Release Notes for Tectia Server 6.6.0 ------------------------------------- 6 June 2022 Copyright (C) 2022 SSH Communications Security Corporation. This software is protected by international copyright laws. All Rights Reserved. Table of Contents 1. About This Release 2. Important Changes 3. New Features 4. Bug Fixes 5. Known Issues 6. Further Information 1. About This Release ----------------------- The 6.6 release of Tectia Server is declared Feature Release, and it is supported for 3 years from the release date of 6.6.0. The latest support end dates for Tectia Client/Server are available at: https://www.ssh.com/products/support/end-of-support This release is based on Tectia Server 6.5.2. Items addressed in this release are listed under the "6.6.0" section. The 6.6.0 release is available for Linux, AIX and Windows on x86-64 platforms. Special items for this release are: - Tectia Quantum Safe Edition with multiple PQC hybrid key exchange algorithms - Improvements to certificate validation We recommend uninstalling any SSH Secure Shell and SSH Tectia 4.x products, and on Windows also SSH Tectia 6.0.x or older, before installing SSH Tectia 6.6 products. For the installation instructions, refer to the Tectia Server Administrator Manual. 2. Important Changes ---------------------- Important changes in 6.6.0 -------------------------- (TECT-193) Tectia Quantum Safe Edition license file enables Post Quantum Cryptography (PQC) algorithms SABER, CHRYSTALS/Kyber, FrodoKEM and Streamlined NTRU Prime that are used in a Hybrid Key Exchange together with a classical ECDH algorithm. Both the PQC and ECDH algorithm contribute to the key material resulting in a session key that is at least as hard to break as the strongest composite. The hybrid approach mitigates the risk of future attacks on recorded secure shell sessions if weaknesses are discovered in either algorithm. Note that the client-side, Tectia Client version 6.6 and above or OpenSSH version 9.0 or above, needs to also support and prefer at least one of the PQC hybrid KEX algorithms or connections will use classical KEX algorithms by default. Note when upgrading from 6.5.1 with changed configurations or from 6.4.x, the Post Quantum Cryptography (PQC) algorithms require Tectia Quantum Safe Edition license and are not enabled unless explicitly configured. For configuration instructions how to enforce PQC hybrid KEX, please see the Tectia Server example ssh-server-config-example.xml in the configuration directory. Important changes in 6.5.1 -------------------------- (TECT-458) Disabled SHA1 algorithms from server defaults in lieu of previous deprecation warning. These algorithms can still be manually enabled for legacy reasons. It is important to understand that SHA-1 algorithms are deprecated due to security issues and should not be enabled without a critical legacy dependency for them. Enabling SHA-1 algorithms is not recommended by us. * ssh-rsa (RSA/SHA1) is no longer included in public-key signature algorithms nor host key algorithms default values. We recommended using SHA2 variants (e.g. rsa-sha2-256, ssh-rsa-sha256@ssh.com) for existing RSA keys. * ssh-dss (DSA/SHA1) is no longer included in public-key signature algorithms nor host key algorithms. We recommend using SHA2 variants (e.g. ssh-dss-sha256@ssh.com) for existing DSA keys and creating additional RSA, ED25519, or ECDSA key(s) for better interoperability with third-party clients/servers. * diffie-hellman-group-exchange-sha1 (DH-GEX-SHA1) and diffie-hellman-group14-sha1 are no longer included in key exchange default values. We recommend using SHA2 variants (e.g. diffie-hellman-group-exchange-sha256 and diffie-hellman-group14-sha256). SHA2 variants @ssh.com algoritms have been supported in Tectia Client/Server since version 6.2.0 released in 2011. Standardized SHA2 variants since version 6.4.18. HMAC SHA1 algorithms still remain in server defaults. Although NIST has formally deprecated use of SHA-1 for digital signatures, SHA-1 is still considered secure for HMAC as the security of HMAC does not rely on the underlying hash function being resistant to collisions. CBC mode ciphers are no longer included in server defaults. Although there are no known vulnerabilities for current versions, there are better counter modes available such as GCM. CBC mode ciphers can still be manually enabled in the server configuration. This change was made to alleviate false positives from security scanners. Our recommendation is to use CTR mode and GCM mode over CBC mode whenever possible and use CBC mode only when it is not possible to use the other two counter modes with ciphers. 