We are proud to announce a new major release of the SSH library. Version 0.8.0
offers a lot of new features and bug fixes. The most important is probably
support for OpenSSL 1.1 and a new crypto backend based on mbedTLS.
We also added new authenticated encryption cipher:
chacha20-poly1305@openssh.com.
This cipher combines two primitives from Daniel J. Bernstein: the ChaCha20
cipher and the Poly1305 MAC (Message Authentication Code).
If you’re implementing an sftp client, you’re probably interested in the new
option: SSH_OPTIONS_NODELAY.
More performance improvements for sftp will be in one of the next releases.
Thanks to various contributors we have a much better testing infrastructure
now. We got client testing running against OpenSSH and have a server which is
tested by ssh and dropbear clients. All this is running also in GitLab CI
thanks to the cwrap project!
Also notable is that support for SSHv1 has been completely removed from the
source code. If you really need it, please use libssh 0.7.x. We will try to
keep it in a working state and do security fixes for some time.
We have a completely new API for working with the known_hosts file. Please
migrate to it. The old API is not marked as deprecated yet but will be in
future. Once we get to version 1.0 of libssh all deprecated APIs are getting
removed.
Thanks to all contributors who made this release possible!
If you are new to libssh you should read our tutorial how to get started.
Please join our mailing list or visit our irc channel if you have
questions.
You can download libssh-0.8.0 here.
ChangeLog
-
- Removed support for deprecated SSHv1 protocol
- Added new connector API for clients
- Added new known_hosts parsing API
- Added support for OpenSSL 1.1
- Added support for chacha20-poly1305 cipher
- Added crypto backend for mbedtls crypto library
- Added ECDSA support with gcrypt backend
- Added advanced client and server testing using cwrap.org
- Added support for curve25519-sha256 alias
- Added support for global known_hosts file
- Added support for symbol versioning
- Improved ssh_config parsing
- Improved threading support