login about faq

Tectia SSH Client and SSH Server 6.4.18 were released on March 18, 2019. What's new in these releases?

asked Mar 19 at 12:07

SSH%20KB's gravatar image

SSH KB ♦♦
509253251241

edited Mar 20 at 10:11


Tectia Server/Client 6.4.18 release is the latest LTS (Long Term Supported) version which will be supported until March 2023. This release continues to improve security for example by including standardized SHA-2 variants for public key authentication and increasing minimum group size by default to 2K in DH-group-exchange. This release also fixes several bugs and adds new features especially around compatibility.

For further information about the products and changes between the different versions, and instructions on how to update the products, see the customer documentation and release notes at the SSH product documentation site.

Highlighted new features:

SUPPORT FOR RFC COMPLIANT SHA-2 (RFC 8308)

This feature expands Tectia’s capabilities to allow negotiation of SHA-2 cryptographic hash functions when performing public key authentication. This brings increased security when establishing connection with modern 3rd party clients. For backwards SHA-2 compatibility with previous Tectia Client/Server versions, among the default hostkey algorithm values in addition to the new rsa-sha2-256 and rsa-sha2-512 names are the corresponding ssh-rsa-sha256@ssh.com and ssh-rsa-sha512@ssh.com.

SUPPORT FOR AES-GSM MODE FOR BLOCK CIPHERS

Expanded support to include Galois/Counter Mode for block ciphers. Using this widely adopted mode allows for high performing operation on an inexpensive hardware.

INTEROPERABILITY WITH WINDOWS UAC

This Tectia Server feature delivers consistent behaviour for both privileged and non-privileged accounts when Windows User Access Control is enabled. This allows user to gain appropriate access rights with any authentication method when UAC is enabled on the target host.

SUPPORT FOR SHA256 REPRESENTATION FOR KEY FINGERPRINTS

Expanded support for Tectia to be able to display key fingerprints in SHA256 format. For example Tectia Client will show now both SSH Babble format and Base64 encoded SHA-256 format fingerprint when connecting to a new server:

The fingerprint of the host public key is:

Babble: "xiriv-cybal-gyzit-bofim-pyzum-demus-derym-fifat-vomal-somyz-texex"
SHA-256: "A2yh+Rr7lN8l/c1mf5n6ectuJ8m28pXcB6l2GJt8QQ0"

On the server-side, ssh-keygen-g3 can be used to obtain the Base64 encoded SHA256 fingerprint, for example:

ssh-keygen-g3 --hash sha256 --fingerprint-type base64 -F /etc/ssh2/hostkey.pub

UPDATED GEX MODULI FILE (RFC 8270)

Increased minimum group size by default to 2K in diffie-hellman-group-exchange. The Tectia Server's secsh_dh_gex_moduli file no longer needs to be manually updated to comply with RFC 8270 to enforce that only 2048-bit or bigger modulus is used. Note that the preferred group size has been 2K in Tectia Client but 3rd party clients may have used smaller groups sizes until now. Also larger group sizes 6K and 8K were added.

SUPPORT FOR RHEL 8 AND AIX 7.2

Adding support for latest operating system versions is a natural continuation to our supported platform list.

link

answered Mar 19 at 14:04

SSH%20KB's gravatar image

SSH KB ♦♦
509253251241

edited Mar 19 at 14:09

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×85
×10
×4
×3
×1

Asked: Mar 19 at 12:07

Seen: 49 times

Last updated: Mar 20 at 10:11

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.