3. New Features ----------------- The following new features have been implemented in Tectia Server: New Features in 6.6.0 --------------------- (TECT-193) - Added support for Post Quantum Cryptography (PQC) hybrid key exchange algorithms. Following PQC hybrid KEX algorithms are supported and enabled by default when Tectia Quantum Safe Edition license is installed: * ecdh-nistp521-firesaber-sha512@ssh.com * ecdh-nistp521-kyber1024-sha512@ssh.com * curve25519-frodokem1344-sha512@ssh.com * sntrup761x25519-sha512@openssh.com (TECT-571) - Added support for IBM AIX 7.3 (TECT-574) - Tectia Server control utility can now be used to troubleshoot running Tectia Server. The 'ssh-server-ctl debug --help' command lists options that can be used to enable debug mode for the ssh-server-g3, servants and/or user SFTP server processes. Note that 'ssh-server-ctl debug clear' should always be used after reproducing the problem. On Unix, it is needed even after stopping the service to clear the debug settings from any retired server processes. SELinux enabled Linux: 'ssh-server-ctl debug ' is recommended method instead of starting the ssh-server-g3 process directly that results in wrong SELinux context, misleading failures and potential issues later when Tectia Server is started normally by systemd. New Features in 6.5.1 --------------------- (TECT-325) - Zero Trust certificate-based user authentication with short-lived X.509v3 or OpenSSH certificates. Delegate access control to PrivX for Just-In-Time (JIT) access management. PrivX version 22 and above is supported. (TECT-462) - Windows Server 2022 and SUSE Linux Enterprise Server 15 (x86-64) added as supported installation platforms. (TECT-484) - Linux: Installation creates and modifies /etc/pam.d/ssh-server-g3 Pluggable Authentication Modules (PAM) configuration and preserves original file to /etc/pam.d/ssh-server-g3.orig. PAM is now required for successful password authentication on RHEL. (TECT-313) - Added support for x509-certificate-chain for user and host certificates and standardized X.509v3 signature algorithms defined in RFC6187. Following signature-algorithms and hostkey-algorithm are supported: * x509v3-rsa2048-sha256 * x509v3-ecdsa-sha2-nistp256 * x509v3-ecdsa-sha2-nistp384 * x509v3-ecdsa-sha2-nistp521 * x509v3-ssh-dss (DSA/SHA1 not enabled by default on server-side) * x509v3-ssh-rsa (RSA/SHA1 not enabled by default on server-side) (TECT-147) - Added support for OpenSSH user and host certificates. Following signature-algorithms and hostkey-algorithm are supported: * ecdsa-sha2-nistp256-cert-v01@openssh.com * ecdsa-sha2-nistp384-cert-v01@openssh.com * ecdsa-sha2-nistp521-cert-v01@openssh.com * ssh-ed25519-cert-v01@openssh.com * rsa-sha2-256-cert-v01@openssh.com * rsa-sha2-512-cert-v01@openssh.com * ssh-rsa-cert-v01@openssh.com (RSA/SHA1 not enabled by default) * ssh-dss-cert-v01@openssh.com (DSA/SHA1 not enabled by default) (TECT-492) - Added curve25519-sha256@libssh.org to client and server key exchange defaults for better interoperability with 3rd party implementations that do not support standardized curve25519-sha256. (TECT-335) - Tectia Server Configuration GUI supports extended-key-usage certificate selector, for example secureShellClient (oid 1.3.6.1.5.5.7.3.21). (TECT-61) - Critical Microsoft custom policy OID 1.3.6.1.4.1.311.21.10 is now accepted if it contains only extended key usage oids that are present in the actual extended key usage extension in the X.509v3 certificate being validated. (TECT-359) - Tectia Server Configuration GUI can be used to configure OCSP trusted mode (RFC5019, RFC6960) responder issuing CA certificate. (TECT-367) - Added new configuration option xauth-shell attribute that can be used specify the shell used to run xauth binary instead of the user shell in X11 forwarding. (TECT-426) - Tectia Server Logging improvements Certificate_validation_success and Certificate_validation_failure log also Subject name, Email and UPN Subject Alternative Names for X.509v3 certificates and Key ID and principals for OpenSSH certificates. 