes for a security problem and a memorysafety problem. The memory safety problem is not believed to beexploitable, but we report most network-reachable memory faults assecurity bugs. * ssh-add(1): when adding smartcard keys to ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...) added in OpenSSH 8.9, a logic error prevented the constraints from being communicated to the agent. This resulted in the keys being added without constraints. The common cases of non-smartcard keys and keys without destination constraints are unaffected. This problem was reported by Luci Stanescu. * ssh(1): Portable OpenSSH provides an implementation of the getrrsetbyname(3) function if the standard library does not provide it, for use by the VerifyHostKeyDNS feature. A specifically crafted DNS response could cause this function to perform an out-of-bounds read of adjacent stack data, but this condition does not appear to be exploitable beyond denial-of- service to the ssh(1) client. The getrrsetbyname(3) replacement is only included if the system's standard library lacks this function and portable OpenSSH was not compiled with the ldns library (--with-ldns). getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to fetch SSHFP records. This problem was found by the Coverity static analyzer.Sponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Thu, 16 Mar 2023 14:29:55 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#f374ba41f55c1a127303d92d830dd58eef2f5243 ssh: update to OpenSSH 9.2p1Release notes are available at https://www.openssh.com/txt/release-9.2OpenSSH 9.2 contains fixes for two security problems and a memory safetyproblem. The memory safety problem is not believed to be exploitable.These fixes have already been committed to OpenSSH 9.1 in FreeBSD.Some other notable items from the release notes: * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that controls whether the client-side ~C escape sequence that provides a command-line is available. Among other things, the ~C command-line could be used to add additional port-forwards at runtime. * sshd(8): add support for channel inactivity timeouts via a new sshd_config(5) ChannelTimeout directive. This allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. * sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for a length of time. This complements the ChannelTimeout option above. * sshd(8): add a -V (version) option to sshd like the ssh client has. * scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol parameters: the copy buffer length and the number of in-flight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) only. This makes them available in both SFTP protocol clients using the same option character sequence. * ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 * ssh(1): support dynamic remote port forwarding in escape command-line's -R processing. bz#3499MFC after: 1 weekSponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Mon, 06 Feb 2023 21:54:56 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#38a52bd3b5cac3da6f7f6eef3dd050e6aa08ebb3 ssh: update to OpenSSH 9.1p1Release notes are available at https://www.openssh.com/txt/release-9.19.1 contains fixes for three minor memory safety problems; these havelready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD basesystem.Some highlights copied from the release notes:Potentially-incompatible changes-------------------------------- * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are now first-match-wins to match other directives. Previously if an environment variable was multiply specified the last set value would have been used. bz3438 * ssh-keygen(8): ssh-keygen -A (generate all default host key types) will no longer generate DSA keys, as these are insecure and have not been used by default for some years.New features------------ * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA key length. Keys below this length will be ignored for user authentication and for host authentication in sshd(8). * sftp-server(8): add a "users-groups-by-id@openssh.com" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. * sftp(1): use "users-groups-by-id@openssh.com" sftp-server extension (when available) to fill in user/group names for directory listings. * sftp-server(8): support the "home-directory" extension request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing "expand-path@openssh.com", but some other clients support it. * ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. bz3468 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3" * ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent; bz3429MFC after: 2 weeksRelnotes: YesSponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Wed, 19 Oct 2022 14:27:11 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#87c1498d1a7473ff983e5c0456f30608f3f1e601 ssh: update to OpenSSH v9.0p1Release notes are available at https://www.openssh.com/txt/release-9.0Some highlights: * ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key exchange method by default ("sntrup761x25519-sha512@openssh.com"). The NTRU algorithm is believed to resist attacks enabled by