This release introduced Daniel Bernstein's Curve25519 ECDH algorithm which is supposed to be NSA-backdoor-free ;) Furthermore chacha20-poly1305@openssh.com transport cipher was introduced as well as a bunch of other new features (see URL). Of course like with most new openssh releases this one breaks latest known hpn patch again so I took the opportunity to forward-port the patch [1]. Please test that patch thoroughly. I only made sure the patch compiles and doesn't break ssh(d) and scp. Oh and my patch is based on the 6.3p1-hpnssh14v2 version from our gentoo mirrors (not the original hpn patch). [1] http://dev.gentoo.org/~polynomial-c/openssh-6.5p1-hpnssh14v2.diff.bz2
(In reply to Lars Wendler (Polynomial-C) from comment #0) > Of course like with most new openssh releases this one breaks latest known > hpn patch again so I took the opportunity to forward-port the patch [1]. > Please test that patch thoroughly. I only made sure the patch compiles and > doesn't break ssh(d) and scp. Oh and my patch is based on the > 6.3p1-hpnssh14v2 version from our gentoo mirrors (not the original hpn > patch). > > [1] http://dev.gentoo.org/~polynomial-c/openssh-6.5p1-hpnssh14v2.diff.bz2 We should probably address the alignment issues with the multithreaded aes-ctr cipher (bugs #498632 and #499552) with this bump if we can.
When dropping the -ldap use flag, openssh 6.5 compiles fine (with the patch above). On a side-note: Note that I played a bit around, and by default, the new DJB EC curve 25519 only seems to be used by default for the key exchange. For host keys, ECDSA is still preferred and for actual encryption, AES 128. Guess they didn't want to break everyone or suddenly sacrifice performance. One can play around with the defaults in the ssh_config: Ciphers aes256-gcm@openssh.com,aes256-ctr,chacha20-poly1305@openssh.com,aes192-ctr,aes128-gcm@openssh.com,aes128-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-512,hmac-sha1,hmac-md5,umac-64@openssh.com,hmac-ripemd160 KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ssh-dss-cert-v00@openssh.com,ssh-dss (I still preferred aes over the new ChaCha thing, because AES is still commonly believed to be fine). This switches over the defaults to much stronger algorithms, like SHA-256 for authentication, AES-256 for encryption, GCM for the cipher stream and ED25519 for the host key. The latter will make ssh connections complain about changed host keys if you connect to a server which is already known! (because the now preferred ED25519 key differs from the cached ECDSA key) (so... just FYI :)
should be all set now in the tree; thanks for the report! Commit message: Version bump http://sources.gentoo.org/net-misc/openssh/files/openssh-6.5_p1-x509-glue.patch?rev=1.1 http://sources.gentoo.org/net-misc/openssh/files/openssh-6.5_p1-x509-hpn14v4-glue-p2.patch?rev=1.1 http://sources.gentoo.org/net-misc/openssh/openssh-6.5_p1.ebuild?rev=1.1
