v0.38.0

Breaking changes

• d97cfcc: #158 - removed unsafe key exchanges from default algorithm list when the openssl feature is disabled
• ae95df8: #171 - removed unsafe none HMAC from the default algorithm list
• 6606e28: #141 - renamed Config::connection_timeout to Config::inactivity_timeout to better reflect its purpose
• eb6fee2: support RFC8731 name of curve25519-sha256 kex (Jan Christian Grünhage) #158
• CURVE25519 is now curve25519-sha256 instead of [email protected]
• [email protected] is still available as CURVE25519_PRE_RFC_8731
• 531fe30: Error::UnsupportedKeyType now holds a String (Lucas Kent) #161

Changes

• 359fa3c: fixed #100 - allow overriding Handler methods without losing Channel functionality
• 87245b5: Support ssh clients without RFC 8308 extension negotation mechanism (Mateusz Kondej) #153
• 576c691: Trait method to add conditions for SSH agent server when accepting requests for operations (Saksham Mittal) #166
• 84264b3: Use negotiated kex instead of prefered (Raphael Druon) #174
• 973dee5: only send enabled key algos in server-sig-algs
• 5d82dcb: Update dependencies (Lucas Kent) #169
• 8c8b064: removed EXTENSION_SUPPORT_AS_x from explicit kex list
• 43edc32: fixed #172 - update ed25519-dalek #173

v0.37.1

Security fixes

CVE-2023-28113 [45d2d82]

A malicious client/server could negotiate insecure Diffie-Hellman key exchange parameters in way that leads to an insecure shared secret and breaks confidentiality of the connection traffic.

v0.37.0

Breaking changes

• 2ce4334: removed the Session::id method
• bd4113d: unsafe Diffie-Hellman key exchange algorithms are now disabled by default - you can reenable them in your Config struct.

Changes

• 6748879: Keyboard-interactive auth support as client (Joshua Benz) #147
• 56c8ff6: initial client support for UNIX socket forwarding (direct-streamlocal) (mllken)

Fixes

• 424e88e: fix #143: handle CHANNEL_OPEN_FAILURE on server side (Swelio) #144

v0.36.2

Security fixes

CVE-2023-28113 [d831a37]

A malicious client/server could negotiate insecure Diffie-Hellman key exchange parameters in way that leads to an insecure shared secret and breaks confidentiality of the connection traffic.

v0.36.1

Minor changes

• 59bae17: #112 - parse and handle [email protected] requests

Fixes

• 3611ab1: [russh-keys v0.24.1] don't panic when passphrase is not supplied to openssh private key (Mariotaku) #115
• f35fbff: fix channel close issue (z0017k9m) #118

v0.36.0

Major changes

• Migrated to async-trait - you'll need to simplify & clean up your Handler impelementations to use #[async_trait] and async methods (see new examples in the docs).
• Server-side Channel objects - Handler::channel_open_* methods now take a Channel<> instead of ChannelId.

Fixes

• fixed #111 - closed channel sender leak in client
• fixed #114 - ignore sig hash algo in PartialEq for PublicKey
• client: correctly return error for channel open failures
• fixed missing CHANNEL_CLOSE messages
• Use client generated channel id when creating server initiated channel

Changes

• Added Key::with_signature_hash
• fixed #86 - support for dynamic port assignment in tcpip_forward
• server: added OpenSSH server-sig-algs protocol extension support
• reworked ChannelStream API
• fixed #111 - added Channel::close