future quantum computers and is paired with the X25519 ECDH key exchange (the previous default) as a backstop against any weaknesses in NTRU Prime that may be discovered in the future. The combination ensures that the hybrid exchange offers at least as good security as the status quo. * sftp-server(8): support the "copy-data" extension to allow server- side copying of files/data, following the design in draft-ietf-secsh-filexfer-extensions-00. bz2948 * sftp(1): add a "cp" command to allow the sftp client to perform server-side file copies.This commit excludes the scp(1) change to use the SFTP protocol bydefault; that change will immediately follow.MFC after: 1 monthRelnotes: YesSponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Fri, 15 Apr 2022 14:41:08 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#1323ec571215a77ddd21294f0871979d5ad6b992 ssh: update to OpenSSH v8.9p1Release notes are available at https://www.openssh.com/txt/release-8.9Some highlights: * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for restricting forwarding and use of keys added to ssh-agent(1) * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default KEXAlgorithms list (after the ECDH methods but before the prime-group DH ones). The next release of OpenSSH is likely to make this key exchange the default method. * sshd(8), portable OpenSSH only: this release removes in-built support for MD5-hashed passwords. If you require these on your system then we recommend linking against libxcrypt or similar.Future deprecation notice=========================A near-future release of OpenSSH will switch scp(1) from using thelegacy scp/rcp protocol to using SFTP by default.Legacy scp/rcp performs wildcard expansion of remote filenames (e.g."scp host:* .") through the remote shell. This has the side effect ofrequiring double quoting of shell meta-characters in file namesincluded on scp(1) command-lines, otherwise they could be interpretedas shell commands on the remote side.MFC after: 1 monthRelnotes: YesSponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Wed, 13 Apr 2022 20:00:56 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#e9e8876a4d6afc1ad5315faaa191b25121a813d7 ssh: update to OpenSSH v8.8p1OpenSSH v8.8p1 was motivated primarily by a security update anddeprecation of RSA/SHA1 signatures. It also has a few minor bug fixes.The security update was already applied to FreeBSD as an independentchange, and the RSA/SHA1 deprecation is excluded from this commit butwill immediately follow.MFC after: 1 monthRelnotes: YesSponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Sun, 19 Dec 2021 16:02:02 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#19261079b74319502c6ffa1249920079f0f69a72 openssh: update to OpenSSH v8.7p1Some notable changes, from upstream's release notes:- sshd(8): Remove support for obsolete "host/port" syntax.- ssh(1): When prompting whether to record a new host key, accept the key fingerprint as a synonym for "yes".- ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm.- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa" (RSA/SHA1) algorithm from those accepted for certificate signatures.- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F support to provide address-space isolation for token middleware libraries (including the internal one).- ssh(1): this release enables UpdateHostkeys by default subject to some conservative preconditions.- scp(1): this release changes the behaviour of remote to remote copies (e.g. "scp host-a:/path host-b:") to transfer through the local host by default.- scp(1): experimental support for transfers using the SFTP protocol as a replacement for the venerable SCP/RCP protocol that it has traditionally used.Additional integration work is needed to support FIDO/U2F in the basesystem.Deprecation Notice------------------OpenSSH will disable the ssh-rsa signature scheme by default in thenext release.Reviewed by: impMFC after: 1 monthRelnotes: YesSponsored by: The FreeBSD FoundationDifferential Revision: https://reviews.freebsd.org/D29985 List of files: /src/crypto/openssh/ChangeLog Wed, 08 Sep 2021 01:05:51 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#ef1c128c05a64dc96083697fdbf6f045262f7844 Merge ^/head r357921 through r357930. List of files: /src/crypto/openssh/ChangeLog Fri, 14 Feb 2020 19:33:48 +0000 Dimitry Andric <dim@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#2f513db72b034fd5ef7f080b11be5c711c15186a Upgrade to OpenSSH 7.9p1.MFC after: 2 monthsSponsored by: The FreeBSD Foundation List of files: /src/crypto/openssh/ChangeLog Fri, 14 Feb 2020 19:06:59 +0000 Ed Maste <emaste@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#3af64f03119a159ac15eb75b92d346705b490385 Merge ^/head r338392 through r338594. List of files: /src/crypto/openssh/ChangeLog Tue, 11 Sep 2018 18:41:00 +0000 Dimitry Andric <dim@FreeBSD.org> http://opengrok.net:8080/history/src/crypto/openssh/ChangeLog#190cef3d52236565eb22e18b33e9e865ec634aa3 Upgrade to OpenSSH 7.8p1.Approved by: re (kib@) List of files: /src/crypto/openssh/ChangeLog Mon, 10 Sep 2018 16:20:12 +0000 Dag-Erling Smørgrav <des@FreeBSD.org>