Package "openssh"

Name: openssh


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • secure shell (SSH) client, for secure access to remote machines
  • secure shell (SSH) server, for secure access from remote machines
  • secure shell (SSH) sftp server module, for SFTP access from remote machines
  • secure shell client and server (metapackage)

Latest version: 1:7.2p2-4ubuntu2.8
Release: xenial (16.04)
Level: updates
Repository: main


Save this URL for the latest version of "openssh": https://www.ubuntuupdates.org/openssh

Other versions of "openssh" in Xenial

Repository Area Version
base main 1:7.2p2-4
base universe 1:7.2p2-4
security main 1:7.2p2-4ubuntu2.8
security universe 1:7.2p2-4ubuntu2.8
updates universe 1:7.2p2-4ubuntu2.8

Packages in group

Deleted packages are displayed in grey.


Version: 1:7.2p2-4ubuntu2.2 2017-05-10 17:06:30 UTC

  openssh (1:7.2p2-4ubuntu2.2) xenial; urgency=medium

  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
    already-hashed entries (LP: #1668093).
  * Fix ssh-keyscan to correctly hash hosts with a port number (LP: #1670745).

 -- Christian Ehrhardt <email address hidden> Wed, 15 Mar 2017 13:16:56 +0100

Source diff to previous version
1668093 ssh-keygen -H corrupts already hashed entries
1670745 ssh-keyscan : bad host signature when using port option

Version: 1:7.2p2-4ubuntu2.1 2016-08-15 19:07:19 UTC

  openssh (1:7.2p2-4ubuntu2.1) xenial-security; urgency=medium

  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

 -- Marc Deslauriers <email address hidden> Thu, 11 Aug 2016 08:38:27 -0400

Source diff to previous version
CVE-2016-6210 User enumeration via covert timing channel
CVE-2016-6515 The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows r

Version: 1:7.2p2-4ubuntu1 2016-05-09 10:06:43 UTC

  openssh (1:7.2p2-4ubuntu1) xenial; urgency=medium

  * Backport upstream patch to unbreak authentication using lone certificate
    keys in ssh-agent: when attempting pubkey auth with a certificate, if no
    separate private key is found among the keys then try with the
    certificate key itself (thanks, Paul Querna; LP: #1575961).

 -- Colin Watson <email address hidden> Thu, 28 Apr 2016 01:57:51 +0100

1575961 OpenSSH Client Certificate Auth Regression

About   -   Send Feedback to @ubuntu_updates