4. Bug Fixes -------------- The following fixes have been implemented in Tectia Server: Bug Fixes in 6.6.0 ------------------ (TECT-564) - Fixed an issue with OCSP certificate validation that may have resulted in Certificate_validation_failure with error time-interval-was-invalid even if valid CRL was available when check against OCSP responder failed. (TECT-526) - Certificate validator cache-size configuration parameter was increased to 300MB. Bug Fixes in 6.5.2 ------------------ (TECT-536) - SELinux enabled Linux: Fixed an issue with upgrading from 6.4.x version to 6.5.1. In 6.5.1 Upgrade would fail, if /tmp/ssh-server-g3 was not manually removed. Bug Fixes in 6.5.1 ------------------ (TECT-108) - Linux: Tectia Server ssh-server-ctl now uses systemd on RHEL 7, 8, SUSE 12 and SUSE 15 for stopping and starting the service. Recommended commands 'systemctl [start|stop|restart|status] ssh-server-g3' For configuration update 'ssh-server-ctl reload' that validates the ssh-server-config.xml configuration is recommended. (TECT-347) - Windows Server: Using relative paths to access virtual folders no longer fail if home directory is configured as virtual root. (TECT-199) - Linux: Tectia Server is now confined to sshd SELinux context on RHEL. (TECT-174) - Tectia Server Configuration GUI now allows only service rule command configurations that the server supports. If forced command is set, no other commands can be added to the group. If a group contains multiple allowed commands, forced commands can not be added or edited to the group. (TECT-423) - Tectia Server now checks file permissions of CA certificates configured as trust anchors for user certificate authentication. (TECT-433) - Tectia Server Configuration GUI no longer overwrites public key signature-algorithms in ssh-server-config.xml with default values. (TECT-127) - OpenSSL generated passphrase protected PKCS#8 key no longer fails to be decoded. (TECT-310) - Tectia Server Configuration GUI now supports name-regexp attribute for example in authentication selector instead of overwriting manually configured selectors like . (TECT-401) - Customized tunnel (port forwarding) restrictions are now enforced correctly. * In tunnel-remote 'listen' will match only when listener is being opened. The 'src' is not matched when listener is opened but only when tunnel is opened. * New tunnel-remote 'disable-privilege-check' attribute defaults to 'no'. If not set, tunnel listener open will always perform privilege check, forbidding listener open for ports under 1024 unless user is privileged admin/root user. * New Tunnel endpoint 'tunnel-src' and 'tunnel-dst' added for tunnel-local and tunnel-remote, conversely. These match the ssh client end IP address as seen by the server based on the tcp connection. The 'src' in tunnel-local, that matches the connection source as reported by the client, has not been changed. (TECT-333) - Tectia Server Configuration GUI no longer crashes if host certificate has critical extension BasicConstraints CA = FALSE. (TECT-353) - Tectia Server user login with certificate no longer fails if user-group attribute is defined in the same selector with certificate selectors. (TECT-361) - Tectia Server Logging Channel_outbound_statistics and Channel_inbound_statistics no longer log username as uninitialized. (TECT-382) - Windows: ssh-shell in Tectia Server no longer ignores input bytes with highest bit set. Multibyte characters are now shown correctly when logged in with sshg3. 5. Known Issues ----------------- The following issues are currently known to exist in Tectia SSH Server: (FB #41772) - Linux, RHEL6: ssh-servant-g3 processes can show large virtual memory allocation, in excess of one GB per process. This is due to thread arena allocation in libc 2.10 and later, included in RHEL 6.0, not because of memory leaks. (FB #39681) - Solaris: With exec-directly="no", csh on Solaris closes auditing file descriptors for sft-server-g3, effectively disabling logging with sftp. The recommended solution here is to use exec-directly="yes". (FB #41617) - Windows: Upgrade only recognizes versions 6.1 onwards. (FB #36835) - All platforms: Remote translation tables only work when the site command X=BIN is used. Local translation tables work as intended. (FB #22991) - AIX: Upgrading from version 6.2.x or 6.3.x will not restart the server automatically after installing the upgrade packages. Upgrading from versions 6.1.x (or earlier), and versions 6.4.2 (or later) will work normally and restart the server after upgrade. (FB #19541) - Unix/Linux: When logged to the SSH Tectia Server, an executable will fail to start if any parent of the current working directory is not readable and relative paths are used to refer to the executable. (FB #13818) - All Platforms: The usage of IPv6 addresses in certificates is not yet supported. (FB #14973) - Linux: SSH Tectia Server must be stopped before upgrading from 6.2.0 as the newer ssh-server-ctl will not be able to stop the 6.2.0 server. Upgrades from any other version than 6.2.0 do not experience this issue. (FB #9145) - Windows: When installing Tectia Server on a platform that has more than 30 CPUs running Windows 2003 SP2, make sure that you have the proper Microsoft patches installed to not hit a Microsoft bug which will make your host unusable. For more information, see: http://support.microsoft.com/kb/2539164 (FB #10425) - Unix: if OpenSSL 0.9.8 is installed on the host where Tectia Server is installed, it may fail when using PAM with software that uses that OpenSSL library. Workaround if FIPS is not used: Rename the libcrypto.so.0.9.8 existent under /opt/tectia/sshlib to another name (note that this will make FIPS mode unusable). (FB #9367) - Windows: If the installation fails with error message "An error occurred during the installation of assembly component {B708EB72-AA82-3EB7-8BB0- D845BAB35C93D}. HRESULT: 0x80070BC9" use Windows Update to install required operating system updates. (FB #9106) - AIX: Executables are now compiled in 64 bit. For PAM to work, the operating system should point to the 64-bit versions of PAM libraries instead of the 32-bit versions. (FB #9530) - All platforms: Extra checks are done when starting the Tectia Server and Connection Broker in the FIPS mode due to the OpenSSL FIPS cryptographic library health check. This will lead to a noticeable delay in the start of the process on slow machines. (FB #8826) - Windows: Users authenticated with a public key cannot access Network DFS shares that are in a different box than where the Tectia server is running. Workaround: Use password cache. (FB #4699) - AIX: Due to IBM's bug IZ02631, a servant may deadlock under heavy stress. IBM has a fix for AIX 5.3 and AIX 6.1. (FB #4705) - Linux SE: If the common package is installed with SElinux disabled, the following warning message will be given during the installation: /usr/bin/chcon: can't apply partial context to unlabeled file /opt/tectia/lib/shlib/libicudata.so.40 /usr/bin/chcon: can't apply partial context to unlabeled file /opt/tectia/lib/shlib/libicuuc.so.40 This can be safely ignored. However, if the SElinux enforcing is enabled after the installation, the following command needs to be executed: /usr/bin/chcon -t textrel_shlib_t /opt/tectia/lib/shlib/*.so (RQ #19164) - Linux RedHat 3: The pam_krb5 module supplied with Red Hat Linux 3 will not work with Tectia Server when configured with pam-calls-with-commands=yes as pam_krb5 requires pam_authenticate() to be called before pam_setcred(). (RQ #19080) - AIX: Authentication may fail for LDAP accounts when verifying login permissions. This is caused by an error in AIX system libraries when trying to retrieve password expiration information for an LDAP user and is addressed by IBM APAR IZ46727 (registration required): http://www-01.ibm.com/support/docview.wss?uid=isg1IZ46727 (RQ #18437) - Windows: Tectia Server doesn't support other than ISO Latin 1 character sets in folder names for storing troubleshooting logs. (RQ #18307) - All platforms: The file transfer with WinSCP 3.6 might fail when the file transfer is resumed. (RQ #18211) - All platforms: If the server configuration has one or more selectors in the block listing specific ciphers, and the client does not match the selector, it is still allowed the default ciphers. This is because there is no implicit deny-rule in the block (the behavior is different from the block). (RQ #18084) - Unix: All installed Tectia products must be upgraded to 6.0.2 at the same time. If some packages are left to 6.0.1 or older version, they will stop working when the 6.0.2 common package is installed. (RQ #17626) - Windows: On Windows, Tectia Server does not support GW mode for connecting to other Secure Shell servers. (RQ #17604) - All platforms: Files larger then 4GB cannot be transferred to or from Tectia Server when using the old OpenSSH 'scp' command. Workaround: The files can be transferred using scpg3 or sftpg3. (RQ #17271) - Solaris x86-64: RSA SecurID cannot be used with Tectia Server on Solaris x86-64, because RSA SecurID offers only a 32-bit PAM library. Tectia Server expects a 64-bit pam_securid.so. (RQ #17170) - Solaris 10: Tectia Server and the FTP/SFTP conversion component of Tectia Client with EFT Expansion Pack need to be uninstalled separately from each local zone, if they have been installed to all zones by installing into the global zone. (RQ #17055) - Solaris: Installation packages do not detect the underlying Solaris architecture to prevent installation of the x86-64 packages on x86 architecture. The packages can be installed but they will not work. (RQ #16986) - Windows: SFTP 'chmod' command is not supported against Tectia Server running on Windows. (RQ #16410) - Solaris 10: Tectia Server and the FTP-SFTP conversion component of Tectia ConnectSecure need to be uninstalled separately from each local zone, if they got installed to all zones by installing into the global zone. (RQ #16342) - All platforms: OpenSSH keys are not accepted as host keys, when running the server in FIPS mode. (RQ #16285) - AIX: When trying to log in to an AIX server using an account which has an expired password, the client returns the following error message: "Request exec channel error: Disconnected by application." The reason for the disconnection is, however, logged correctly in the server's log. (RQ #16080) - Windows: The Server reports a "Wrong password" message to the event log even though the correct password is given, but the account has expired. (RQ #15976) - Windows: Users without administrator rights cannot use file transfer with the default Windows 2003 ACL settings. (RQ #15973) - All platforms: The certificate validation path construction from LDAP fails, if the LDAP server requires suffix ';binary' for the PKI binary blob attribute names. (RQ #15874) - Linux: If a user account has expired, the Server incorrectly asks the user to change the password and then denies login. (RQ #15819) - Solaris: Quality checks for password changes (e.g. password length, characters etc.) enforced by PAM will only be enforced when using PAM authentication. When changing passwords via forced commands (i.e. when using authentication methods other than keyboard-interactive PAM), the Tectia Server will not enforce PAM-related password quality checks. (RQ #15807) - Windows: If a non-admin user tries to start the server, the server reports error message "Failed to access service manager". (RQ #15711) - Windows: All well-known security identifiers ('Everyone' and 'Authenticated Users', for instance) are not shown in the Tectia Server Configuration GUI's directory object picker when browsing groups for a selector. (RQ #15627) - Unix: Currently it is not possible to allow X11 forwarding when terminal connections are denied. (RQ #15393) - Windows: Installing PGP Desktop 9.5.2 and Tectia Server on the same Windows machine will cause the one installed earlier not to work. (RQ #15228) - All platforms: File transfers of files larger than 4kb using Net:SFTP and Net::SSH::Perl fail against Tectia Server. Workaround is documented at http://www.cpanforum.com/threads/2092. The workaround involves lowering the value of COPY_SIZE in the SFTP.pm perl module from 8192 to 4063 or lower. (RQ #15016) - HP-UX: Shadow passwords are not supported on HP-UX when using the password authentication method. Shadow passwords can be used on HP-UX only with keyboard-interactive PAM authentication, with the appropriate PAM configuration. (RQ #14973) - Windows: The Server reports "Wrong password" message to the event log even though the correct password is given, if the account is locked. (RQ #14762) - Windows: Currently it is not possible to see and select Active Directory universal groups in the User Group Selector dialog of the configuration tool GUI. However, universal groups can be used as selectors if those are entered manually to the user group selector name field. (RQ #14672) - All platforms: It is possible to generate all lengths of RSA/DSA keys in FIPS mode, although the Tectia Client/Server software will only accept keys compliant with FIPS. (RQ #14259) - AIX: The Server hangs after a few authentication tries when the following value is set in the /etc/security/user file: SYSTEM='KRB5Files or compat' The Server does not hang when the value is set to: SYSTEM='compat' (RQ #14039) - Windows: Using rsync with Cygwin OpenSSH against Tectia Server fails when using public-key authentication. (RQ #12576) - HP-UX 11.11: Attempting GSSAPI authentication can cause the auths-gssapi-userproc-krb process to consume CPU and not exit after the client disconnects. The GSSAPI authentication will be enabled if no configuration file is found or if specifically enabled in the server configuration. The HP-UX patch PHSS_35381 fixes this issue. GSSAPI needs to be disabled in the server configuration, if installing the patch is not an option. (RQ #12517) - Unix: Canceling user authentication when Tectia Server has been configured with keyboard-interactive authentication method, causes authentication to fail with "Server responded 'Unexpected response packet'". (RQ #11836) - All platforms: After changing the password on a Secure Shell server, but before logging in with the new password, either the Connection Broker must be restarted to close the previous connection, or the user must wait for the connection to time out (by default 5 seconds). If this is not done, login with the new password will not succeed. 6. Further Information ------------------------ More information can be found on the Tectia man pages and manuals. Tectia manuals are also available from https://www.ssh.com/manuals/ Additional licenses can be purchased by contacting sales at https://www.ssh.com/.